HardenedBSD-11-STABLE-v1100054.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

• HBSD: Disable lint(1) by default (74db9a87ccbee248675ea534b4867ef7b45ae116)
• Update to OpenSSL 1.0.2n (a0b182dd517b681163e5a3b649fa9931c36ca3c4) [FreeBSD-SA-17:12.openssl CVE-2017-3737 CVE-2017-3738]
• MFC r326074: filter all passwords (not only changed) from periodic passwd backup (c789660d53a74dca1d0c0d2b0cc376418fe5f2d2)
• MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (9d9b278a90fa6d1c7818ba58274a8e0b40569651) [CVE-2014-8503]
• MFC r326136: bfd: avoid crash on corrupt binaries (e1ecb10d06b8c1a102ddba5501438ea64789a563) [CVE-2014-8501 CVE-2014-8502]
• evdev updates
• zfs updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-bootonly.iso) = adf64ccb3a60cedd9195d88c6bd7fb0a85fd428a5ee3dd4cb6bae935235b2a3100c99c9722efa43b760a35dc82ea25b637198cc3a17b8894ab56331dfcc62a04
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-disc1.iso) = 9ac8ff7bc605f5264d45e73d625c86b783b62011c7048cef7cf6ddaf51cbd3f94d4a661409967b6599eee7493b2138bb4b52a7ee66df956615b782723c8e8666
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-memstick.img) = 94d27f3d30159b0df25af543fb84327873ea5ef76df7e0f22a66160bce36688b00761e82c972356107aed30ed70b2f61a3ba892024b1777e335ddf88013a782b
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-mini-memstick.img) = 116a72cd219df1ed23d0fccff8be745f600982bae00681fbb35d3ef4994bd9bf091ae4c35114533127edcefdc05c9ff0c25061f7f51daa61b8edb6b03ec060db


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlot8jUACgkQgZsRom/9
GI3a4xAAvx17oUQHPzRZza/qVLuF0VTVy9TDzFTZ32UfpDoiII0MYIfPuvIMXvTR
k/RZa9PxB07oI8jldIW/uXW8UAkQlSmxVegXjemh63aKydMAudXrYM3imN1zV1zp
/f/m1MFiwA98TzwMUZx+nWVZBnuQeDtEKREOBZHV9jcwno3vhA5gn6Vp6RfzE2W7
/oISL3eu9/sShf2of9dRMKmZjKuY+K757ygcf8xk53C6UMdRV+zEopVBQqzPwonZ
n1QBn1mJv4HsvMXuzgRE630MLjfvgqiXflnaGYiNnk9yvOgBKr88fL3gJ1TmTthb
hW2hZFUBRDWfAPCyk5K3tm93LJBXrcl7wJ/xtWQMkKtdsRBKPWkac2UpkUjvtvdc
1Ul5hber1OrEV2JxZhYyTUlzSwjOKIRVZi/MlUdpdq17F2BQpUygbx510Qp05G3D
bDCscWh+qrat+YPbZORi2FQxxbIyUfXUJTKBQahkCtwqnyTIEYlxSwwICwZMFEAP
MdASUvhE5fvZ+RCYTCoC2QMnYtZmC7Z+QEAof5aqhenjawgdL9p4bYvJ+4q1pX1l
M6NqDcbTzyQD7nid84Uvy78eX7NcrmZI/Sk1docw5mlJ/8LBJtZLyJgH8wxPSVQ0
piB1d+GaKBIplXzPaAz91TJ3tBVrS9mPdu3i0poEvZK1PxgQKKk=
=4o8A
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (22):


• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (2):

• HBSD: Disable lint(1) by default
• HBSD: Regen src.conf.5

ae (2):

• MFC r326086: Add ipfw_add_protected_rule() function that creates rule with 65535 number in the reserved set 31. Use this function to create default rule.
• MFC r326422: Do better cleaning in key_destroy() for VIMAGE case.

asomers (5):

• MFC r325812:
• MFC r325817, r325827
• MFC r325857:
• MFC r325946:
• MFC r325947:

avg (3):

• MFC r326067: make illumos uiocopy use vn_io_fault_uiomove
• MFC r326070: zfs_write: fix problem with writes appearing to succeed when over quota
• MFC r326150: zdb: use a heap allocation instead of a huge array on stack

bapt (5):

• MFC r325851:
• MFC r326518, r326522
• MFC r326526:
• MFC r326527:
• MFC r326633:

cy (1):

• MFC r326343:

delphij (1):

• MFC r326052: Support SIGINFO.

dim (1):

• MFC r312450 (by emaste):

ed (1):

• MFC r326420:

emaste (6):

• MFC r326082: freebsd-update: do not duplicate patchlist entries
• MFC r326136: bfd: avoid crash on corrupt binaries
• MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file
• MFC r324703: loader.mk: clean md.o even if MD_IMAGE_SIZE not defined
• MFC r326074: filter all passwords (not only changed) from periodic passwd backup
• MFC r326094: Fix indentation in bsdinstall-created wpa_supplicant.conf

gjb (2):

• Correct a mismerge of r325861, committed as r326017, to fix the RPI2 SoC image build.
• MFC r326315, r326330, r326331, r326412:

hselasky (6):

• MFC r326392: Properly define the VLAN_XXX() function macros to avoid miscompilation when used inside "if" statements comparing with another value.
• MFC r326161: Implement atomic_fetchadd_64() for i386. This function is needed by the atomic64 header file in the LinuxKPI for i386.
• MFC r326058: Make sure all initialized mutexes are destroyed in the iser module, else WITNESS will panic. Prefix all mutex names with "iser_" to prevent future WITNESS issues.
• MFC r325897: Improve the library dependencies helper script in src/tools.
• MFC r326362: Disallow TUN and TAP character device IOCTLs to modify the network device type to any value. This can cause page faults and panics due to accessing uninitialized fields in the "struct ifnet" which are specific to the network device type.
• Add support for IPv6 based addresses as part of the TCP unify portspace feature in ibcore. This resolves an interopability issue when using both iWarp(T6) and RDMA(CX-4 and CX-5) devices at the same time.

jkim (2):

• MFC: r309361, r322710, r323286, r326378, r326383, r326407
• MFC: r326662

kib (3):

• MFC r326122: Kill all descendants of the reaper, even if they are descendants of a subordinate reaper. Also, mark reapers when listing pids.
• MFC r326424: Add comment for vm_map_find_min().
• MFC r326429: Destroy seltd st_mtx and st_wait in seltdfini().

kp (2):

• MFC r325850: pfctl: teach route-to to deal with interfaces with multiple addresses
• MFC r320696: Allow ipsec to run in vnet jails

marcel (1):

• MFC r324369 Fix alignment of 'last' in autofill.

markj (10):

• MFC r326234, r326235, r326284: vm_page_array initialization improvements.
• MFC r326132: Allow kern.geom.mirror.debug to be negative.
• MFC r326178: Don't redefine _KERNEL.
• MFC r326177: Fix the type signature for sx(9) DTrace subroutines.
• MFC r326175, r326176: Lockstat fixes for sx locks.
• MFC r302794, r306744, r307691, r307692, r316174, r316681, r316859, r316866, r316867, r316869: Various gmirror fixes and cleanups.
• MFC r326286: Don't use pcpu_find() to determine if a CPU ID is valid.
• MFC r326371: Verify the object/vnode association after vget() in vm_pageout_clean().
• MFC r326134: Duplicate helpers after disabling inherited tracepoints during a fork.
• MFC r325044: Fix a lock leak in g_mirror_destroy().

mav (1):

• MFC r326288: Fix integer overflow in SLOG test.

wulf (3):

• MFC r325294:
• MFC r325269:
• MFC r325295: