Stable release: HardenedBSD-stable 11-STABLE v1100056.2

HardenedBSD-11-STABLE-v1100056.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes. (6840ef5d2739bb01a0dc7d192316bd18eb24967b)
  • crypto/libressl: Security update to 2.6.5 (ace3164bc710f03d7978019792dedb0a236c52e0)
  • MFC r336761 & r336781: Allow a EVFILT_TIMER kevent to be updated. (a1143bbcefc092238acc75578211f8938cddd8c8)
  • MFC r337384: Address concerns about CPU usage while doing TCP reassembly. (db2e2eea0366604ed65e6f50824471e22035f343) [FreeBSD-SA-18:08.tcp CVE-2018-6922]
  • MFC r336919, r336924: efirt: Add tunable to allow disabling EFI Runtime Services
  • Libarchive update (3ff094362c83c79ca9d501ec9e52a11690e8beff) [CVE-2017-14503]
  • HBSD MFC r313168: Fix VIMAGE-related bugs in TFO. (7a58c5a57aba467d77542a81e797330c3b4ec0bf)
  • HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error (c4bda35c98a3d1f587b7d6235b8d23161922070e)
  • MFC r336763: Add workarounds for several Ryzen erratas, on amd64. (b26157613a63f16d4822e421cd65ebf5524af67a)
  • MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server. (88b6d0a280d23369b39c11398cacc17ff7f39da3)
  • MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state. (e0245aeafd4d0ab7073f8d616840077f69e15a2a)
  • MFC r336188: Improve bhyve exit(3) error code. (ff4bc3fee787254597b6a515f16495b20ed620c9)
  • HBSD: Really bring hbsd-update current (630cab9f8eeee3907157f181c4c7a4d8183babff)
  • mlx5 updates
  • ofed updates
  • arm64 updates
  • msun updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-bootonly.iso) = 2f75e591853aa932b8a6576ff5499b530fbddd0974a19463cd88b269e9faed6021282204485240486608033b3e05d9ed65463849263785efe9a97b7cc0065a50
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-disc1.iso) = 25545b3ab97265b53984609886b5bd2941a4140a742d5285816bbb37720584a20e8d9f16fa001eb854aa27c498a6341af0e48848109aceafea0086ab451527bc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-memstick.img) = 3d6080deccb880b1e228636869598e0763cb40d4ec1a228d82b39f9a169cec1f5c846db3ccc2045e654ec8880c27c2e9be4b873c6201c5bae3060a6b923106fc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-mini-memstick.img) = cb49fa02e29d9aacf18d84e94bcdfe0d90f874903047dcb4bf06aae40ec54b0b4f68114a38d54599d04a0f972ffd1f60d9ddfbb2a06e5c3a2a4682cf59d934c1

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAltrW9gACgkQgZsRom/9
GI1MVRAA0xwNbOIVimbAyxqmkYuF1DhqgJmLT2Gr3pN9pg03LLpGH0f6rVCi/cKM
Sr1rY3O7eOSUvc6vhQroQT3B1APU2YCEv3VO3vY0oc9wcw1qpcogkHrsjlxUlMlD
B4PaiUtHCyHiYI5xfMKt+/kmwLUUOSapUhfv1A3HfpQOJrd7jCtBekhOjZJHbVAH
ZDJnsjio4P7aXxIm7LGxuk8EU+C8Sj+oqGZpSqsfjoaBvTvqDTSSII1z1HoLCHDx
Zmx2zSX5dhwLHvbs89sTfd2WU3898r0FRibMnKZFPsoLGzEzrMjQRxnY8IS328Gj
FPbcWGgjT0P/NdhKe+HXyhmrq/ZQLZJEqbSz5x528ZXboQvQA5JXeXqstnqNWQiv
OO9C9qtXD/uLgW76FYBiEElhS/G1bD5FrCzLfIzuBcrmx2Un+FNt/vrB3EjSlk8L
Zyhfa6tb+n3t44J1HYMSgzQ+7ulOrZrYkT2we3qN2p+JnzKBAWIpIXKz/g/r0dRw
K9tAyBCqEGXpNE521i24G26gurm7HqzamrvwphNW71ju3TEd9PZDqi++3Bm6aF3J
mADB7Tts8JBmD0fkp/8lyCiIlonmCVdQZ7cJMkVX6i+yLBvEG91fKq3c37zKuT2R
FMYnU4PIf/AdzNASWYBwVVJZ7dNkgSHUJyU1zXvkjuchvNA/tiw=
=eU3I
-----END PGP SIGNATURE-----


Changelog:

Bernard Spil (1):

  • crypto/libressl: Security update to 2.6.5


Oliver Pinter (6):

  • HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error
  • HBSD MFC r330000: Fix harmless locking bug in tfp_fastopen_check_cookie().
  • HBSD MFC r313168: Fix VIMAGE-related bugs in TFO.
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: resolve merge conflict in sys/amd64/amd64/pmap.c after 29d795aae8d763aa6c7d9825fcf50085b9e13c9b
  • HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes.


Oliver Pinter + (26):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (3):

  • HBSD: Really bring hbsd-update current
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


araujo (1):

  • MFC r336188:


asomers (4):

  • MFC r332631:
  • MFC r335899:
  • MFC r336205:
  • MFC r336319:


avg (4):

  • MFC r334479: call AcpiLeaveSleepStatePrep after re-enabling interrupts
  • MFC r334786: x86: reorganize code that deals with unexpected NMI-s
  • MFC r335934: remove unneeded inclusion of sys/interrupt.h from several files
  • MFC r336641: fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check


dab (2):

  • MFC r336457:
  • MFC r336761 & r336781:


delphij (2):

  • MFC r336156:
  • MFC r336236: Detect and handle invalid number of FATs.


dexuan (1):

  • MFC: 336426


dim (1):

  • MFC r327400 (by eadler):


eadler (2):

  • MFC r335629:
  • MFC r335631:


emaste (2):

  • MFC r336664: lld: fix addends with partial linking
  • MFC r335459: acpidump.8: include NFIT in the man page list of tables


gjb (4):

  • Following r336726, explicitly invoke the 'obj' target when setting BOOTFILES. On stable/11, without this change, the .OBJDIR expands to /usr/src/stand instead /usr/obj/.
  • As part of r336741, BOOTFILES needs special handling when cross building on stable/11, where the path should be:
  • MFC r336721, r336750 [1]:
  • Document SA-18:08.


hselasky (52):

  • MFC r335669: Improve the userspace USB string reading function in LibUSB. Some USB devices does not allow a partial descriptor readout.
  • MFC r335700: Improve the kernel's USB descriptor reading function. Some USB devices does not allow a partial descriptor readout.
  • MFC r336632: Update modify counter when setting a mixer control.
  • MFC r335094 and r335123: Revert r335094 and properly fix OFED build after r335053.
  • MFC r336363: Process address resolve requests at least one time per second in ibcore.
  • MFC r336364: Only update source address when resolving is successful in ibcore.
  • MFC r336365: Add lock to multicast handlers in ibcore.
  • MFC r336366: If the MGID/MLID pair is not on the list return an error in ibcore.
  • MFC r336367: Add native FreeBSD support for multicast in ibcore.
  • MFC r336368: Fix for RDMA loopback over VLAN in ibcore.
  • MFC r336369: For multicast functions in ibcore, verify that LIDs are multicast LIDs.
  • MFC r336370: Set RoCEv2 MGID according to spec in ibcore.
  • MFC r336371: Set default GID type as RoCE when resolving RoCE route in ibcore.
  • MFC r336372: Add support for prio-tagged traffic for RDMA in ibcore.
  • MFC r336373: Ensure that CM_ID exists prior to access it in ibcore.
  • MFC r336374: Avoid that ib_drain_qp() triggers an out-of-bounds stack access in ibcore.
  • MFC r336375: Fix access to non-initialized CM_ID object in ibcore.
  • MFC r336376: Fix NULL pointer dereference during device removal in ibcore.
  • MFC r336377: Fix kernel panic while using XRC_TGT QP type in ibcore.
  • MFC r336379: Check for a cm_id->device in all user calls that need it in ibcore.
  • MFC r336380: Check AF family prior resolving address and introduce safer rdma_addr_size() variants in ibcore.
  • MFC r336381: Fix kernel crash during fail to initialize device in ibcore.
  • MFC r336382: Depend on IPv6 stack to resolve link local address for RoCEv2 in ibcore.
  • MFC r336383: Check port number supplied by user verbs cmds in ibcore.
  • MFC r336384: Fix for loopback detection in address resolve logic in ibcore.
  • MFC r336385: Set IPv4 TOS and IPv6 traffic class field for RoCEv2 traffic in ibcore.
  • MFC r336386: Honor port_num while resolving GID for IB link layer in ibcore.
  • MFC r336387: Honor return status of ib_init_ah_from_mcmember() in ibcore.
  • MFC r336388: Add support for RoCEv2 multicast in ibcore.
  • MFC r336389: Add support for IPv6 multicast in ibcore.
  • MFC r336391: Use __FBSDID() for RCS tags in ibcore.
  • MFC r336964: Only NULL check the VNET pointer when VIMAGE is enabled in ibcore. Else a NULL VNET pointer should be ignored. This fixes address resolving when VIMAGE is disabled.
  • MFC r336392: Implement support for Differentiated Service Code Point, DSCP, in mlx5en(4).
  • MFC r336393: Use static device naming instead of dynamic one in mlx5ib.
  • MFC r336394: Don't pass unsupported events to ibcore from mlx5ib.
  • MFC r336395: Update version information for the mlx5ib module.
  • MFC r336396: Remove redundant newline character in mlx5core.
  • MFC r336397: Refactor access to CR-space into using VSC APIs in mlx5core.
  • MFC r336398: Make sure the state variable is set atomically instead of using a mutex in mlx5core.
  • MFC r336399: Remove redundant call to mlx5_vsc_find_cap() in mlx5core.
  • MFC r336401: Correctly write atomic variable in mlx5en(4).
  • MFC r336402: Do not hint about 'trust both' mode when the mlx5en(4) hardware does not support it.
  • MFC r336403: Add context numbers for HW elements in mlx5en(4).
  • MFC r336404: Enable both receive and transmit pauseframes by default in mlx5en(4).
  • MFC r336407: Handle jumbo frames without requiring big clusters in mlx5en(4).
  • MFC r336410: Add module parameter to limit number of MSIX EQ vectors in mlx5en(4).
  • MFC r336411: Use a mbuf header instead of a mbuf cluster for debugging interrupts in mlx5en(4).
  • MFC r336450: Do not inline transmit headers and use HW VLAN tagging if supported by mlx5en(4).
  • MFC r336451: Update version information for the mlx5 and mlx5en(4) modules.
  • MFC r336452: Add ability to parse sysfs paths under FreeBSD in libibumad.
  • MFC r336453: Use unspecified address family when connecting as a client in libibverbs example utilities.
  • MFC r337056: Don't refer to non-existing atomic functions, even though not compiled, in the LinuxKPI.


