Stable release: HardenedBSD-stable 12-STABLE v1200059.2

HardenedBSD-12-STABLE-v1200059.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • MFC r349800,r349801: Fix misc fs fuzzing issues. (abeb80bc5ee82a9a96da492c241fcbe91ad3e22b) [FreeBSD-SA-Candidate]
  • MFC r349802 (from fsu@): Add additional check for 'blocks per group' and 'fragments per group' superblock fields. (fcbcaebd25f0e43b12eb6b7b8302730153258350) [FreeBSD-SA-Candidate]
  • MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap. (388f0c181108947d84d1233cc47b24024bd410e7)
  • MFC r349880: Let linuxulator mprotect mask unsupported bits before calling kern_mprotect. (bc326df65733684bc27deb22858a39981dd6b854)
  • MFC r350260: mqueuefs: fix struct file leak (bcc86242833757585d3c8b9663d8e9c55f8ed3ff) [FreeBSD-SA-19:15.mqueuefs CVE-2019-5603]
  • MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation (04ce7e77c7a5db5aed779d54632b9b19ed0ba9b0) [FreeBSD-SA-19:16.bhyve CVE-2019-5604]
  • MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets. (19e53c56013af9f42f2e6177da6c6451c44156a4) [FreeBSD-SA-19:17.fd CVE-2019-5607]
  • nand: create device with 0640 permission (88f580f1ce2c81ab9c16df41fc9edf987cf5e792)
  • MFC r349890: telnet: fix a couple of snprintf() buffer overflows (7e735c9feedada921a291c023836b26b6547d032) [FreeBSD-SA-19:12.telnet CVE-2019-0053]
  • MFC r349733: Defer funsetown() calls for a TTY to tty_rel_free(). (4c06d4c0cc403122e743fc35e2f5fdefedb562b1) [FreeBSD-SA-19:13.pts CVE-2019-5606]
  • MFC r349834 Ignore kern.vt.splash_cpu without graphics (b9fd7203ae04df3457cd5c4aca370de6b4ba3646)
  • MFC r349581 netmap: fix two panics with emulated adapter (2672ab35fd1ea58da0a7dcad23925d977425ac1e)
  • MFC r349913: Ensure that mds_handler always points to a valid method. (c411b3266a9f97903667e7ab70fcb1a4a26f977a) [FreeBSD-EN-19:13.mds]
  • MFC r349876: Apply a workaround to be able to build clang 8.0.0 headers with clang 3.4.1, which is still in the stable/10 branch. (4453d146f0d636f8108822c3ef898c73adfdea46)
  • MFC 347238: vmm(4): Pass through RDSEED feature bit to guests (e64222ca6e6aac4bbba4e56ccfb6b136c71ec5d6)
  • MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes. (2c0a81ad596517f49c5069ce32d1ec6754dc0e4a)
  • MFC r349753 netmap: Remove pointer leakage in netmap_mem2.c (b158d710d859111d1370c945ac79f250750cffeb)
  • MFC r349527,349538: Sync libarchive with vendor. (2767b0a23c9249e482b7c9681cac0cce5d832bf0) [FreeBSD-SA-Candidate]
  • cxgbe updates
  • libbe updates
  • bhyve updates
  • LLVM and Clang updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-bootonly.iso) = 825d5f5ac4aae2e7146984d4f267dbb235b72ec4d87037227a44474172d1665976c8cd21a58c2fd5b661a799aee861f3c7e99e25c5a13851fbff76ff9925e1ec
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-disc1.iso) = 517554a50ae942a5689b063188fd2b15fcadd3cf6cd890953072d1e949936a5134fcaee57fbcdac3a2b7f095f90957e9bc62e6962f1e5087218231758c54000f
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-memstick.img) = 6dc3d2b2ffb7d74798b24c5d56cdeea0bad48630a26c5c69ed94f95d9a0e622486d81a44d6fd6823e4944c9b957da2c122f4c741229ded2120200e765213adf9
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-mini-memstick.img) = 1e7c2e6c64d0fcb6687e15fb8f6efe313891a69532f806f8bb1dee333a1b07b8de0d217532c2be41d9459c7b7148efaec469ccf3993385396721c7b4756ee947

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAl0+XtoACgkQgZsRom/9
GI1fSg//eyKb4hpWHplMFgge6EsKzbpnwDUSmTTQ8jnT2oShRoOPJsveRsG3rmln
XUb2mOYm+xDptKzk+EounQbbz99i/BsPJ6TgPoWImhVfGKgFvzfb39BCLyzIaYC2
EiunpoyqpjVnfAYlE9lxea4gPaCZDQTk66uDQHpw0ccXZBV7rh3iM9AWxoftNGke
t3+KOjtLcuDIBtJY7PrE1LCvaQQF6WHmA9s723fjonzVslKZybJckfa3+ABFBDpk
YNZcpK8dUfM0+GniyjHuXppFzHu11I5hoxEapMsgysg4sqUOyzc11N42L5eN86SO
STqAuwJWJm7SYKI5kJPRKYLQNO0b1xKpv4VuJ1NvjRd936HrCETCRZ82WJIgCx6E
lZPasAdNZjqWBxm6LpJFmujqeVjFfdIqTxg1tlYPWXyqNJFJIlgJMHLj3shfnqbq
d2oodVCwJ4cj++V5Vi9erTWJMI7Q2jXqBIYW0lyTRyXatbs1as9XoXLxC1nI3WML
YB3kxbOIyJUAm67wtp4yrS8dkGRIWbNKitWE0mjl3zrmb7oPM0o3MY6Ej1yvk+bV
XHAafX/QW2xv+HNTrcSnkWZdbqVXFdZ9SqXeo0p6piTtpWyInDuQosj0RZgSxTYZ
YCzQNykEC7adikHafAJc6YfQXfM4Pyv617tS9dpVvR8mxRGgHig=
=Yfhd
-----END PGP SIGNATURE-----


Oliver Pinter (5):

  • HBSD: add libclang_rt.cfi-x86_64.a to ObsoleteFiles.inc
  • Merge remote-tracking branch 'origin/freebsd/12-stable/master' into hardened/12-stable/master
  • HBSD: fix merge conflict in src.conf.5 man page
  • HBSD: fix merge conflict in amd64's pmap.c, it conflicted on opt_pax.h
  • HBSD: fix clang related merge conflict and add missing cfi entry to ObsoleteFiles.inc

Oliver Pinter + (14):

  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

ae (1):

  • MFC r349940: Correctly truncate the rule in case when it has several action opcodes.

asomers (4):

  • MFC r349009:
  • MFC r349041:
  • MFC r349230, r349234, r349477
  • MFC r349237:

avg (7):

  • MFC r348355: revert r273728 and parts of r306589, iicbus no-stop by default feature
  • MFC r348688: first step towards enforcing must-succeed semantics for bus accessors
  • MFC r349406: owc.4: document how to set up the 1-wire bus on a device.hints system
  • MFC r349408: gpio.4: document device hints common to all devices on gpiobus
  • MFC r349428,r349433: owc_gpiobus: clean / fix up the driver module things
  • MFC r349460: gpiobus: provide a new hint, pin_list
  • MFC r349579: nctgpio: change default pin names to those used by the datasheet(s)

brooks (6):

  • MFC r350098, r350100-r350101
  • MFC r350102:
  • MFC r350049:
  • MFC r350067:
  • MFC r350116:
  • MFC r350117:

chuck (4):

  • MFC r345957
  • MFC r345956
  • MFC r348781
  • MFC r349969

cy (11):

  • MFC r349842:
  • MFC 349843:
  • MFC r348986:
  • MFC r348987, r348989:
  • MFC r349929:
  • MFC r349978:
  • MFC r349898, r349916:
  • MFC r349917:
  • MFC r349979:
  • MFC r349980:
  • MFC r350063:

dim (5):

  • MFC r349583:
  • MFC r349876:
  • MFC r349971:
  • MFC r348504 (by kevans):
  • MFC r348689 (by emaste):

dougm (1):

  • MFC r349286, r349293

emaste (7):

  • nand: create device with 0640 permission
  • MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation
  • MFC r349915 (seanc): usr.sbin/bhyve: initialize return value ...
  • bhyve: Fix resource leak when using strdup
  • MFC r350260: mqueuefs: fix struct file leak
  • MFC r343606: Enable lld as the system linker on i386
  • src.conf.5: regenerate after r350297 (lld for i386 MFC)

eugen (1):

  • MFC r345632 by lwhsu: Fix `make` in sys/modules

fsu (1):

  • MFC r349800,r349801:

hselasky (1):

  • MFC r349645: Remove dead code added after r348743 in the LinuxKPI. The LINUXKPI_VERSION macro is not defined for any compiled LinuxKPI code which basically means __GFP_NOTWIRED is never checked when allocating pages. This should work fine with the existing external DRM code as long as the page wiring and unwiring is balanced.

jhb (4):

  • MFC 348210: Add a constant for the LS config MSR on AMD CPUs.
  • MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes.
  • MFC 343068: Use capsicum_helpers(3) that allow us to simplify the code and its functions will return success when the kernel is built without support of the capability mode.
  • MFC 347238: vmm(4): Pass through RDSEED feature bit to guests

jhibbits (2):

  • MFC r346771
  • MFC r349874

johalun (2):

  • MFC r349277: LinuxKPI: Additions to rcu list.
  • MFC r349276: LinuxKPI: Add atomic_long_sub macro.

kevans (4):

  • MFC r348328: bectl(8): Address Coverity complaints
  • MFC r344226, r344234: stand: zfs memory corruption bug
  • MFC r348471: stand: zfs: Free bouncebuf on error path in vdev_read
  • MFC r349380, r349383, r349455: bectl(8)/libbe(3) fixes

kib (9):

  • MFC r349794: Document atomicity for read(2) and write(2).
  • MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to clear the thread name.
  • MFC r349913: Ensure that mds_handler always points to a valid method.
  • MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.
  • MFC r349988: In dmar_find(), refuse to search for DMAR unit for non-PCI device.
  • MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets.
  • MFC r350091: bsearch.3: Improve the example
  • MFC r344120: Unify i386 and amd64 getcontextx.c, and use ifuncs while there.
  • MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap.

kp (1):

  • MFC r350095:

lwhsu (6):

  • MFC r349539
  • MFC r349472:
  • MFC r349872:
  • MFC r349543
  • MFC r350219
  • MFC r350221

markj (13):

  • MFC r349612: Mark pages allocated from the per-CPU cache.
  • MFC r349711: iwm: Drain callouts after stopping the device during detach.
  • MFC r344629: rtsol: Use vwarnx(3) to log messages to standard error.
  • MFC r349910: Fix some ISS bit definitions for data aborts.
  • MFC r350054: Use a platform-independent constant for PKG_MAX_SIZE.
  • MFC r350037: Fix the arm64 page table entry attribute mask.
  • MFC r350048: Chase r350037.
  • MFC r350086: Remove obsolete compatibility code from rtadvd.
  • MFC r350082: Reference stdint.h types in ctf.5.
  • MFC r350310: Fix the turnstile_lock() KPI.
  • MFC r349840: Add a per-CPU page cache per VM free pool.
  • MFC r349841: Elide the vm_reserv_free_page() call when PG_PCPU_CACHE is set.
  • MFC r350182: Rename vm_page_{import,release}() to vm_page_zone_{import,release}().

mav (2):

  • MFC r349418: Fix qlxgbe(4) static build.
  • MFC r340093 (by imp): Document disbale_phy in ahcich sysctls.

mm (1):

  • MFC r349527,349538: Sync libarchive with vendor.

np (4):

  • MFC r349865:
  • MFC r349956:
  • MFC r349870:
  • MFC r340173 (by jhb@):

pfg (1):

  • MFC r349802 (from fsu@):

philip (1):

  • MFC r349890: telnet: fix a couple of snprintf() buffer overflows

sjg (2):

  • libsecureboot: allow OpenPGP support to be dormant
  • loader: ignore some variable settings if input unverified

tijl (3):

  • MFC r349640, r349706:
  • MFC r349641:
  • MFC r349880:

vangyzen (1):

  • MFC r349834

vmaffione (10):

  • MFC r349752
  • MFC r349753
  • MFC r349966
  • MFC r349581
  • MFC r349869
  • MFC r349803
  • MFC r349867
  • MFC r349868
  • MFC r349935
  • MFC r349952

Uploads: