Stable release: HardenedBSD-stable 11-STABLE v1100056.8

HardenedBSD-11-STABLE-v1100056.8 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC r340077: m_pulldown() may reallocate n. Update the oip pointer after the m_pulldown() call. (fec14b22fcff136c352237afb47036d1614ee692) [FreeBSD-SA-Candidate, CVE-2018-4407]
  • MFC 338360,338415,338624,338630,338631,338725: Dynamic x86 IRQ layout. (160aee5ecc8a289fb54eb7b431cdab3017e9d9c3)
  • MFC r339681: Allow the bhyve VNC server to listen on IPv6 for incoming connections. (5e060e63804e1ecc636b29714d32113e483d6c60)
  • MFC 338408: Don't directly dereference a user pointer in the VPD ioctl. (b035f90113747066819a750566d008f6fae812be)
  • hwpmc: Enable hwpmc support for AMD Family 17H devices (1235e4abcc9d407b7f094039bca7531f4444ccc5)
  • MFC r339582: Drop sequencer mutex around uiomove() and make sure we don't move more bytes than is available, else a panic might happen. (4b875542b959aa18eb4a9a3594f6d548298fb59e) [FreeBSD-EN-Candidate, DoS]
  • MFC r339581: Fix off-by-one which can lead to panics. [FreeBSD-SA-Candidate]
  • elfcopy: avoid stripping relocations from static binaries (8e4b64478895d6b9ae0ea05d5962af093d757cfd)
  • MFC r339509: Fix loader.conf(5) "password" feature (9a6d83553b2b9b32be437e7d0a79aeda1162384a)
  • MFC r339547: vlan: Fix panic with lagg and vlan (1fda50699ae90ff2d1eb680f3e24c2f3d5324da6)
  • MFC r339331: bhyve: emulate CLFLUSH and CLFLUSHOPT. (9e85f7a5bf64f3f8ba9db7ef8a9413e94e208652)
  • LLD updates
  • ZFS updates
  • LinuxKPI updates
  • VNET fixes
  • libsysdecode fixes

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-bootonly.iso) = e9b4dc37c3914f14573222c3bec8303ba2516783a7daadbba42d9c42cfd1b68c6ed55a9f50c8ff394038ed5885880adaa230e3f89ea335be2e728d09331eac70
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-disc1.iso) = 3a9d91a4b9ffb0c69cde6639bd39896c31e3d140f024b0f66fe113799daa8cf19622b7b06564dbe455481327cb4bf44e8763903f57e01ea2bd460a040b4e3b24
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-memstick.img) = aa7101825ff05262dc1eac97ac8fd34614f82263dc2825a2087c1faf1094cc708f7703e39503ba4469d78db385bb642a6899ee30d6c832c80dc8b267ace88a9a
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-mini-memstick.img) = 633bb097e6bacfe0c1fb6d6de8e8175fb3be91af1632e240aa6a96c237bd7aabae9157cf0d3ec41d1aebbdb40da53a0c2b5fa497e0f564f2670ee6b60a227a42

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlvfps8ACgkQgZsRom/9
GI2AJQ//Z30QApEHelaPy7fcej9N5cJv1rFKxzfqVmt8pvEAA+tGRFoUNMz+7xG6
92u5sGHkfyGV761XqVK7gJXk6eMj2Sl5ITy4c1L3zjGRXutfB/F77eKzsQtA+1cA
Moxz9pwJrFvyL3HouT5CaOysXwlYmJVIqF/P8sHulHImshWnlBg8khHvPesCD7wi
0tb9xdyE3+xAmkqwJMgW1U92TaPOzfwTK5BLbXelw5eWT/qiB2OR9HcFmdfAh/MG
LlvFAeBZh6k298KYjYE0aR7qo35Cu3kD0PfUDmVaZNZpORbFBz1ZcLSMt8sZBHOx
HVPSWTnRbJpuh0SJphvSvnbY++nsT0PbhxVnPiSG/naXKTTYOw1hyPYrJaBXL8n2
gClDR7DRxhUi0F4MqMzqLg05kwwaSu3lwuBwjdS9YjcHV+IyVgA9YK11BbdOecpE
vEpPTjtQpjYFydwQFqUy8FbYhEnBpiJCBB9StM04w4gOOWS/RzMO+GQ+ysjoatlg
C0CxgQ/yuwmlvw8VpKKWYwS5UxTN+XbBX8GCz/8IpBgSajfbrKIGf8wMdptYKdjY
bSy9HgR4XQNBiXeHzXTCra8Z5kive7VlhQsLqfjah8pLcKsHTGzpS7LSlobxTqyh
n+At7jjhYiwgXKKrkcxY4IxqwvY5rtLpb9fcByoGlSpWDgHhoV8=
=lzsa
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (2):

  • HBSD MFC r340077: m_pulldown() may reallocate n. Update the oip pointer after the m_pulldown() call.
  • HBSD: explicitly initialize unprivileged_read_msgbuf to a known value


Oliver Pinter + (22):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (6):

  • HBSD: Delete the mtree temporary directory before creating it
  • HBSD: Support bectl for HardenedBSD 12 users
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


ae (2):

  • MFC r339357: Add extra parentheses to fix "versrcreach" opcode, (oif != NULL) should not be used as condition for ternary operator.
  • MFC r339740: Use correct format specificator to print setdscp action.


avg (4):

  • MFC r334189: Import CK as of commit 0f017230ccc86929f56bf44ef2dca93d7df8076b
  • MFC r336634: MFV CK@r336629: Import CK as of commit 1c1f9901c2dea7a883342cd03d3906a1bc482583
  • MFC r303648: Fix ddb "show proc" to show full arguments
  • MFC r337528: add an option for ddb ps command to print process arguments


bz (7):

  • MFC r339586:
  • MFC r339930:
  • MFC r339407:
  • MFC r339431:
  • MFC r339931,r339933
  • MFC r330795:
  • MFC r337904:


cy (1):

  • Follow up on r331936. gets_s(3) will also fail in the same way that gets(3) does. This was missed in r331936.


davidcs (2):

  • MFC r338734
  • MFC r339366 Add support for Error Recovery


des (1):

  • MFH (r305124): fix case where fd_lastfile is -1.


dim (1):

  • MFC r339013:


dteske (1):

  • MFC r339509: Fix loader.conf(5) "password" feature


emaste (1):

  • elfcopy: avoid stripping relocations from static binaries


eugen (1):

  • MFC r339462: make upgrade from previous FreeBSD versions less painful and make previously working configuration like this work again:


gjb (2):

  • Document the krpc module requirement in 11.x that was not present in 10.x if the system has a custom kernel configuration that excludes NFS and, for example, uses MODULES_OVERRIDE="zfs opensolaris".
  • MFC r339684: Reduce the GCE image size to 27G to be lower than the free quota limit.


glebius (1):

  • MFhead r339643:


hselasky (8):

  • MFC r339388: Fix for reception of large full speed isochronous frames via the transaction translator, when using the DWC OTG USB controller driver. Make sure to re-try getting the complete split packets until a DATA0 packet is received. Larger isochronous frames may be split into multiple MDATA packets terminated by a single DATA0 packet.
  • MFC r339581: Fix off-by-one which can lead to panics.
  • MFC r339582: Drop sequencer mutex around uiomove() and make sure we don't move more bytes than is available, else a panic might happen.
  • MFC r339587: Added support for formula-based arbitrary baud rates, in contrast to the current fixed values, which enables use of rates above 1 Mbps. Improved the detection of HXD chips, and the status flag handling as well.
  • MFC r339600: Make sure returned value is checked and assert a valid refcount. While at it fix a print: Unsigned types cannot be negative.
  • MFC r339868: Implement dma_pool_zalloc() in the LinuxKPI.
  • MFC r339923: Implement __KERNEL_DIV_ROUND_UP() function macro in the LinuxKPI.
  • MFC r339924: Implement the dump_stack() function in the LinuxKPI.


jamie (1):

  • MFC r339409, r339420:


jhb (6):

  • MFC 338094: Fully retire the unimplemented -t option from vmstat(8).
  • MFC 338101: Merge amd64 and i386 headers.
  • MFC 338148: Remove 'imen' global variable from atpic(4).
  • MFC 338408: Don't directly dereference a user pointer in the VPD ioctl.
  • MFC 338360,338415,338624,338630,338631,338725: Dynamic x86 IRQ layout.
  • MFC 338813: Clear all of the VFP state in fill_fpregs().


kib (2):

  • MFC r339384: Add clwb().
  • MFC r339331: bhyve: emulate CLFLUSH and CLFLUSHOPT.


kp (3):

  • MFC r334375, r334379:
  • MFC r338698:
  • MFC r339547:


markj (2):

  • MFC r339365: Typo.
  • MFC r313557 (by bz): Allow Dtrace to be compiled into the kernel again after r313177.


mav (3):

  • MFC r339335: Avoid zero-sized kmem_alloc() in vdev_compact_children().
  • MFC r339329: Add ZIO_TYPE_FREE support for indirect vdevs.
  • MFC r339372: Skip VDEV_IO_DONE stage only for ZIO_TYPE_FREE.


mmacy (3):

  • hwpmc: Enable hwpmc support for AMD Family 17H devices
  • fix i386 breakage caused by r339767
  • fix up more issues introduced by failing to have run TB before r339767


philip (2):

  • MFC r339503: Import tzdata 2018f
  • MFC r339848: Import tzdata 2018g


slavash (1):

  • MFC r339584 : mlx5: Notify user that the ConnectX-6 shutdown its port due to power limitation


tijl (1):

  • MFC r339618:


whu (1):

  • MFC: 339585

Uploads: