HardenedBSD-10-STABLE-v46.23 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Warning: this is a security update!
Highlights:
- Fix multiple OpenSSH vulnerabilities. (01991d8d9a5ef8038fb70e3084e07d1eaeed4e0d) [https://security.freebsd.org/advisories/FreeBSD-SA-17:01.openssh.asc]
- Skylake support for hwpmc
- Changed settings for newsyslog (7043b7898cf46d234e9b718d477802ed7805377d)
- Added /var/log/pkg.log log to store the packages lifecycle
- Update to ACPICA 2016122 to fix Skylake issues
- Hyper-V updates
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-bootonly.iso) = beaeb17d9e57d1cbb99ffc42720ce02c47da022774d15c1e7572f7b740218934687fb881e952eaaf0876a14b15458f592fcdd1c9681873be0f53f57894167f5d
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-disc1.iso) = 97e534f74b9b05c75eb883190517509204ad5d45793822b7d70d82bbdab4a6bca81d06122c144fdc0f17d26e08f12a9dd50e3ce0ad855689320e0d4ea63cdd5c
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-memstick.img) = e55c0cbb1494854b84ebd0a32d60c259f2341e100c81c6eaa60faeb95e94aaee6dd855583b1575e2b0dc971f392236c19f8e5759b94df83bdbd70beeaa0eaa5f
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-mini-memstick.img) = f3df1e031cc56c1abba6cf1577c079b6f9234bac04b6c4ee290c6982cbece49cdc0d0980a3bfe14e28a27c5c796387c4c5a3131e2afe439e6cf0966bad5c7eb3
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-bootonly.iso) = 2201d710301b936a7726b82ba5ebd00210d4fef2bb555ee685e9425c29bf4433c95af4cbdb85a26981f00edff4397ff321c39f40b830812abf24c99d0b373ee7
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-disc1.iso) = b98006e8905200449cbf50c0e9dcb99a6705eccf9ee21be5d80bade5dd2762da4a16a51d8722cc4db557a7d35b0cf07d7b33e378a9ccac88c46f76f701e57b93
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-memstick.img) = a48329729e328b12b90930b1231b3720af41fdf44e7e6c2f2c1cd8307811da4089ab13fa17e66c5098d9320120f1a1eaf34d6a3b29e67520b9aa2371daa36b76
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-mini-memstick.img) = 0c71b037d5569da32b87fd749477c51e7d8756f08613b99660a294ae1d502d3d235d5d4323ab82ada3f0922a40a439dafdc309fdb92a435224aa591b32e9cf00
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlh21KwACgkQgZsRom/9
GI1qrA/8CizObUwE2nzZG7PXq0c4si1W/cVeMKFGvrp5MkSLG7hZfxtnNJmck1rF
dS/nNRQ2P1Rur4MI+m1GR33D3uF2bTV03YNXtclJ8D/R3eeYRd0Ee8V8cOh/ZcVa
BukZPhvlWiwJmhMacZh2cv+b85GUbaE9VzWhAYNffKtUeFJMHLhmJmILoHigdwRN
RCUKMl/oQZqcegxFnAoxmStJgkEui8HcrsoKprsWmWon4pmerMw5hkbPq8PBntea
nC79eVWy00QSWeloRHncLnFLQxWpcO2FU5HH3cpXGNV0JXE4G7ihxPaz3KMc318G
Ptvme6nMfKULZMDBVXd7XpXJP56x9fCUlGmJrhumMBfDyv8mAkTud7aJx0yS9PAc
Orl82U3Jbk2BAX/FJjeQhGUoNYKyrBQp19T5/hJO00MqEc+/xkxdQNjc7Cd3f8jL
P/BDdUwqZFEmVjZTONamBaKA5HazD+LXuJv107qTLxO257xwoSJbwlccFh/rcHrE
vgBpULno486o84fEzyOUe4gME04U2VjwlsGF+FCtAIwgciQc1gLXZRfXXLv1KfU1
kzww4hKMy/ubfdoLRawXYCM6AB+AjMg0eoVIYBQaWyV/I/AA2rYHzycanxCaU1yy
O4Mwbl50UW2pnHq5Ebq+I++g2QZTQ07KzPiPPq2UCh7Dz5jkJ9g=
=RvOg
-----END PGP SIGNATURE-----
Changelog:
Oliver Pinter (35):
- Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
- HBSD: fix merge conlict in contrib/libarchive/tar/test/test_option_lz4.c
- HBSD: welcome 2017!
- HBSD: remove unneeded CTRs from ASLR code
- HBSD MFC: Relax sanity check of number fields in tar header even more.
- Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
- HBSD: resolve merge conflict in lib/libarchive/tests/Makefile
- HBSD MFC: Use the correct event table for Haswell Xeon events
- HBSD MFC: hwpmc style(9) cleanup
- HBSD MFC: Fix various bugs in Haswell counter definitions
- HBSD MFC: Fix pmc unit restrictions to match documentation
- HBSD MFC: Add manpage for Haswell Xeon pmc implementation
- HBSD MFC: Fix Sandy Bridge+ hwpmc branch counters
- HBSD MFC: Support architectural events on Haswell/Ivy Bridge
- HBSD MFC: Fix Ivy Bridge+ MEM_UOPS_RETIRED counters
- HBSD MFC: Add missing counter definitions
- HBSD MFC: hwpmc: Fix event number to match enum name
- HBSD MFC: Remove extra whitespaces from hwmpc.
- HBSD MFC: hwpmc: add initial Intel Broadwell support.
- HBSD MFC: Use fixed enum values for PMC_CLASSES().
- HBSD MFC: properly inherit the pmcids in child
- HBSD MFC: Add support for Intel Skylake and Intel Broadwell PMC's.
- HBSD MFC: add backward compatible way to provide tunables
- HBSD MFC: More fixes in the various intel processors.
- HBSD MFC: Remove tautological cast.
- HBSD MFC: fix the "[pmc,X] negative increment" assertion on the context switch
- HBSD MFC: Don't panic in hwpmc when stopping sampling.
- HBSD MFC: hwpmc: remove sys/capability.h backwards compatibility
- HBSD MFC: Connect pmc.haswellxeon(3) to the build; looks like it was missed in r279829.
- HBSD MFC: Fix PMC architecture check to handle later IPAs including Skylake
- HBSD MFC: Restore priority value for OGIO_KEYMAP
- HBSD: log pkg changes to /var/log/pkg.log
- HBSD MFC: Merge ACPICA 20161222 from FreeBSD 12-CURRENT.
- HBSD: add the output destination to the correct line in syslog.conf
- HBSD MFC: Increase the default rotation threshold of log files from 100kb to 1000kb
Oliver Pinter + (39):
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
arybchik (65):
- MFC r310627
- MFC r310677
- MFC r310678
- MFC r310679
- MFC r310680
- MFC r310681
- MFC r310682
- MFC r310683
- MFC r310684
- MFC r310685
- MFC r310686
- MFC r310687
- MFC r310688
- MFC r310689
- MFC r310690
- MFC r310691
- MFC r310692
- MFC r310693
- MFC r310694
- MFC r310695
- MFC r310696
- MFC r310699
- MFC r310704
- MFC r310708
- MFC r310709
- MFC r310713
- MFC r310714
- MFC r310715
- MFC r310716
- MFC r310717
- MFC r310719
- MFC r310741
- MFC r310742
- MFC r310745
- MFC r310746
- MFC r310747
- MFC r310748
- MFC r310749
- MFC r310752
- MFC r310754
- MFC r310755
- MFC r310756
- MFC r310758
- MFC r310760
- MFC r310762
- MFC r310764
- MFC r310770
- MFC r310810
- MFC r310811
- MFC r310812
- MFC r310819
- MFC r310820
- MFC r310744
- MFC r310750
- MFC r310753
- MFC r310816
- MFC r310765
- MFC r310813
- MFC r310818
- MFC r310814
- MFC r310815
- MFC r310817
- MFC r311638
- MFC r311639
- MFC r311640
avg (6):
- define Maxmem for ia64, the only platform that didn't have it
- MFC r309097: MFV r308987: 7180 potential race between zfs_suspend_fs+zfs_resume_fs and zfs_ioc_rename
- MFC r309098: MFV r308988: 7199, 7200 dsl_dataset_rollback_sync may try to free already free blocks
- MFC r309099: MFV r308990: 7181 race between zfs_mount and zfs_ioc_rollback
- MFC r309250: MFV r309249: 3821 Race in rollback, zil close, and zil flush
- MFC r308530: iicsmb: SMB_MAXBLOCKSIZE can be used again
bapt (1):
- Bump copyright year.
bdrewery (1):
- MFC r309477:
cy (1):
- MFC r311005
delphij (5):
- MFC r310608: Avoid use after free.
- MFC r310609: Don't use high precision clock for expiration as only second portion is used.
- MFC r310611:
- MFC r310614: Don't assign rtjp twice.
- MFC r311914: MFV r311913:
des (2):
- MFH (r267371, r297754, r299520): nits and style
- MFH (r301027): fix 307 / 308 redirects MFH (r310823): fix multi-line CONNECT responses
dim (1):
- MFC r257398 (by sbruno):
hselasky (4):
- MFC r310388: Make a read only pointer constant.
- MFC r310387: Add more comments regarding collection of statistics counters.
- MFC r310058: Fix initialisation of mlx4_pci_table's .driver_data fields.
- MFC r310242: Defer USB enumeration until the SI_SUB_KICK_SCHEDULER is executed to avoid boot panics in conjunction with the recently added EARLY_AP_STARTUP feature. The panics happen due to using kernel facilities like callouts too early.
jhb (4):
- MFC 309581,309582,310424: Document T6 support.
- MFC 306562: Handle 64-bit system call arguments (off_t, id_t).
- MFC 306563: Decode arguments to truncate and ftruncate.
- MFC 306564: Expose kernel-only errno values if _WANT_KERNEL_ERRNO is defined.
jilles (2):
- MFC r309836: Add some tests for reaper functionality (in procctl()).
- MFC r309957: Add tests for reaper receiving SIGCHLD (r309886).
kib (17):
- MFC r310302: Do not clear KN_INFLUX when not owning influx state.
- MFC r309886: When a zombie gets reparented due to the parent exit, send SIGCHLD to the reaper.
- MFC r310552: Some style.
- MFC r310554: Some optimizations for kqueue timers.
- Remove stray blank line added due to mismerge.
- MFC r310613: Style.
- MFC r310616: Remove redundancy in vmtotal().
- MFC r310834: Assert that the pages found on the object queue by vm_page_next() and vm_page_prev() have correct ownership.
- MFC r310821: Style.
- MFC r310925: Remove unused declaration.
- MFC r310982: Ansify vm/vm_pager.c. Style.
- MFC r267546 (by alc): Tidy up the early parts of vm_map_insert().
- MFC r311055: Remove unneeded externs keywords. Reindent long lines.
- MFC r310615: Change knlist_destroy() to assertion.
- MFC r311108: Move common code from kern_statfs() and kern_fstatfs() into a new helper.
- MFC r311111: Style.
- MFC r311113: There is no need to use temporary statfs buffer for fsid obliteration and prison enforcement. Do it on the caller buffer directly.
markj (1):
- MFC r310647: Remove an obsolete pragma from dtrace.h.
mav (32):
- MFC r309297: Make SES status updates more aggressive.
- MFC r310230: Don't treat informational exceptions (warnings and impending failures) a.k.a. SCSI SMART events as errors. Log them to console and continue.
- MFC r294558: Hide "soconnect() error" messages under bootverbose.
- MFC r295476 (by trasz): Remove stray semicolons from the iSCSI code.
- MFC r298810 (by pfg): sys/cam: spelling fixes in comments.
- MFC r310257: Improve support for informational exceptions.
- MFC r310259: Following SPC-5, make REQUEST SENSE report "Logical unit not supported" in returned parameter data for not accessible LUNs.
- MFC r310265: Add set of macros to simplify code access to mode pages fields.
- MFC r310266: Add support for NUAR bit in Control mode page.
- MFC r310272: Add new bits into Extended Inquiry VPD page.
- MFC r310275: Fix typo in function name.
- MFC r310284: When writing fixed format sense data, set VALID bit only if provided value for INFORMATION field fit into available 4 bytes (has no non-zero bytes except last 4), as explicitly required by SPC-5 specification.
- MFC r310285: When reporting "Logical block address out of range" error, report the LBA in sense data INFORMATION field.
- MFC r310298: Improve error handling when I/O split between several BIOs.
- MFC r310339: Bump specifications support to SAM-6/SPC-5.
- MFC r310356: Add support for locally assigned RFC 4122 UUID LUN identifiers.
- MFC r310360, r310361: Report UUID and MD5 LUN IDs.
- MFC r310366: Add support for SITUA bit in Logical Block Provisioning mode page.
- MFC r310373: Add support for REPORTING OPTIONS == 3 in REPORT SUPPORTED OPERATION CODES.
- MFC r310389: Fix REPORT SUPPORTED OPERATION CODES for READ/WRITE BUFFER commands.
- MFC r310390: Add support for REPD bit in RSTMF command.
- MFC r310478: Add place-holders for TAPE STREAM MIRRORING subcommands of XCOPY.
- MFC r310489: Implement printing forwarded sense data.
- MFC r310524: Improve length handling when writing sense data.
- MFC r310534: Improve third-party copy error reporting.
- MFC r297756: Add couple new constants from SPC5r08.
- MFC r305591: Decode ATA Status Return descriptor.
- MFC r311446: Fix bootverbose affecting code logic in r294558.
- MFC r310633: Add MAX_LUNS overflow safety checks.
- MFC r309251: Process port interrupt even is PxIS register is zero.
- MFC r309252: Add more ASMedia PCI IDs from different sources.
- MFC r310703: Pass proper arguments (handles, not directly structure pointers) to scif_cb_domain_device_removed().
mjg (3):
- MFC r303583:
- MFC r301157:
- MFC r285706,r303562,r303563,r303584,r303643,r303652,r303655,r303707:
mm (1):
- MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:
ngie (67):
- MFstable/11 r310506:
- MFstable/11 r310561:
- MFstable/11 r310563:
- MFstable/11 r310565:
- MFstable/11 r310567:
- MFstable/11 r310569:
- MFstable/11 r310571:
- MFstable/11 r310670:
- MFstable/11 r310672:
- MFstable/11 r310730:
- MFstable/11 r310732:
- MFstable/11 r310875:
- MFstable/11 r310877:
- MFstable/11 r310899:
- MFstable/11 r310901:
- MFstable/11 r310904:
- MFstable/11 r310905:
- MFstable/11 r310909:
- MFstable/11 r310911:
- MFstable/11 r310902:
- MFstable/11 r310896:
- MFstable/11 r310897:
- MFstable/11 r310990:
- MFstable/11 r310992:
- MFstable/11 r310997:
- MFstable/11 r311107:
- MFstable/11 r311152:
- MFstable/11 r311207:
- MFstable/11 r311209:
- MFstable/11 r311212:
- MFstable/11 r311213:
- MFstable/11 r311215:
- MFstable/11 r311217:
- MFstable/11 r311465:
- MFstable/11 r311467:
- MFstable/11 r311551:
- Regenerate src.conf(5)
- MFC r311239:
- MFC r311242:
- MFC r310954,r310987,r311222:
- MFC r310931,r310942,r310988:
- MFC r310497:
- MFC r310957,r310958,r310960:
- MFC r310952:
- MFC r310501:
- MFC r311291:
- MFC r311270:
- MFC r311246:
- MFC r311272:
- MFC r311249:
- MFC r311269:
- MFC r311271:
- MFC r311250:
- MFC r311228:
- MFC r311273:
- MFC r311240:
- MFC r311235:
- MFC r311248:
- MFC r311247:
- MFC r311245:
- MFC r310984,r311102:
- MFC r311393:
- MFC r311382:
- MFC r311384:
- MFC r311505:
- MFC r311112,r311115:
- MFC r311114:
np (2):
- MFC r309666, r310033, r310049, r310100, r310152, and r310807.
- MFC r310151 and r311173.
pfg (2):
- MFC r310367: pax(1): Fix a bug with archives smaller than 512 bytes.
- MFC r310705, r310706: style(9) cleanups.
sephe (27):
- MFC 308664,308742,308743
- MFC 308905
- MFC 308906
- MFC 308907
- MFC 308908,308909
- MFC 309030,309039,309080,309081,309083
- MFC 309085
- MFC 309128,309129,309131-309136,309138-309140,309224,309225
- MFC 309226-309231,309235
- MFC 309236,309237
- MFC 309240,309242,309244,309245,309319,309670
- MFC 309310,309311,309316,309318
- MFC 309320,309726,309728
- MFC 309346,309348
- MFC 309704
- MFC 309705
- MFC 309874,309875
- MFC 310048,310101
- MFC 310312-310314
- MFC 310315
- MFC 310317
- MFC 310318
- MFC 310324
- MFC 310347
- MFC 310462,310465
- MFC 310651
- MFC 310652,310657,310658