New stable release: HardenedBSD-stable 10-STABLE v46.20

HardenedBSD-10-STABLE-v46.20 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update!

Highlights:

  • FreeBSD-SA-16:38.bhyve - integer overflow in bhyve - 02a6052b3f42f24b9015e26ef196c33cdaf56719
  • FreeBSD-SA-16:37.libc - buffer overflow in libc - 6eec5c0ac4990b2cf298afce48e0ea2529fa645c
  • FreeBSD-SA-16:36.telnetd - insufficient error checking in telnetd - d50c6c5b00e248bc0ebd39164e5b7d56af49d701
  • ACPICA update to fix issues with recent Skylake CPU based systems
  • SVN update to 1.9.5
  • bhyve: stability and performance improvement for dbgport

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-bootonly.iso) = bc9012bd9af9b9a9e1458a5b73f509250a82b90fa0d54126b3ea13630b0f6dea8a42457c049d396b073c52a5199d477ffe892e64bf3fd129c310392cfd440197
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-disc1.iso) = bf585c79fd8cc0bf481e84a369eb76fb30b1bf1dd5c328d43b51e8b88f2033485b94b2be8025758774b95e5fbf67fe620a62ba62fec93d70ed156b41721fc99e
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-memstick.img) = 298f39484d6403403a9213c399d309706ad4c3eaa7181136180af019bea66ff2862d52d9e15c095de58207eccea1791a6fafe13e3e7e4677070fc0cb8c6399c8
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-mini-memstick.img) = 1725c96a19c9cdb9429c951d1b21eca5c1804a9c5d8cbbdd376eb783759b046f8105e2d94d5091b4d00725584d89dade2df2e6128803ee55b98e24af99f93a58
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-bootonly.iso) = 1a55a48c7ea229c7b994262619db606b40424682a480978d6a95cb1ef29bfef2c8589b89ff27af31a1d4f63a63c4cc96b63dd084b8dcb6fe61cb461677243aa5
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-disc1.iso) = 00ea40e7afe74072feeb9cddd990eb482aed3259e20a754c0f38ddb1e7d7c63da9886be4740662d48f69334fe0b4dc3fac5195a62f9ca4e4b08c3ee81f6df834
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-memstick.img) = 46ccc6a8e8684d34867c811efbc3f87c4225fdc5b789235952630052b100a508b2012a6c3b30b703952835bc772d9b99a2687283c9330a6cb8f543eba31ba59b
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-mini-memstick.img) = 00815ec0284ccdfc56a5c877555306b444af525a64b78af7a72e1c5efb2ace936345ccba787df4737628cd728aa449e4d0a802e9040811a82a576eed08d13de1

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlhHJzEACgkQgZsRom/9
GI1VbxAAveup7QZKBQSZn3fWgUcdW5C91iqD78UqdGuO07fh8GU7akbh69emf1h7
OLgXSgjxw2PGi2Lt+PxlhMgxTs9KHe20/dX14nOGQnJbRZphH2ZhsyIo1a2Ir94V
qx1d1ha1xSqYMm3xMaj27/Q6aks23lEF5DL+qwNJ6dnpgaU4/K297K+vt5ixtD6H
bxSy3kqSTg2MSx0EiITguoR0c40zocKiqs6QnqIPddgGo5nIeFgktviDH2StthjA
SkqqB7O/Hi8M1ePDOJlFWGuWjZXoc+s+6Y/JdV6FnJv905clrjiVG6wPoV7naPGJ
PVZBjjdjn9i/roF327C3kFagGc7tDLb18xHFJWr6jiOvg5vRNsAoepjwIPSRcUh9
iJPptUgcqBPrpvaBZyZaQsfh5sor7BCYmt7nfS3FU5aaGqTrKawtwqMeF3ID3Q5k
Q+aOxUz/cXQnLSURXG8RyrIfk0I1a4aQoE47lPnlWZ3HHBBYV7/h1sE8sTkuP6pO
OjpadzPF5M4+LMA5qzGKCC+Oo7sISJ55HQjdQa1x3WV1ok7Ph/BfMcj6/v08OTh+
Fauingu+ZoZbj/rQcPN6t/dS4n2JEeeD/KX2JWII4ogP2znIIrZmprOhrKAtG8OF
AHZxVq5/AjXgaBrLPBe5BhDEEA2jKn0e3ifLh+iI8Mfs+5uT8vY=
=7uYD
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (7):

  • HBSD MFC: Plug a potential memory leak in kenv.
  • HBSD MFC: Don't leak 'str' when we see a malformed IPv6 address.
  • HBSD MFC: Plug another leak with malformed IPv6 address.
  • HBSD MFC: Fix an obvious typo in usr.bin/sort.
  • HBSD MFC: Fix for endless recursion in the ACPI GPE handler during boot.
  • HBSD MFC: pull in ACPICA 20160930 from FreeBSD 12-CURRENT
  • HBSD MFC: Merge ACPICA 20161117 from FreeBSD 12-CURRENT.


Oliver Pinter + (20):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


brooks (1):

  • MFC r309027:


delphij (1):

  • HBSD MFC: style(9) in kenv after 042f04366b7f0541a2feeb3fea6ce9f41d97a976 .


dexuan (2):

  • MFC: 308723-308725,308793-308795,309127
  • MFC r308797-308799,309082


dim (1):

  • MFC r309332:


emaste (1):

  • MFC r308772: crunchide: report explicit error for combined string table


glebius (3):

  • Merge r309638 from head:
  • Merge r309639 from head:
  • Merge r309640 from head:


hselasky (1):

  • MFC r308730: Make sure MAC address is reprogrammed when if_init() callback is invoked. Else promiscious mode must be used to pass traffic. While at it fix a debug print macro.


jch (1):

  • MFC r286227, r286443:


jhb (31):

  • MFC 307975: Enable EFER_NXE properly on APs.
  • MFC 308056: Fix formatting of tables.
  • MFC 307333: Reprogram I/O APIC interrupt pins when registering an I/O APIC.
  • MFC 307756: Define max_align_t for C11.
  • MFC 308456: Pass the correct flag to find_symdef() from _rtld_bind().
  • MFC 273806,289103,289201,289338,289578,293185,294474,294610,297124,297368, 297406,300875,300888,301158,301896,301897,304838:
  • MFC 297797: cxgbe(4): Provide an explicit value for nqpcq in the firmware configuration file.
  • MFC 303753,308004: Add bounds checking on addresses used with /dev/mem.
  • MFC 292736: cxgbe(4): Updates to the base NIC driver and t4_tom to support the iSCSI offload driver. These changes come from projects/cxl_iscsi.
  • MFC 302339: cxgbe(4): Changes to the CPL-handler registration mechanism and code related to "shared" CPLs.
  • MFC 308005: Add powerd(8) support for several families of AMD CPUs.
  • MFC 303204: Install a handler for firmware work request error messages.
  • Fix build without INVARIANTS.
  • MFC 308564: Don't place threads on the run queue after waking up other CPUs.
  • MFC 303522,303647,303860,303880,304168-304170,304479,304482,304485,305548, 305549: Chelsio T4/T5 VF driver.
  • MFC 303454: Mark spg_len and fl_pktshift static.
  • MFC 303859,305851: Fix a typo and some whitespace nits.
  • MFC 304854: cxgbe/iw_cxgbe: Various fixes to the iWARP driver.
  • MFC 302440,304873,305704,305985,306787,307531: Fixes for sysctls.
  • MFC 303348: cxgbe(4): Initialize the adapter queues (fwq and mgmtq) instead of returning EAGAIN if they aren't available when the user tries to program a filter. Do this after validating the filter so that the driver doesn't bring up the queues if it doesn't have to.
  • MFC 303688,303750,305166,305167: Centralize and rework page pod handling.
  • MFC 305433: cxgbe/t4_tom: toepcb should be all-zero on allocation because the code that cleans up on failure assumes that non-NULL values indicate initialized items.
  • MFC 305652: cxgbe(4): Do not prescreen frames before attempting LRO.
  • MFC 305667: cxgbe(4): Avoid a NULL dereference in the clearstats ioctl handler. Port softc's are not initialized when the adapter is in recovery mode.
  • MFC 305695,305696,305699,305702,305703,305713,305715,305827,305852,305906, 305908,306062,306063,306137,306138,306206,306216,306273,306295,306301, 306465,309302: Add support for adapters using the Terminator T6 ASIC.
  • MFC 306277: cxgbe(4): Make the location/length of all descriptor rings available in the sysctl MIB.
  • MFC 306821,306823: Permit updating firmware config file in flash.
  • MFC 307233: cxgbe(4): Allow the interface MTU to be set as high as the actual hardware limit.
  • MFC 307759: cxgbe(4): Dump any mailbox command that times out.
  • MFC 307876: cxgbe(4): Fix bug in the calculation of the number of physically contiguous regions in an mbuf chain.
  • MFC 308066: cxgbe(4): Accurate statistics for all chip settings.


jilles (1):

  • MFC r309026: open(2): Clarify non-POSIX error when opening a symlink with O_NOFOLLOW.


julian (9):

  • MFH: r306306
  • MFH: r303612
  • MFH: r303613
  • MFH: r303611
  • MFH: r297012
  • MFH: r297015
  • MFH: r306554
  • MFH: r307917
  • MFH: r309295


kib (3):

  • MFC r308618: Provide simple mutual exclusion between mount point update and unmount. In the update path in ffs_mount(), drop vfs_busy() reference around namei().
  • Add sys/systm.h to have critical_enter() defined, required by machine/counter.h on i386.
  • MFC r309209: Do not enable nullfs vnode caching over nfs v4 mounts.


mav (3):

  • MFC r308579: Do not report error on close even if we have no paths left.
  • MFC r308608: Use providergone method to cover race between destroy and g_access().
  • MFC r309282: Explicitly initialize cdai.flags.


mckusick (1):

  • MFC r308064: Avoid possible overflow when calclating malloc size for auxillary data structure sizes when mounting and reloading UFS/FFS filesystems.


ngie (22):

  • MFstable/11 r309453:
  • MFC r299704: r299704 (by vangyzen):
  • MFC r287350: r287350 (by rodrigc):
  • MFC r297790: r297790 (by pfg):
  • MFC r288113: r288113 (by rodrigc):
  • MFC r287341,r287342,r287348:
  • MFC r278041: r278041 (by pfg):
  • MFC r301754,r301769:
  • MFC r287347: r287347 (by rodrigc):
  • MFC r288995: r288995 (by rodrigc):
  • MFC r288017: r288017 (by rodrigc):
  • MFC r278039: r278039 (by pfg):
  • MFC r296386: r296386 (by pfg):
  • MFC r287353: r287353 (by rodrigc):
  • MFC r296404: r296404 (by pfg):
  • MFC r301734: r301734 (by kevlo):
  • MFC r296133: r296133 (by pfg):
  • MFC r297975: r297975 (by pfg):
  • MFC r298183,r304226:
  • MFC r301770: r301770 (by pfg):
  • MFC r264196: r264196 (by theraven):
  • MFstable/11 r309600:


peter (1):

  • MFC r309356: svn 1.9.4 -> 1.9.5


pfg (1):

  • MFC r309179: ext2fs: avoid possible overflow when calculating malloc size.


rmacklem (1):

  • MFC: r308871 Modify umount so that it does not do an Unmount RPC for NFSv4 mounts and uses TCP for the Unmount RPC if the mount is over TCP. Without this patch, umount does an Unmount RPC over UDP for all NFS mounts.


trasz (2):

  • MFC r308206:
  • MFC r301761:


ume (1):

  • MFC r308808, r308809: Lookup locale when print all keywords as well.


vangyzen (4):

  • MFC r308824
  • MFC r308904
  • MFC r308340
  • MFC r306577 r306652 306830