Stable release: HardenedBSD-stable 12-STABLE v1200059.3

Submitted by op on

HardenedBSD-12-STABLE-v1200059.3 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • MFC r350645: Correct ICMPv6/MLDv2 out-of-bounds memory access (6d7f541fdbb75dd9cc790d444ff37e07c5fdeb3e) [CVE-2019-5608 FreeBSD-SA-19:19.mldv2]
  • MFC r350635: bsnmp: add asn1 message length validation (be804d75b90865776e2d1174d40b6286a0679b950 [CVE-2019-5610 FreeBSD-SA-19:20.bsnmp]
  • MFC 350618: Validate guest-supplied length of headers for TSO transmit requests. (34ae5e48301f4335eab70b8f038cc06466f8c5d5) [CVE-2019-5609 FreeBSD-SA-19:21.bhyve]
  • MFC of 349589, 350070, 350071, 350096, and 350187: Make filesystem-full messages limited per filesystem rather than systemwide; Add "untrusted" option to mount command (7b0bf49d917630384de9b314ec18d4cd34aa8ec3)
  • MFC r350362 r367068: stack protector fixes for LLVM generated codes (ad1889b30609a8069c5c53365124ad27a6ddf907) [FreeBSD-SA-Candidate]
  • HBSD: set LC_COLLATE to C by default (1ec32fd40173ccc1ed7a3d32fef6839d382a76f4)
  • MFC r350310: Fix the turnstile_lock() KPI. (5a909d99e63dfd80e01cf83d49a5f1542492ba3f) [FreeBSD-EN-19:14.epoch FreeBSD-SA-Candidate]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-bootonly.iso) = 5557676ae6108964f2da47d28803da1912fd70cfa0a9d388e066f78a0e9bad58f7c5a2abad247116f11c7f399f79de2f74bc60c89823c14d6a9ddc8a3597d338
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-disc1.iso) = d49899b7f8b9922da3212c937e1b9ddd29c127002b6c257209694d24b0bc58758c8c785b906bdfe45c3fb8071f3d3bd127ace6d06a4eed3ddc15e3796eb669af
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-memstick.img) = abb3d156c423a55c23070b01a64f705eed33dc833fe56090c00cb6de69d63be2d880f3a4350ae860eaeb5e0b25eb02cddadb154c6d3b31d489f4ab28e8322da0
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-mini-memstick.img) = 1d812808356714e0df7048740e7d7d1e7b6b62de0fb5e0551bbb8e950a40a8f9f241b3c14d26fc9269bb1d00febe027ad65b7f6e60cb3c171d616c965e27e2f7

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAl1Ln+8ACgkQgZsRom/9
GI3ETw/+KH7pzMhOV5/FB1WO5mG76QQQdCOZ6kyBKvq2unOHYl/iWz2vXD098v56
R5yVsofVNameLhSrJUt9ZdavWaXfsUoz+IqNX7oO8n8iwdRhQj2hhq1sKbImOSms
3dfRXxBkuL7uKkf6API7qXU8bkwYsEQ8sIIfD2/ZwU8DwTrILeJK0OHf++SPD2F9
/055Ed+5TEO1eHuKkntT3L1vm80WBHHtKP9U68t87U1FRdwiNmNt8cvgQULEBBri
ZthR5w+QXjOHO1Dp9WQniyelqU9I2AdDYWS01Cc7LC4hhZfMElUJHyv9XjVvpGuM
2saKT5c6siPNrcCzbrSuWzHLbCiMmav/S81eKFMG7DkCPx7KqfKkEC7xZYELM1LA
E3a+SSKz3VQ4tGsgaxKsI3PHDe6XtsqPY0gT13V6okKS8w4XSYq3I+O8MOeh9ruH
WsbfkaZfesLncHEtLomKS+d3W0pCI6I0tfVgOfyfQJIEPdXTYsQUlAoADZse7fOB
sjxPDJU9NInwjFCt+dgr/4P7unKDPPhBTOsm/ideIAXLMhjXG7cvk3FfbfeWx8Yc
9TJsBXzaWiHZdaVagL8dLaUYKPVxQvUrN4bmomqzosxrsbcIv4t7tHIr7MIRbJDM
h0Em3oDmYJmi9zS38nLbd2yMUwja/U6gyXv+Cs1VRL2eXJvVJu8=
=Lquj
-----END PGP SIGNATURE-----


Oliver Pinter (2):

  • HBSD: fix mismerge in src.conf.5 regarding the state of lld
  • HBSD: set LC_COLLATE to C by default

Oliver Pinter + (20):

  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
  • Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

ae (1):

  • MFC r350417: Add ipfw_get_action() function to get the pointer to action opcode.

arybchik (3):

  • MFC r350369
  • MFC r350370
  • MFC r350371

bapt (1):

  • MFC r350358:

brooks (7):

  • MFC r350143, r350148
  • MFC r350157:
  • MFC r350158:
  • MFC r350159:
  • MFC r350160:
  • MFC r350218:
  • MFC r350228:

cy (4):

  • MFC r350064:
  • MFC r350548:
  • MFC r350567:
  • MFC r350568:

dim (2):

  • MFC r350360:
  • MFC r350362:

dougm (1):

  • MFC r350183, r350359

emaste (5):

  • MFC r350215: mptutil: emit a warning on big-endian architectures
  • objdump: update deprecation notice
  • MFC r350518: as: add deprecation notice to the man page
  • MFC r350635: bsnmp: add asn1 message length validation
  • MFC r350645: Correct ICMPv6/MLDv2 out-of-bounds memory access

gallatin (1):

  • MFC r350245

ganbold (1):

  • MFC r346993 Add a hw.model sysctl oid for arm64 which reports the CPU model similar to armv6/7.

jhb (1):

  • MFC 350618: Validate guest-supplied length of headers for TSO transmit requests.

jilles (1):

  • MFC r350425: printf(1): Note that \c only works in %b strings

kevans (1):

  • MFC r350336: if_tun(4): Add TUNGIFNAME

kp (1):

  • MFC r350416:

manu (16):

  • MFC r340845-r340848, r340971, r340981, r342076
  • MFC r340987, r340989, r341254, r341269, r341333
  • MFC r342936, r343873
  • MFC r342924, r343749-r343750, r343874, r344893-r344895, r345711
  • MFC r345948, r345951
  • MFC r346092, r346271-r346272
  • MFC r346293:
  • MFC r342008, r342010-r342020
  • MFC r344633-r344634, r344638
  • MFC r346305, r346691-r346694, r346696-r346697
  • MFC r346295, r346297
  • MFC r346298:
  • MFC r346334, r346787-r346789, r347017
  • MFC r347362:
  • MFC r347489-r347491, r347512
  • MFC r348179-r348182

markj (4):

  • MFC r350513: Fix formatting.
  • MFC r350514: Add an MLINK for daemonfd(3).
  • MFC r350432: Merge r3778 and r3779 from ELFToolchain.
  • MFC r350544: Add bzip2recover.1.

mckusick (1):

  • MFC of 349589, 350070, 350071, 350096, and 350187

rmacklem (1):

  • MFC: r350367 Lock the vnode before calling ufs_bmap_seekdata().

Uploads: 

Plain text icon shortlog-HardenedBSD-12-STABLE-v1200059.3.txt
Plain text icon CHECKSUM.SHA512.txt
Plain text icon CHECKSUM.SHA512.asc_.txt