HardenedBSD-11-STABLE-v1100056.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Highlights:
- HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes. (6840ef5d2739bb01a0dc7d192316bd18eb24967b)
- crypto/libressl: Security update to 2.6.5 (ace3164bc710f03d7978019792dedb0a236c52e0)
- MFC r336761 & r336781: Allow a EVFILT_TIMER kevent to be updated. (a1143bbcefc092238acc75578211f8938cddd8c8)
- MFC r337384: Address concerns about CPU usage while doing TCP reassembly. (db2e2eea0366604ed65e6f50824471e22035f343) [FreeBSD-SA-18:08.tcp CVE-2018-6922]
- MFC r336919, r336924: efirt: Add tunable to allow disabling EFI Runtime Services
- Libarchive update (3ff094362c83c79ca9d501ec9e52a11690e8beff) [CVE-2017-14503]
- HBSD MFC r313168: Fix VIMAGE-related bugs in TFO. (7a58c5a57aba467d77542a81e797330c3b4ec0bf)
- HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error (c4bda35c98a3d1f587b7d6235b8d23161922070e)
- MFC r336763: Add workarounds for several Ryzen erratas, on amd64. (b26157613a63f16d4822e421cd65ebf5524af67a)
- MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server. (88b6d0a280d23369b39c11398cacc17ff7f39da3)
- MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state. (e0245aeafd4d0ab7073f8d616840077f69e15a2a)
- MFC r336188: Improve bhyve exit(3) error code. (ff4bc3fee787254597b6a515f16495b20ed620c9)
- HBSD: Really bring hbsd-update current (630cab9f8eeee3907157f181c4c7a4d8183babff)
- mlx5 updates
- ofed updates
- arm64 updates
- msun updates
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-bootonly.iso) = 2f75e591853aa932b8a6576ff5499b530fbddd0974a19463cd88b269e9faed6021282204485240486608033b3e05d9ed65463849263785efe9a97b7cc0065a50
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-disc1.iso) = 25545b3ab97265b53984609886b5bd2941a4140a742d5285816bbb37720584a20e8d9f16fa001eb854aa27c498a6341af0e48848109aceafea0086ab451527bc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-memstick.img) = 3d6080deccb880b1e228636869598e0763cb40d4ec1a228d82b39f9a169cec1f5c846db3ccc2045e654ec8880c27c2e9be4b873c6201c5bae3060a6b923106fc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-mini-memstick.img) = cb49fa02e29d9aacf18d84e94bcdfe0d90f874903047dcb4bf06aae40ec54b0b4f68114a38d54599d04a0f972ffd1f60d9ddfbb2a06e5c3a2a4682cf59d934c1
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAltrW9gACgkQgZsRom/9
GI1MVRAA0xwNbOIVimbAyxqmkYuF1DhqgJmLT2Gr3pN9pg03LLpGH0f6rVCi/cKM
Sr1rY3O7eOSUvc6vhQroQT3B1APU2YCEv3VO3vY0oc9wcw1qpcogkHrsjlxUlMlD
B4PaiUtHCyHiYI5xfMKt+/kmwLUUOSapUhfv1A3HfpQOJrd7jCtBekhOjZJHbVAH
ZDJnsjio4P7aXxIm7LGxuk8EU+C8Sj+oqGZpSqsfjoaBvTvqDTSSII1z1HoLCHDx
Zmx2zSX5dhwLHvbs89sTfd2WU3898r0FRibMnKZFPsoLGzEzrMjQRxnY8IS328Gj
FPbcWGgjT0P/NdhKe+HXyhmrq/ZQLZJEqbSz5x528ZXboQvQA5JXeXqstnqNWQiv
OO9C9qtXD/uLgW76FYBiEElhS/G1bD5FrCzLfIzuBcrmx2Un+FNt/vrB3EjSlk8L
Zyhfa6tb+n3t44J1HYMSgzQ+7ulOrZrYkT2we3qN2p+JnzKBAWIpIXKz/g/r0dRw
K9tAyBCqEGXpNE521i24G26gurm7HqzamrvwphNW71ju3TEd9PZDqi++3Bm6aF3J
mADB7Tts8JBmD0fkp/8lyCiIlonmCVdQZ7cJMkVX6i+yLBvEG91fKq3c37zKuT2R
FMYnU4PIf/AdzNASWYBwVVJZ7dNkgSHUJyU1zXvkjuchvNA/tiw=
=eU3I
-----END PGP SIGNATURE-----
Changelog:
Bernard Spil (1):
- crypto/libressl: Security update to 2.6.5
Oliver Pinter (6):
- HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error
- HBSD MFC r330000: Fix harmless locking bug in tfp_fastopen_check_cookie().