jhb (3):

  • MFC 330823,332335: Cosmetic cleanups to some Linuxulator files.
  • MFC 332782: Simplify the code to allocate stack for auxv, argv[], and environment vectors.
  • MFC 333416: Report TRAP_BRKPT for breakpoint traps on sparc64.


jtl (2):

  • MFC r337384:
  • MFC r337390: Bump date after r337384.


kevans (6):

  • MFC r307967,324082,325955: config(8) fixes
  • MFC r335526: Let -s actually work.
  • kenv MFC: r335998, r336019, r336026, r336036, r336217, r336335, r336337, r336415-r336416, r336419
  • MFC r336973-r336975
  • MFC r336152-r336154, r336157
  • MFC r336919, r336924


kib (6):

  • MFC r336498: When reporting an error, print the errno value.
  • MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state.
  • MFC r336763: Add workarounds for several Ryzen erratas, on amd64.
  • MFC r336980: Provide compat32 shims for sched_rr_get_interval(2).
  • Regen.
  • MFC r336987: For compat32, emulate the same wraparound check as occurs on the real ILP32 system.


manu (2):

  • MFC r336598-r336600, r336721
  • MFC r336997:


markj (12):

  • MFC r336460: Port r324665 and r325285 to arm64.
  • MFC r336504, r336507: Provide the full module path to preload_delete_name().
  • MFC r336556: Initialize the L3 page's wire count correctly after a L2 entry demotion.
  • MFC r336591: Disable optimization of the libproc test program.
  • MFC r336614: Add a regression test for PR 131876.
  • Revert r335693, r335694, r335695 by eadler.
  • MFC r336922: Remove a redundant check.
  • MFC r336505, r336764 Have preload_delete_name() free pages backing preloaded data.
  • MFC r337015: COMPAT_LINUX32 has not depended on COMPAT_43 in some time.
  • Fix a mismerge in r337262.
  • MFC r337323: Fix a flag collision introduced in r327451.
  • MFC r336957: Add a regression test related to PR 131876.


mav (2):

  • MFC r308296 (by scottl): asc/ascq 44/0 is typically a non-transient, permanent error (at least until the components are reset). Therefore retries are pointless. This is very visible in SATL systems, for example an LSI SAS controller and a SATA HDD/SSD.
  • MFC r336590: Stop further SCSI recovery attempts after one has failed.


mm (1):

  • MFH r336801,r336854:


np (1):

  • cxgbe/iw_cxgbe: Do not call soaccept twice on the same socket.


pfg (1):

  • MFC r336926: sed: unsign some indexes to fix sign-compare warnings.


rmacklem (5):

  • MFC: r334492 Add the BindConnectiontoSession operation to the NFSv4.1 server.
  • MFC: r334966 Add a couple of safety belt checks to the NFSv4.1 client related to sessions.
  • MFC: r335866 Fix the server side krpc so that the kernel nfsd threads terminate.
  • MFC: r336215 Ignore the cookie verifier for NFSv4.1 when the cookie is 0.
  • MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server.


rpokala (1):

  • MFC r336662,r336682


slavash (1):

  • MFC r334318:


wulf (2):

  • MFC r334555:
  • MFC r336577:

Uploads: