Stable release: HardenedBSD-stable 11-STABLE v1100054.3

HardenedBSD-11-STABLE-v1100054.3 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Note: this was released on 2018-01-13

Highlights:

Make it possible to re-evaluate cpu_features. (a586b974f77aedb619baf0454435fa4016339161)
Fix a null-pointer dereference and a tautological check in cam_get_device (b55f0a5b31496ea10bd6e1163d13a1d8c26ca291)
Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it. (5fb1dbc1862d5ddd058d22fe18063e6c71aeb7bc)
Improve the performance of the hpet timer in bhyve guests by making the timer frequency a power of two. (d21bd84ba2d9e4eff99f7a4764ea400d2766f957)
fix memory disclosure in hpt* ioctls (8f534ab83139899084a80948e8e2926f2c988fec)
ACPICA 20171214. (7e248a6a42be630466c332f690b7379e34abfbf1)
crypto/libressl: Update to 2.6.4 (0dfcdb670cdbb43b3a1463c758456ab0f01689ca)
Update tcpdump to 4.9.2 (ed596e7fc294f704796e96377235d77adb7bee0e) [CVE-2017-lot-of-numbers-here]
hbsd-update updates
llvm/clang/lldb/libc++ 5.0.1
GELI updates
VM updates
VFS updates
lock primitive updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-bootonly.iso) = f14531adfa78667d69c6b3839f304e715bb5aa121d6fa307937e33e30c5f83ff57179a70a4e4fbaddf866f1d27123f6e3acd26b333f0977f62759f829d06b7e8 SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-disc1.iso) = 47499cc46e8c437740f99600b96a11cfaaffcb4425f26e9331dfd643cf0cb629c424095cd4993008a97adf65216f8f25522c620adb791470d664b6ae75c185d4 SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-memstick.img) = bf8d56c025c5c84714da7b6321086b2acbcb46ad46c548297ed9262bc8b3c75e62f913f7fb942796976a51ccaaf9caa04087522a782a34549a1f8501ac4f06c5 SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-mini-memstick.img) = f69002a55be3aa46d25edb75b973a3e12a6a602ce907f4a0e5cb6de756bb417ec37626565d2836a95e88a2051c70595a09863939b3965ebb8d12044b8fc8a191

CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlpayEAACgkQgZsRom/9
GI33/hAAyy3BvAutJ8uohh/sW3flyv1tng0L3rqG2fB/fenpjzMWgy0s9Il5NfRu
9X85FtIT51+h0fz1XopvaR8Cc9N6YrsA8P9Vi8xYAilZxPoTnaC4bzGG2QXwed6Q
7FgMTTHfHo9sQ0jUNBgu05P+fLuj/a/TFdZdCVejRjH784nTakUGIv13FGrQWAjB
67C47L4KHWXv7e5EeiCOoQNRxDG6sZ3m3RzI8vY+k3x4NkVrRMeHkjAGsDAnuY4A
wUz83pKKnj8cFN/uSqqcP/4h4YERfZlEGVfUzOedpfLvC6NIKxVgUdDpai8uz/O/
00fBc4JOlA2F8t/ubNXhPAySj+8Rkn/Wfjt9zaeJrrIiI1fH+88cbXSt8Vo6p/CV
HhkKawZgI/bTtNr4Ci73+lsShPo6UiOCWSQibyglzZnPP83cMMQfBrhUVHIPJW1r
bYiEkkSfIK4EGbzpd8asWUYmGzi4HUopEquu7I+e7OQ56DyK/PZ0u3NfP0Ub10Ab
6FprLcXED7sI62F4ZgVtqziqzVqkEcZCsUbi87V4kVVHueWhYOsi/gj8Wp8UOFG7
sduAEQ8wM6yaWZbyVllRi96II5ulsu/66Sh5HfvBmZF5ih6uvyJ9IwU+OS9uZq2I
aGxNOtnA+WLzsL7Hql9kGGXFuDoDanEOFWyedTN+24Tbwm2lBVA=
=mvEc
-----END PGP SIGNATURE-----

Changelog: Bernard Spil (1):

crypto/libressl: Update to 2.6.4

Oliver Pinter (3):

HBSD: bump copyright year
erge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: fix merge conflict in .gitignore file

Oliver Pinter + (59):

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (9):

HBSD: Update the release artifact directory in hbsd-update-build
HBSD: Sort the list of programs hbsd-update uses
HBSD: Ensure a clean /usr/src
HBSD: Support revoking key material in hbsd-update
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
HBSD: Fix typo in hbsd-update
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflicts

ae (5):

MFC r326510: Fix format string warning with enabled DEBUGGING.
MFC r326847: Fix mbuf leak when TCPMD5_OUTPUT() method returns error.
MFC r326898: Fix possible memory leak.
MFC r326876: Follow the RFC6980 and silently ignore following IPv6 NDP messages that had the IPv6 fragmentation header: o Neighbor Solicitation o Neighbor Advertisement o Router Solicitation o Router Advertisement o Redirect
MFC r327140: Fix rule number truncation, use uint16_t type to specify rulenum. Also sort variable declartions by size.

alc (1):

MFC r326982 Document the semantics of atomic_thread_fence operations.

asomers (23):

MFC r325959:
MFC r326032:
MFC r326036:
MFC r326039:
MFC r326041:
MFC r304443, r326034, r326065
MFC r326040:
MFC r326100:
MFC r326101:
MFC r326289:
MFC r326290:
MFC r326401:
MFC r326455:
MFC r326624:
MFC r326640:
MFC r326646:
MFC r326698:
MFC r326799:
MFC r326834, r326853
MFC r309373 (by bdrewery)
MFC r313962, r313972-r313973, r315230
MFC r315292
MFC r327862

bapt (1):

MFC r326769:

bryanv (3):

MFC r326744:
MFC r326480:
MFC r326654:

bz (1):

MFC r327435:

cperciva (2):

Add vfs.nfs.suppress_32bits_warning sysctl which reduces the frequency of 'fileid > 32bits' warnings from at most once per minute to at most once per day.
MFC r326565: Make EC2 instances use Amazon's NTP service for time synchronization.

cy (5):

MFC r324248:
MFC r326558, r326566:
MFC r327336:
MFC r327540:
MFC 327737:

delphij (11):

MFC r326244:
MFC r325723:
MFC r326361: Remove unused include.
MFC r326391: Prevent OOB access on corrupted msdos directories.
MFC r326562: Use strlcpy().
MFC r326560: Create links for xzdiff.
MFC r326561: Use strlcpy().
MFC r326185: Set errno to EFTYPE instead of EINVAL to be more consistent with the rest of code.
MFC r326791: Close the correct file descriptor.
MFC r327236:
MFC r327235:

dim (9):

MFC r326669:
MFC r326670:
MFC r326748:
MFC r326776:
MFC r326880:
MFC r324536 (by emaste):
MFC r326496:
MFC r327167:
MFC r327164:

eadler (6):

MFC r327183:
MFC r302480:
MFC r327420:
MFC r327396:
MFC r327398:
MFC r327578:

ed (1):

MFC r326228 and r326229:

emaste (7):

MFC r326547: lld: make -v behave similarly to GNU ld.bfd
MFC r326597: vnic: apply hardware L3 checksum only for IPv4
MFC r326030: Install strings unconditionally
MFC r317409 by glebius:
MFC r326613: Update tcpdump to 4.9.2
MFC r327497, r327498: fix memory disclosure in hpt* ioctls
MFC r327489: elfcopy: copy raw (untranslated) contents to binary output

eugen (3):

MFC r326655,326668: correct error handling for graid SINGLE/CONCAT/RAID5 volumes.
MFC r326738: pw(8): correct expiration period handling and command line overrides to preconfigured values for -e, -p and -w flags.
MFC r326872: fix expiration arithmetic after r326738 and MFC.

fsu (3):

MFC r326282, r326317: Remap ENOATTR to ENODATA in the linuxulator. In the linux ENOADATA is frequently #defined as ENOATTR. The change is required for an xattrs support implementation.
MFC r326808, r326824: Move buffer size checks outside of the vnode locks.
MFC r326807: Fix extattr getters in case of neither uio nor buffer was not passed to VOP_*.

ian (21):

MFC (conceptually) r326752, r326754:
MFC r319987, r324107-r324108
MFC r324169:
MFC r324185:
MFC r324413, r324415
Fix imx6 hdmi init after r323553.
MFC r325060:
MFC r325045, r325054-r325056, r325061, r325063, r325065
MFC r325108:
MFC r326750:
MFC r326924-r326925
MFC r327032:
MFC r327048-r327050
MFC r327367:
MFC r327439:
MFC r327226, r327356
MFC r327222:
MFC r327220-r327221
Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it.
Add description files for WITH/WITHOUT_LINT. These should have been part of r327837.
Fix fallout from applying a patch twice.

jilles (1):

MFC r327211: nandtool: Add missing mode for open() with O_CREAT

jkim (2):

MFC: r324501
MFC: r323076, r324502, r325670, r326866

karels (1):

MFC r326734:

kib (24):

MFC r326311: Fix index calculation for the page table pages for efirt 1:1 map.
MFC r326657: Fix livelock in ufsdirhash_create().
MFC r326851: In devfs_lookupx() dotdot lookup case, avoid dereferencing dvp->v_mount after dvp is unlocked.
MFC r326977: mlx5en: Avoid SFENCe on x86.
MFC r327118: Add missed AVX512VL (128 and 256 bit vector length) extension identification bit.
MFC r326971, r327047 (by ian), r327053 (by marius), r327074, r327097: Add atomic_load(9) and atomic_store(9) operations.
MFC r326973: Use atomic_load(9) to read ppsinfo sequence numbers.
MFC r327088: Update HISTORY section for the atomic(9) page.
MFC r327437: Remove MP SAFE marks and stray register name in comments.
MFC r327264i (by imp), r327283: Fix returns without cleanups.
MFC r327284: Style. Remove useless return.
MFC r327469: Add CR4.SMAP control bit.
MFC r327319: Clean up the comment.
MFC r327316: In vm_swapout_map_deactivate_pages(), it is enough to lock the map for read.
MFC r327285: Make kern_proc_vmmap_resident() externally accesible, and move the vmmap_skip_res_cnt control check inside it.
MFC r327286: Reuse kern_proc_vmmap_resident() for procfs_map resident count.
MFC r327354: Style.
MFC r327359: Do not lock vm map in swapout_procs().
MFC r327472: Avoid re-check of usermode condition.
MFC r327468: Do not let vm_daemon run unbounded.
MFC r327625: Document kern.smp.disabled tunable.
MFC r327517: Use the new SDM-approved way to serialize x2APIC MSR writes.
MFC r327730: Fix year.
MFC r327597: Make it possible to re-evaluate cpu_features.

manu (1):

MFC r312914, r322694

markj (23):

MFC r326629: Use unique wait messages in the page daemon control loop.
MFC r326732: Fix the act_scan_laundry_weight mechanism.
MFC r326731: Provide a sysctl to force synchronous initialization of inode blocks.
MFC r326438: Plug a name cache lock leak.
MFC r326796-r326798: Fix sc_writes tracking, and address a lost wakeup.
MFC r326813: MFV r326785: 8880 improve DTrace error checking
MFC r326409: Update gmirror metadata less frequently when synchronizing.
MFC r326410: Document gmirror sysctls.
MFC r326881, r326882: Minor cleanup.
MFC r326877: Skip gnop tests if the corresponding kernel module isn't available.
MFC r326878: Mark uctf/err.user64mode.ksh as EXFAIL for now.
MFC r326919: Unregister the ARC lowmem event handler earlier in arc_fini().
MFC r326935: Avoid CPU migration in dtrace_gethrtime() on x86.
MFC r326983: Avoid using bioq_* in gmirror.
MFC r326774, r326811: Pass the trap frame to fasttrap hooks.
MFC r326912: Fix a logic bug in makefs lazy inode initialization.
MFC r326861-r326863: Add some gmirror tests and fix indentation in existing tests.
MFC r322547: Add vm_page_alloc_after().
MFC r325530 (jeff), r325566 (kib), r325588 (kib): Replace many instances of VM_WAIT with blocking page allocation flags.
MFC r327168, r327213: Fix two problems with the page daemon control loop.
MFC r327525: Add missing newlines to a couple of error messages.
MFC r327698: Release the queue lock before restarting the worker loop.
MFC r324125 (andreast): Initialize mdsize to make gcc happy again.

mav (4):

MFC r326273: Make ctlstat -n option work reasonably for sparse LUN list.
MFC r326186: Slightly fix bidirectional stream number allocation.
MFC r326835: Reduce size of several on-stack string buffers.
MFC r327094: Add AHCI/XHCI device IDs found on AMD Ryzen+B350 system.

mjg (14):

MFC r321922: amd64: annotate the syscall return address check with __predict_false
MFC r323234,r323305,r323306,r324044:
MFC r324127:
MFC r324547:
MFC r323235,r323236,r324789,r324863:
MFC r323307,r323308,r323385,r324378,r325266,r325268,r325433,r325451,r325456, r325458:
MFC r325725:
MFC r320561,r323236,r324041,r324314,r324609,r324613,r324778,r324780,r324787, r324803,r324836,r325469,r325706,r325917,r325918,r325919,r325920,r325921, r325922,r325925,r325963,r326106,r326107,r326110,r326111,r326112,r326194, r326195,r326196,r326197,r326198,r326199,r326200,r326237:
MFC r324045:
MFC r327394,r327395:
MFC r324335,r327393,r327397,r327401,r327402:
MFC r324867,r324869:
MFC r325924:
MFC r324328:

pfg (4):

MFC r327295: Start syncing changes from OpenBSD's ip6_id.c instead of ip_id.c.
MFC r327329: dev/txp: Update if_txpreg.h to match OpenBSD's version.
MFC r327289: rpc.sprayd: Bring some changes from NetBSD.
MFC r327697, r327699:

rmacklem (1):

MFC: r326544 Avoid the overhead of acquiring a lock in nfsrv_checkgetattr() when there are no write delegations issued.

roberto (1):

In stable/11, support for including config. files is broken and only the last one is taken into account.

smh (1):

MFC r322812:

ume (1):

MFC r327029: Don't ignore trailing spaces after numerical IP addresses.

Uploads:

shortlog-HardenedBSD-11-STABLE-v1100054.3.txt

CHECKSUM.SHA512.txt

CHECKSUM.SHA512.asc_.txt

HardenedBSD

Stable release: HardenedBSD-stable 11-STABLE v1100054.3

Uploads:

Donate to HardenedBSD

2021 Donation Status

Links

Uploads:

Donate to HardenedBSD

2021 Donation Status

Search form

Links