HardenedBSD-12-STABLE-v1200059.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Highlights:
- MFC r349800,r349801: Fix misc fs fuzzing issues. (abeb80bc5ee82a9a96da492c241fcbe91ad3e22b) [FreeBSD-SA-Candidate]
- MFC r349802 (from fsu@): Add additional check for 'blocks per group' and 'fragments per group' superblock fields. (fcbcaebd25f0e43b12eb6b7b8302730153258350) [FreeBSD-SA-Candidate]
- MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap. (388f0c181108947d84d1233cc47b24024bd410e7)
- MFC r349880: Let linuxulator mprotect mask unsupported bits before calling kern_mprotect. (bc326df65733684bc27deb22858a39981dd6b854)
- MFC r350260: mqueuefs: fix struct file leak (bcc86242833757585d3c8b9663d8e9c55f8ed3ff) [FreeBSD-SA-19:15.mqueuefs CVE-2019-5603]
- MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation (04ce7e77c7a5db5aed779d54632b9b19ed0ba9b0) [FreeBSD-SA-19:16.bhyve CVE-2019-5604]
- MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets. (19e53c56013af9f42f2e6177da6c6451c44156a4) [FreeBSD-SA-19:17.fd CVE-2019-5607]
- nand: create device with 0640 permission (88f580f1ce2c81ab9c16df41fc9edf987cf5e792)
- MFC r349890: telnet: fix a couple of snprintf() buffer overflows (7e735c9feedada921a291c023836b26b6547d032) [FreeBSD-SA-19:12.telnet CVE-2019-0053]
- MFC r349733: Defer funsetown() calls for a TTY to tty_rel_free(). (4c06d4c0cc403122e743fc35e2f5fdefedb562b1) [FreeBSD-SA-19:13.pts CVE-2019-5606]
- MFC r349834 Ignore kern.vt.splash_cpu without graphics (b9fd7203ae04df3457cd5c4aca370de6b4ba3646)
- MFC r349581 netmap: fix two panics with emulated adapter (2672ab35fd1ea58da0a7dcad23925d977425ac1e)
- MFC r349913: Ensure that mds_handler always points to a valid method. (c411b3266a9f97903667e7ab70fcb1a4a26f977a) [FreeBSD-EN-19:13.mds]
- MFC r349876: Apply a workaround to be able to build clang 8.0.0 headers with clang 3.4.1, which is still in the stable/10 branch. (4453d146f0d636f8108822c3ef898c73adfdea46)
- MFC 347238: vmm(4): Pass through RDSEED feature bit to guests (e64222ca6e6aac4bbba4e56ccfb6b136c71ec5d6)
- MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes. (2c0a81ad596517f49c5069ce32d1ec6754dc0e4a)
- MFC r349753 netmap: Remove pointer leakage in netmap_mem2.c (b158d710d859111d1370c945ac79f250750cffeb)
- MFC r349527,349538: Sync libarchive with vendor. (2767b0a23c9249e482b7c9681cac0cce5d832bf0) [FreeBSD-SA-Candidate]
- cxgbe updates
- libbe updates
- bhyve updates
- LLVM and Clang updates
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-bootonly.iso) = 825d5f5ac4aae2e7146984d4f267dbb235b72ec4d87037227a44474172d1665976c8cd21a58c2fd5b661a799aee861f3c7e99e25c5a13851fbff76ff9925e1ec
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-disc1.iso) = 517554a50ae942a5689b063188fd2b15fcadd3cf6cd890953072d1e949936a5134fcaee57fbcdac3a2b7f095f90957e9bc62e6962f1e5087218231758c54000f
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-memstick.img) = 6dc3d2b2ffb7d74798b24c5d56cdeea0bad48630a26c5c69ed94f95d9a0e622486d81a44d6fd6823e4944c9b957da2c122f4c741229ded2120200e765213adf9
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-mini-memstick.img) = 1e7c2e6c64d0fcb6687e15fb8f6efe313891a69532f806f8bb1dee333a1b07b8de0d217532c2be41d9459c7b7148efaec469ccf3993385396721c7b4756ee947
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAl0+XtoACgkQgZsRom/9
GI1fSg//eyKb4hpWHplMFgge6EsKzbpnwDUSmTTQ8jnT2oShRoOPJsveRsG3rmln
XUb2mOYm+xDptKzk+EounQbbz99i/BsPJ6TgPoWImhVfGKgFvzfb39BCLyzIaYC2
EiunpoyqpjVnfAYlE9lxea4gPaCZDQTk66uDQHpw0ccXZBV7rh3iM9AWxoftNGke
t3+KOjtLcuDIBtJY7PrE1LCvaQQF6WHmA9s723fjonzVslKZybJckfa3+ABFBDpk
YNZcpK8dUfM0+GniyjHuXppFzHu11I5hoxEapMsgysg4sqUOyzc11N42L5eN86SO
STqAuwJWJm7SYKI5kJPRKYLQNO0b1xKpv4VuJ1NvjRd936HrCETCRZ82WJIgCx6E
lZPasAdNZjqWBxm6LpJFmujqeVjFfdIqTxg1tlYPWXyqNJFJIlgJMHLj3shfnqbq
d2oodVCwJ4cj++V5Vi9erTWJMI7Q2jXqBIYW0lyTRyXatbs1as9XoXLxC1nI3WML
YB3kxbOIyJUAm67wtp4yrS8dkGRIWbNKitWE0mjl3zrmb7oPM0o3MY6Ej1yvk+bV
XHAafX/QW2xv+HNTrcSnkWZdbqVXFdZ9SqXeo0p6piTtpWyInDuQosj0RZgSxTYZ
YCzQNykEC7adikHafAJc6YfQXfM4Pyv617tS9dpVvR8mxRGgHig=
=Yfhd
-----END PGP SIGNATURE-----
Oliver Pinter (5):
- HBSD: add libclang_rt.cfi-x86_64.a to ObsoleteFiles.inc
- Merge remote-tracking branch 'origin/freebsd/12-stable/master' into hardened/12-stable/master
- HBSD: fix merge conflict in src.conf.5 man page
- HBSD: fix merge conflict in amd64's pmap.c, it conflicted on opt_pax.h
- HBSD: fix clang related merge conflict and add missing cfi entry to ObsoleteFiles.inc
Oliver Pinter + (14):
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
- Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
ae (1):
- MFC r349940: Correctly truncate the rule in case when it has several action opcodes.
asomers (4):
- MFC r349009:
- MFC r349041:
- MFC r349230, r349234, r349477
- MFC r349237:
avg (7):
- MFC r348355: revert r273728 and parts of r306589, iicbus no-stop by default feature
- MFC r348688: first step towards enforcing must-succeed semantics for bus accessors
- MFC r349406: owc.4: document how to set up the 1-wire bus on a device.hints system
- MFC r349408: gpio.4: document device hints common to all devices on gpiobus
- MFC r349428,r349433: owc_gpiobus: clean / fix up the driver module things
- MFC r349460: gpiobus: provide a new hint, pin_list
- MFC r349579: nctgpio: change default pin names to those used by the datasheet(s)
brooks (6):
- MFC r350098, r350100-r350101
- MFC r350102:
- MFC r350049:
- MFC r350067:
- MFC r350116:
- MFC r350117:
chuck (4):
- MFC r345957
- MFC r345956
- MFC r348781
- MFC r349969
cy (11):
- MFC r349842:
- MFC 349843:
- MFC r348986:
- MFC r348987, r348989:
- MFC r349929:
- MFC r349978:
- MFC r349898, r349916:
- MFC r349917:
- MFC r349979:
- MFC r349980:
- MFC r350063:
dim (5):
- MFC r349583:
- MFC r349876:
- MFC r349971:
- MFC r348504 (by kevans):
- MFC r348689 (by emaste):
dougm (1):
- MFC r349286, r349293
emaste (7):
- nand: create device with 0640 permission
- MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation
- MFC r349915 (seanc): usr.sbin/bhyve: initialize return value ...
- bhyve: Fix resource leak when using strdup
- MFC r350260: mqueuefs: fix struct file leak
- MFC r343606: Enable lld as the system linker on i386
- src.conf.5: regenerate after r350297 (lld for i386 MFC)
eugen (1):
- MFC r345632 by lwhsu: Fix `make` in sys/modules
fsu (1):
- MFC r349800,r349801:
hselasky (1):
- MFC r349645: Remove dead code added after r348743 in the LinuxKPI. The LINUXKPI_VERSION macro is not defined for any compiled LinuxKPI code which basically means __GFP_NOTWIRED is never checked when allocating pages. This should work fine with the existing external DRM code as long as the page wiring and unwiring is balanced.
jhb (4):
- MFC 348210: Add a constant for the LS config MSR on AMD CPUs.
- MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes.
- MFC 343068: Use capsicum_helpers(3) that allow us to simplify the code and its functions will return success when the kernel is built without support of the capability mode.
- MFC 347238: vmm(4): Pass through RDSEED feature bit to guests
jhibbits (2):
- MFC r346771
- MFC r349874
johalun (2):
- MFC r349277: LinuxKPI: Additions to rcu list.
- MFC r349276: LinuxKPI: Add atomic_long_sub macro.
kevans (4):
- MFC r348328: bectl(8): Address Coverity complaints
- MFC r344226, r344234: stand: zfs memory corruption bug
- MFC r348471: stand: zfs: Free bouncebuf on error path in vdev_read
- MFC r349380, r349383, r349455: bectl(8)/libbe(3) fixes
kib (9):
- MFC r349794: Document atomicity for read(2) and write(2).
- MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to clear the thread name.
- MFC r349913: Ensure that mds_handler always points to a valid method.
- MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.
- MFC r349988: In dmar_find(), refuse to search for DMAR unit for non-PCI device.
- MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets.
- MFC r350091: bsearch.3: Improve the example
- MFC r344120: Unify i386 and amd64 getcontextx.c, and use ifuncs while there.
- MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap.
kp (1):
- MFC r350095:
lwhsu (6):
- MFC r349539
- MFC r349472:
- MFC r349872:
- MFC r349543
- MFC r350219
- MFC r350221
markj (13):
- MFC r349612: Mark pages allocated from the per-CPU cache.
- MFC r349711: iwm: Drain callouts after stopping the device during detach.
- MFC r344629: rtsol: Use vwarnx(3) to log messages to standard error.
- MFC r349910: Fix some ISS bit definitions for data aborts.
- MFC r350054: Use a platform-independent constant for PKG_MAX_SIZE.
- MFC r350037: Fix the arm64 page table entry attribute mask.
- MFC r350048: Chase r350037.
- MFC r350086: Remove obsolete compatibility code from rtadvd.
- MFC r350082: Reference stdint.h types in ctf.5.
- MFC r350310: Fix the turnstile_lock() KPI.
- MFC r349840: Add a per-CPU page cache per VM free pool.
- MFC r349841: Elide the vm_reserv_free_page() call when PG_PCPU_CACHE is set.
- MFC r350182: Rename vm_page_{import,release}() to vm_page_zone_{import,release}().
mav (2):
- MFC r349418: Fix qlxgbe(4) static build.
- MFC r340093 (by imp): Document disbale_phy in ahcich sysctls.
mm (1):
- MFC r349527,349538: Sync libarchive with vendor.
np (4):
- MFC r349865:
- MFC r349956:
- MFC r349870:
- MFC r340173 (by jhb@):
pfg (1):
- MFC r349802 (from fsu@):
philip (1):
- MFC r349890: telnet: fix a couple of snprintf() buffer overflows
sjg (2):
- libsecureboot: allow OpenPGP support to be dormant
- loader: ignore some variable settings if input unverified
tijl (3):
- MFC r349640, r349706:
- MFC r349641:
- MFC r349880:
vangyzen (1):
- MFC r349834
vmaffione (10):
- MFC r349752
- MFC r349753
- MFC r349966
- MFC r349581
- MFC r349869
- MFC r349803
- MFC r349867
- MFC r349868
- MFC r349935
- MFC r349952