Stable release: HardenedBSD-stable 11-STABLE v1100056.4

HardenedBSD-11-STABLE-v1100056.4 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64. (ebd8a26815cca310cec2634d2c159f5c03367f36)
MFC r337615: Fix a really subtle miscompile due to a somewhat glaring bug in EFLAGS copy lowering. (24eeeec9837c397f3dcdd8d7f6e68d2eb8114852)
MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7. (121df03ce024a9e8f52afc369903523b8607fc4d)
MFC r337969: pf: Limit the maximum number of fragments per packet (340f9f0f5ef86c2de708a6a82f7dc94b37ceca5b) [CVE-2018-5391]
HBSD: hook in hbsdcontrol into build (09a80cfc44e479cae28e5bd4a7f3970222507271)
HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol (1326740583ee131c05b459c5085d686c558311bd)
MFH r337745: Sync libarchive with vendor.. (02f8199a18902245444f96f92bed334497db0b0d) [CVE-2017-14501]
MFC: r337791 Merge OpenSSL 1.0.2p. (04b30e35ca24b7e1150eba96db7fba2bf700cfaf) [CVE-2018-0732 CVE-2018-0737]
MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data (89cd8f5e63ae09cb29e9f67a407235435f791104) [CVE-2018-14526 FreeBSD-SA-18:11.hostapd]
MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531 Update wpa 2.5 --> 2.6. (2c0c29a3880db47098b28cff7a47fe20486cbab2)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-bootonly.iso) = c39f7dc83fa405852bdf0d67ddd9767248d51089d267a7c63033d7bb10a525341f1406ac1856d32d9004fa271ae70c94bf2726fd40de57f55a2bc14d757668cc SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-disc1.iso) = 0ad47e752f7e309d6651b249429022f5e9970c169162af4f20fe1aff99f07be533f5a18e453ea2dbfb513e256fb37cf009ba0d09fb7e7f58ed6a36a245400c90 SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-memstick.img) = 3f1723169babd884f960328165e32aff9e8fe5eabafcbb8c67e6cf317fae19ce3740e54dd80ccbef9ba0ba14087aabc85745b5e707a9dce30a6278357723916d SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-mini-memstick.img) = 763803d0d996b381a15eb54491684269ee09407366b75fa68d82cb8e1e3f10dd5b9b2ea6908be237c7cbd364f980eab8b40c5694fe46ebb87c7190b5a6972d7d

CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAluDUNgACgkQgZsRom/9
GI3xJxAAndi77pvbsXre+A0/LQ6B9rFd6ZUHj/Jk2yWZGF/A7Yr5VVEgBNzuff9y
3iU/Ma9SGBG5jTSo/LxIvZhw/cibp1U87+8Kisf9iGqbgXNKWlZNHeK9uzH+g2Zp
lNVxuLGFSeBULm3PijOBsMRTlxmT7Y9i54wNGB3pmLB1b8tXCasMaw8ivbjlW0B8
mjNml9XNrSxPl+nO8u3dfRGAa55PGdwe9mN7fKFB9DAyjG4S68UDhax8/p3Q8WNE
I4FlPNsRujc+M+qSupl5j4xxbBuwsLz93chC6e8DBBD604Pllk5o0C41XJ07yEQE
QxQSpXwvKwztf5IkooP8OTPKkdmuM2W0KWuwWp+/Y4zhQDG5SseBy12xvSFMKB/z
d5vw9FwTg0N0PD5ZYW0mHagWWeyyT+HVSQdxt8GK5iAnyIRe7bP0UjDjyBVMgqHp
d6BFYPi6Qg4hjD6bZCyqLo4oDjsEQrdr6d1ijk+8LyMdQtnHPjRn5c7avqqkQFrc
99jtK2Y/zZuXj4D1OmGvpz0+btaQ6suJHc2rWqRcID02U/gwnD3zoTF5I852KpAv
H1rnK60C0BdFEAwEjcwZKq28mtTIsfsKBRTeuTUZIk8ij2xx7y8+9e8n25kYJbOS
dSg1WSgfLYttR6Cqv66a9NXWC1IaF5RXlVN4BCB/9L9yKpj9CK4=
=j6H/
-----END PGP SIGNATURE-----

Changelog: Oliver Pinter (7):

Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol
HBSD: hook in libhbsdcontrol
HBSD: hook in hbsdcontrol into build
HBSD: remove ZFS leftovers when WITHOUT_ZFS is set
HBSD: remove hyper-v leftovers when WITHOUT_HYPERV is set
HBSD: and one more round of ZFS leftovers

Oliver Pinter + (27):

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Piotr Kubaj (2):

HBSD: fix wpa_supplicant builds with LibreSSL
HBSD: And missing bracket to wpa_supplicant's tls_openssl.c

Shawn Webb (3):

HBSD: Partially resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict

ae (2):

MFC r337469: Use host byte order when comparing mss values.
MFC r337536: If -q flag is specified, do not complain when we are trying to delete nonexistent NAT instance or nonexistent rule.

avatar (1):

MFC r338038: Extending the delay cycles to give the codec more time to pump ADC data across the AC-link.

brooks (1):

MFC r337727:

cperciva (1):

MFC r336420,336433,336593,336621,336622,336624,337394,337401,338141

cy (6):

MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531
MFC r337558, r337560
MFC r337410:
MFC r338045:
MFC r338046:
MFC r338047:

delphij (1):

MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data

dim (2):

MFC r337322:
MFC r337615:

eadler (1):

MFC r333919, r333922, r333944, r337442:

emaste (1):

MFC r337569: readelf: display NT_GNU_PROPERTY_TYPE_0 note name

eugen (2):

MFC r336461: bge(4): disable MSI for BGE_ASICREV_BCM5784/BGE_CHIPREV_5784_AX found in some MacBook Pro.
MFC 338013: bsnmpd(8): fix and optimize interface description processing

gjb (3):

MFC r337717, r337718:
Document SA-18:09 through SA-18:11.
Fix the BEAGLEBONE image build on stable/11.

hselasky (6):

MFC r337529: Implement missing atomic_fcmpset_XXX() support for i386.
MFC r337232: Implement ktime_add_ms() and ktime_before() in the LinuxKPI.
MFC r337373: Define __poll_t type in the LinuxKPI.
MFC r337374: Implement atomic_long_cmpxchg() function in the LinuxKPI.
MFC r337376: Implement current_work() function in the LinuxKPI.
MFC r337527: Use atomic_fcmpset_XXX() instead of atomic_cmpset_XXX() when possible in the LinuxKPI.

jamie (3):

MFC r331332:
Load filesystem modules associated with allow.mount permissions.
MFC r337867:

jkim (1):

MFC: r337791

kevans (18):

ubldr: Bump heap size, 1MB -> 2MB
MFC r337520: Fix WITHOUT_LOADER_GELI (gptboot) and isoboot in general
MFC r337504: apply(1): Fix magic number substitution with a magic space
MFC r337506: ls(1): Enable colors with COLORTERM is set in the environment
Revert r337826: MFC of ls(1) COLORTERM honoring
MFC r337559: Makefile.inc1: Add libl to -legacy as well
MFC r335785, r335812
MFC r336184: net80211: Fix ifdetach w/o ifattach, small whitespace cleanup
MFC r337570-r337573
MFC r337665: krb5-config build: Remove gratuitous escaping
MFC r337523: libsa: exit on EOF in ngets
MFC r337524: libi386: Fix typo in pxe.h
MFC r337666: getopt_long(3): Document behavior, optstring leading characters
MFC r337696: Use INCS for non-sys/ libnvpair and libzfs_core includes
MFC boot tagging support: r337518, r337544-r337546, r337548, r337579-r337580, r337952
MFC r338120: config(8): Allow escape-quoted empty strings
MFC r338020: res_find: Fix fallback logic
MFC r337906: Document KERNCONFDIR

kib (9):

MFC r337770: Fix typo.
MFC r337330: Swap in WKILLED processes.
MFC r336570: Enable OFED build (without extras) by default. For stable/11, this is only done on amd64.
MFC r338048: Use tab for indent.
MFC r338049: Clarify that memset_s(3) requires __STDC_WANT_LIB_EXT1__ for visibility. Fix typos and other nits.
MFC r338051: Provide set_constraint_handler_s(3) man page.
MFC r338016: Print L1D FLUSH feature.
MFC r337981: Reorder alphabetically.
MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64.

kp (2):

MFC r337643:
MFC r337969:

loos (6):

MFC r312953:
MFC r313911:
MFC r317800:
MFC r321649:
MFC r312770 and r337854:
MFC r321316, r337860:

markj (3):

MFC r337328: Don't check rcv sockbuf limits when sending on a unix stream socket.
MFC r337230: Verify that each frame pointer lies within the thread's kstack.
MFC r337500: Use the right variable when updating interface routes.

mm (1):

MFH r337745: Sync libarchive with vendor..

pfg (4):

MFC r337458, r337618: Fix printf(1) ignores width and precision in %b format.
MFC r337422: libc: fix cases of undefined behavior.
MFC r337456: msdosfs: fixes for Undefined Behavior.
MFC r337728: (committed by jilles) printf: Add test for width and precision in %b format

rmacklem (2):

MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7.
MFC: r337438 Allow newnfs_request() to retry all callback RPCs with an NFSERR_DELAY reply.