Stable release: HardenedBSD-stable 10-STABLE v1000049

HardenedBSD-10-STABLE-v1000049 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • HBSD: Update DNSSEC root key 257 (d51b7839b2dcab876f28f411885396344f1dc360)
  • MFC r322677: pw usermod: handle empty secondary group lists (-G '') (9cbb330f2197dd7d1108f4ce49def97e3b3b22e0) [FreeBSD-SA-Candidate]
  • MFC r322678: pw useradd: Validate the user name before creating the entry (73846ec2976bad87e4e8059d5b0264b3b6827e02) [FreeBSD-SA-Candidate]
  • MFC: r321293 date: avoid crash on invalid time (d014d3453df98ac0a22f7a78147ae516fd5847f8) [FreeBSD-SA-Candidate]
  • MFC r323278: Fix an incorrectly used conditional causing buffer overflow. (cec050ba26dc8cd492c6c67a1ee9cc237129c281) [CVE-2017-1000249]
  • HBSD: constify pax_elf()'s mode parameter (a660c9522a293e4801c3c0ca0a6e2c714cf24350)
  • HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL (d4a5dab0a48488c2e2a4f2aeb8c6ff7bb517c989)
  • HBSD: API change, swap the first and second argument of pax_elf (2135308c19bae799fd30b8918c4f1911bd78e75d)
  • HBSD: update mirror list in bsdinstall
  • HBSD: print out the __{Hardened,Free}BSD_version and version at panic time (0a7d696ae6ef71ea624ac6879e2943945b81669b)
  • HBSD: improve logging - hide early hardenedbsd related boot messages under bootverbose
  • Upgrade OpenSSH to 7.3p1. (b3ef7b369b144d0f58083c3965742583f3ab7190) [FreeBSD-SA-Candidate]
  • HBSD MFC: r319365, r321670 Merge ACPICA 20170728.
  • HBSD: disable coredump helper for devctl (389bdb5b707bd9702d6086be918b4df59a9a4372)
  • HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-bootonly.iso) = 5c3c682db8a57124c2852ecbc3ccbeded6fac7534b04aac1b434035ffa64a6048b520f4d3ae4a76d06f1d2f994b74d40392a1b70e89d6abdcd9c1299a179dffe
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-disc1.iso) = 1434b67f2192f96ce01e5a3ff1880b0166fa9d75963d114d68eea03cd6e6985497419e7c4afd604d461c072b3bc119d0693b7b39b658e376a830c395ee00a35b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-memstick.img) = 3c727b04ea288bf985c85aef8f81de9d22bce99884f79f61496142a8de70d73ada0aaa9d0a5e987149caee5c7ec9c7b3b5368af5155cd96068528bd124a6bd4b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-mini-memstick.img) = b69249bacb713b976f3799f95b7737ddc48b62e96e92e1fc166fbb23f536a7401935060d506fd39c87c1a675e03d061472b6956be1a45c161602109fdd4be6ca
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-bootonly.iso) = 400d1967dbcfc01071bd9cd744bc6a49ef1b5f7553491311bcb39f7685605f37495ff6f9f31565203d7103cbfeea79e4f5ccd2d9e9e801a62e7b752d72ce2acf
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-disc1.iso) = b2cd9572970eda037ee149c09d172f6431bd236aec992cae895e8898e3ca007003265f2b98b93322a19331b0a4f1b5a481adfa6250e5f1165daf3e24098d53e6
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-memstick.img) = e053d87807fcfe574f6f41fbb22f01f2395a7273e5f0397136569753532d366b06bc30b3a020bec54ac59a62d1ec708ee10c10a1fb13de352b72cb10e2a2ff8b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-mini-memstick.img) = 0409c88284cc9d14f2c64978e713845c5a581ea5bbe77b424383becf39a9a05c0c3c92d29bd2bc7235035bbd35a16db9a677d8a9a01251eab097002f01c81b6f

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlm8eTcACgkQgZsRom/9
GI3qTA/+NrQJL2m4aelDXcOJbERPyXmTt/r6Lew2ZVKWo1BGG3ukkksIO4ixmfXH
tbbkQj+RDFfK8QmRHFUSz7kur7A/D79ia5CKXDUMoNAw2mMA8oiO5SgcPv3hShyV
a7miKcszaRL8brrFEzZ5ZU7YhJ/d50oEcbhU06fe07V4I1p0mSGfX0Xq144tE3vA
bFjFwZIu1EYQSpVPERtsl+7nB/F1FIHvbnpKakS04N2utuFzUmjfdMaS1/Is5kr0
VRGlboa7wx0SlWuWwHMRiFIzRYojaN6Vl+X+4clVE23q0vGfhHVmvxyGncench3P
5/jNjdkNXS5GSfdkbzFeDyZ54V7UIlf87AzxOS4d1yYgA/o7HUZjeFhD4EWLQOf1
0QX5hhMw7sa8zIO9IWLLulaerpI+AP1zFg/AFF+g2BF/szl7Bcf+LMwzfIVYSjaj
TszokJIrUahDDe3odhEVoQAqpn3nDHhzbDzo2FjWWmNUz3Mh1i9RyPTzCBcrf2M5
P23/ZFc41StAGSRUm1Cmla97OLWPR4MkwqtivM8VEug2nMYcsl+ZXMKMVlBd/5Bc
gfLNzpWCvEvQw8s9jCZAYMD4uAHSbYevOxEykOj+JJHNdGxqOadwWRQV/YJlPMC3
2/hHXFQ+nGeytsKDHRalGX35amvqymARtf9ZcynL757cThz1TPo=
=TWDw
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (16):

  • HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.
  • HBSD: comment this part of etc/devd.conf once more, just to be sure
  • HBSD: disable coredump helper for devctl
  • HBSD MFC: r319365, r321670
  • HBSD: fix typo in kern_sig.c - CTLFLAG_RO -> CTLFLAG_RD
  • HBSD: improve logging
  • HBSD: print out the __{Hardened,Free}BSD_version and version at panic time
  • HBSD: update mirror list in bsdinstall
  • Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
  • HBSD: resolve merge conflict in openssh's moduli after the update
  • HBSD: style a little bit the debug info at panic time
  • HBSD: API change, swap the first and second argument of pax_elf
  • HBSD: Bump __HardenedBSD_version after API change
  • HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL
  • HBSD: constify pax_elf()'s mode parameter
  • HBSD MFC r322802: Fix off-by-one error when parsing SRAT table.


Oliver Pinter + (21):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


Shawn Webb (1):

  • HBSD: Update DNSSEC root key 257


cy (2):

  • MFC r321806:
  • MFC r322073:


davidcs (4):

  • MFC r322331 Provide compile option to choose receive processing in either Ithread or Taskqueue Thread.
  • MFC r322408 Performance enhancements to reduce CPU utililization for large number of TCP connections (order of tens of thousands), with predominantly Transmits.
  • MFC 322771
  • MFC r322852 Fix qlnx_tso_check() so that every window of (ETH_TX_LSO_WINDOW_BDS_NUM - nbds_in_hdr) has atleast ETH_TX_LSO_WINDOW_MIN_LEN bytes


des (3):

  • Upgrade OpenSSH to 7.3p1.
  • Revert OpenSSH 7.3p1; something went wrong between testing and committing.
  • Upgrade OpenSSH to 7.3p1.


dim (1):

  • MFC r323001:


emaste (6):

  • MFC r323002: zfs: do not advertise unsupported hash algorithms
  • MFC r322678: pw useradd: Validate the user name before creating the entry
  • MFC r322677: pw usermod: handle empty secondary group lists (-G '')
  • MFC r322374: bsdinstall: record DHCP config after obtaining lease
  • MFC r320069: Add ZFS to Linux statfs ftype
  • MFC r323448: bsdinstall: Ignore error return from newaliases(1)


gjb (7):

  • MFC r322544: Always expand the full path to the configuration file specified with the '-c' flag. This fixes an issue where the configuration file would not properly be located intermittently.
  • MFC r322770, r322796:
  • Document r320312 and r321074, cancel-safe support in stdio(3) and syslog(3).
  • Document r320772, syslogd(8) logging retry after restarting unexpectedly.
  • Fix an indentation mistake that snuck in with r323590.
  • Document r316348, pw(8) respecting pw.conf(5). Document r322793, GEOM_JOURNAL flush_queue handling fixed.
  • Document r301772, Dummynet AQM imported to the base system.


gordon (1):

  • MFC r323278: Fix an incorrectly used conditional causing buffer overflow.


hselasky (1):

  • MFC r322810 and r322830: Add new mlx5ib(4) driver to the kernel source tree which supports Remote DMA over Converged Ethernet, RoCE, for the ConnectX-4 series of PCI express network cards.


ken (1):

  • MFC r322410: ------------------------------------------------------------------------ r322410 | ken | 2017-08-11 12:43:52 -0600 (Fri, 11 Aug 2017) | 16 lines


marius (10):

  • MFC: r322726
  • Update stable/10 to BETA2 in preparation for 10.4-BETA2 builds.
  • MFC: r308643, r312427, r312641, r322986
  • Update stable/10 to BETA3 in preparation for 10.4-BETA3 builds.
  • Fix a typo in the hard link creation for a WANDBOARD DTB file. Just like r322666 which introduced this bug, this is a direct commit to stable/10.
  • MFC: r321293
  • - Ever since the workaround for the silicon bug of TSO4 causing MAC hangs was committed in r295133 (MFCed to stable/10 in r295287), CSUM_TSO gets always disabled by em(4) on the first invocation of em_init_locked() as at that point no link is established, yet. In turn, this causes CSUM_TSO also to be off when em(4) is used as a parent device for vlan(4), i. e. besides IFCAP_TSO4, IFCAP_VLAN_HWTSO effectively doesn't work either.
  • Update stable/10 to BETA4 in preparation for 10.4-BETA4 builds.
  • MFC: r323382, MFV: r323381
  • - Reset stable/10 back to -PRERELEASE status now that releng/10.4 has been branched. - Update __FreeBSD_version to reflect the new -STABLE branch. - Switch the pkg(8) configuration for the default installation and the DVD image creation back to the latest set, i. e. revert r322737.


mckusick (3):

  • MFC of 269692, 322179, 322463, and 322464:
  • MFC of 276737, 322200, 322201, 322271, and 322297
  • Note change brought on by 322860 MFC.


oleg (1):

  • MFC r322628: Fix BSD label partition end sector calculation.


will (1):

  • MFC r278479,278494,278525,278545,278592,279237,280410:

Uploads: