Stable release: HardenedBSD-stable 11-STABLE v1100054.1

HardenedBSD-11-STABLE-v1100054.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • fixed syslogd - restore host name handling in UDP case (1bbaa032d75dc1aab167b8a6cc5c9116c5e393bc)
  • fixed ARM64 control flow problem (1ea13dc104ea903a34741e363d910a1fb16f31f7) [FreeBSD-SA-Candidate]
  • fixed MAP_GUARRD issues (96cbc3d921794d684acf6e4fe465374bee33ed6c)
  • upgrade to Unicode 10.0.0 (909e9adcdcdc361054c0947ee969961afe431676)
  • ZFS fixes
  • (side note: the recent OpenSSL security issues (FreeBSD-SA-17:11.openssl) are already fixed in previous releases)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-bootonly.iso) = 83725667faf1aadb34f154934f8da4790b3fe8993e98dc852d149fee4529625bf5dec04ee04a59dd577cdaaa1b6b6a2378abad39933c9d9c87dd8354757210a2
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-disc1.iso) = 9b0e2243f7b46a395e6c62c7daf279683ad961985e9129ccc30654672d368ea54b8bc718f6a94d74b47dd6aca049146d5dda36a0a1530d7a62d11812cf75f8de
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-memstick.img) = cfe23f59d9969f3bbe958916a02ae830b7b65b506c4000edcf17ab513df0214c71c95700f1e27afa1f5290323bd5b9844bab1b817107ab6828b36b7a4d49cd8d
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-mini-memstick.img) = ddf2e9e6a9fe32d7b104184e14c0abb6261770e00ae1cad37f58a3c8a18dc5cd021fa9e160740387812171dd9ede6fdc6322035ddc70885e7eac15086bfade12

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlofe1QACgkQgZsRom/9
GI0lZhAA5evBJtIaEdpeYbtmlEUHJiXz+D94slp1CLKg2nzcZFU73e8FrkB8zbgA
qzfqq7v2SGzYHRSdI/f7iVDsXnsid9/t2PP9mn8OU0Sc1ZcgWwKNnaCcSf5lzNUz
yGNpuxFMy4OqYfO+CnIzihDYptEt/aFvgkrGYxPURjcM/veVcema9UFuT0lNjlhw
y3lvNouFrhF8k9vWLrZyW3J5Pe4MBTKFGm9thqm/p5fnHI0iCOsQIpLcWlxhMJHh
6GBUW+vszxLQGOxExrYxrIoY5FJyJN7zFwyh7jIhN/+OI9JOgMLPHFniOTpsJ/gm
N0QOTSzNBQ7AGNJBku4M6cEArfDujqwH61wbDOkVUqkG1gRu5AygSDy1nBwmUqSz
m5Of1iSMOl8qcKqjMkPlI+6CTFlcimb14jX6HMl4/WMvoe7dMLXEnfe6hl9/Tcqn
0ctJrNBck2k7vnYTc+4vwpdfnlmrvZqfFah2sOPPmFst9iJ4ahcAoxoRrS/beVn1
0f11GBDEf4BkkqIercR/XKUQmH+50apdypzjTcvLUspNIqlKekivUgDAo6r5hGOp
g1FnhkILpW1Wm6y0kLwt16y4ICculisa95mmbuKZ+gINDZo3hdtTyW+Kz3s+O71j
XrLAoqShGH+Ml/hZDJD7CbmrYbCmJjkTK3J3qSuq4dZJaYvQRyw=
=g8Bo
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (26):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


ae (1):

  • MFC r325960: Unconditionally enable support for O_IPSEC opcode.


andrew (1):

  • MFC r326137:


asomers (8):

  • MFC r322854, r323995, r324568, r324991
  • MFC r323275, r324112
  • MFC r324805:
  • MFC r324457:
  • MFC r324940:
  • MFC r325011, r325016
  • MFC r322258, r324941, r324956, r325018
  • MFC r325363:


avg (6):

  • MFC r325227,r325272: geom_slice: do not destroy softc until providers are gone
  • MFC r325606: MFV r325605: 8713 Buffer overflow in dsl_dataset_name()
  • MFC r325608: MFV r325607: 8607 zfs: variable set but not used
  • MFC r325228: vdev_geom_close: close errored consumer even if vdev_reopening is set
  • MFC r325035: MFV r325013,r325034: 640 number_to_scaled_string is duplicated in several commands
  • MFC r325610: MFV r325609: 7531 Assign correct flags to prefetched buffers


bapt (3):

  • MFC r325361:
  • MFC: 325359
  • MFC r325888:


bcr (1):

  • MFC r325441:


brooks (1):

  • MFC r326307:


delphij (3):

  • MFC r325383:
  • MFC r325532: Update arcmsr(4) to 1.40.00.01:
  • MFC r325755: Be more careful when doing calculation with request from userland.


emaste (6):

  • MFC r325683: vnic: apply BPF tap before passing packet to hardware
  • MFC r325444: ANSIfy sys/kern/md4c.c
  • MFC r325811: vnic: report that the driver supports multicast
  • MFC r325813 (bz): Unbreak IPv6.
  • MFC r325042: libdtrace: replace "DOODAD" with more descriptive string
  • MFC r326046: dt_modtext: return error on archs lacking an implementation


eugen (1):

  • MFC r325436: RTF_PINNED for an interface


gjb (6):

  • MFC r320252, r320686, r325769: r320252: In release/release.sh: - Rename chroot_arm_armv6_build_release() to chroot_arm_build_release() and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64). - Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can be used for arm/armv6 and arm64/aarch64. - Update comments and copyright.
  • MFC r325863: Only copy /etc/resolv.conf to ${CHROOTDIR} if /etc/resolv.conf does not already exist within ${CHROOTDIR}. This allows re-using a build chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR set to '/' in release.conf.
  • MFC r325950, r325953: r325950: Sort variables for consistency.
  • MFC r325373, r325861: r325373 (manu): release/arm: Do not install ubldr
  • MFC r326068: Remove /etc/resolv.conf from virtual machine images, which is copied from the build host. It is renamed to /etc/resolv.conf.bak on boot, so never used anyway.
  • Document SA-17:06 through SA-17:11 and EN-17:07 through EN:17-10.


glebius (2):

  • MFC r325558:
  • Revert r326103, as it appeared to be incorrect.


hselasky (4):

  • MFC r325533: Make the dma_alloc_coherent() function in the LinuxKPI NULL safe with regard to the "dev" argument.
  • MFC r325614: Multiple fixes for using IPv6 link-local addresses with RDMA in ibcore.
  • MFC r325615: Make sure the IPv6 scope ID gets zeroed when exchanging CMA messages in ibcore. Else the IPv6 address matching might fail. This change adds support for both embedded and non-embedded IPv6 scope IDs when passing a IPv6 link-local socket address to RDMA. Prior to this change only global IPv6 addresses would work with RDMA.
  • MFC r325616: Make sure sin_zero is zero in ibcore. Else socket address maching using bcmp() might fail.


jhb (4):

  • MFC 324993: Add a test for sending a signal while stepping a thread via PT_STEP.
  • MFC 325039: Rework pass through changes in r305485 to be safer.
  • MFC 319517: Add a cross-reference to sysdecode_socket_protocol(3).
  • MFC 319493,319509,319520,319595,319677,319679-319681,319688,319689, 319761-319768,320010,322899,322959,323020,323021,323151:


kib (3):

  • MFC r325758: Style bug.
  • MFC r325759: Do not leak PMC_PO_OWNS_LOGFILE on error.
  • MFC r326098: Return different error code for the guard page layout violation.


manu (1):

  • MFC r325517, r325554


markj (10):

  • MFC r324864, r324865: Cleanups for ctf.5.
  • MFC r325887: Avoid holding the process in uread() and uwrite().
  • MFC r325561: Allow various page daemon parameters to be set from loader.conf.
  • MFC r325528: Correct the type of foff.
  • MFC r319824 (by sevan), r320624, r326173: Fixups for the lockstat provider man page.
  • MFC r326055: Allow for fictitious physical pages in vm_page_scan_contig().
  • MFC r326060: Clean up the SYSINIT_FLAGS definitions for rwlock(9) and rmlock(9).
  • MFC r326061, r326063: DTrace test fixups.
  • MFC r326093: Use the right variable for the IP header parameter to tcp:::send.
  • MFC r326096: Annotate pragma/err.invalidlibdep.ksh as EXFAIL.


mav (2):

  • MFC r325552: s/NgSendMsgReply/NgSendReplyMsg/ in man to match the code.
  • MFC r325571: Add some PCI IDs found on AMD Epyc system.


pfg (1):

  • MFC r326028: iconv: Fix a pointer mismatch.


vangyzen (2):

  • MFC r325764
  • MFC r325766

Uploads: