HardenedBSD-10-STABLE-v1000048 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Warning: this is a security update!
Highlights:
- MFC r320906: MFV r320905: Import upstream heimdal fix for CVE-2017-11103. (3955ce48cb5593628cb375c519160dc0ecb4f210) [FreeBSD-SA-17:05.heimdal](https://security.freebsd.org/advisories/FreeBSD-SA-17:05.heimdal.asc)
- hbsd-update{,-build} updates
- enforce FreeBSD and HardenedBSD KPI version for external modules
- HBSD: fix broken pax_mprotect transitions (9161ed81803212f1aa484144ea3c670f603d601c)
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-bootonly.iso) = c22e3d4ca378240c253349059dc5c8a0e3d3c47dd7a952a25378a45ff1469db5c4ab898b5d243ba093416cbbc88085e59d139d01364e2e4b9637cd4dcf07483c
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-disc1.iso) = 65dd0cfcb8a8a55a121737fc00ff4eb24c30f33be8e6a7a49720419d28a41d468e7d1a659bd53ab7d6c3f3f182348dc492aba247c7a4bc4eb265f9b70a838b57
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-memstick.img) = 82761a7742c00ea9ae3d3caea2a7c4eb54a1b19d977050fbb96fa6e9b14aad0839124a1eb30e7bdae01fd32aeeb1c76a2c30c98e04ee17dce2397e38ac7db64f
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-mini-memstick.img) = 10e9fc97e4cc0eb0a4f5a61641596bd52a5b563a08950dfd079f871ae8703b8bec3e6b0be712bf220493a74411385a6ca638353a4ba4f42ff875161e4e3da123
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-bootonly.iso) = e7c6818cb51afd7381f453f41f7f9c16b8c23ad44b7b6b335d08d2b7e23aaa5d85627978a2515f4f0e6bbd7bbc71e235a7f25f981612d11530df50889c0849b9
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-disc1.iso) = 22d28027097287f77a238050d6ed698dbfbbbbd8cc9f9778da048343c2ec7bb3d48bf5b83756c024e7b6657f29a6eec45bbc9eed9d7ed9fed86be7a1c030ff07
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-memstick.img) = 2b370c6aa8d284ec3495f3c83d747ab818fb6a79f3b97986f89135c36ee9202a76b7300652dad3359dc13b109afb887d2005dc7c858ec9663ac1d103c18430ed
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-mini-memstick.img) = 7226ea5068c8f2dedeed6d6bce2ba66864915c9faf775b5540966a2bb4aea1b87d6042c219901cc652fa917b86b35900d4101229b49e561102f41827720168f5
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAllmx7QACgkQgZsRom/9
GI0aMw//SDSlCuSinsB35/5xcfPDpmfbSEp52uOWdlMW2ZwUtN+gqoEiGla32SmS
TT2Guy/PbgxfEKzHY2UyeRVAnKdZVcdJPqvYmLdh/hQoB3/41sx4nVkN+LSTgItz
khVXHtuJEeh+WWtM31ivS3dW+ENbd8qWo2DnKNPdRJjDzM6JE+LlGdX5gEOP7ldH
HhghBzciLHBq17fLEgEzQwLuzQeDjxXywUDZkfJqc7geNRihLj9S/6ogk8guuxDn
jRq6lJvm4KoPlqymKJP50vbYV+FkGH++QwKWLDNcgnvWlZtstqr7GVWmDh5KvPmf
zBvDH4RBhThQUBR6tuIhDePpAqKhGVoW26cd09nYLFKOEyLDWYYbpTPDhPijH5rb
BNd47aObPgayn3pDrYCedrwKhlLVwmR+yuAIaPivVoI3BUIgTDNR+rC8mSeBaqLY
n0hRRCOF8Yz7g6yx4AUfPTrtXbeqkZsZiAtFQLwLXB/M2z1t/roZf+9p2J/zPSs7
V4cjQWYb9zVQOx/LSV2/SvJvaGOoI2vBjciEgSova3T+oR/8QbrrDD9MytiT7kgl
sfRIywkhVnr9NuqUqleyTqPap2xCLNVC9jL5fPjfWmdKcgCaZ5hZQykuxEZKJBOh
fWfvgM3PjBKxwlKw1QbOsNGULIPZ+SeEOwDRiEIZlbRPqpenE48=
=XZJ8
-----END PGP SIGNATURE-----
Changelog:
M.Shirk (1):
- Updating hbsd-update-build to work with custom kernel configs.
Oliver Pinter (5):
- HBSD: fix broken pax_mprotect transitions
- Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
- HBSD: resolve merge conflict in kern_exec.c after 3fdefba1f9cc0ba6cc359c2b104ca68158297dfe
- HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
- HBSD: bump __HardenedBSD_version to 1000048 after KPI enforcement
Oliver Pinter + (34):
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (16):
- HBSD: Provide an option to not require binutils from pkg in hbsd-update-build
- HBSD: Report hash on version check
- HBSD: Bump copyright
- HBSD: Enforce the existence of the DNS record
- HBSD: Don't set TARGET/TARGET_ARCH when building obsolete files
- HBSD: Add option to keep temporary files
- HBSD: Bump dates
- HBSD: Add installation hook scripting
- HBSD: Bump copyright
- HBSD: Remove debugging code
- HBSD: Fix cross-build
- HBSD: Add option in hbsd-update to not apply kernel distset
- HBSD: Update passwd files with hbsd-update
- HBSD: Remove dead code
- HBSD: Fix hbsd-update-build
- HBSD: Provide better version detection
alc (7):
- MFC r314310 Refine the fix from r312954. Specifically, add a new PDE-only flag, PG_PROMOTED, that indicates whether lingering 4KB page mappings might need to be flushed on a PDE change that restricts or destroys a 2MB page mapping. This flag allows the pmap to avoid range invalidations that are both unnecessary and costly.
- MFC r281720 Eliminate an unused variable.
- MFC r281771 Eliminate an unused variable.
- MFC r319605 The variable "breakout" is used like a Boolean, so actually define it as one.
- MFC r320181 Eliminate an unused macro.
- MFC r320049 Pages that are passed to swap_pager_putpages() should already be fully dirty. Assert that they are fully dirty rather than redundantly calling vm_page_dirty() on them.
- MFC r319699 When allocating swap blocks, if the available number of free blocks in a subtree is already zero, then setting the "largest contiguous free block" hint for that subtree to anything other than zero makes no sense. (To be clear, assigning a value to the hint that is too large is not a correctness problem, only a pessimization.)
allanjude (1):
- MFC r320644: Add deprecation notices for all rcmd tools
asomers (3):
- MFC r318790, r319336
- MFC r319337:
- MFC r319900:
avg (2):
- MFC r320259: jedec_ts: read device id from the correct register
- MFC r308782: After some ZIL changes 6 years ago zil_slog_limit got partially broken due to zl_itx_list_sz not updated when async itx'es upgraded to sync. Actually because of other changes about that time zl_itx_list_sz is not really required to implement the functionality, so this patch removes some unneeded broken code and variables.
bdrewery (1):
- MFC r289861:
cy (1):
- MFC r320242, r320256:
davidcs (1):
- MFC r320175 Add pkts_cnt_oversized to stats.
delphij (4):
- MFC r320216: Fix use-after-free introduced in r300388.
- MFC r320494: Fix double free by reverting r300385 and r300624 which was false positive reported by cppcheck.
- MFC r320093: Check return value of seteuid() and bail out if we fail.
- MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.
emaste (1):
- MFC r317159: libstdc++: fix symbol version script for LLD
eugen (1):
- MFC r310888:
gjb (4):
- MFC r320488: Correct the branch naming convention in param.h. While here, consistently use upper-case 'X' to represent the version number.
- MFC r320599: Fix Vagrant image upload after recent API changes.
- MFC r320748: Allow passing NOPKG= to make(1) to enable the pkg-stage target from getting executed when NOPKG is defined but empty.
- MFC r300761, r300762: r300761: Disconnect the AZURE target from the CLOUDWARE list.
jhb (1):
- MFC 320675: Add deprecation notices for gdb and kgdb.
jilles (4):
- MFC r315005: sh: Fix executing wrong command with ${x#$(y)}$(z).
- MFC r318591: compress: Add basic tests.
- MFC r317912: sh: Fix INTOFF leak after a builtin with different locale settings.
- MFC r318592: compress: Allow uncompress -c with multiple pathnames, as required by POSIX.
ken (2):
- MFC r320123:
- MFC r320421:
kib (8):
- MFC r320201: Assert that the protection of a new map entry is a subset of the max protection.
- MFC r320202: Call pmap_copy() only for map entries which have the backing object instantiated.
- MFC r320308: Translate between abridged and full x87 tags for compat32 ptrace(PT_GETFPREGS).
- MFC r320316: Do not try to unmark MAP_ENTRY_IN_TRANSITION marked by other thread.
- MFC r320332: Style.
- MFC r320570: Correct signatures of several pthreads stubs.
- MFC r320619: Resolve confusion between different error code spaces.
- MFC r320658: When reporting undefined symbol, note the version, if specified.
marius (1):
- MFC: r320577, r320620
markj (1):
- MFC r320372: Fix a memory leak in ses_get_elm_devnames().
mckusick (1):
- MFC of 320176:
mjg (2):
- MFC r293295:
- Remove waiters check from the inline rw wunlock routine.
ngie (7):
- Fix up r319257
- MFC r319634:
- MFC r319637:
- MFC r319626:
- MFC r317179:
- Regenerate src.conf(5)
- MFC r317161:
pfg (2):
- MFC r320079: ext2fs: Enable RO huge_file feature support.
- MFC r320408: ext2fs: Support e2di_uid_high and e2di_gid_high.
rmacklem (3):
- MFC: r319882 Define NFS_MAXXDR as the upper bound on XDR overhead in an NFS RPC.
- MFC: r320062, r320070, r320126 This is a partial merge of only the NFS changes and not the maxbcachebuf tunable.
- MFC: r320208 Ensure that the credentials field of the NFSv4 client open structure is initialized.
sephe (2):
- MFC 320184
- MFC 320490