Stable release: HardenedBSD-stable 11-STABLE v1100056.5

HardenedBSD-11-STABLE-v1100056.5 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from (4bfdb79b43e74833a67eb9d7f2afcf632b136917) [FreeBSD-SA-18:12.elf CVE-2018-6924]
  • MFC r338126: MFV r338092: ntp 4.2.8p12. (900dde8260d39322fa4c1816fcc5978c204071d2) [CVE-2018-12327]
  • MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI. (d9d4e900945e90a783c711019255120ffc7a4163)
  • MFC r333063: Update ELF Tool Chain to r3614 (e90f3bfc9bb4deb6c5da699ebe5ad305ee6391e1)
  • MFC r337505, r337865, r337869: dd status=progress (8c00a8c01e99dcdb8ef723f02b90e98fb6f2444c)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-bootonly.iso) = 5b0deba102a2c9da3fe3fcc015c3217b95ad63a01d83a0c33a6934f805486f8f0482ef6e60d3f209c4a996bd309cccb404b84cc5ded2724589f95f12106a660c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-disc1.iso) = 5b37ba3d75559d8cf9745f9b9c1898f402636949159ef9dc0a40dec31a0d839bd68cd3ca73aa69eef7c2adbf7fe18a6ac6363000cf7930c34cc0b2964be0e29c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-memstick.img) = c8b90115ae6585da0288d6017b896d23bfbd68ea821d04585422cfce36edef61507f076264c03f7298fbc8104f79ebb42d68c3ac4d9542e8795d26ce0ddc8946
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-mini-memstick.img) = d76c735ff59bd2ebccdd13e353c2ccd2694aa056d1d656df16ae65dadd589ce26062184a18e2bfaba4acde7290c2aecd7ecbe6031dcd4f7c4b443ce0e1afbeec

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAluZ1ZUACgkQgZsRom/9
GI37txAAkyqAsGx0mCUsKu8JWnnhw3DG1n0KMRJ+aSvWYIGL+b0fN4kTivhBKSVs
Ln/FKfvymQ5jVLDSOXRbwI9hd/Kadm967Vp0/lI2wBZfsrJ6oPUMs0cfCzJ8ZE9/
i76lCY8icS1Wl/eTKA5dPwSZSuJcYVbxXhg4zK2pMssOfFTGhycHGd86Znvfe/LM
qlybRqG4uC70rWQc3IgqrgMa1/cvCMSmKb792l2Bfs2FmLoXatxYtkjsWtnMWDQL
TGTcv0fOL5NRSXRlJj4QP+4NNpKq3ThN3kW2svJZzqMZRG+QZsIm7kfIbmleXHWQ
54r26dj1C74oR1r8CAC2OyiDJaGx19a7FXM/gdg/9AuTyMO4kEX7DyJhRAxZBchi
hr/uF+uiKS1BTXQOd2/Xjb8bkPl1TRnCa7N+BZoEToHWIUHCeiHRMD5K85Kyvue8
OA3ruhtW9dDYcq8WVoWSaAJdZpWQZGM3iPfwNI2P5YgdRGBDg51dYgMq2ofDueCc
0XJkeU+ysp+tlYPmYhLIqhZR1vA4iLzlXPa+0srITQJWbkS0WC+0cZqPgtyyIGBp
lQc8VWu+ncCKluZzndgff6SBE8404YRjgt8VQvJZqE2P1gZMwN4oGLmLnnyQVdYu
Qj98k0AkvLD2t7//cAFP62HTazpMfodhOt9ny2F0Zw9UEnSbTKk=
=sBkB
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (2):

  • HBSD: update motd file
  • HBSD: add .tags to .gitignore


Oliver Pinter + (27):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Piotr Kubaj (2):

  • HBSD: Fix wpa build with LibreSSL 2.6
  • HBSD: Correct OPENSSL_VER in LibreSSL


ae (1):

  • MFC r337736: Restore ability to send ICMP and ICMPv6 redirects.


cy (1):

  • Avoid printing extraneous function names when searching man page database (apropos, man -k). This commit Replaces .SS with .SH, similar to the man page provided by original heimdal (as in port).


delphij (3):

  • MFC r336754: Improve --strip-trailing-cr handling.
  • MFC r337522:
  • MFC r338126: MFV r338092: ntp 4.2.8p12.


ed (1):

  • MFC r336086:


emaste (4):

  • MFC r337045: libelf: reload section headers after update with ELF_C_WRITE
  • MFC r333062: elf_common.h: add DT_SUNW_ASLR tag
  • MFC r336745: elf_common: update ARM ABI flag names
  • MFC r333063: Update ELF Tool Chain to r3614


eugen (3):

  • MFC r316615 by sevan: Remove the last vestiges of FDC_DEBUG & FD_DEBUG
  • MFC r316623: fix build after incomplete MFC r338544 by me.
  • MFC r338468: Fix "ipfw fwd" to work for incoming IPv4 packets when ip_tryforward() chooses fast forwarding path, as it already works for IPv6 and for both of them on old slow path.


gjb (1):

  • Fix the port name in the 2018-06-26 errata entry for 11.2-RELEASE.


gordon (1):

  • MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from disclosing memory.


hselasky (9):

  • MFC r338489: Maximum number of mbuf frags is off-by-one for worst case scenario in mlx5en(4).
  • MFC r338490: Don't stall transmit queue on drops in mlx5en(4).
  • MFC r338492: Add support for receive side scaling stride, RSSS, in mlx5en(4).
  • MFC r338493: Make the MSIX module parameter limit per device, in mlx5en(4).
  • MFC r338495: Add proper support for VIMAGE to krping.
  • MFC r338526: Implement get network interface by params function in ipoib.
  • MFC r338541: Introduce and use sgid_index in CM requests in ibcore.
  • Fix compile warning about missing prototype when WANT_FUNCTIONS is defined.
  • MFC r338491: ibcore: Fix endless loop in searching for matching VLAN device


jhb (3):

  • MFC 332906,332907,332976,333679,336053: Expand testing of breakpoints.
  • MFC 332909: Report proper signal codes for SIGTRAP traps on MIPS.
  • MFC 332908: Add two tests for TRAP_* signal codes for SIGTRAP.


kevans (1):

  • MFC r337505, r337865, r337869: dd status=progress


kib (15):

  • MFC r337714: Prevent some parallel swap-ins, rate-limit swapper swap-ins.
  • MFC r337983, r338044: Add pthread_get_name_np(3).
  • MFC r338312: Unify amd64 and i386 vmspace0 pmap activation.
  • MFC r338313: Remove dead code in i386 cpu_throw().
  • MFC r338024: Rudimentary AER reading code for ddb(4).
  • MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI.
  • MFC r338357: Fix compat32 ftruncate cap mode.
  • Regen.
  • MFC r324856: Don't call realpath(3) from libmap rtld code.
  • MFC r338428: Style cleanup.
  • MFC r338370: Remove {max/min}_offset() macros, use vm_map_{max/min}() inlines.
  • MFC r338459: amd64: For non-PTI mode, do not initialize PCPU kcr3 to KPML4phys.
  • MFC r338433: Normalize use of semicolon with EFI_TIME_LOCK macros.
  • MFC r338435: Improve error messages from clock_if.m method failures.
  • MFC r334856, r338434: Don't bother looking for non-executable pages when a process is excluded from PTI.


kp (2):

  • MFC r338183, r338183:
  • MFC r338406:


lidl (1):

  • MFC r338201: increase heap size during "loader" on sparc64


marius (2):

  • MFC: r338304
  • MFC: r338261


markj (12):

  • MFC r338142: Set arc_kmem_cache_reap_retry_ms to 0 and make it configurable.
  • MFC r333280: Style.
  • MFC r332968: Add a UMA zone flag to disable the use of buckets.
  • MFC r337926: Add partial documentation for dtrace(1)'s -x configuration options.
  • MFC r338365: Add a sysctl for the ZFS abd_scatter_enabled setting.
  • MFC r338350: Add missing endpwent() and endgrent() calls to nfsuserd(8).
  • MFC r338416: Re-compute the ARC size before computing the MFU target.
  • MFC r338375: sed: Fix -i option behavior with 'q' command.
  • MFC r337974: Add INVARIANTS-only fences around lockless vnode refcount updates.
  • Revert an unintentional change from r338462.
  • MFC r337423: Improve handling of control message truncation.
  • MFC r337329: Fix the regression test for PR 181741.


mav (2):

  • MFC r338105: Remove extra M_ZERO from NG_MKRESPONSE() argument.
  • MFV r338288: Unblock speculative prefetcher also on pool creation.


oshogbo (2):

  • MFC r337965: capsicum: allow the setproctitle(3) function in capability mode
  • MFC r314000:


philip (2):

  • MFC r319508: Fix a memory leak with last free memory allocated to 'buf'
  • MFC r338353: Add libxo(3) support to lastlogin(8).


sobomax (1):

  • MFC r312296 and r323254, which is new a socket option SO_TS_CLOCK to pick from several different clock sources to return timestamps when SO_TIMESTAMP is enabled and two new nanosecond-precision timestamp types. This also fixes recvmsg32() system call to properly down-convert layout of the 64-bit structures to match what 32-bit app(s) expect.

Uploads: