HardenedBSD-10-STABLE-v46.17 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
WARNING: this is a security update
Highlights:
- OpenSSL: Don't allow too many consecutive warning alerts. CVE-2016-8610 (3944e88fda9dc9f4f391a06b18cd7583f783e8ec) [FreeBSD-SA-16:35.openssl]
- MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (bb8c1d3b5e1d1ff2b26db3fcd0ca74e6418a4908) [FreeBSD-SA-16:33.openssh]
- MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer. (1e74d3419b0da1ebb8106c23763e29c3ddacfc5a)
Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-bootonly.iso) = aad9e8d4c879e77aebe8f6da63654f5f3a5b8fc1dd67cf20e158d537255ca2d0ca1ec9752814a0b7466231e4e49a61be31cc8b9d00e8ceae4f5bf5991a246626
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-disc1.iso) = 4cfb825fad4c9bf2872d3da3aa8e9ec0e58ac9eb75441c9af87f062cf9a6a5353340984d59efeaf906bb184e15b574d82e908d868c45fc7fe6885a326c59972e
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-memstick.img) = e1287439ab32fe7cc8738ff35b2c6fa7faf8960b85104512a28bb5bb3c39ec07c30669e19cb8bf6223e85cce0286a33927f52c38522efde5c92c7a4c103bbc65
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-mini-memstick.img) = f14b0dbe4c2af31a02a8d919fd8ffaf0835a3ac4ff59330a51bb38ba993ea963493e48fabe9c89c564be46eacb0506d060e45356e319315c0d6f94dea28eab12
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-bootonly.iso) = 05170a1ea94e3b828ba501a76bf544d7c3082539b7ed0c555381c0c53faa878e103d2faf155fcda8d705ebefb8e0b4e08288a56e9412f1c8d15b7bd771c9a5cc
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-disc1.iso) = 36e8325dc103e12472b0a68ccae88ff632400fb9fc70f77857ee757c33342ab0f22f877801384ecc39cd77dbccf1e2cc78cf0564b0d86a3f3d225cc6fcded5c3
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-memstick.img) = 58d1abe6a6e55d88e77840a4ea804c0b789b79981f11a1c0ee4d4c0ec8ddecd3dbf6754d97f254d06bfeabdd0ffa725c6d76150ecd64604c85b23760ddbd92ef
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-mini-memstick.img) = 7cae17f04dec06c67f4307dc12114897fd87560a5dcf800b79497316ca328abbcaba2406daf9d4bb1e728f5b50741ee9217215b2bd425aa9bd32309328d8173e
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIcBAABCAAGBQJYGdoMAAoJEIGbEaJv/RiNyWIQAMVKOe8zAIrAQLiIvx2GqGMp
JluKdh5+dgRcDlDXBrnbpWthsCNx22zfIYfPKezH7qVdd+yIMAI5pr3K19IADWDb
JkJjAishvAnxmUsF0MjLuk7zWkuKmxpN7ZBRTZUrSkN6qzQqvelK68NPi+fXCJJr
62kMOmoQfmswNu9SzCAPCSN9eSsg2f4F36oYLCiHsVAybWhyDWiikJLii74cCOVx
YgSSnLU07mDhq3DKHV5l41lKHtGEL99UwoaVT0fdQrPqf/saSb0Pw7Z019cOeg7e
vq4o+uAKgbPe6w+QUAYnc6hNU5w/md1ljP5cXHGg1GkXw5sHVXnvbS871/4tyghx
v05MOeM1srHyLkv0EznA/raWfs2okZ7P59pCrNvd9FYeJquk4dk7ItSF20fStoEm
RN1g6cCrLwtfzKNWKaP66vnLjtdZt4kKTkSvXomIzJlI4mHAWIAxH430/zqOEy4O
QUWrN3I7FHA3O0HCVdEm6fcyMmlL6YN5Cb9waMyDMM/jZX/ZePnpgZd7S2o1nRpa
HxkpIllpsclYr0cEzGwucdSWOUUf2xYvnjF5P5koaUI/B98ZfDS8j1oBqvizJtGf
ArWZsGlrPmSZkJF5LiB0nJ7d2JBESB5CrAKpcEN1hfskLnyQWEfyFlpDLNJydW4u
XGtCwRGzoGcaFGir3D1g
=z6fM
-----END PGP SIGNATURE-----
Changelog:
Oliver Pinter + (15):
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
- Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
avg (6):
- MFC r306801: implement zfs_vptocnp() using z_parent property
- MFC r305539: work around AMD erratum 793 for family 16h, models 00h-0Fh
- MFC r307130: smbus: allow child devices to be added via hints
- MFC r307131: install header files required development with libzfs_core
- MFC r307141: remove a few stray spaces from sys/param.h
- bump __FreeBSD_version for libzfs_core.h
bapt (1):
- MFC r307785:
davidcs (1):
- MFC r307578 1. Use taskqueue_create() instead of taskqueue_create_fast() for both fastpath and slowpath taskqueues. 2. Service all transmits in taskqueue threads. 3. additional stats counters for keeping track of - bd availability - tx buf ring not emptied in the fp task queue. These are drained via timeout taskqueue. - tx attempts during link down.
delphij (2):
- MFC r308197: MFV r308196:
- Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:
dim (1):
- Pull in r228705 from upstream libc++ trunk (by Eric Fiselier):
ed (1):
- Add posix_tnode to .
gjb (1):
- Document EN-16:17-18, SA-16:26-32
hselasky (1):
- MFC r307651: Add support for adjusting the hardware buffering delay for USB audio.
jhb (5):
- MFC 303002: Include process IDs in core dumps.
- MFC 272079,272080: cxgbe/tom: Update for syncache_add locking changes.
- MFC 282039: Don't use ifm_data. It was used only for self checking debug.
- MFC 289401: cxgbe(4): support for the kernel RSS option.
- MFC 291665,291685,291856,297467,302110,302263: Add support for VIs.
kib (3):
- MFC r306807: When making a pause after detecting hard kill of the single-user shell, ensure that we do sleep for at least the specified time, in presence of signals.
- MFC r306808: Add verbosity around failed reboot(2) call.
- MFC r307821: Use proper type for local variable.
mav (15):
- MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer.
- MFC r294329 (by asomers): Disallow zvol-backed ZFS pools
- MFC r298786 (by asomers): Refactor vdev_geom_attach and friends to reduce code duplication
- MFC r298814 (by asomers): Fix a use-after-free when "zpool import" fails
- MFC r300059 (by asomers): Speed up vdev_geom_open_by_guids
- MFC r300881, r302058 (by asomers): Avoid issuing spa config updates for physical path when not necessary
- MFC r307731: Add names for some DASP devices.
- MFC r304918: Decode some new ATA commands found in ACS-3.
- MFC r307350: Add LUN options to limit UNMAP and WRITE SAME sizes.
- MFC r307374: Add LU option to control reported provisioning type.
- MFC r307507, r307509, r307515: Consider device as clean even if SYNCHRONIZE CACHE failed.
- MFC r306424: MFV r306422: 7254 ztest failed assertion in ztest_dataset_dirobj_verify: dirobjs + 1 == usedo bjs
- MFC r306425: MFV r306423: 7402 Create tunable to ignore hole_birth feature
- MFC r306456: Add #ifdef _KERNEL around send_holes_without_birth_time sysctl.
- MFC r307523: Make pass driver better support CAM_CDB_POINTER flag.
mm (1):
- MFC r307861: Update libarchive to 3.2.2
sbruno (1):
- MFC r308038: