Stable release: HardenedBSD-stable 10-STABLE v1000048

HardenedBSD-10-STABLE-v1000048 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • MFC r320906: MFV r320905: Import upstream heimdal fix for CVE-2017-11103. (3955ce48cb5593628cb375c519160dc0ecb4f210) [FreeBSD-SA-17:05.heimdal](https://security.freebsd.org/advisories/FreeBSD-SA-17:05.heimdal.asc)
  • hbsd-update{,-build} updates
  • enforce FreeBSD and HardenedBSD KPI version for external modules
  • HBSD: fix broken pax_mprotect transitions (9161ed81803212f1aa484144ea3c670f603d601c)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-bootonly.iso) = c22e3d4ca378240c253349059dc5c8a0e3d3c47dd7a952a25378a45ff1469db5c4ab898b5d243ba093416cbbc88085e59d139d01364e2e4b9637cd4dcf07483c
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-disc1.iso) = 65dd0cfcb8a8a55a121737fc00ff4eb24c30f33be8e6a7a49720419d28a41d468e7d1a659bd53ab7d6c3f3f182348dc492aba247c7a4bc4eb265f9b70a838b57
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-memstick.img) = 82761a7742c00ea9ae3d3caea2a7c4eb54a1b19d977050fbb96fa6e9b14aad0839124a1eb30e7bdae01fd32aeeb1c76a2c30c98e04ee17dce2397e38ac7db64f
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-mini-memstick.img) = 10e9fc97e4cc0eb0a4f5a61641596bd52a5b563a08950dfd079f871ae8703b8bec3e6b0be712bf220493a74411385a6ca638353a4ba4f42ff875161e4e3da123
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-bootonly.iso) = e7c6818cb51afd7381f453f41f7f9c16b8c23ad44b7b6b335d08d2b7e23aaa5d85627978a2515f4f0e6bbd7bbc71e235a7f25f981612d11530df50889c0849b9
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-disc1.iso) = 22d28027097287f77a238050d6ed698dbfbbbbd8cc9f9778da048343c2ec7bb3d48bf5b83756c024e7b6657f29a6eec45bbc9eed9d7ed9fed86be7a1c030ff07
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-memstick.img) = 2b370c6aa8d284ec3495f3c83d747ab818fb6a79f3b97986f89135c36ee9202a76b7300652dad3359dc13b109afb887d2005dc7c858ec9663ac1d103c18430ed
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-mini-memstick.img) = 7226ea5068c8f2dedeed6d6bce2ba66864915c9faf775b5540966a2bb4aea1b87d6042c219901cc652fa917b86b35900d4101229b49e561102f41827720168f5

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAllmx7QACgkQgZsRom/9
GI0aMw//SDSlCuSinsB35/5xcfPDpmfbSEp52uOWdlMW2ZwUtN+gqoEiGla32SmS
TT2Guy/PbgxfEKzHY2UyeRVAnKdZVcdJPqvYmLdh/hQoB3/41sx4nVkN+LSTgItz
khVXHtuJEeh+WWtM31ivS3dW+ENbd8qWo2DnKNPdRJjDzM6JE+LlGdX5gEOP7ldH
HhghBzciLHBq17fLEgEzQwLuzQeDjxXywUDZkfJqc7geNRihLj9S/6ogk8guuxDn
jRq6lJvm4KoPlqymKJP50vbYV+FkGH++QwKWLDNcgnvWlZtstqr7GVWmDh5KvPmf
zBvDH4RBhThQUBR6tuIhDePpAqKhGVoW26cd09nYLFKOEyLDWYYbpTPDhPijH5rb
BNd47aObPgayn3pDrYCedrwKhlLVwmR+yuAIaPivVoI3BUIgTDNR+rC8mSeBaqLY
n0hRRCOF8Yz7g6yx4AUfPTrtXbeqkZsZiAtFQLwLXB/M2z1t/roZf+9p2J/zPSs7
V4cjQWYb9zVQOx/LSV2/SvJvaGOoI2vBjciEgSova3T+oR/8QbrrDD9MytiT7kgl
sfRIywkhVnr9NuqUqleyTqPap2xCLNVC9jL5fPjfWmdKcgCaZ5hZQykuxEZKJBOh
fWfvgM3PjBKxwlKw1QbOsNGULIPZ+SeEOwDRiEIZlbRPqpenE48=
=XZJ8
-----END PGP SIGNATURE-----


Changelog:

M.Shirk (1):

  • Updating hbsd-update-build to work with custom kernel configs.


