HardenedBSD-11-STABLE-v1100056.7 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
Highlights:
- MFC r333569: cpucontrol: improve Intel microcode revision check (cf3b425994272a0d0b1602846bbe51028fd67442)
- MFC r339019: clang: allow ifunc resolvers to accept arguments (d10325d074c2f9aeff283511c3acb06b3c1fcb5a)
- MFC 338976: Don't clear DR6 for debug exceptions from userland. (4de0836180159ccb2485c64e4639544254abd941)
- MFC r339025: Update x86/ifunc.h. (59e3462397fe61451f33846b1d0c56142b6a816d)
- MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options. (cfea277e33577e9ec8653cfa010f60a39dde358a)
- MFC r338216: tftpd: Fix data corruption bug with netascii (6068c2761de987bc97d4c472acdc1076d91fc7e8)
- MFC r336310: Let geli deal with lost devices without crashing. (35d45fa28dc67d17e535455e202de0584763f70e)
- ZFS updates
- cxgbe updates
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-bootonly.iso) = 76e6957dd5124525e62f59baac626eeb4c60b622d64b458aa838e4a374f6bc521647376bf41882a19b0ed5767c445dd4420883ab7b1e095a02e15b5874f18347
SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-disc1.iso) = 1e2668998564e26911499875d2d163d9bb120746969dc96d6771f5c7c5213ba9dab434a16ba7c49d891fe8f496df6f08026701231abafa7cb1238a5b4f5fcbff
SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-memstick.img) = 6e635997ab76acf56b8b0fc44591049b061a4a7e47ef19e1b6603be245430a0d45566d35e19ae04cb693714c9e871bf8d5dcdc71af0a4625fa537486dc439c91
SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-mini-memstick.img) = ef95a77087998ea680d3c463c619ee749aa2b5794abed284cd5976b137c651aa3648c512c1af281f073f763df4d2e9a91f3cb79a5205234d321f950e0537b9f9
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlvH8GcACgkQgZsRom/9
GI1stw/+IM/kl6O9HIeCRZidthUtVA/Rk0ZGrvTilOpRwS+ahZks+D7d0ap8IC4d
WiQtuAOcG+RO0USYmv1Gmn0wh1bm0HhEFh6p/S4hnAgNTnRN1u4u/fBhqy7+jahc
IzBfvyRJ2+ym08trSBJthUtOmEcRvPwFOU7Vqj7cb9OpeAlQF7o5x6p3F5/W4VUf
G029GDJ8wyUQYSgQ+T6GgA96YUeEGNHcDZgUnEhyisyHCh60apYsrgRFKvmTqVff
91W6gRY/FhKgCmOJA1vIeXv5eiWGAlAAYTCWfbcsJ6SQAUzghxZTxUkhJEdy1XSg
XohwIoPU7TUKA7KDi9yP0SDdfCrDOeYlFwsYoOrDjxHLLDFGKNDT0BM3J9M8rh+N
gerwQQxZQ5ZYV8lohg5YSGfcvwgUoq3Th7EyqmtQbODAprvAlQYp8Ly1JuLkblHy
qR2DyoqVZfyEEmpTrt6AB+n5ck8QxZz9iYGSdwcdOKocqIcdZ96Znfo1oJDUMLe0
aYSimT/MTaeTCnjuo7jSz0Bvewi0zWfi5yqeOeE2X0tYlIvuuRh4/g6aovvaZuAJ
ZWOH4klex79aNvVRwqKToeq3OPjOT9D4KVTUnUu0oTRdxy7KAl0+YreGMdZQi7XA
wAheaZb3zZ8u/56EEMwWJwpn0ZvXSQ+BsOX0/USBQi/6+/Ir2Hk=
=S0Uc
-----END PGP SIGNATURE-----
Changelog:
Oliver Pinter + (35):
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
- Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (2):
- Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
- HBSD: Resolve merge conflict
ae (4):
- MFC r338857: Fix possible NULL pointer dereference in ffec_alloc_mbufcl().
- MFC r338890: Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case, when `ifconfig ipsec create reqid N` command invoked without interface unit number. The "name" global variable is updated after interface cloning in the ifclonecreate() and contains actual interface name.
- MFC r313168 (by pkelsey): Fix VIMAGE-related bugs in TFO. The autokey callout vnet context was not being initialized, and the per-vnet fastopen context was only being initialized for the default vnet.
- MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options.
asomers (19):
- MFC r336582:
- MFC r336587:
- MFC r336594:
- MFC r336605:
- MFC r336871, r336874
- MFC r337482:
- MFC r337779:
- MFC r337911:
- MFC r337973:
- MFC r338216:
- MFC r337222:
- MFC r334360, r334362, r334388, r334395
- MFC many audit(4) tests.
- MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703
- MFC r335319, r335354, r335374
- MFC r335792, r336564, r336579
- MFC r336613:
- MFC r336728:
- MFC r336875:
avatar (1):
- MFC r338200: Adding device ID for Terratec SiXPack 5.1+.
brooks (1):
- MFC r338925:
des (2):
- MFH (r314778): use reallocarray(3) for extra bounds checks MFH (r333306): fix typo in man page MFH (r333571, r333572): preserve if-modified-since across redirects MFH (r334317): simplify the DEBUG macro MFH (r334319): style bug roundup MFH (r334326): fix netrc file location logic, improve netrcfd handling MFH (r338572): fix end-of-transfer statistics, improve no-tty display
- MFH (r333574): fully support acting as a recursing resolver.
emaste (10):
- MFC r338682: lld: add -z interpose support
- MFC r306729: makeman: avoid bogus output with duplicated options
- MFC r334072, r334247 (eadler): Add the text '@generated' to src.conf.5
- regerate src.conf.5 to remove duplicate entries
- MFC r339019: clang: allow ifunc resolvers to accept arguments
- MFC r338810: openssh: rename local macro to avoid OpenSSL 1.1.1 conflict
- MFC r333233: gpart: add fat32lba MBR partition type
- MFC r333569: cpucontrol: improve Intel microcode revision check
- MFC r339181: crt: switch to standard note type definitions from elf_common.h
- MFC r336027 (andrew): Teach binutils that arm64 is a 64bit architecture.
gjb (1):
- Document EN-18:09 through EN-18:12.
gonzo (4):
- MFC r336050-r336051, r336142, r336326, r337719
- MFC r338111, r338215
- MFC r338654, r338701
- MFC r338655:
hselasky (2):
- MFC r338993: When multiple threads are involved receiving completion events in LibUSB make sure there is always a master polling thread, by setting the "ctx_handler" field in the context. Else the reception of completion events can stop. This happens if event threads are created and destroyed during runtime.
- MFC r339235: Add missing steering rules for virtual function, VF, in mlx4en(4) driver.
imp (2):
- Direct commit to stable, file not present in current
- Direct commit since these files have gone away in head
jamie (1):
- MFC r339211:
jhb (8):
- MFC 337673: Add an overview section to bus_dma.9.
- MFC 338022: Fix casts between 64-bit physical addresses and pointers in EFI.
- MFC 337400: Remove spurious ABI tags from kdump output.
- MFC 338021: Use 'bool' instead of 'int' for various boolean flags.
- MFC 338976: Don't clear DR6 for debug exceptions from userland.
- Disable the KASSERT for curcpu == 0 in netisr for EARLY_AP_STARTUP.
- MFC 338055: Remove some vestiges of IPI_LAZYPMAP on i386.
