Stable release: HardenedBSD-stable 10-STABLE v46.27

Submitted by op on

HardenedBSD-10-STABLE-v46.27 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • Fixed use after free in ipfilter (f997910e54b19e3bf30bd9f0d17885b0a90b15c5) [FreeBSD-SA-17:04.ipfilter]
  • Update to tcsh 6.20.00
  • Fixed infoleak in VFS (b0da260ac2e82e2e506ddbe6d2a04de7b0c20ef8)
  • Update to ACPICA 20170303

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-bootonly.iso) = e8a2d420bb034e016418b90c874a132b3c00251386c9f433d36c4b83ef3dcd6b01fa24e931cc3936d1bd3ad04e81b6805d1738f5e00f8aec1522f435b2268ff4
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-disc1.iso) = 42a973105852dd421a1d6801559d9be0eb85fba6ca1d81f61dd6bfd956b6723c54595256ec0c9bab77270a10770290e60c6bd626dcc29c3c7645b81d08808268
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-memstick.img) = 5688f39ab6a03d869156d7c524d3addbb45986b0af50f32bf5f5920a103f1df2b7be91bfeaa4ff68be8bea13a87ef418609071d1e4ddb180b1a55386086558f9
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-mini-memstick.img) = ddfc5e345d53d3061901076845f8773acefba11b0c369a2d8282f01af88ea17d8dcd5d8126390f09c353fac92cff8c810d9a49edda13bcd53746e969b7068834
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-uefi-bootonly.iso) = 893face3761569d0e3c10f15a8bb015d400f9911eae82dcb7c39362e1a22701035e9f9b73b811fec47177e1cd300ee3002f19e671ba0a1ebf6ebc703be28b4aa
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-uefi-disc1.iso) = f440988ab3df85e1f55a04c2075916adc7ad88a370c275ec49bf512fcfbf73b9070d1f1295d3cc37208fa7ec0a906465fa41766c88ca072d5ff3110d870a1116
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-uefi-memstick.img) = 2fc89775504a814df9aadf263f91b7a34dcce9d03af753e5b68cdfbc2a33775be1aee31b2ed5783428424e4b8c07524136e896fa31ff5762996336a8923f8fb4
SHA512 (HardenedBSD-10-STABLE-v46.27-amd64-uefi-mini-memstick.img) = 834653d3631707ef36a35c499504672d931c3786645b89f69601e7f68bb7228588d7dc6caabdafd464ec350ec9a39c23165aee34aa2cbd6fbeb0448d1bab8540

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlkClXoACgkQgZsRom/9
GI0sEw/+JXEp4SgpOjUbebVvCx04HtZ2sdE4Eq81VH6+46qrGFyOdLB0N3aFFneC
ANBAl6cUTWeB2Mn/+AzBg059eJxNasXx8VzftH917d7dGj1JJ89VBgu5GjoiiM29
6io17i5PrAG7tOBeRUYyGqTCTqq7pkYEdBt/S11ccVGpjZWsZl+yr46y7MZy38OV
u/5g0lt3MBCDObgIBNHjIOw2GrAnN9mBWOfgjODK5jzl1gZ30WHmuwfiaA8n4wEP
GtXsq3umtIvUIooz6i1k2AZ84LMBfd6Jht6Z4V8j661TIk+5dWvILHEeUjarkC7l
MrJRNqrvITfrgn3sbn7oFbbclFgzuKJyFXrViOj3AIsLJhugfwy+GOyaCsN4+Qw5
sxzNYNtNCJcCumU306/OhPJaPu+a44koZdLue3eAwo9P4MwdcUagN3arj2KsfYps
CDbgzjF5jkiWjfar5Tbp2zTCMQrexDvUsI7kyjF+N1g4Tq7uA6/GBh2NY2g8tgU1
DI9Y2uFv/reQe/mwWFWRFqaEP/q+ndBNIHYn0I7K2ayPXugJnAr/rvopvmh7+X10
FrlNVHsR2F2imT/uc7wBjSc/awN64atIy65K1LgeGzPwAN/3XD6ocz15xFB6CQ8s
iFvcznlsvp3glSLWxwznivNF0yiUITML9V7YqnPW78OPIYXyfX4=
=6n84
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (6):

  • HBSD MFC: Update to tcsh 6.20.00
  • HBSD MFC: MFV r315950: Update vendor/tcsh to git b605cb561d
  • HBSD MFC: Merge ACPICA 20170119.
  • HBSD MFC: Merge ACPICA 20170303.
  • HBSD MFC: don't set CR4 PSE bit on amd64
  • HBSD MFC: Allow guest writes to AMD microcode update[0xc0010020] MSR without updating actual hardware MSR.


Oliver Pinter + (40):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


ae (1):

  • MFC r316716: Inherit IPv6 checksum offloading flags to vlan interfaces.


asomers (1):

  • MFC r285117


avg (9):

  • MFC r315077: uma: eliminate uk_slabsize field
  • MFC r286583: Avoid sign extension of value passed to kva_alloc from uma_zone_reserve_kva
  • MFC r315078: uma: fix pages <-> items conversions at several places
  • MFC r315851: move thread switch tracing from mi_switch to sched_switch
  • MFC r315960: dtrace sched:::preempt should fire only when there is preemption
  • MFC r315858: aacraid: rework r315083 for a clean build with and without AACRAID_DEBUG
  • MFC r315853: zfs_putpages: use TXG_WAIT
  • MFC r315852: zfs: add zio_buf_alloc_nowait and use it in vdev_queue_aggregate
  • fix mismerge in r316846, MFC of r315858


bapt (4):

  • MFC: r315912 (by eugen@) and r315935
  • MFC r316060:
  • MFC: r313961 r316061
  • MFC r316956:


bdrewery (3):

  • MFC r315211:
  • MFC r315691:
  • MFC r316066:


brooks (4):

  • MFC r316497:
  • MFC r316593:
  • MFC r316766:
  • MFC r316768:


cy (6):

  • MFC r314946:
  • MFC r316809:
  • MFC r316811, r317139:
  • MFC r317139 for real.
  • MFC r316993, r316994, r316997 as follows:
  • MFC r316810, r316814, r316816, r316991:


davidcs (6):

  • MFC r316309 Add support for optional Soft LRO
  • MFC r316310 Update man page for commit r316309 "Add support for optional Soft LRO". The driver provides the ability to select either HW or Software LRO, when LRO is enabled (default HW LRO).
  • MFC r316485 Add 25/40/100Gigabit Ethernet Driver version v1.3.0 for Cavium Inc's. Qlogic 45000 Series Adapters
  • MFC r316720 Fix defects reported by Coverity 1. Deadcode in ecore_init_cache_line_size(), qlnx_ioctl() and qlnx_clean_filters() 2. ARRAY_VS_SINGLETON issue in qlnx_remove_all_mcast_mac() and qlnx_update_rx_prod()
  • MFC r316747 Fix rss_ind_table entry for num_funcs > 1
  • MFC r316183 Upgrade firmware and other related files to version 5.4.64


dchagin (1):

  • MFC r315948:


delphij (2):

  • MFC r315619: pet manlint.
  • MFC r312404, r312519, r313277:


dim (2):

  • MFC r315947:
  • MFC r314671 (by cem):


gjb (3):

  • MFC r316617 (partial): - Use the 'conv=sync' dd(1) option to fix writing the u-boot.imx file to the md(4) device for IMX6-based boards.
  • Document EN-17:01 through EN-17:05, SA-16:39 through SA-17:03
  • MFC r317169: Trim trailing '/release/..' when setting _OBJDIR so arm64/aarch64 boot1.efifat is properly located when creating virtual machine images.


ian (1):

  • MFC r291310:


jilles (1):

  • MFC r314686: sh: Fix crash if a -T trap is taken during command substitution.


kib (4):

  • MFC r316739: Fix reporting of _SC_SEM_NSEMS_MAX and _SC_SEM_VALUE_MAX.
  • MFC r316852: In fsck_ffs pass1, prevent the inosused variable from wrapping.
  • MFC r316698: Remove debugging printf.
  • MFC r317196: Write-combine framebuffer writes through user-space mappings, if possible.


kp (2):

  • MFC r316355
  • MFC r317186


mav (18):

  • MFC r315579, r315670: Add initial support for multiple MSI-X vectors.
  • MFC r315587, r315652: Remove some dead/useless code.
  • MFC r315677: Clean/unify some macro usage.
  • MFC r315678: Remove questionable reqp->req_time access.
  • MFC r315681: Improve command timeout handling.
  • MFC r315682, r315683: Remove some dead code left after r246713.
  • MFC r315709: Switch from using periph_links to sim_links.
  • MFC r315673, r315674: Make CAM SIM lock optional.
  • MFC r316412: Add IDs for Intel Cougar Point USB 2.0 controller.
  • MFC r316427, r316428: Add Log directory and SATA NCQ Send and Receive Log.
  • MFC r316653: Fix few minor issues found by Clang Analyzer.
  • MFC r316652: Fix few minor issues found by Clang Analyzer.
  • MFC r316677: Do not register in CTL portal groups without portals.
  • MFC r315708: Cleanup response queue processing.
  • MFC r315869: Remove write-only crn field from struct isp_pcmd.
  • MFC r315870: isp field in struct isp_pcmd is also unused.
  • MFC r315908: Unify initiator and target DMA setup and command sending.
  • MFC r315913: Add brackets to fix incorrect macro expansion.


ngie (1):

  • MFC r316368: r316368 (by jkim):


pfg (1):

  • MFC r316695, MFV r316693: 8046 Let calloc() do the multiplication in libzfs_fru_refresh


rgrimes (2):

  • MFC: r314691
  • MFC: r314694


rmacklem (10):

  • MFC: r310491 Fix NFSv4.1 client recovery from NFS4ERR_BAD_SESSION errors.
  • MFC: r316655 Fix parsing failure for NFSv4 Setattr operation for failed case.
  • MFC: r316666 Fix the NFSv4.1 client for NFSERR_BADSESSION recovery via ReclaimComplete.
  • MFC: r316667 Fix the NFSv4 client hndling of a stale write verifier in the Commit operation.
  • MFC: r316669 Avoid starvation of the server crash recovery thread for the NFSv4 client.
  • MFC: r316692 Set initial values for nfsstatfs in the NFSv4 client.
  • MFC: r316694 Fix a crash during unmount of an NFSv4.1 mount.
  • MFC: r316717 During a server crash recovery, fix the NFSv4.1 client for a NFSERR_BADSESSION during recovery.
  • MFC: r316719 Don't throw away Open state when a NFSv4.1 client recovery fails.
  • MFC: r316745 Fix the NFS client for "text file modified, process killed" mmap'd case.


sbruno (1):

  • Direct commit of fixes to stable/10, resolving PCI passthrough and initialization issues when trying to passthrough a i340 (igb) to VMware.


sephe (6):

  • MFC 316519
  • MFC 316520
  • MFC 317107 hyperv: Use kmem_malloc for hypercall memory due to NX bit change.
  • MFC 316515,316812
  • MFC 316813,316815
  • MFC 317353


smh (1):

  • Partial MFC r316676 and the required r313045


truckman (1):

  • MFC r316777 (by cem)