Oliver Pinter (5):

  • HBSD: fix broken pax_mprotect transitions
  • Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
  • HBSD: resolve merge conflict in kern_exec.c after 3fdefba1f9cc0ba6cc359c2b104ca68158297dfe
  • HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
  • HBSD: bump __HardenedBSD_version to 1000048 after KPI enforcement


Oliver Pinter + (34):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


Shawn Webb (16):

  • HBSD: Provide an option to not require binutils from pkg in hbsd-update-build
  • HBSD: Report hash on version check
  • HBSD: Bump copyright
  • HBSD: Enforce the existence of the DNS record
  • HBSD: Don't set TARGET/TARGET_ARCH when building obsolete files
  • HBSD: Add option to keep temporary files
  • HBSD: Bump dates
  • HBSD: Add installation hook scripting
  • HBSD: Bump copyright
  • HBSD: Remove debugging code
  • HBSD: Fix cross-build
  • HBSD: Add option in hbsd-update to not apply kernel distset
  • HBSD: Update passwd files with hbsd-update
  • HBSD: Remove dead code
  • HBSD: Fix hbsd-update-build
  • HBSD: Provide better version detection


alc (7):

  • MFC r314310 Refine the fix from r312954. Specifically, add a new PDE-only flag, PG_PROMOTED, that indicates whether lingering 4KB page mappings might need to be flushed on a PDE change that restricts or destroys a 2MB page mapping. This flag allows the pmap to avoid range invalidations that are both unnecessary and costly.
  • MFC r281720 Eliminate an unused variable.
  • MFC r281771 Eliminate an unused variable.
  • MFC r319605 The variable "breakout" is used like a Boolean, so actually define it as one.
  • MFC r320181 Eliminate an unused macro.
  • MFC r320049 Pages that are passed to swap_pager_putpages() should already be fully dirty. Assert that they are fully dirty rather than redundantly calling vm_page_dirty() on them.
  • MFC r319699 When allocating swap blocks, if the available number of free blocks in a subtree is already zero, then setting the "largest contiguous free block" hint for that subtree to anything other than zero makes no sense. (To be clear, assigning a value to the hint that is too large is not a correctness problem, only a pessimization.)


allanjude (1):

  • MFC r320644: Add deprecation notices for all rcmd tools


asomers (3):

  • MFC r318790, r319336
  • MFC r319337:
  • MFC r319900:


avg (2):

  • MFC r320259: jedec_ts: read device id from the correct register
  • MFC r308782: After some ZIL changes 6 years ago zil_slog_limit got partially broken due to zl_itx_list_sz not updated when async itx'es upgraded to sync. Actually because of other changes about that time zl_itx_list_sz is not really required to implement the functionality, so this patch removes some unneeded broken code and variables.


bdrewery (1):

  • MFC r289861:


cy (1):

  • MFC r320242, r320256:


davidcs (1):

  • MFC r320175 Add pkts_cnt_oversized to stats.


delphij (4):

  • MFC r320216: Fix use-after-free introduced in r300388.
  • MFC r320494: Fix double free by reverting r300385 and r300624 which was false positive reported by cppcheck.
  • MFC r320093: Check return value of seteuid() and bail out if we fail.
  • MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.


emaste (1):

  • MFC r317159: libstdc++: fix symbol version script for LLD


eugen (1):

  • MFC r310888:


gjb (4):

  • MFC r320488: Correct the branch naming convention in param.h. While here, consistently use upper-case 'X' to represent the version number.
  • MFC r320599: Fix Vagrant image upload after recent API changes.
  • MFC r320748: Allow passing NOPKG= to make(1) to enable the pkg-stage target from getting executed when NOPKG is defined but empty.
  • MFC r300761, r300762: r300761: Disconnect the AZURE target from the CLOUDWARE list.


jhb (1):

  • MFC 320675: Add deprecation notices for gdb and kgdb.


jilles (4):

  • MFC r315005: sh: Fix executing wrong command with ${x#$(y)}$(z).
  • MFC r318591: compress: Add basic tests.
  • MFC r317912: sh: Fix INTOFF leak after a builtin with different locale settings.
  • MFC r318592: compress: Allow uncompress -c with multiple pathnames, as required by POSIX.


ken (2):

  • MFC r320123:
  • MFC r320421:


kib (8):

  • MFC r320201: Assert that the protection of a new map entry is a subset of the max protection.
  • MFC r320202: Call pmap_copy() only for map entries which have the backing object instantiated.
  • MFC r320308: Translate between abridged and full x87 tags for compat32 ptrace(PT_GETFPREGS).
  • MFC r320316: Do not try to unmark MAP_ENTRY_IN_TRANSITION marked by other thread.
  • MFC r320332: Style.
  • MFC r320570: Correct signatures of several pthreads stubs.
  • MFC r320619: Resolve confusion between different error code spaces.
  • MFC r320658: When reporting undefined symbol, note the version, if specified.


marius (1):

  • MFC: r320577, r320620


markj (1):

  • MFC r320372: Fix a memory leak in ses_get_elm_devnames().


mckusick (1):

  • MFC of 320176:


mjg (2):

  • MFC r293295:
  • Remove waiters check from the inline rw wunlock routine.


ngie (7):

  • Fix up r319257
  • MFC r319634:
  • MFC r319637:
  • MFC r319626:
  • MFC r317179:
  • Regenerate src.conf(5)
  • MFC r317161:


pfg (2):

  • MFC r320079: ext2fs: Enable RO huge_file feature support.
  • MFC r320408: ext2fs: Support e2di_uid_high and e2di_gid_high.


rmacklem (3):

  • MFC: r319882 Define NFS_MAXXDR as the upper bound on XDR overhead in an NFS RPC.
  • MFC: r320062, r320070, r320126 This is a partial merge of only the NFS changes and not the maxbcachebuf tunable.
  • MFC: r320208 Ensure that the credentials field of the NFSv4 client open structure is initialized.


sephe (2):

  • MFC 320184
  • MFC 320490