- MFC 326138,326436,326852: Style fixes to kdump.
jilles (1):
- MFC r338473: sh: Fix formal overflow in pointer arithmetic
ken (1):
- MFC r339076
kevans (6):
- MFC r337964, r338232: dtc(1) updates
- MFC r338039: diff(1): Implement -B/--ignore-blank-lines
- MFC r338219, r338250: FDT in Loader fixes
- MFC r338223, r338263: Missing bits from OptionalObsoleteFiles
- MFC r338646: dd(1): Correct padding in status=progress
- MFC r338040: diff(1): Refactor -B a little bit
kib (14):
- MFC r338892: Correct panic messages.
- MFC r338932: Fix some uses of dmaplimit.
- MFC r338955: When doing lm_add(), check for duplicates.
- MFC r324950 (by trasz): Reword the conditional.
- MFC r324951 (by trasz): Make find_library() conform to style(9).
- MFC r324952 (by trasz): Replace lseek(2)/read(2) pair with pread(2).
- MFC r324953 (by traz): Remove unneeded calls to access(2) from rtld(1); just call open(2) instead.
- MFC r338956: Provide refobj context when doing libmap substitution inside search_library_path().
- MFC r338964: Remove -m (update) from ldconfig -32 & -soft invocation on startup.
- MFC r338997: In vm_fault_copy_entry(), collect the code to initialize a newly allocated dst_object in a single place.
- MFC r338998: In vm_fault_copy_entry(), we should not assert that entry is charged if the dst_object is not of swap type.
- MFC r338999: Correct vm_fault_copy_entry() handling of backing file truncation after the file mapping was wired.
- MFC r339025: Update x86/ifunc.h.
- MFC r339241: Disallow zero day of month from strptime("%d").
markj (2):
- MFC r328810 (by emaste): ld.lld.1: miscellaneous style improvements
- MFC r338251: Add an lld option to emit PC-relative relocations for ifunc calls.
mav (53):
- MFC r338913: Fix use-after-free in RAID0 error reporting of GEOM_RAID.
- MFC r336943: MFV r336942: 9189 Add debug to vdev_label_read_config when txg check fails
- MFC r336945: MFV r336944: 9286 want refreservation=auto
- MFC r336947: MFV r336946: 9238 ZFS Spacemap Encoding V2
- MFC r336949: MFV r336948: 9112 Improve allocation performance on high-end systems
- MFC r336951: MFV r336950: 9290 device removal reduces redundancy of mirrors
- MFC r336954: MFV r336952: 9192 explicitly pass good_writes to vdev_uberblock/label_sync
- MFC r336956: MFV r336955: 9236 nuke spa_dbgmsg
- MFC r336959: MFV r336958: 9337 zfs get all is slow due to uncached metadata
- MFC r336961: MFV r336960: 9256 zfs send space estimation off by > 10% on some datasets
- MFC r337007: MFV r336991, r337001: 9102 zfs should be able to initialize storage devices
- MFC r337017: MFV r337014: 9421 zdb should detect and print out the number of "leaked" objects 9422 zfs diff and zdb should explicitly mark objects that are on the deleted queue
- MFC r337021: MFV r337020:9443 panic when scrub a v10 pool
- MFC r337025: MFV r337022: 9403 assertion failed in arc_buf_destroy() when concurrently reading block with checksum error
- MFC r337028: MFV r337027: 9328 zap code can take advantage of c99 9329 panic in zap_leaf_lookup() due to concurrent zapification
- MFC r337030: MFV r337029: 9426 metaslab size can exceed offset addressable by spacemap
- MFC r337063: MFV r316926: 7955 libshare needs to initialize only those datasets being modified by the consumer
- MFC r337160: Do not blindly include illumos kernel headers instead of user-space. It is not needed now, and I doubt it much helped at all, creating more confusions then good.
- MFC r337163: MFV r337161: 9512 zfs remap poolname@snapname coredumps
- MFC r337169: MFV r337167: 9442 decrease indirect block size of spacemaps
- MFC r337172, MFV r337171: 9464 txg_kick() fails to see that we are quiescing, forcing transactions to their next stages without leaving them accumulate changes
- MFC r337177: MFV r337175: 9487 Free objects when receiving full stream as clone
- MFC r337179: 9523 Large alloc in zdb can cause trouble
- MFC r337181: 9539 Make zvol operations use _by_dnode routines
- MFC r337183: MFV r337182: 9330 stack overflow when creating a deeply nested dataset
- MFC r337185: MFV r337184: 9457 libzfs_import.c:add_config() has a memory leak
- MFC r337191: MFV r337190: 9486 reduce memory used by device removal on fragmented pools
- MFC r337194: MFV r337193: 9424 ztest failure: "unprotected error in call to Lua API (Invalid value type 'f unction' for key 'error')"
- MFC r337196: MFV r337195: 9454 ::zfs_blkstats should count embedded blocks
- MFC r337198: MFV r337197: 9456 ztest failure in zil_commit_waiter_timeout
- MFC r337201: Fix build after r337196 mismerge.
- MFC r337202: MFV r337200: 9438 Holes can lose birth time info if a block has a mix of birth times
- MFC r337205: MFV r337204: 9439 ZFS double-free due to failure to dirty indirect block
- MFC r337207: MFV r337206: 9338 moved dnode has incorrect dn_next_type
- MFC r337209: MFV r337208: 9591 ms_shift can be incorrectly changed in MOS config for indirect vdevs that have been historically expanded
- MFC r337211: MFV r337210: 9577 remove zfs_dbuf_evict_key tsd
- MFC r337213: MFV r337212: 9465 ARC check for 'anon_size > arc_c/2' can stall the system
- MFC r337215: MFV 337214: 9621 Make createtxg and guid properties public
- MFC r337217: MFV r337216: 7263 deeply nested nvlist can overflow stack
- MFC r337219: MFV r337218: 7261 nvlist code should enforce name length limit
- MFC r337221: MFV r337220: 8375 Kernel memory leak in nvpair code
- MFC r337227: MFV r337223: 9580 Add a hash-table on top of nvlist to speed-up operations
- MFC r337229: Reduce taskq and context-switch cost of zio pipe
- MFC r337870: Fix mismerge in r337196.
- MFC r337883: Add couple tunables/sysctl, missed in r336949.
- MFC r337923: Make vfs.zfs.zio.dva_throttle_enabled sysctl writable.
- MFC r337970: 9738 Fix third block copy allocations, broken at 9112.
- MFC r337972: 9751 Allocation throttling misplacing ditto blocks
- MFC r338869: MFV r338866: 9700 ZFS resilvered mirror does not balance reads
- MFC r337567 (by mmacy): Performance optimization of AVL tree comparator functions
- MFC r339237: Fix r336951 mismerge -- use of uninitialized variable.
- MFC r339197: Add sysctls for dbuf metadata cache variables added in r336959.
- MFC r339288: Remove extra thread_exit() call left after r329802.
mm (1):
- MFC r338827: Sync libarchive with vendor.
np (13):
- MFC r327254, r327904, and r328994.
- MFC r330887: cxgbetool(8): Add the ability to decode hardware TCBs.
- MFC r332515: Fix typo in cxgbetool.8.
- MFC r320419, r337679, r338366, and r338652.
- MFC r325840, r327811, and r329701.
- MFC r333139:
- MFC r336042:
- MFC r338924:
- MFC r338254:
- MFC r320426:
- MFC r334987:
- MFC r335352:
- MFC r336159:
oshogbo (2):
- MFC r336310: Let geli deal with lost devices without crashing.
- MFC r315411 (mmel): Unbreak traceroute on system built without CAPSICUM
sef (2):
- MFC r336017,r338799
- MFC r334844, r336180, r336458
slavash (1):
- MFC r338942: Add PCIV_INVALID definition
smh (1):
- MFC r336165:
sobomax (1):
- MFC r309554 and r309631 which breaks down overly long monolithic souce file and reduces duplication by auto-generating functions that only differ in the value of the SCM_XXX constant used.