Stable release: HardenedBSD-stable 10-STABLE v46.25

Submitted by op on

HardenedBSD-10-STABLE-v46.25 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • Fix null pointer dereference in zfs_freebsd_setacl() (8f4efc7cdfd6b31d9fd7d4cf5e1b73a6b9da7491) [FreeBSD-SA-Candidate]
  • Libarchive update
  • HBSD: add our first mirror: fr-01.installer.hardenedbsd.org Roubaix@France
  • zlib update to 1.2.11

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-bootonly.iso) = 244df54c943c52dc9d97ee0d253a06d99b78a3c6916c3361526446a1d3846cb5059e54b9b1393e0184bcfd714ffbf60ece495cbfd9277e4aa99c39b8a52f1c9f
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-disc1.iso) = 888af8fa7f2e000d474459b08b2f281260252a2aab28d0ca5bad33a8d67e931dd266098c0d6f01504b195ad8252dec8a138abf098b989037167e69948e7bfd4d
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-memstick.img) = 3bf56a556d7692f77fc68d5c6b707351111aadf8334a3fb9d14506b4b8d73cfc96289260deae9367f23482490147a27450ff99762bd4fe45333e51e33bad45db
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-mini-memstick.img) = 098bb76dd195837a409b2c86cab00f6fd22e41c457d471521a0dcfd97f1e68966dcea981dea839827d0890ab7ceded9057bcbf99108c85b8f996e4ad424975da
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-uefi-bootonly.iso) = f12dd735eba76b64aac9e101a62c32768b5d53c48b924860aa46cec43be8e62776659c245b884b94f9c3a175da9ffa82b1c349c5cb2118d7f96e4abce3f26fb4
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-uefi-disc1.iso) = 124675b8abf436e050d5a569a977a23e9df170089cd50bd3b50f9c5bca66310b031203e8cae85f1a940815a4d076252104414cd49b697cc9b91a39681864fe8a
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-uefi-memstick.img) = ee67fcf91a503d508e4344319b788f7d08687b9d9672da929586a473baa1e9cac97004993ffd3f124d51ff5707d6193e3886299fa652de7ef8db7d6523cecbe2
SHA512 (HardenedBSD-10-STABLE-v46.25-amd64-uefi-mini-memstick.img) = 13853f2e931490bfbf84b1cc92e2465504e090b40584c57e233ea875c2b6ba15c209ced66ad9cc9c6898d419389964bbc9b8ad10e0251e243514d39fb397bc14

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAli+FWAACgkQgZsRom/9
GI1n+w//bLHitlrVuG42B9sZE4fCElNHVZxlljrMMaw98/QaMlAOhzsO3WTm4hhW
KR5HJ+zXTRQan5qp1e+MclJ+acAb52x7hmrHDwd1RK5dcX7sao577vLxK7fCtahU
xhiw08074+0iZ8cH8L4YPUJJFLiiJbsZPTjWlfIR2f/o2WW4awCFiswEq6Hw6kqf
A2kR/D7vPgAERsBnZO+sfSiYxwOl9PdbFreXrfpqczWLFS/5cI+EO5l5NzkMuIMQ
djMOLVz8WpJSflvI7SRzd5580AwxdV1umvHJ55eoT8oLKSOdCFMl74IKFVaNOh1h
ZgOAlPXaVvIdDNLQ6i/+Gd09VRnWk9li2IiMvjd+b15xbQfSFLoO4RwnNO8ODlIR
0ZYIG39LOl6AJGS7s9GfWX5Gn33yITk+t40Zk2Jhv+ysVbjs1whcpOBZuVpGLwbP
Zq2YlyQVGodRewo2ft0/wpGmOkqWTqBcDTHxnRqYBVyNuW56BVyOQyJbX2h2HdV3
qifOUJp1QBnQqex3DwZ9p2XbZdeG6LWwRVVEtq0WV6ft5VHMOrKPGbGU1Q1QEYNK
VBUMG3IB7IM6XKNKPcHK6MdPjiIhsp7T0dcypXfHXyBsEaQKjcF9Xmwq/zKNQjzF
YCGr2SNoGzbOgtGsws07p9uTLySyMRbY5el+ijT3u4rJhstowpw=
=CSFS
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (4):

  • HBSD: refactor mirror selection
  • HBSD: add our first mirror: fr-01.installer.hardenedbsd.org Roubaix@France
  • HBSD: correct the ipv6 mirror's address
  • HBSD NOEXEC: add the ability to change maxprot in imgact's mapping functions


Oliver Pinter + (43):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


asomers (4):

  • MFC r311893, r313008, r313081
  • MFC r311572, r311895, r311928, r311985, r312395, r312417
  • MFC r312559:
  • MFC r312995:


avg (29):

  • MFC r313686: check remaining space in zfs implementations of vptocnp
  • MFC r313687: remove l2_padding_needed statistic from zfs arc
  • MFC r313735: add svcpool_close to handle killed nfsd threads
  • MFC r263215,r263218,r285366: replace the kernel sha256 code
  • MFC r282726: Ensure libmd symbols do not clash with libcrypto
  • MFC r263219: add sha256c.c to the various modules that included sha2.c...
  • MFC r282736: Unbreak build following rev. 282726 (MFC-ed as r314144)
  • fixup r314143, MFC of r285366 didn't remove files that it should have
  • MFC r282774: Unbreak MIPS build following r282726 (MFCed in r314144)
  • MFC r292782: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
  • MFC r285417: Add new include path for sha256.h
  • fix up r314327 (MFC of r292782): sha2 -> sha512 in sys/modules/random
  • MFC r300903: Implement SHA-512 truncated (224 and 256 bits)
  • MFC r300966: Retune SHA2 code for improved performance on CPUs with more ILP...
  • MFC r313730: try to fix RACCT_RSS accounting
  • MFC r313752,r314035: mca: use time_uptime instead of ticks for CMCI throttling
  • MFC r314037: jedec_ts: fix slave address check
  • MFC r314183: add jedec_ts.4 to the list of manual pages
  • MFC r314059: zfs: move zio_taskq_basedc under SYSDC
  • MFC r313751: mca: fix writes to MSR_MC_CTL2 in cmci_update
  • MFC r314100: fix a typo in __STDC_VERSION__ in __min_size requirements
  • MFC r314101: don't use C99 static array indices with older GCC versions
  • Fix r314332 (MFC of r300903): do not use C99 Static array indices
  • MFC r288112,r302571: remove unused and redundant declarations and code
  • mlx5 module: remove include path that doesn't exist in this branch
  • MFC r314357: edge-triggered interrupt mode is set by clearing APIC_LVT_TM
  • MFC r314272: call vm_lowmem hook in uma_reclaim_worker
  • MFC r283291: don't use CALLOUT_MPSAFE with callout_init()
  • MFC r314273: zfs: call spa_deadman on a taskqueue thread


bapt (1):

  • MFC r312644, r312650


bdrewery (2):

  • MFC r313867,r313869,r313870,r314001:
  • MFC r313909:


cy (1):

  • MFC r312787:


delphij (1):

  • MFC r311285,312335: zlib 1.2.11.


des (1):

  • MFH (r278120): add missing ssh-related files


dexuan (4):

  • MFC: r312685, r312686
  • MFC: r312687, r312916
  • MFC: r312688
  • MFC r312689, r312690


dim (1):

  • Pull in r242377 from upstream libc++ trunk (by Marshall Clow):


emaste (4):

  • MFC r313562: kldxref: s/sections/segments/ in warning message
  • MFC r313563: kldxref: bump MAXSEGS to 3
  • MFC r313774: localtime: return NULL if time_t out of range of struct tm
  • MFC r309649 (oshogbo): tcpdump: allow to use BIOCROTZBUF in capability mode


garga (3):

  • MFC r313448:
  • MFC r313457:
  • MFC r313477:


grehan (1):

  • MFC r311702 Use correct PCI device id for virtio-rng. This prevented the device from attaching with a Windows guest (most other guests use the device type for matching)


ken (2):

  • MFC 313895:
  • MFC r313893


kib (11):

  • MFC r313692: Style: wrap long line.
  • MFC r313715: Order alphabetically.
  • MFC r313797: Minor style fixes.
  • MFC r313693: Remove MPSAFE and ARGUSED annotations, ANSI-fy syscall handlers.
  • MFC r313493: Define ELF_ST_VISIBILITY().
  • MFC r313494: Handle protected symbols in rtld.
  • MFC r313800: Do not access memory past the buffer end. Do not accept and silently truncate too long hostname.
  • MFC r313496: Increase a chance of devfs_close() calling d_close cdevsw method.
  • MFC r313734: Add RLIM_SAVED_MAX and RLIM_SAVED_CUR symbols.
  • MFC r314195: Properly handle possible underflow in vm_fault_prefault().
  • MFC r314562: Style.


marius (1):

  • MFC: r311979


mav (29):

  • MFC r313736: Fix panic on shutdown of ramdisk LU with zero capacity.
  • MFC r313910: Change XCOPY memory allocations.
  • MFC r313744: No need to erase sense_data when sense_len is set to zero.
  • MFC r313851: Fix tight loop spinning on postponed requests.
  • MFC r313852: Freeze CAM SIM when request is postponed due to MaxCmdSN.
  • MFC r313945: Remove broken remnants of obsolete INOT API.
  • MFC r313936, r313937: Move CTIO waitq from per-LUN to per-channel.
  • MFC r314358: Announce that sbp_targ(4) does not support initiator mode.
  • MFC r314027: Do not blindly free completed ATIOs/INOTs on invalidation.
  • MFC r314038: Remove ancient __FreeBSD_version checks.
  • MFC r314045: Remove duplicate INOT allocation.
  • MFC r314086: Fix multiple problems around LUN disable under load.
  • MFC r314088: Slightly polish isp_dump_atpd().
  • MFC r314193: Some code cleanup.
  • MFC r314196: Unify ATIO/INOT CCBs requeuing.
  • MFC r314200: We can't access periph after ctlfe_free_ccb().
  • MFC r314203: Fix missing xpt_done() for ATIO/INOT on missing LUN.
  • MFC r314204: Explicitly abort ATIO if CTIO sending status has failed.
  • MFC r314208: Respecting r314204 tighten ATIO cleanup requirements.
  • MFC r314246: Improve CAM target frontend reference counting.
  • MFC r314247: Axe out some forever disabled questionable functionality.
  • MFC r314255: Reenable CTL_WITH_CA, optimizing it for lower memory usage.
  • MFC r314257: Add reporting SAS protocol, in case we ever have one.
  • MFC r314299, r314300: Fix residual length reporting in target mode.
  • MFC r314302: Return better error code in case of too long CDB.
  • MFC r314387: Make ctl_queue_sense() not sleep.
  • MFC r314496: Add check missed in r314257.
  • MFC r314326: Send TERMINATE to firmware when aborting active ATIO.
  • MFC r314338: Polish handling of different reset flavours.


mm (3):

  • MFC r313572,313782 Sync libarchive with vendor.
  • Fix incomplete merge in r313927:
  • MFC r314572:


ngie (16):

  • MFC r288241:
  • MFC r285119,r292502,r295380:
  • MFC r295643:
  • Fix mismerge in r313790
  • MFC r312520:
  • MFC r313656:
  • MFC r313653:
  • MFC r313679:
  • MFC r313654:
  • MFC r313652:
  • MFC r313404:
  • MFC r312213,r313713:
  • Revert r314020
  • MFC r313924,r313925:
  • Note: this change reintroduces r314020 after r314327, r314330, and r314332
  • MFC r314244:


np (2):

  • MFC r314400:
  • MFC r314509 and r314578.


pfg (4):

  • MFC r313819: Remove outdated claim.
  • MFC r313554: Clean redundant MIN/MAX declarations in some HighPoint drivers.
  • MFC r313897: ext2fs: Remove unused assignment.
  • MFC r314316: dc(1): Catch up with OpenBSD tag.


sephe (3):

  • MFC 311475
  • MFC 311743
  • MFC 312250