Stable release: HardenedBSD-stable 11-STABLE v1100056.13

HardenedBSD-11-STABLE-v1100056.13 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages. (70e1efc1c0f84fb9e92135883a6107e2ef19642e) [CVE-2019-5596 FreeBSD-SA-19:02.fd]
  • MFC r343780: amd64: clear callee-preserved registers on syscall exit. (7ecad8ecb0ef125b47333806ace844e7792294a8) [CVE-2019-5595 FreeBSD-SA-19:01.syscall]
  • MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used (15afe7b042f7cdfad46cc2eca5e59dd9297f6197)
  • MFC r343418: pf: Fix use-after-free of counters (a1b261656792fdc235e151c61ea87b06dd48103a)
  • MFC of 343449 and 343483 Update tunefs to allow '_' in label names. (627115fbab7f0ad32d8d58f2ac948255c86a33a9)
  • MFC r343249: Fix duplicate wpa_supplicant(8) / hostapd(8) startup with devd(8) (396ce8497cb2ae7eed1e297d7edf3396759eaca1)
  • MFC r343089: Limit the user-controllable amount of memory the kernel allocates via IPPROTO_SCTP level socket options. (58e6efc1eb253c25e32671305fb296c75c88e173)
  • MFC r343082: Implement shmat(2) flag SHM_REMAP. (5e5aec12f096e44b4aff26c5b9623f1eea21b72c)
  • MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS. (676ce698dd3e14aac903708b48c9e447e46526f0)
  • MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}. (99c280e90dcde9a082478af18e6806adae270cf9)
  • MFC linuxulator stack memory disclosure fixes (8139f0a4ce76358213e6802baa237a6e0f4a8f8a)
  • MFC r343043: scp: disallow empty or current directory (ae0b64fb08800073bccfffa0e7ba12fa30dbf669) [CVE-2018-20685]
  • llvm updates
  • ena updates
  • ipfilter updates
  • pf updates
  • net80211 updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.13-amd64-bootonly.iso) = 2d3601235daf67914e522ae03e28717af8c8f380a32a57bf6ce01dd1b5c90a2e381766a89abbeda9ac3c4d46b998f0ca9846fb8c59b9370985e56fde126e4836
SHA512 (HardenedBSD-11-STABLE-v1100056.13-amd64-disc1.iso) = 90bcf218e2575331f6f83f7b83e6c058fd1c268ccecdc162be385c95e22aab849c5090c90b03fb46135893ecc75d42341dd3373574cbf2597fc09611e290034a
SHA512 (HardenedBSD-11-STABLE-v1100056.13-amd64-memstick.img) = cffa5583145e6ae2fbd9e12281aaef06fada4886095fa220c4b62464c453873839d8c59b276f0866ee038c96d1494275f0d1852ca39714914d3d5d744fad7c76
SHA512 (HardenedBSD-11-STABLE-v1100056.13-amd64-mini-memstick.img) = a4ec2037cb9d7054a644c12518867bf8f2ba04353e238d5d26e2faf64493eb2bcc65364a245e157193ffa657e7fe6a25ce109272b7a7e3064fd6d18d56f46ee3

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlxavC4ACgkQgZsRom/9
GI2S0Q//fpLION18AZR7veeEBk7hz6KdrvE4xR3I1HYYAsK6L+/IVO3UX04lyhju
Ypu2efMQWuaq0yTpqq7UEgn4lysTEFIruaoMtmto6JMxtnBOdLBwVR8Es/uE23TU
12EEVL/y0c9zb0f7cXzDso6aMZlH/sIUp3LMF6P8XIfo2T+UbqAipWGeTYSwcPTE
+xH5JjfOv4i+0OjVClVB5KH4h8zNGzOFLR6yfx4JCQ96/X5plLx2pTTstvODBSjE
RAFIh3wSISc3tTjAGiJ8P+XiD0+41elF2EutoUcpgRVvazCtnjbXl1ep09y/r0Zj
uiAlVpIoHYBBTFRyvPiefhEzTdOT87xNMdYRvCqxerrHqNwrSAzzw1jtDjzoWNPw
e6Z79gXPSTZWx/sOOETB7M58m2nUeH3cypOKszuf+SroKWor37uxreLjMHCptIHB
SaFh2M7mkKQm9nuaV3TO+oPJPYQb0muiu8ujESm93xS24PfwePmn7jzv3QJCiXFT
MMGMfhiL8DDVXnkBDftTarTX56sba+S4DlQ0SAkaraEfKxn+PzpTgqsUuL4dzXWe
RHwX7+EiP9FoirhKiRn+cRObHU8EAO0628FU38AWZNfJgA7QnCPiTkeQR3oAjiKf
tZwdQOmPlzDyKozvcIIhUQYIOrKBKlWolRSfr5a9o0DVw9fef7c=
=OzKS
-----END PGP SIGNATURE-----


Oliver Pinter (1):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Oliver Pinter + (48):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

ae (1):

  • MFC 342925: Relax requirement to packet size of CARP protocol and remove version check.

avos (20):

  • MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap.
  • MFC r343244: devd.conf(5): add otus(4) into wifi-driver-regex
  • MFC r343249: Fix duplicate wpa_supplicant(8) / hostapd(8) startup with devd(8)
  • MFC r343213: net80211: resolve ioctl <-> detach race for ieee80211com structure
  • MFC r306323: [ath_hal] Add FCC6_FCCA regulatory domain (0x0014).
  • MFC r343341: ifconfig: drop unused macros from ifieee80211.c
  • MFC r343235: iwn(4): drop return code from iwn_*attach functions (they cannot fail)
  • MFC r343340: net80211: fix channel list construction for non-auto operating mode.
  • MFC r343342: net80211: turn channel mode check into assertion.
  • MFC r343234: run(4): add more length checks in Rx path.
  • MFC r343238: urtw(4): add length checks in Rx path.
  • MFC r343472: otus(4): fix a typo in man page (802.11 -> 802.11n)
  • MFC r343473: geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced
  • MFC r343495: wlan.4: improve wording
  • MFC r343497: Unbreak devd.conf(5) regex after r343249
  • MFC r343496: pcf(4): fix parentheses in if condition
  • MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used
  • MFC r343502: Remove RADIUS-related files when WITHOUT_RADIUS_SUPPORT=true is set in src.conf(5)
  • MFC r343576: ndiscvt(8): abort if no IDs were found during conversion.
  • MFC r343541: Drop some unneeded includes from wireless USB drivers.

bapt (2):

  • MFC r340933:
  • MFC: 332990,337892,343546

brooks (3):

  • MFC r343162:
  • MFC r343366:
  • MFC r340242:

cy (5):

  • MFC r343073:
  • MFC r343103:
  • MFC r343486:
  • MFC r343600:
  • MFC r342815:

dab (2):

  • MFC r342770:
  • MFC r342822:

delphij (3):

  • MFC r342845,342846: Port NetBSD improvements:
  • MFC r342856: Added support for the SIOCGI2C ioctl.
  • MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version.

dim (1):

  • Pull in r337861 from upstream llvm trunk (by Hideki Saito):

emaste (3):

  • MFC r343043: scp: disallow empty or current directory
  • MFC r343153: freebsd-update.8: mandoc -Tlint fixes
  • MFC linuxulator stack memory disclosure fixes

gjb (1):

  • MFC r343259: Correct a typo: was -> way.

gonzo (2):

  • MFC r335675:
  • MFC r339523:

hselasky (5):

  • MFC r342730: Improve USB generic debug messages. Print process ID and name when opening and closing usb/ugenX.Y character device nodes.
  • MFC r342778: Reduce timeout for reading the USB HUB port status to 1000ms and try to filter out dead USB HUB devices by implementing an error counter, so that the USB enumeration thread does not spend all its time reading from non-responding devices, blocking user-space access in the end.
  • MFC r342884: Fix loopback traffic when using non-lo0 link local IPv6 addresses.
  • MFC r343451: Add full support for PCI_ANY_ID when matching PCI IDs in the LinuxKPI.
  • MFC r343453: Add new USB quirk.

jhb (1):

  • MFC 340206: Treat the memory lengths for CHELSIO_T4_GET_MEM as unsigned.

jilles (1):

  • MFC r343105: libedit: Avoid out of bounds read in 'bind' command

joerg (1):

  • MFC r342791: fix a typo in chio(4) (which propagates into chio(1))

kib (9):

  • MFC r343108: Trim whitespace at EoL, use tabs instead of spaces for indent.
  • MFC r343081: Trim spaces at the end of lines.
  • MFC r343086: Remove unused prototype.
  • MFC r343302: Remove unused *_sysinit_flags() declarations.
  • MFC r328433: EMFILE errno documented.
  • MFC r343082: Implement shmat(2) flag SHM_REMAP.
  • MFC r343484: Remove now redundand ifunc relocation code which should have been removed as part of r341441.
  • MFC r343607: Reserve a bit in the FreeBSD feature control note for marking the image as not compatible with ASLR.
  • MFC r343780: amd64: clear callee-preserved registers on syscall exit.

kp (6):

  • MFC r342591,342599:
  • MFC r342989
  • MFC r343130
  • MFC r343041
  • MFC r343295:
  • MFC r343418:

marius (2):

  • MFC: r333745, r333764, r337533, r339375, r341041
  • MFC: r342634 (partial)

markj (6):

  • MFC r342887: Stop setting if_linkmib in vlan(4) ifnets.
  • MFC r342864: Specify the correct option level when emulating SO_PEERCRED.
  • MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}.
  • MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS.
  • MFC r343348: ocs_fc: Ensure that we zero-initialize memory before copying it out.
  • MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages.

mav (7):

  • MFC r340425 (by cem): amdsmn(4)/amdtemp(4): Attach to Ryzen 2 hostbridges
  • MFC r340426 (by cem): amdtemp(4): Fix temperature reporting on AMD 2990WX
  • MFC r342977 (by cem): amdtemp(4): Add support for Family 15h, Model >=60h
  • MFC r342400: Increase MTX_POOL_SLEEP_SIZE from 128 to 1024.
  • MFC r342546: Add descriptions to NVMe interrupts.
  • MFC r342558: Switch from mutexes to atomics in GEOM_DEV I/O path.
  • MFC r342557, r342559: Reimplement nvd(4) detach handling.

mckusick (1):

  • MFC of 343449 and 343483

mw (3):

  • MFC: First part of Amazon ENA driver fixes and improvements
  • MFC: Second part of Amazon ENA driver fixes and improvements
  • MFC: r336114:

np (1):

  • MFC r342603: cxgbe(4): Attach to two T540 variants.

nyan (1):

  • MFC: r342964

pfg (2):

  • MFC r343023: msun: reduce diff between src/e_j0.c and src/e_j0f.c
  • MFC r343459: (parcial) ext2fs: Add some extra consistency checks for the superblock.

rgrimes (1):

  • MFC: 325765 (imp) Add notes about overlapping copies.

sef (1):

  • MFC r342928: Change ZFS quotas to return EINVAL when not present (matches man page).

shurd (1):

  • MFC r342855:

tuexen (4):

  • MFC r338137:
  • MFC r338138:
  • MFC r342857:
  • MFC r343089:

vmaffione (4):

  • MFC r343413
  • ixl: remove unnecessary limitations related to netmap
  • MFC r343552
  • netmap: small cleanup on em, lem, igb, ixgbe

wulf (2):

  • MFC r340912,r340913:
  • MFC r340926:

Uploads: