HardenedBSD-11-STABLE-v1100055.5 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Highlights:
- MFC r333321,r333707: x86 cpususpend_handler: call wbinvd after setting suspend state bits (84c8399a4cb4fb3e5f4c52c6791696098c94fe02)
- Set stable/11 from -PRERELEASE back to -STABLE. (745cc87c07b5ba623d4628dcddfccd2e605a2c99)
- MFC r335171: Handle the race between fork/vm_object_split() and faults. (0556a47cc533046623b230de57af8e395f703425)
- MFC r332994 (by tychon): Handle potential alignment adjustment of the exception frame by hardware. (6c5aa909303a2fc05289f82bf35b95e1fa770c78)
- MFC r334876: pf: Fix deadlock with route-to (a0ce5787a02b7b00f6c2b509f5641b3fa078652e)
- MFC r335131 Remove printf() in #NM handler. (2df766da5ab1577d0f8f348da0ce0dd7d1ad4f12) [CVE-2018-3665]
- LinuxKPI updates
- sysrc updates
- nvme updates
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-bootonly.iso) = a4c4d44d2e6f8c9c17682035a0889b3185f8655cc37c23cdbe9b3fc74660585cd528c87ff71abf45d1f622b4eeceeeb99b5b8bbb95a72dd56062d21edf0ecebc
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-disc1.iso) = e802080c1931d009cffe11e5ed7a162a7ad1dc1e8f644d7fe395b8a90d95f18d157b7d3cc5e5e0a0d3a54460202974233bce4c1d93376330822a81b5446b212e
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-memstick.img) = b87544414fc178df8dff82a110fda18dfe810be0d0c395ffd19b669c0210a7c6f952d0da2b843c915dc43d6fb3e8859c79d658fd1b12ad45c288d87f4064a202
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-mini-memstick.img) = 772dc30b5c8156012f0309fc092b6557a27eca3ff1356f7aa9c9f3b1b6a141d72579a409bb17e5d93f69ad85cd2b73ff186f8b16392534bce5901f3a23f6346d
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlstoZQACgkQgZsRom/9
GI1F9RAA2cZgO7LJohMFMQd53+X1Lgb/RebZotSc1xV9+AFo+2Mg4QLUz4VY82pj
lt2PRGbHsjXeNOI3eCIHJlUGlwdKV+ym1MXd61WwpJm7bCAfwF1GNgUQutrufsMK
rcEOKVDXBieXyAss59cR3GXbLn2sJDn2F1ZW0omNCY8vaZzdFaKyew0lxhklAgv5
YG/lWzC2n7sdlgtipeUbo3em1TiCjcMQcrOfJqRHQ1P1deAm9Pbc04USuIYxEhiK
KXhquEM3VsKXglDM0+EsLUy/TLjsy5cJrSta7kKAOP3heaFAu6YBYPcwDi51yyQA
rDCn52vwOtuW+xggB+NogvNrSEH60UtD0jN0TAmOVQlWO40D6jh+8Aag+CgidoMO
HIg1Cv5aC70t0kjqj8Ru0nhaM2NYgpA5IR1ci3WHQtweHy1hyEqHvEp8F2DXQWIL
x7jCO9JHV0wZwaXe8PMlLs3ippaKKpUpeu/zga14TiKtUu42ZZ4XXB5OS6RQVJ/2
mqH2sh7CwoqDKtZSQDR+E3NZq2yWGnXJcAQkYCW72XzfV3qeWxWn3cgFXBt7fdjh
FuLCbReTyaiFixbyJGnFihN/42j3qaRsIh2SZQMW1HVDTo0JjuBayRSUicSUWzdQ
Jor6S6cU5Pi9gSn1rV9HxPUu3ujU00MOHxk3BVcRL1HTZnggaDY=
=3a89
-----END PGP SIGNATURE-----
Changelog:
Oliver Pinter + (17):
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (1):
- MFC r335133: In m_megapullup() use m_getjcl() to allocate 9k or 16k mbuf when requested.
avg (10):
- MFC r333209: hpet: use macros instead of magic values for the timer mode
- MFC r332816: call racct_proc_ucred_changed() under the proc lock
- MFC r333212: amdsbwd: add suspend and resume methods
- MFC r333243: opensolaris system_taskq does not need to run at maximum priority
- MFC r333269: amdsbwd: fix reboot status reporting
- MFC r334785: expand descriptions of x86 panic_on_nmi and kdb_on_nmi sysctls
- MFC r333630: Fix 'zpool create -t '
- MFC r332918, r333222: go deeper for ACPI suspend bounce test
- MFC r333321,r333707: x86 cpususpend_handler: call wbinvd after setting suspend state bits
- MFC r333667: followup to r332730/r332752: set kdb_why to "trap" for fatal traps
bdrewery (3):
- MFC r330702:
- MFC r334791,r334811:
- MFC r325560:
cy (1):
- MFC r333895, r334022
dim (7):
- MFC r334946:
- MFC r334948:
- MFC r334945:
- MFC r334947:
- MFC r335034:
- MFC r335296:
- MFC r335297:
dteske (8):
- MFC r335277:
- dpv(3): MFC r330943, r335264
- MFC r330878-r330879, r330939, r330948: Man-page updates
- MFC r334303: sysrc(8): Test variable names for invalid characters
- MFC r330886: Install files added in SVN's r295373, r295457, r295542
- MFC r335280-r335281, r335302: sysrc.subr updates
- MFC r335308: bsdconfig: Fix a bug when editing users
- MFC r335306: bsdconfig: Make examples optional
eadler (1):
- MFC r334472:
ed (1):
- MFC r335314:
emaste (5):
- MFC r334363: elfdump: chase ABI tag note name change from r232832
- MFC r335221: Add deprecation notice in asf.8
- MFC r335214: Correct kern.pre.mk comment: objcopy copies objects.
- MFC r335209: elf.5: add readelf cross-reference
- MFC r335213: ldd: reference readelf instead of objdump in warning message
gjb (6):
- Document EN-18:07, SA-18:07.
- Add xml:id attributes for future diff reduction.
- Update version entities in release.ent.
- Synchronize the stable/11 errata page with releng/11.2 in preparation for creating the 11.2-RELEASE errata.html page.
- Prune SAs and ENs from 11.1-RELEASE in preparation for creating the 11.2-RELEASE errata page.
- Set stable/11 from -PRERELEASE back to -STABLE.
hselasky (27):
- MFC r334993: Implement the ip_eth_mc_map() function in the LinuxKPI.
- MFC r334481: Add more GFP macro definitions in the LinuxKPI.
- MFC r334482: Improve high resolution timer support in the LinuxKPI.
- MFC r334483: Implement radix_tree_iter_delete() in the LinuxKPI.
- MFC r334484: Implement the __sg_alloc_table_from_pages() function based on the existing sg_alloc_table_from_pages() function in the LinuxKPI.
- MFC r334658: Implement timer_setup() and from_timer() function macros in the LinuxKPI.
- MFC r334659: Implement mul_u32_u32() function in the LinuxKPI.
- MFC r334660: Add "access" function pointer to the "vm_operations_struct" structure in the LinuxKPI. While at it document when to use the "virtual_address" or the "address" field in the "vm_fault" structure.
- MFC r334661: Implement the task_pid_vnr() function macro in the LinuxKPI.
- MFC r334663: Implement the INIT_DELAYED_WORK_ONSTACK() function macro in the LinuxKPI.
- MFC r334664: Declare and set the global "system_highpri_wq" workqueue structure pointer in the LinuxKPI.
- MFC r334710: Implement the rdmsrl_safe() function macro in the LinuxKPI.
- MFC r334711: Implement the ktime_compare() and ktime_after() functions in the LinuxKPI.
- MFC r334712 and r334718: Implement the atomic_dec_if_positive() function in the LinuxKPI.
- MFC r334713: Implement the init_wait_entry() function macro in the LinuxKPI.
- MFC r334714: Rename two structure field members while keeping backwards compatibility in the LinuxKPI. Add a comment saying in which Linux version this change was made.
- MFC r334715: Implement the might_sleep_if() function macro in the LinuxKPI.
- MFC r334717: Implement the __add_wait_queue_entry_tail() function in the LinuxKPI.
- MFC r334720: Make some list functions RCU safe in the LinuxKPI. While at it rename hlist_add_after() into hlist_add_behind().
- MFC r334774: Implement the dev_pm_set_driver_flags() function macro in the LinuxKPI.
- MFC r334777: Wrap timespec64 into timespec in the LinuxKPI.
- MFC r334778: Define ARCH_KMALLOC_MINALIGN in the LinuxKPI.
- MFC r334953: Implement the user_access_begin(), user_access_end(), usafe_get_user() and unsafe_put_user() function macros in the LinuxKPI.
- MFC r334958: Implement the kstrtobool() and kstrtobool_from_user() functions in the LinuxKPI.
- MFC r334662: Define the __kernel_size_t type in the LinuxKPI.
- MFC r334775: Move the EXPORT_SYMBOL_XXX() function macros into own header file.
- Bump the __FreeBSD_version after recent LinuxKPI updates to force recompilation of external kernel modules.
kib (5):
- MFC r335089: Enable eager FPU context switch on i386. CVE: CVE-2018-3665
- MFC r332994 (by tychon): Handle potential alignment adjustment of the exception frame by hardware.
- MFC r335135: linuxolator/amd64: Don't mangle %r10 on return from syscall for EJUSTRETURN.
- MFC r335171: Handle the race between fork/vm_object_split() and faults.
- MFC r335199: linprocfs: add TracerPid to /proc/pid/status.
kp (1):
- MFC r334876:
markj (1):
- MFC r334506: Avoid completing I/O when dumping core after a panic.
mav (12):
- MFC r311350 (by rpokala): Fix whitespace in handling of XPT_PATH_INQ in adw(4).
- MFC r311351 (by rpokala): In the same vein as r311350, fix whitespace in handling of XPT_PATH_INQ in several more drivers.
- MFC r313954 (by imp): Remove obsolete comment after prior rev.
- MFC r328089 (by imp): Move setting of CAM_SIM_QUEUED to before we actually submit it to the hardware. Setting it after is racy, and we can lose the race on a heavily loaded system.
- MFC r330953 (by imp): Don't make the namespace devices eternal.
- MFC r330954, r330955 (by imp): When tearing down a queue pair, also delete the queue entries.
- MFC r331046 (by imp): Try polling the qpairs on timeout.
- MFC r332897 (by imp), r333123: Migrate to make_dev_s interface to populate /dev/nvmeX entries
- MFC r333127: Fix use-after-free in nvme_qpair_destroy().
- MFC r333130: Improve nvme(4) attach/detach sequences.
- MFC r333180: Fix LOR between controller and queue locks.
- MFC r325794, r325838 (by imp): Provide link speed data in XPT_GET_TRAN_SETTINGS. Provide full version information for that and XPT_PATH_INQ. Provide macros to encode/decode major/minor versions. Read the link speed and lane count to compute the base_transfer_speed for XPT_PATH_INQ.