New stable release: HardenedBSD-stable 11-STABLE v46.11

HardenedBSD-11-STABLE-v46.11 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this a security update!

Highlights:

FreeBSD-SA-16:38.bhyve - integer overflow in bhyve - f836007bd73e9e537d2aa37f997452952dc86d84
FreeBSD-SA-16:37.libc - buffer overflow in libc - 8ce24fbbdcb70e8a23953f5da6f4687b334c3f84
FreeBSD-SA-16:36.telnetd - insufficient error checking in telnetd - b3dac027c0c7df4a5b85edb1c34742a467493508
SVN update to 1.9.5
bhyve: stability and performance improvement for dbgport
updated default HARDENEDBSD kernel config
Hyper-V updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v46.11-amd64-bootonly.iso) = bf0cb0253e6c3b037782d46f7d518934d707e679b876cd8d095255f7132e0c4a0010223b0372e6a14816d224a16cc803ed4fb1f1b236c474d92cb0f09d9a645d SHA512 (HardenedBSD-11-STABLE-v46.11-amd64-disc1.iso) = b67f247bb254b123bdc82080ebf02c4acef5112a4cedc0adade853c1905838102f58abb8c2a83902beffd6f1265b58a1e26be6c22777f88fc550f3989982cbb2 SHA512 (HardenedBSD-11-STABLE-v46.11-amd64-memstick.img) = 492d0ca285db1db830501ec3078e36236a99cd20f61c6bc0973a0da88f8a9cb7f11051d18cf0a1019421aa94617782c78787fec36af207f67574541d17bc74f1 SHA512 (HardenedBSD-11-STABLE-v46.11-amd64-mini-memstick.img) = 23a494a96584f84951a02f053c4d1e4388a7e4f39535a62021ccb3c106faf4e3f78282ba8df4c8b2b61d5627de40051ecf6efb86c708ba55ed87fc56f1d8182c

CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlhHXZsACgkQgZsRom/9
GI0UaxAA4i8gmc2xFdsEvfdV69eiObuH+lt7Oa9Ig8yzoHb4hNDZAAz7oPQC6Ila
/eP7+ZLNdCV/OwkkfQzfpGz/yRo0LOxxS2H6bWaIxAMgAVb7O79g0PLcAOUtBDQ/
zZPJ8KQbNtfNDAxqPkDd1h4bBRfLdeg0uYp2eORdv5ff+ElqN7J6pX+WP2oTmKiX
5GdiEUWLxyLg0fJAgZpNGsSkbU1AA9wFsJDJFcxh7zQC8cC2sor+/2a8TKy3YGLB
qRYANiDdwZmXdeIOHxV70k+gN0ra/yxZCP+3813bnOmBzZjX3DsJ2TpmSJK6EYMd
zRKvTl3Lhgz4oDF9Tr00ob4jExDapAKTgg3ZxuzYW1QG8vpd8RqJbnsRTRE3vVxD
gW6y8U5xviQdO38d8xkeaMIxz5t4EHcr0d4rQhtjnI0sz+QQajZkwOkuqFgJ7TN7
ayR541g8ksju30RfdXMuGtn/ZVFOSKN8cCxohqAw37iC18uy7wyT/naNVJFpru9Q
M1PhNbhbSS7Npawr12aZu+B29keZ3S8Y6reyk1j92UUtkcw3utHN6CLlmpweXpga
I9b0wMj2gtbXAvRsfQfra4zK0OK77+R3xm7cpNhfCbsRh0zhs3Idzu0YJy5yxT/G
q1fRbZmVxQOELfhSn9XSmKcecajCCbsB+cMfobD9eeDbVZUZdqk=
=XzZQ
-----END PGP SIGNATURE-----

Changelog: Oliver Pinter (1):

HBSD: sync amd64's HARDENEDBSD kernel config to 10-STALBE

Oliver Pinter + (26):

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

araujo (1):

MFC r308443, r308459, r308462, r308478, r308786

asomers (1):

MFC r308780

bapt (2):

MFC r309194, r309216
MFC r308129:

brooks (1):

MFC r309027:

dexuan (2):

MFC: 308723-308725,308793-308795,309127
MFC 308797-308799, 309082

dim (1):

MFC r309332:

emaste (4):

MFC r308772: crunchide: report explicit error for combined string table
MFC r307969: strings: fix exit status if a file before the last one fails
MFC r307003, r307564: makewhatis: make output reproducible
MFC r309006: remove unnecessary vm includes from setproctitle

glebius (3):

Merge r309638 from head:
Merge r309639 from head:
Merge r309640 from head:

gonzo (3):

MFC r308898, r308940, r308942, r308944, r309112
MFC r308941:
MFC r308668:

hiren (1):

MFC r308943

hselasky (1):

MFC r308730: Make sure MAC address is reprogrammed when if_init() callback is invoked. Else promiscious mode must be used to pass traffic. While at it fix a debug print macro.

jhb (23):

MFC 307975: Enable EFER_NXE properly on APs.
MFC 308056: Fix formatting of tables.
MFC 307333: Reprogram I/O APIC interrupt pins when registering an I/O APIC.
MFC 307756: Define max_align_t for C11.
MFC 308456: Pass the correct flag to find_symdef() from _rtld_bind().
MFC 304838: Do not free an uninitialized pointer on soaccept failure in the iWARP connection manager.
MFC 303753,308004: Add bounds checking on addresses used with /dev/mem.
MFC 308005: Add powerd(8) support for several families of AMD CPUs.
MFC 308564: Don't place threads on the run queue after waking up other CPUs.
MFC 304854: cxgbe/iw_cxgbe: Various fixes to the iWARP driver.
MFC 302440,304873,305704,305985,306787,307531: Fixes for sysctls.
MFC 303348: cxgbe(4): Initialize the adapter queues (fwq and mgmtq) instead of returning EAGAIN if they aren't available when the user tries to program a filter. Do this after validating the filter so that the driver doesn't bring up the queues if it doesn't have to.
MFC 303688,303750,305166,305167: Centralize and rework page pod handling.
MFC 305433: cxgbe/t4_tom: toepcb should be all-zero on allocation because the code that cleans up on failure assumes that non-NULL values indicate initialized items.
MFC 305652: cxgbe(4): Do not prescreen frames before attempting LRO.
MFC 305667: cxgbe(4): Avoid a NULL dereference in the clearstats ioctl handler. Port softc's are not initialized when the adapter is in recovery mode.
MFC 305695,305696,305699,305702,305703,305713,305715,305827,305852,305906, 305908,306062,306063,306137,306138,306206,306216,306273,306295,306301, 306465,309302: Add support for adapters using the Terminator T6 ASIC.
MFC 306277: cxgbe(4): Make the location/length of all descriptor rings available in the sysctl MIB.
MFC 306821,306823: Permit updating firmware config file in flash.
MFC 307233: cxgbe(4): Allow the interface MTU to be set as high as the actual hardware limit.
MFC 307759: cxgbe(4): Dump any mailbox command that times out.
MFC 307876: cxgbe(4): Fix bug in the calculation of the number of physically contiguous regions in an mbuf chain.
MFC 308066: cxgbe(4): Accurate statistics for all chip settings.

jilles (1):

MFC r309026: open(2): Clarify non-POSIX error when opening a symlink with O_NOFOLLOW.

julian (6):

MFH: r306306
MFH: r303612
MFH: r303613
MFH: r303611
MFH: r303287
MFH: r309295

kib (7):

MFC r308618: Provide simple mutual exclusion between mount point update and unmount. In the update path in ffs_mount(), drop vfs_busy() reference around namei().
MFC r308995: Do not dereference bp after bread(9) on error.
MFC r308969: Restore vnode pager statistic for buffer pagers.
MFC r308973: Minor cleanup.
MFC r308980: Use buffer pager for NFS.
MFC r309189: Fix automatic eventtimer hardware selection when ARAT is not implemented, and do not ignore TSCDLT.
MFC r309209: Do not enable nullfs vnode caching over nfs v4 mounts.

mav (3):

MFC r308579: Do not report error on close even if we have no paths left.
MFC r308608: Use providergone method to cover race between destroy and g_access().
MFC r309282: Explicitly initialize cdai.flags.

mckusick (1):

MFC r308064: Avoid possible overflow when calclating malloc size for auxillary data structure sizes when mounting and reloading UFS/FFS filesystems.

ngie (10):

MFC r307713:
MFC r307700:
MFC r305358:
MFC r305921:
MFC r304797,r305467,r305468,r305483:
MFC r305451:
MFC r305449:
MFC r309472:
MFC r309474:
MFC r307220: r307220 (by br):

peter (1):

MFC r309356: svn 1.9.4 -> 1.9.5

pfg (1):

MFC r309179: ext2fs: avoid possible overflow when calculating malloc size.

rmacklem (1):

MFC: r308871 Modify umount so that it does not do an Unmount RPC for NFSv4 mounts and uses TCP for the Unmount RPC if the mount is over TCP. Without this patch, umount does an Unmount RPC over UDP for all NFS mounts.

rstone (1):

MFC r308580:

shurd (1):

MFC r308696, r308729, r308787, r308813, r309028, r309073, r309078:

trasz (4):

MFC r308206:
MFC r308088:
MFC r308209:
MFC r308250:

tsoome (2):

MFC r308776
Backing out r309368 as it got commited prematurely as we still do not provide skein feature support in boot loader.

ume (1):

MFC r308808, r308809: Lookup locale when print all keywords as well.

vangyzen (4):

MFC r308824
MFC r308904
MFC r308340
MFC r306577 r306652 306830

HardenedBSD

New stable release: HardenedBSD-stable 11-STABLE v46.11

Donate to HardenedBSD

2021 Donation Status

Links

Donate to HardenedBSD

2021 Donation Status

Search form

Links