Stable release: HardenedBSD-stable 11-STABLE v1100056.6

HardenedBSD-11-STABLE-v1100056.6 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning:
since this version, the SMT (Hyper Threads, virtual CPUs) is disabled by default, if you want to enable the SMT back, please consult with the specific commit or ask around on IRC (#hardenedbsd on FreeNode)

Highlights:

  • Check to ensure the buffer returned is not NULL. (9359dbab020da232fa5104036f1014d0fa879561) [FreeBSD-EN-18:10.syscall CVE-2018-17154]
  • Restore the inp_vflag and inp_inc.inc_flags fields when the underlying operation fails and the inp could be in an inconsistent state. (854244afa3ccf0baa19ea60569bedd26267cf534) [FreeBSD-EN-18:11.listen CVE-2018-6925]
  • MFC r338982. Clear stack allocated data structure to prevent kernel memory leak. (7d66fd1e932a68e0bd893f0a19724069d5c80ace) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r338724: Fix an nvpair leak in vdev_geom_read_config(). (81ef86df2cf70de6e205ddfed8ae1d736239cd22)
  • HBSD: Disable SMT by default (70e728df724ed9cfe0e79f79d6446d00234f2ff7)
  • MFC r338600: Update libarchive to 3.3.3 (85012f82112d6062b2c4179c5ae9734275f4c480)
  • MFC 332454,334009,334122: Various fixes for x86 debug exceptions. (4484bf717c82ee46f15a522b7fc088a3e85f3d5b)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-bootonly.iso) = 582ac18f93337df8219bbc2aa707ec85a71c1ef1910b491230fa338d258fc5efd9326775e60a5961a6118196ae04ba7b0c18fb023b30341273c07e37766f4a16
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-disc1.iso) = ba064494fc320654922e17e1ba1e86e231ebe42196b0c2d35e9e3eff63f5b8ae4303a3255b3f8b560a6bbb6f5efad304baffabcd629b8c5e4f92ed1e56f87640
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-memstick.img) = ef229d8d5dff57375859b671e81ef67a0ee4676c9664f0acea4129c1ba0aec3806361479d3363b2f889e1dfcd83343fc2f8aec0b38f27146badf38179d3cfc51
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-mini-memstick.img) = d95c8ed96dbcf3b394a68d9771f12bec1a8ca94cf2a8250d70eccdb23f95c27bdf4239ec81f499b2fd84c38822aa82360f96ad408f743ff369488fec7ef1f14c

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlutXwcACgkQgZsRom/9
GI2tpw//SSzwtC2vbWtbbOTv88TocVuempe9XkX14hKbJSOeUWE9qvXXbpulWvHU
OFqm5B6Y70egSubStfbM3ZKnhUDZYnrNU7SbPZYS7/kUQ9apB6g1njSS4u4Bd4av
a2T+1osOVP46ZNaRHCaFNr3Q+yZhdUg1LgbrC5NhMX7SzX7egts4owD6dsK5vIVH
ig6R5oDWe9fnY8UgMDUuNeEh51hdstW5tPDY70oMDdA0HIj3MWgbGYPTJtS4csH+
t0l5daxdqSuoVapES5mriOl4fYdeGEK37E1Er+Gntzl6a4/6WmTXETnQnsyuQ8cv
9kdg/ewjsvyHDJGdPXkfz+9Lpdoi9qIy19dc8o4oEA4PhDQ261j4uPsoY1nrYKrd
/O6+GqRuvjI9EPx3+RbTT8wSlKRn3UFif63Tidf2bEy/cFhoDVwlv46jnFpyDiwf
PoWR97tcc0lgSCzk2bNPpmWh+1KtL2NvbnkaKoZFn0QHgWnEmUl3c38YqQANHzcc
Gc+Rw1vuJ/3csLxdLhfAq+qkBuqB6QYhKUT0hkpkulBbSh9Z7DcR7IxIQc23Dd0Z
JKlMSnMvd4oZWo+yMqw7G+lXB+8uD6/ct+XgpN0BhYEgK/8v4nJa3K8KPv2RDEbe
uFxc3rFc8b/qfrOjJtK2Ajy1/cOfbKNOWTAYpmzuwn8R1i1csDI=
=0oYP
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (1):

  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master


Oliver Pinter + (26):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (1):

  • HBSD: Disable SMT by default


delphij (1):

  • Partial MFC of r338542:


dim (3):

  • MFC r338689:
  • MFC r338697:
  • MFC r309748 (by glebius):


emaste (3):

  • MFC r335900 (oshogbo): capsicum: add getdirentries to the freebsd32 compact
  • revert r338726 (getdirentries capsicum addition)
  • MFC r338573: Add vt(4) INDEX.fonts


erj (3):

  • MFC r334231, r334779, r335322, and r338208 to stable/11 from head
  • Revert MFC of r334231 in r338871.
  • Bump __FreeBSD_version after r338871 introduced new media types and a TCP checksum fix for ixl(4)


gjb (2):

  • Document SA-18:12 and EN-18:08.
  • MFC r338754: Update the pkg-stage.sh script used to populate packages on the dvd1.iso installation medium from including KDE4 to KDE5, as the KDE4-based ports have been marked as deprecated in the Ports Collection.


gordon (3):

  • MFC r338982.
  • There are various cases where we modify the inp_vflag and inp_inc.inc_flags fields during a syscall, but don't restore those fields if the operation fails. This can leave the inp structure in an inconsistent state and cause various problems.
  • Check to ensure the buffer returned is not NULL.


hselasky (3):

  • MFC r338613: Fix for backends which doesn't support capsicum.
  • MFC r338616: Fix issues about cancelling USB transfers in LibUSB when the USB device has been detached. When a USB device has been detached the kernel file handle stops responding to commands. USB applications which continue to run after the USB device has been detached, depend on LibUSB generated events to tear down its pending USB transfers. Add code to handle the needed cleanup when processing the USB transfer(s) fails and prevent new USB transfer(s) from being submitted.
  • MFC r338679: Improve LibUSB debugging by simultaneously allowing both function and transfer prints. Make sure the debug level comes from the correct USB context.


jhb (3):

  • MFC 332454,334009,334122: Various fixes for x86 debug exceptions.
  • MFC 335913: Use 'e' instead of 'i' constraints with 64-bit atomic operations on amd64.
  • MFC 337270: Install the 32-bit compat sanitizer libraries.


jpaetzel (3):

  • MFC r303811:
  • MFC r306219:
  • MFC r333146:


kib (7):

  • MFC r338522, r338523, r338533: Teach sysctl(8) about the Persistent memory type. Improve nearby code.
  • MFC r338534: intelspi: don't leak spibus children on detach.
  • MFC r338801: amd64 pmap: remove tautological assert.
  • MFC r338699: Remove unneeded new line from the panic string.
  • MFC r338711: Make the PTI violation check to follow style of the SMAP check.
  • MFC r338733: Do not upgrade the vnode lock to call getinoquota().
  • MFC r338798: Fix state of dquot-less vnodes after failed quotaoff.


marius (2):

  • MFC: r338512
  • MFC: r333647, r338275, r338280, r338513


markj (7):

  • MFC r338528: Specify the correct resource type in teardown paths.
  • MFC r338537, r338539: Bump MAX_HWCNT and MAX_EXCNT.
  • MFC r338538: Exclude the EFI framebuffer from phys_avail[] on arm64.
  • Revert r338695: it depends on r334032, which was not MFCed.
  • MFC r338211: Prepare the kernel linker to handle PC-relative ifunc relocations.
  • Include stdbool.h so that we can use bool in linker.h.
  • MFC r338724: Fix an nvpair leak in vdev_geom_read_config().


mav (3):

  • MFC r333081 (by eadler): zpool(8): correct list of default properties in 'list'.
  • MFC r333307 (by sbruno): Cleanup sundry clang warnings for code that is not upstream in illumos. https://github.com/illumos/illumos-gate/edit/master/usr/src/lib/libzfs/common/libzfs_sendrecv.c
  • MFC r334810 (by benno), r338205, r338206: r334810: Break recursion involving getnewvnode and zfs_rmnode.


mm (1):

  • MFC r338600: Update libarchive to 3.3.3


mw (1):

  • MFC r333454: Skip setting the MTU for ENA if it is not changing


pfg (1):

  • MFC r337992, r338125: POSIX compliance improvements in the pthread(3) functions.

Uploads: