HardenedBSD-11-STABLE-v1100056.10 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

• HBSD MFC r341470: ggated: do not expose stack data in sendfail() 370912d064f22772cd539ea28587ca7a1bca6c9c [FreeBSD-SA-candidate]
• MFC r341442, r341443: Plug memory disclosures via ptrace(2). (600baf4f2d9e7039632b5bf5503097edb31c3da3) [FreeBSD-SA-candidate]
• MFC r341484 Always treat firmware request and response sizes as unsigned. (5b0911ed9405a15d0fddd237377ecaf0684142a0) [FreeBSD-SA-18:14.bhyve CVE-2018-17160]
• MFC r337812,r337814,r337820,r341068: Fix several memory leaks (r337812 & r337814). (4a6ee6982ea1014b8d06511c23c76b849fa694f1) [FreeBSD-SA-candidate]
• MFC r340968: Plug routing sysctl leaks. (fe7eaf6c881cc3948b430c5241b34e2c1189dc03)
• MFC r340995 Prevent kernel stack disclosure in signal delivery (ee1166b9e2f474622f098aad4dd78869880379c8) [FreeBSD-SA-candidate]
• MFC r340994 Prevent kernel stack disclosure in getcontext/swapcontext (88ba4e0711d85c593ac41f9c9a054cf4e66d050a) [FreeBSD-EN-18:12.mem CVE-2018-17155]
• netmap updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-bootonly.iso) = 6ca4a5de222683ff4716090d55ffd1b19f50e98b7bef0012e94acf6ef73d61e2aaabe87026e2e58f1df4f797e5dd31130a4bac4d5cee82299bb75d215c5d1462
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-disc1.iso) = 40e2a44bd010fb2b1e14b4b8b90ee86ac86cf0bb9f629c9a121cb24ed2e25fc6b5a3e821b770c483e922fd2a5de535b4ecfde9b759888775f51478e2fb183713
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-memstick.img) = 2e57b96f5d9f75b277792052690947a849ca85a0e0860474b37cce06a623a5f566f60738b762ee6966081847be129a821ca199f17b3f286dafdbdbe6e1c70e0e
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-mini-memstick.img) = a216932ecf6c218b7f8984ca55524c18ab85e5bcce163d11effdf889883e28ba6feb4546ff3e28c9e2a29440f147363ae4444e75f56bd18b6a02176db5f8810c


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlwHBLoACgkQgZsRom/9
GI3zlg//dLtnJmc52UuttbSD1NV2h2hv4mNW/UteFjxGtJgdOCkjRGpx3sI4Vm1j
ks5NPMzi4Wy8r9l/bWv+k/bCvkxvjvt8gQKIBbDt8IauB1Bk+uxeWr3IcLn9eiPV
eC0diLLpUzTkbhN9NbnXbbugrrq4AeWFbOl06HIAw9HJolIYtLInOlH9XZToUItR
kbVD+AXjVmfntDWXPtkgCZdEEPe6zYAUgA39iyrcb5X3y+AVc9hDIoOGfPVoMIRR
rhEu1jwJPuT8C6r2hcareVpmfOESJTljh+yNw9iq/brkNXPW2UcPFwwkt7ajubaP
KW22bl9jGTTqA3JhpPHRwqFjyZzItD9TR4qPr/Fu2WTzYACyjNvWyCK/KJOvS6MX
ewepZ06yUhsLEjEiGpllJ4XipUn8c2hbTXLoKE/JOBvwhxIognoQ8yiEE645Vrb8
VCPLab5CK4y+CSZLEA2DWpiuWO7D/Z8pRIbV0tWKh1HrN5QPOjXeDDi+59t/016v
vb/i8YR0GhHgg3mPYCCUUgMey1e7vIjnmcj0OkZRyyx7bi2fP+37C/XBV9L7bFC7
kLO1pAX7hwWOp/H0dbrJCuLyWFLHjkgNODrxmmYk1OeWQoUT9KX1SFfYCKsNlpAn
Pq+17qjcl/Amswrpmw7a/WfXXLiNA46OyOU/aG9r1Z+8/Emd4YA=
=fwqX
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (2):


• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• HBSD MFC r341470: ggated: do not expose stack data in sendfail()

Oliver Pinter + (16):

• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
• Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

ae (1):

• MFC r341073: Do not limit the mbuf queue length for keepalive packets.

arybchik (1):

• MFC r340765

cy (4):

• This is a direct commit to the stable/11 branch. This would have been MFC r340754 except that etc/rc.d has been moved in HEAD which would have resulted in a tree conflict if merged.
• MFC r340909:
• MFC r340868:
• MFC r340867:

dab (1):

• MFC r337812,r337814,r337820,r341068:

emaste (2):

• MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
• MFC r327860: ANSIfy function definitions in sys/vm/

eugen (3):

• MFC r340978-340979: ipfw.8: new section to EXAMPLES: SELECTIVE MIRRORING
• MFC r340110: ipfw(8): clarify layer2 processing abilities
• MFC r340135: Make ng_pptpgre(8) netgraph node be able to restore order for packets reordered in transit instead of dropping them altogether. It uses sequence numbers of PPtPGRE packets.

gjb (2):

• MFC r340983: Fix NTP query on GCE due to unresolved hostname.
• Document SA-18:13, EN-18:13, EN-18:14, EN-18:15.

gordon (1):

• MFC r341484

kib (2):

• MFC r340922: Avoid unneeded check in vmspace_alloc().
• MFC r341094: Improve sigonstack().

markj (5):

• MFC r340730, r340731: Add taskqueue_quiesce(9) and use it to implement taskq_wait().
• MFC r340968: Plug routing sysctl leaks.
• MFC r340483 (by jtl): Add some additional length checks to the IPv4 fragmentation code.
• MFC r341247: Update the free page count when blacklisting pages.
• MFC r341442, r341443: Plug memory disclosures via ptrace(2).

mmel (1):

• MFC r338317:

oshogbo (1):

• MFC r339502 Add link to the setproctitle_fast function.

sef (1):

• MFC r340442

vangyzen (3):

• MFC r340409
• MFC r340994
• MFC r340995

vmaffione (11):

• MFC r339548
• MFC r339659
• MFC r339685
• MFC r340279
• MFC r340325
• MFC r339639
• MFC r340436
• MFC r340475
• MFC r341144
• MFC r341145
• MFC r341430

yuripv (1):

• MFC r340976: vi: fix UTF-8 detection.