HardenedBSD-11-STABLE-v46.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Oliver Pinter (3):
HBSD: update version string on boot screen
HBSD: remove hbsd-update's dnssec.key* when WITHOUT_HBSD_UPDATE specified
HBSD: fix kyue test case sys/kern/kern_copyin

Oliver Pinter + (51):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (9):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Build and install unbound-host
HBSD: Clarify DNSSEC message.
HBSD: Wire up the -s option to hbsd-update
HBSD: Use unbound-host with hbsd-update.
HBSD: Remove debugging code.
HBSD: Improve DNSSEC validation
HBSD: Fix "libarchive vulnerability 2"
HBSD: Fix "libarchive vulnerability 4"

ache (11):
MFC r303094
MFC r302824
MFC r302831
MFC r302826
MFC r302827
MFC r302943,r302944,r303004,r303010,r303011,r303013,r303014,r303074, r303088,r303142,r303208,r303210,r303530,r303536,r303564,r303565, r303706
MFC r302937
MFC r303569
MFC r303568
MFC r303581
MFC r304374

ae (6):
MFC r303615: An old tables implementation had all tables preallocated, so when user did `ipfw table N flush` it always worked, but now when table N doesn't exist the kernel returns ESRCH error. This isn't fatal error for flush and destroy commands. Do not call err(3) when errno is equal to ESRCH. Also warn only when quiet mode isn't enabled. This fixes a regression in behavior, when old rules are loaded from file. Also use correct value for switch in the table_swap().
MFC r303657: Fix NULL pointer dereference. ro pointer can be NULL when IPSec consumes mbuf.
MFC r303842: Fix constructing of setdscp opcode with tablearg keyword.
MFC r303955: Restore "nat global" support.
MFC r303374: Due to dropped mbuf in netisr queue route(8) can fall into infinity loop of reading the rtsock's feed. When it used by some scripts, this leads to growing number of not finished route(8) instances and thus growing number of rtsock consumers. Add SIGALRM handler to prevent this.
MFC r302906: Add net.inet6.ip6.intr_queue_maxlen sysctl. It can be used to change netisr queue limit for IPv6 at runtime.

alc (3):
MFC r303356 and r303465 Remove any mention of cache (PG_CACHE) pages from the comments in vm_pageout_scan(). That function has not cached pages since r284376.
MFC r303492 Remove a probe declaration that has been unused since r292469, when vm_pageout_grow_cache() was replaced.
MFC r303773 Correct a spelling error.

avg (9):
MFC r302836: 6874 rollback and receive need to reset ZPL state to what's on disk
MFC r303763,303791,303869: zfs: honour and make use of vfs vnode locking protocol
MFC r303084: 6391 Override default SPA config location via environment
MFC r303086: 7164 zdb should be able to open the root dataset
MFC r302839: 6940 Cannot unlink directories when over quota
MFC r302840: 6878 Add scrub completion info to "zpool history"
MFC r302835: fix-up for configuration of AMD Family 10h processors borrowed from Linux
MFC r302837: 6844 dnode_next_offset can detect fictional holes
MFC r302838: 6513 partially filled holes lose birth time

badger (1):
MFC r302783:

bapt (2):
MFC: r303685
MFC r303354,303373,303404,304045,304192

bdrewery (16):
MFC r303328:
MFC r303410,r303419:
MFC r303414,r303415,r303417:
MFC r303650:
MFC r303687:
MFC r303729:
MFC r303755:
Regenerate for r303857.
MFC r303934,r303937,r303942:
MFC r303964:
MFC r303929,r303930,r303931,r303932,r303933:
MFC r304005:
MFC r304006:
MFC r304008:
MFC r304217:
MFC r304288:

brd (1):
MFC r303343: Fix the case for some sysctl descriptions.

brooks (2):
MFC r303103:
MFC r303104, r303106:

cy (1):
MFC r303806:

des (4):
MFH (r303289): update example section
MFH (r303716, r303719): drop SSH1 support, disable DSA by default
MFH (r303832): check whether each key file exists before adding it
MFH (r304142): ensure stripe size is non-zero multiple of 4096

dim (5):
MFC r303456:
MFC r303631:
MFC r303676:
Similar to r256297, disable assertions in llvm and clang for the stable/11 branch. This reduces the size of the clang executable, and improves its performance. Also bump FREEBSD_CC_VERSION to make some version number room for the branch.
MFC r304319:

ed (2):
MFC r303486:
MFC r303923:

emaste (5):
MFC r303282: avoid building otusfw when WITHOUT_SOURCELESS_UCODE set
MFC r303521: libunwind: correct return code in unwinding trace log message
iMFC r303400: libcxxrt: fix demangling of wchar_t
MFC r303338: vt: lock Giant around kbd calls in CONS_GETINFO
MFC r303396: rename ARM's libunwind.S to to avoid conflict with llvm libunwind

gallatin (1):
MFC r303457: Call tcp_notify() directly to shoot down routes

gjb (7):
Update stable/11 to BETA4 as part of the 11.0-RELEASE cycle.
MFC r303782: Fix GCE image publication. The gcutil utility is deprecated in favor of gcloud.
Update the SRCBRANCH for release.sh to use stable/11 as the SRCBRANCH.
Update stable/11 to 11.0-PRERELEASE. Reset __FreeBSD_version for 11.0-STABLE.
Fix __FreeBSD_version for stable/11.
Fix still incorrect __FreeBSD_version values for stable/11 and releng/11.0
MFC r303897: Pass overrides to make(1) when building ports for arm/armv6 targets, similar to what is done for the run-autotools-fixup override for non-arm targets.

glebius (2):
Merge r303263: Partially revert r257696/r257713, which have an issue with writing to user controlled address. Restore the old code that emulated OSIOCGIFCONF in if.c.
Merge r303264 and corrections: The date format for ru_RU.UTF-8 locale has changed some time ago, adjust the ru_RU.UTF-8 calendar files.

gonzo (1):
MFC r303726

hselasky (3):
MFC r303837: Switch to the new block based LRO input function for the mlx5en driver. This change significantly increases the overall RX aggregation ratio for heavily loaded networks handling 10-80 thousand simultaneous connections.
MFC r303765: Keep a reference count on USB keyboard polling to allow recursive cngrab() during a panic for example, similar to what the AT-keyboard driver is doing.
MFC r303870: Fix for use after free.

jhb (7):
MFC 303497,303559,303645: Disable PCI-e hotplug on bridges with power controllers.
MFC 303406,303501: Fix panic when using aio_fsync().
MFC 303076,303225: Use MTX_SYSINIT for the VESA lock.
MFC 303503: Don't treat NOCPU as a valid CPU to CPU_ISSET.
MFC 302900,302902,302921,303461,304009: Add a mask of optional ptrace() events.
MFC 303001: Add PTRACE_VFORK to trace vfork events.
MFC 304018: Add defines needed to export SMBIOS serial numbers

karels (2):
MFC r303171: Fix per-connection L2 caching in fast path
MFC r303978; Fix kernel build with TCP_RFC7413 option

kib (21):
MFC r303424: Fix typo in comment.
MFC r302614: Revive the check, disabled in r197963.
MFC r303393: Remove empty initializer for the once facility.
MFC r303446: Fix style and typo.
MFC r303702: Remove mention of Giant from the fork_return() description.
MFC r303448: Do not delegate a work to geom event thread which can be done inline.
MFC r303704: Some style changes. Fix a typo in comment.
MFC r303710: Remove unneeded (recursing) Giant acquisition around vprintf(9).
MFC r303712: Merge i386 and amd64 variants of mp_watchdog.c into x86/.
MFC r303958: The pmap_delayed_invl_wait() function blocks on turnstile, it does not spin, in the committed version. Remove stray '*' in the text.
MFC r303423: Force SIGSTOP to be the first signal reported after the attach.
MFC r303913: Unconditionally perform checks that FPU region was entered, when #NM exception is caught in kernel mode.
MFC r303914: Re-schedule signals after kthread exits.
MFC r303916: Convert another tmpfs assert into runtime check.
MFC r303990: Remove unused prototypes.
MFC r303991: Decode 32bit utrace records on the 64bit host.
MFC r304011: Remove all remaining uses of TAILQ_FOREACH_FROM() from rtld-elf.
MFC r304012: Fill phdr and phsize for rtld object.
MFC r304016: Move defines common between rtld and libsysdecode into the header.
MFC r303794: Create namespace for the symbols added during 12-CURRENT cycle.
MFC r303795: Add __cxa_thread_atexit(3) API implementation.

kp (3):
MFC r303663:
MFC r302497:
MFC r304152:

lidl (2):
MFC r303515: Make resizewin.1 manpage use .Fx macro
MFC r303518: libblacklist: Do not use %m for logging, use strerror(errno)

loos (2):
MFC r302988:
MFC r303760:

lwhsu (1):
MFC 303935

manu (4):
MFC r303144: We need the GIC to be attached so attach later at BUS_PASS_INTERRUPT + BUS_PASS_ORDER_LATE
MFC r303145: axp209 needs aw_nmi so attach a bit earlier
MFC r303728: We need aw_nmi to be attached which needs GIC so attach a bit later. Also the GPIOC doesn't need to be attach early
MFC r303974: ename pcduino3b.dts to pcduino3.dts The only difference between 3 and 3B is the size of the RJ45 port. And now we have a uboot port that expect pcduino3.dts to be present.

markj (5):
MFC r303244, r303399 De-pluralize "queues" in the pagedaemon code.
MFC r303516 Use vm_page_undirty() instead of manually setting a page field.
MFC r303059 Release the second critical section in uma_zfree_arg() slightly earlier.
MFC r303243 Update a comment in vm_page_advise() to match behaviour after r290529.
MFC r303786 mthca: Add a wrapper for the firmware's DIAG_RPRT command.

mav (36):
MFC r302482: Fix NTB_SDOORBELL_LOCKUP workaround.
MFC r302483: Remove some dead code found by Clang static analyzer.
MFC r302484: NewBus'ify NTB subsystem.
MFC r302486: Fix operation with multiple qps.
MFC r302487: Reduce code divergence from Linux, preparing for DMA support.
MFC r302488: Remove unneeded RX lock, and make TX lock per-qp.
MFC r302489: Remove rx_completion_task taskqueue.
MFC r302490: Create separate RX taskqueue for each qp.
MFC r302491: Switch ctx_lock from mutex to rmlock.
MFC r302492: Bring some more order into link and qp state handling.
MFC r302493: Reimplement doorbell register emulation for NTB_SB01BASE_LOCKUP.
MFC r302494: Synchronize MTU code with Linux.
MFC r302495: Improve memory allocation errors handling on receive.
MFC r302496: Rewrite if_ntb to use modern interface KPIs and features.
MFC r302499: Improve checksum "offload" support.
MFC r302508: Disable SB01BASE_LOCKUP workaround when split BARs disabled.
MFC r302510: Simplify MSIX MW BAR xlat setup, and don't forget to unlock its limit.
MFC r302530: Fix wrong copy/paste in r302510.
MFC r302529: Remove callout_reset(link_work) from ntb_transport_attach().
MFC r302531: Revert odd change, setting limit registers before base.
MFC r302622 (by sephe): ntb: Fix LINT
MFC r303266: Postpone ntb_get_msix_info() till we need to negotiate MSIX.
MFC r302520: Replace NTB man page with more detailed and up to date.
MFC r303429, r303437: Once more refactor KPI between NTB hardware and consumers.
MFC r303494: Once more refactor KPI between ntb_transport(4) and if_ntb(4).
MFC r303510: Clear scratchpad after MSIX negotiation to not leak garbage.
MFC r303514: Fix NTBT_QP_LINKS negotiation.
MFC r303551: Fix infinite loops introduced at r303429.
MFC r303553: Make MAC address generation more random.
MFC r303554, r303561: Block MSIX negotiation until SMP started and IRQ reshuffled.
MFC r302946: Do not consider the last interrupt shared if there are enough interrupts for all channels.
MFC r302947: In AHCI_IRQ_MODE_AFTER mode do not clear interrupts below.
MFC r302459: Allow AHCI controller to support up to 32 arbitrary devices.
MFC r302460: Add emulation for multiple (up to 16) MSI vectors for AHCI.
MFC r302504, r302666, r302668, r302932, r302933: Add emulation for Intel e1000 (e82545) network adapter.
MFC r303009: Negotiate/disable TXCSUM_IPV6 same as TXCSUM.

mjg (2):
MFC r303562,303563,r303584,r303643,r303652,r303655,r303707:
MFC r303583:

ngie (5):
MFC r302581:
MFC r302571,r302572,r302577,r302841:
MFC r302576:
MFC r302550,r302551,r302552,r302553:
MFC r303830:

oleg (1):
MFC r304154

oshogbo (2):
MFC r302965: Fix memory leak in the nvlist string array.
MFC r302966: Fix nvlist array memory leak.

pfg (2):
MFC r303062, r303567, r303593: MFV r298167, r300962, r303048: openresolv(8): update to version 3.8.1.
MFC r303147 binutils: fix "Bad value" error in bfd for MIPS when using -Bsymbolic.

royger (2):
MFC r303490, r303491:
MFC r303488 and r303771:

rstone (1):
MFC r303836

sbruno (4):
MFC r303322,303326,303327,303345,303413,303416,303418,303557
MFC r303638
MFC r303816 r303847 - Update ixl(4) to Intel driver version ixl-1.6.6-k - Fixup RSS builds of ixl(4) missed during testing.
MFC r304149

sephe (1):
MFC 303737

smh (1):
MFC r303971:

tuexen (4):
MFC r303792: Fix various bugs in relation to the I-DATA chunk support This is joint work with rrs.
MFC r303927:
MFC r304146: Ensure that sctp_it_ctl.cur_it does not point to a free object (during a small time window). Thanks to Byron Campen for reporting the issue and suggesting a fix.
MFC r304292: Use names for SCTP and UDPLite when reporting the input histogram.

vangyzen (4):
MFC r303519
MFC r303520
MFC r303788
MFC r304246