- HBSD MFC r313168: Fix VIMAGE-related bugs in TFO.
- Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
- HBSD: resolve merge conflict in sys/amd64/amd64/pmap.c after 29d795aae8d763aa6c7d9825fcf50085b9e13c9b
- HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes.
Oliver Pinter + (26):
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (3):
- HBSD: Really bring hbsd-update current
- Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
- HBSD: Resolve merge conflict
araujo (1):
- MFC r336188:
asomers (4):
- MFC r332631:
- MFC r335899:
- MFC r336205:
- MFC r336319:
avg (4):
- MFC r334479: call AcpiLeaveSleepStatePrep after re-enabling interrupts
- MFC r334786: x86: reorganize code that deals with unexpected NMI-s
- MFC r335934: remove unneeded inclusion of sys/interrupt.h from several files
- MFC r336641: fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check
dab (2):
- MFC r336457:
- MFC r336761 & r336781:
delphij (2):
- MFC r336156:
- MFC r336236: Detect and handle invalid number of FATs.
dexuan (1):
- MFC: 336426
dim (1):
- MFC r327400 (by eadler):
eadler (2):
- MFC r335629:
- MFC r335631:
emaste (2):
- MFC r336664: lld: fix addends with partial linking
- MFC r335459: acpidump.8: include NFIT in the man page list of tables
gjb (4):
- Following r336726, explicitly invoke the 'obj' target when setting BOOTFILES. On stable/11, without this change, the .OBJDIR expands to /usr/src/stand instead /usr/obj/.
- As part of r336741, BOOTFILES needs special handling when cross building on stable/11, where the path should be:
- MFC r336721, r336750 [1]:
- Document SA-18:08.
hselasky (52):
- MFC r335669: Improve the userspace USB string reading function in LibUSB. Some USB devices does not allow a partial descriptor readout.
- MFC r335700: Improve the kernel's USB descriptor reading function. Some USB devices does not allow a partial descriptor readout.
- MFC r336632: Update modify counter when setting a mixer control.
- MFC r335094 and r335123: Revert r335094 and properly fix OFED build after r335053.
- MFC r336363: Process address resolve requests at least one time per second in ibcore.
- MFC r336364: Only update source address when resolving is successful in ibcore.
- MFC r336365: Add lock to multicast handlers in ibcore.
- MFC r336366: If the MGID/MLID pair is not on the list return an error in ibcore.
- MFC r336367: Add native FreeBSD support for multicast in ibcore.
- MFC r336368: Fix for RDMA loopback over VLAN in ibcore.
- MFC r336369: For multicast functions in ibcore, verify that LIDs are multicast LIDs.
- MFC r336370: Set RoCEv2 MGID according to spec in ibcore.
- MFC r336371: Set default GID type as RoCE when resolving RoCE route in ibcore.
- MFC r336372: Add support for prio-tagged traffic for RDMA in ibcore.
- MFC r336373: Ensure that CM_ID exists prior to access it in ibcore.
- MFC r336374: Avoid that ib_drain_qp() triggers an out-of-bounds stack access in ibcore.
- MFC r336375: Fix access to non-initialized CM_ID object in ibcore.
- MFC r336376: Fix NULL pointer dereference during device removal in ibcore.
- MFC r336377: Fix kernel panic while using XRC_TGT QP type in ibcore.
- MFC r336379: Check for a cm_id->device in all user calls that need it in ibcore.
- MFC r336380: Check AF family prior resolving address and introduce safer rdma_addr_size() variants in ibcore.
- MFC r336381: Fix kernel crash during fail to initialize device in ibcore.
- MFC r336382: Depend on IPv6 stack to resolve link local address for RoCEv2 in ibcore.
- MFC r336383: Check port number supplied by user verbs cmds in ibcore.
- MFC r336384: Fix for loopback detection in address resolve logic in ibcore.
- MFC r336385: Set IPv4 TOS and IPv6 traffic class field for RoCEv2 traffic in ibcore.
- MFC r336386: Honor port_num while resolving GID for IB link layer in ibcore.
- MFC r336387: Honor return status of ib_init_ah_from_mcmember() in ibcore.
- MFC r336388: Add support for RoCEv2 multicast in ibcore.
- MFC r336389: Add support for IPv6 multicast in ibcore.
- MFC r336391: Use __FBSDID() for RCS tags in ibcore.
- MFC r336964: Only NULL check the VNET pointer when VIMAGE is enabled in ibcore. Else a NULL VNET pointer should be ignored. This fixes address resolving when VIMAGE is disabled.
- MFC r336392: Implement support for Differentiated Service Code Point, DSCP, in mlx5en(4).
- MFC r336393: Use static device naming instead of dynamic one in mlx5ib.
- MFC r336394: Don't pass unsupported events to ibcore from mlx5ib.
- MFC r336395: Update version information for the mlx5ib module.
- MFC r336396: Remove redundant newline character in mlx5core.
- MFC r336397: Refactor access to CR-space into using VSC APIs in mlx5core.
- MFC r336398: Make sure the state variable is set atomically instead of using a mutex in mlx5core.
- MFC r336399: Remove redundant call to mlx5_vsc_find_cap() in mlx5core.
- MFC r336401: Correctly write atomic variable in mlx5en(4).
- MFC r336402: Do not hint about 'trust both' mode when the mlx5en(4) hardware does not support it.
- MFC r336403: Add context numbers for HW elements in mlx5en(4).
- MFC r336404: Enable both receive and transmit pauseframes by default in mlx5en(4).
- MFC r336407: Handle jumbo frames without requiring big clusters in mlx5en(4).
- MFC r336410: Add module parameter to limit number of MSIX EQ vectors in mlx5en(4).
- MFC r336411: Use a mbuf header instead of a mbuf cluster for debugging interrupts in mlx5en(4).
- MFC r336450: Do not inline transmit headers and use HW VLAN tagging if supported by mlx5en(4).
- MFC r336451: Update version information for the mlx5 and mlx5en(4) modules.
- MFC r336452: Add ability to parse sysfs paths under FreeBSD in libibumad.
- MFC r336453: Use unspecified address family when connecting as a client in libibverbs example utilities.
- MFC r337056: Don't refer to non-existing atomic functions, even though not compiled, in the LinuxKPI.
jhb (3):
- MFC 330823,332335: Cosmetic cleanups to some Linuxulator files.
- MFC 332782: Simplify the code to allocate stack for auxv, argv[], and environment vectors.
- MFC 333416: Report TRAP_BRKPT for breakpoint traps on sparc64.
jtl (2):
- MFC r337384:
- MFC r337390: Bump date after r337384.
kevans (6):
- MFC r307967,324082,325955: config(8) fixes
- MFC r335526: Let -s actually work.
- kenv MFC: r335998, r336019, r336026, r336036, r336217, r336335, r336337, r336415-r336416, r336419
- MFC r336973-r336975
- MFC r336152-r336154, r336157
- MFC r336919, r336924
kib (6):
- MFC r336498: When reporting an error, print the errno value.
- MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state.
- MFC r336763: Add workarounds for several Ryzen erratas, on amd64.
- MFC r336980: Provide compat32 shims for sched_rr_get_interval(2).
- Regen.
- MFC r336987: For compat32, emulate the same wraparound check as occurs on the real ILP32 system.
manu (2):
- MFC r336598-r336600, r336721
- MFC r336997:
markj (12):
- MFC r336460: Port r324665 and r325285 to arm64.
- MFC r336504, r336507: Provide the full module path to preload_delete_name().
- MFC r336556: Initialize the L3 page's wire count correctly after a L2 entry demotion.
- MFC r336591: Disable optimization of the libproc test program.
- MFC r336614: Add a regression test for PR 131876.
- Revert r335693, r335694, r335695 by eadler.
- MFC r336922: Remove a redundant check.
- MFC r336505, r336764 Have preload_delete_name() free pages backing preloaded data.
- MFC r337015: COMPAT_LINUX32 has not depended on COMPAT_43 in some time.
- Fix a mismerge in r337262.
- MFC r337323: Fix a flag collision introduced in r327451.
- MFC r336957: Add a regression test related to PR 131876.
mav (2):
- MFC r308296 (by scottl): asc/ascq 44/0 is typically a non-transient, permanent error (at least until the components are reset). Therefore retries are pointless. This is very visible in SATL systems, for example an LSI SAS controller and a SATA HDD/SSD.
- MFC r336590: Stop further SCSI recovery attempts after one has failed.
mm (1):
- MFH r336801,r336854:
np (1):
- cxgbe/iw_cxgbe: Do not call soaccept twice on the same socket.
pfg (1):
- MFC r336926: sed: unsign some indexes to fix sign-compare warnings.
rmacklem (5):
- MFC: r334492 Add the BindConnectiontoSession operation to the NFSv4.1 server.
- MFC: r334966 Add a couple of safety belt checks to the NFSv4.1 client related to sessions.
- MFC: r335866 Fix the server side krpc so that the kernel nfsd threads terminate.
- MFC: r336215 Ignore the cookie verifier for NFSv4.1 when the cookie is 0.
- MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server.
rpokala (1):
- MFC r336662,r336682
slavash (1):
- MFC r334318:
wulf (2):
- MFC r334555:
- MFC r336577: