Stable release: HardenedBSD-stable 10-STABLE v46.23

HardenedBSD-10-STABLE-v46.23 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • Fix multiple OpenSSH vulnerabilities. (01991d8d9a5ef8038fb70e3084e07d1eaeed4e0d) [https://security.freebsd.org/advisories/FreeBSD-SA-17:01.openssh.asc]
  • Skylake support for hwpmc
  • Changed settings for newsyslog (7043b7898cf46d234e9b718d477802ed7805377d)
  • Added /var/log/pkg.log log to store the packages lifecycle
  • Update to ACPICA 2016122 to fix Skylake issues
  • Hyper-V updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-bootonly.iso) = beaeb17d9e57d1cbb99ffc42720ce02c47da022774d15c1e7572f7b740218934687fb881e952eaaf0876a14b15458f592fcdd1c9681873be0f53f57894167f5d
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-disc1.iso) = 97e534f74b9b05c75eb883190517509204ad5d45793822b7d70d82bbdab4a6bca81d06122c144fdc0f17d26e08f12a9dd50e3ce0ad855689320e0d4ea63cdd5c
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-memstick.img) = e55c0cbb1494854b84ebd0a32d60c259f2341e100c81c6eaa60faeb95e94aaee6dd855583b1575e2b0dc971f392236c19f8e5759b94df83bdbd70beeaa0eaa5f
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-mini-memstick.img) = f3df1e031cc56c1abba6cf1577c079b6f9234bac04b6c4ee290c6982cbece49cdc0d0980a3bfe14e28a27c5c796387c4c5a3131e2afe439e6cf0966bad5c7eb3
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-bootonly.iso) = 2201d710301b936a7726b82ba5ebd00210d4fef2bb555ee685e9425c29bf4433c95af4cbdb85a26981f00edff4397ff321c39f40b830812abf24c99d0b373ee7
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-disc1.iso) = b98006e8905200449cbf50c0e9dcb99a6705eccf9ee21be5d80bade5dd2762da4a16a51d8722cc4db557a7d35b0cf07d7b33e378a9ccac88c46f76f701e57b93
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-memstick.img) = a48329729e328b12b90930b1231b3720af41fdf44e7e6c2f2c1cd8307811da4089ab13fa17e66c5098d9320120f1a1eaf34d6a3b29e67520b9aa2371daa36b76
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-mini-memstick.img) = 0c71b037d5569da32b87fd749477c51e7d8756f08613b99660a294ae1d502d3d235d5d4323ab82ada3f0922a40a439dafdc309fdb92a435224aa591b32e9cf00

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlh21KwACgkQgZsRom/9
GI1qrA/8CizObUwE2nzZG7PXq0c4si1W/cVeMKFGvrp5MkSLG7hZfxtnNJmck1rF
dS/nNRQ2P1Rur4MI+m1GR33D3uF2bTV03YNXtclJ8D/R3eeYRd0Ee8V8cOh/ZcVa
BukZPhvlWiwJmhMacZh2cv+b85GUbaE9VzWhAYNffKtUeFJMHLhmJmILoHigdwRN
RCUKMl/oQZqcegxFnAoxmStJgkEui8HcrsoKprsWmWon4pmerMw5hkbPq8PBntea
nC79eVWy00QSWeloRHncLnFLQxWpcO2FU5HH3cpXGNV0JXE4G7ihxPaz3KMc318G
Ptvme6nMfKULZMDBVXd7XpXJP56x9fCUlGmJrhumMBfDyv8mAkTud7aJx0yS9PAc
Orl82U3Jbk2BAX/FJjeQhGUoNYKyrBQp19T5/hJO00MqEc+/xkxdQNjc7Cd3f8jL
P/BDdUwqZFEmVjZTONamBaKA5HazD+LXuJv107qTLxO257xwoSJbwlccFh/rcHrE
vgBpULno486o84fEzyOUe4gME04U2VjwlsGF+FCtAIwgciQc1gLXZRfXXLv1KfU1
kzww4hKMy/ubfdoLRawXYCM6AB+AjMg0eoVIYBQaWyV/I/AA2rYHzycanxCaU1yy
O4Mwbl50UW2pnHq5Ebq+I++g2QZTQ07KzPiPPq2UCh7Dz5jkJ9g=
=RvOg
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (35):

  • Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
  • HBSD: fix merge conlict in contrib/libarchive/tar/test/test_option_lz4.c
  • HBSD: welcome 2017!
  • HBSD: remove unneeded CTRs from ASLR code
  • HBSD MFC: Relax sanity check of number fields in tar header even more.
  • Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
  • HBSD: resolve merge conflict in lib/libarchive/tests/Makefile
  • HBSD MFC: Use the correct event table for Haswell Xeon events
  • HBSD MFC: hwpmc style(9) cleanup
  • HBSD MFC: Fix various bugs in Haswell counter definitions
  • HBSD MFC: Fix pmc unit restrictions to match documentation
  • HBSD MFC: Add manpage for Haswell Xeon pmc implementation
  • HBSD MFC: Fix Sandy Bridge+ hwpmc branch counters
  • HBSD MFC: Support architectural events on Haswell/Ivy Bridge
  • HBSD MFC: Fix Ivy Bridge+ MEM_UOPS_RETIRED counters
  • HBSD MFC: Add missing counter definitions
  • HBSD MFC: hwpmc: Fix event number to match enum name
  • HBSD MFC: Remove extra whitespaces from hwmpc.
  • HBSD MFC: hwpmc: add initial Intel Broadwell support.
  • HBSD MFC: Use fixed enum values for PMC_CLASSES().
  • HBSD MFC: properly inherit the pmcids in child
  • HBSD MFC: Add support for Intel Skylake and Intel Broadwell PMC's.
  • HBSD MFC: add backward compatible way to provide tunables
  • HBSD MFC: More fixes in the various intel processors.
  • HBSD MFC: Remove tautological cast.
  • HBSD MFC: fix the "[pmc,X] negative increment" assertion on the context switch
  • HBSD MFC: Don't panic in hwpmc when stopping sampling.
  • HBSD MFC: hwpmc: remove sys/capability.h backwards compatibility
  • HBSD MFC: Connect pmc.haswellxeon(3) to the build; looks like it was missed in r279829.
  • HBSD MFC: Fix PMC architecture check to handle later IPAs including Skylake
  • HBSD MFC: Restore priority value for OGIO_KEYMAP
  • HBSD: log pkg changes to /var/log/pkg.log
  • HBSD MFC: Merge ACPICA 20161222 from FreeBSD 12-CURRENT.
  • HBSD: add the output destination to the correct line in syslog.conf
  • HBSD MFC: Increase the default rotation threshold of log files from 100kb to 1000kb


Oliver Pinter + (39):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


arybchik (65):

  • MFC r310627
  • MFC r310677
  • MFC r310678
  • MFC r310679
  • MFC r310680
  • MFC r310681
  • MFC r310682
  • MFC r310683
  • MFC r310684
  • MFC r310685
  • MFC r310686
  • MFC r310687
  • MFC r310688
  • MFC r310689
  • MFC r310690
  • MFC r310691
  • MFC r310692
  • MFC r310693
  • MFC r310694
  • MFC r310695
  • MFC r310696
  • MFC r310699
  • MFC r310704
  • MFC r310708
  • MFC r310709
  • MFC r310713
  • MFC r310714
  • MFC r310715
  • MFC r310716
  • MFC r310717
  • MFC r310719
  • MFC r310741
  • MFC r310742
  • MFC r310745
  • MFC r310746
  • MFC r310747
  • MFC r310748
  • MFC r310749
  • MFC r310752
  • MFC r310754
  • MFC r310755
  • MFC r310756
  • MFC r310758
  • MFC r310760
  • MFC r310762
  • MFC r310764
  • MFC r310770
  • MFC r310810
  • MFC r310811
  • MFC r310812
  • MFC r310819
  • MFC r310820
  • MFC r310744
  • MFC r310750
  • MFC r310753
  • MFC r310816
  • MFC r310765
  • MFC r310813
  • MFC r310818
  • MFC r310814
  • MFC r310815
  • MFC r310817
  • MFC r311638
  • MFC r311639
  • MFC r311640


avg (6):

  • define Maxmem for ia64, the only platform that didn't have it
  • MFC r309097: MFV r308987: 7180 potential race between zfs_suspend_fs+zfs_resume_fs and zfs_ioc_rename
  • MFC r309098: MFV r308988: 7199, 7200 dsl_dataset_rollback_sync may try to free already free blocks
  • MFC r309099: MFV r308990: 7181 race between zfs_mount and zfs_ioc_rollback
  • MFC r309250: MFV r309249: 3821 Race in rollback, zil close, and zil flush
  • MFC r308530: iicsmb: SMB_MAXBLOCKSIZE can be used again


bapt (1):

  • Bump copyright year.


bdrewery (1):

  • MFC r309477:


cy (1):

  • MFC r311005


delphij (5):

  • MFC r310608: Avoid use after free.
  • MFC r310609: Don't use high precision clock for expiration as only second portion is used.
  • MFC r310611:
  • MFC r310614: Don't assign rtjp twice.
  • MFC r311914: MFV r311913:


des (2):

  • MFH (r267371, r297754, r299520): nits and style
  • MFH (r301027): fix 307 / 308 redirects MFH (r310823): fix multi-line CONNECT responses


dim (1):

  • MFC r257398 (by sbruno):


hselasky (4):

  • MFC r310388: Make a read only pointer constant.
  • MFC r310387: Add more comments regarding collection of statistics counters.
  • MFC r310058: Fix initialisation of mlx4_pci_table's .driver_data fields.
  • MFC r310242: Defer USB enumeration until the SI_SUB_KICK_SCHEDULER is executed to avoid boot panics in conjunction with the recently added EARLY_AP_STARTUP feature. The panics happen due to using kernel facilities like callouts too early.


jhb (4):

  • MFC 309581,309582,310424: Document T6 support.
  • MFC 306562: Handle 64-bit system call arguments (off_t, id_t).
  • MFC 306563: Decode arguments to truncate and ftruncate.
  • MFC 306564: Expose kernel-only errno values if _WANT_KERNEL_ERRNO is defined.


jilles (2):

  • MFC r309836: Add some tests for reaper functionality (in procctl()).
  • MFC r309957: Add tests for reaper receiving SIGCHLD (r309886).


kib (17):

  • MFC r310302: Do not clear KN_INFLUX when not owning influx state.
  • MFC r309886: When a zombie gets reparented due to the parent exit, send SIGCHLD to the reaper.
  • MFC r310552: Some style.
  • MFC r310554: Some optimizations for kqueue timers.
  • Remove stray blank line added due to mismerge.
  • MFC r310613: Style.
  • MFC r310616: Remove redundancy in vmtotal().
  • MFC r310834: Assert that the pages found on the object queue by vm_page_next() and vm_page_prev() have correct ownership.
  • MFC r310821: Style.
  • MFC r310925: Remove unused declaration.
  • MFC r310982: Ansify vm/vm_pager.c. Style.
  • MFC r267546 (by alc): Tidy up the early parts of vm_map_insert().
  • MFC r311055: Remove unneeded externs keywords. Reindent long lines.
  • MFC r310615: Change knlist_destroy() to assertion.
  • MFC r311108: Move common code from kern_statfs() and kern_fstatfs() into a new helper.
  • MFC r311111: Style.
  • MFC r311113: There is no need to use temporary statfs buffer for fsid obliteration and prison enforcement. Do it on the caller buffer directly.


markj (1):

  • MFC r310647: Remove an obsolete pragma from dtrace.h.


mav (32):

  • MFC r309297: Make SES status updates more aggressive.
  • MFC r310230: Don't treat informational exceptions (warnings and impending failures) a.k.a. SCSI SMART events as errors. Log them to console and continue.
  • MFC r294558: Hide "soconnect() error" messages under bootverbose.
  • MFC r295476 (by trasz): Remove stray semicolons from the iSCSI code.
  • MFC r298810 (by pfg): sys/cam: spelling fixes in comments.
  • MFC r310257: Improve support for informational exceptions.
  • MFC r310259: Following SPC-5, make REQUEST SENSE report "Logical unit not supported" in returned parameter data for not accessible LUNs.
  • MFC r310265: Add set of macros to simplify code access to mode pages fields.
  • MFC r310266: Add support for NUAR bit in Control mode page.
  • MFC r310272: Add new bits into Extended Inquiry VPD page.
  • MFC r310275: Fix typo in function name.
  • MFC r310284: When writing fixed format sense data, set VALID bit only if provided value for INFORMATION field fit into available 4 bytes (has no non-zero bytes except last 4), as explicitly required by SPC-5 specification.
  • MFC r310285: When reporting "Logical block address out of range" error, report the LBA in sense data INFORMATION field.
  • MFC r310298: Improve error handling when I/O split between several BIOs.
  • MFC r310339: Bump specifications support to SAM-6/SPC-5.
  • MFC r310356: Add support for locally assigned RFC 4122 UUID LUN identifiers.
  • MFC r310360, r310361: Report UUID and MD5 LUN IDs.
  • MFC r310366: Add support for SITUA bit in Logical Block Provisioning mode page.
  • MFC r310373: Add support for REPORTING OPTIONS == 3 in REPORT SUPPORTED OPERATION CODES.
  • MFC r310389: Fix REPORT SUPPORTED OPERATION CODES for READ/WRITE BUFFER commands.
  • MFC r310390: Add support for REPD bit in RSTMF command.
  • MFC r310478: Add place-holders for TAPE STREAM MIRRORING subcommands of XCOPY.
  • MFC r310489: Implement printing forwarded sense data.
  • MFC r310524: Improve length handling when writing sense data.
  • MFC r310534: Improve third-party copy error reporting.
  • MFC r297756: Add couple new constants from SPC5r08.
  • MFC r305591: Decode ATA Status Return descriptor.
  • MFC r311446: Fix bootverbose affecting code logic in r294558.
  • MFC r310633: Add MAX_LUNS overflow safety checks.
  • MFC r309251: Process port interrupt even is PxIS register is zero.
  • MFC r309252: Add more ASMedia PCI IDs from different sources.
  • MFC r310703: Pass proper arguments (handles, not directly structure pointers) to scif_cb_domain_device_removed().


mjg (3):

  • MFC r303583:
  • MFC r301157:
  • MFC r285706,r303562,r303563,r303584,r303643,r303652,r303655,r303707:


mm (1):

  • MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:


ngie (67):

  • MFstable/11 r310506:
  • MFstable/11 r310561:
  • MFstable/11 r310563:
  • MFstable/11 r310565:
  • MFstable/11 r310567:
  • MFstable/11 r310569:
  • MFstable/11 r310571:
  • MFstable/11 r310670:
  • MFstable/11 r310672:
  • MFstable/11 r310730:
  • MFstable/11 r310732:
  • MFstable/11 r310875:
  • MFstable/11 r310877:
  • MFstable/11 r310899:
  • MFstable/11 r310901:
  • MFstable/11 r310904:
  • MFstable/11 r310905:
  • MFstable/11 r310909:
  • MFstable/11 r310911:
  • MFstable/11 r310902:
  • MFstable/11 r310896:
  • MFstable/11 r310897:
  • MFstable/11 r310990:
  • MFstable/11 r310992:
  • MFstable/11 r310997:
  • MFstable/11 r311107:
  • MFstable/11 r311152:
  • MFstable/11 r311207:
  • MFstable/11 r311209:
  • MFstable/11 r311212:
  • MFstable/11 r311213:
  • MFstable/11 r311215:
  • MFstable/11 r311217:
  • MFstable/11 r311465:
  • MFstable/11 r311467:
  • MFstable/11 r311551:
  • Regenerate src.conf(5)
  • MFC r311239:
  • MFC r311242:
  • MFC r310954,r310987,r311222:
  • MFC r310931,r310942,r310988:
  • MFC r310497:
  • MFC r310957,r310958,r310960:
  • MFC r310952:
  • MFC r310501:
  • MFC r311291:
  • MFC r311270:
  • MFC r311246:
  • MFC r311272:
  • MFC r311249:
  • MFC r311269:
  • MFC r311271:
  • MFC r311250:
  • MFC r311228:
  • MFC r311273:
  • MFC r311240:
  • MFC r311235:
  • MFC r311248:
  • MFC r311247:
  • MFC r311245:
  • MFC r310984,r311102:
  • MFC r311393:
  • MFC r311382:
  • MFC r311384:
  • MFC r311505:
  • MFC r311112,r311115:
  • MFC r311114:


np (2):

  • MFC r309666, r310033, r310049, r310100, r310152, and r310807.
  • MFC r310151 and r311173.


pfg (2):

  • MFC r310367: pax(1): Fix a bug with archives smaller than 512 bytes.
  • MFC r310705, r310706: style(9) cleanups.


sephe (27):

  • MFC 308664,308742,308743
  • MFC 308905
  • MFC 308906
  • MFC 308907
  • MFC 308908,308909
  • MFC 309030,309039,309080,309081,309083
  • MFC 309085
  • MFC 309128,309129,309131-309136,309138-309140,309224,309225
  • MFC 309226-309231,309235
  • MFC 309236,309237
  • MFC 309240,309242,309244,309245,309319,309670
  • MFC 309310,309311,309316,309318
  • MFC 309320,309726,309728
  • MFC 309346,309348
  • MFC 309704
  • MFC 309705
  • MFC 309874,309875
  • MFC 310048,310101
  • MFC 310312-310314
  • MFC 310315
  • MFC 310317
  • MFC 310318
  • MFC 310324
  • MFC 310347
  • MFC 310462,310465
  • MFC 310651
  • MFC 310652,310657,310658