@opntr opntr released this Jul 13, 2017 · 797 commits to hardened/10-stable/master since this release

Assets 2

Warning: this is a security update!

Highlights:

  • MFC r320906: MFV r320905: Import upstream heimdal fix for CVE-2017-11103. (3955ce4) FreeBSD-SA-17:05.heimdal
  • hbsd-update{,-build} updates
  • enforce FreeBSD and HardenedBSD KPI version for external modules
  • HBSD: fix broken pax_mprotect transitions (9161ed8)

Changelog

M.Shirk (1):
      Updating hbsd-update-build to work with custom kernel configs.

Oliver Pinter (5):
      HBSD: fix broken pax_mprotect transitions
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: resolve merge conflict in kern_exec.c after 3fdefba1f9cc0ba6cc359c2b104ca68158297dfe
      HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
      HBSD: bump __HardenedBSD_version to 1000048 after KPI enforcement

Oliver Pinter + (34):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (16):
      HBSD: Provide an option to not require binutils from pkg in hbsd-update-build
      HBSD: Report hash on version check
      HBSD: Bump copyright
      HBSD: Enforce the existence of the DNS record
      HBSD: Don't set TARGET/TARGET_ARCH when building obsolete files
      HBSD: Add option to keep temporary files
      HBSD: Bump dates
      HBSD: Add installation hook scripting
      HBSD: Bump copyright
      HBSD: Remove debugging code
      HBSD: Fix cross-build
      HBSD: Add option in hbsd-update to not apply kernel distset
      HBSD: Update passwd files with hbsd-update
      HBSD: Remove dead code
      HBSD: Fix hbsd-update-build
      HBSD: Provide better version detection

alc (7):
      MFC r314310   Refine the fix from r312954.  Specifically, add a new PDE-only flag,   PG_PROMOTED, that indicates whether lingering 4KB page mappings might   need to be flushed on a PDE change that restricts or destroys a 2MB   page mapping.  This flag allows the pmap to avoid range invalidations   that are both unnecessary and costly.
      MFC r281720   Eliminate an unused variable.
      MFC r281771   Eliminate an unused variable.
      MFC r319605   The variable "breakout" is used like a Boolean, so actually define it as   one.
      MFC r320181   Eliminate an unused macro.
      MFC r320049   Pages that are passed to swap_pager_putpages() should already be fully   dirty.  Assert that they are fully dirty rather than redundantly calling   vm_page_dirty() on them.
      MFC r319699   When allocating swap blocks, if the available number of free blocks in a   subtree is already zero, then setting the "largest contiguous free block"   hint for that subtree to anything other than zero makes no sense.  (To be   clear, assigning a value to the hint that is too large is not a correctness   problem, only a pessimization.)

allanjude (1):
      MFC r320644: 	Add deprecation notices for all rcmd tools

asomers (3):
      MFC r318790, r319336
      MFC r319337:
      MFC r319900:

avg (2):
      MFC r320259: jedec_ts: read device id from the correct register
      MFC r308782: After some ZIL changes 6 years ago zil_slog_limit got partially broken due to zl_itx_list_sz not updated when async itx'es upgraded to sync. Actually because of other changes about that time zl_itx_list_sz is not really required to implement the functionality, so this patch removes some unneeded broken code and variables.

bdrewery (1):
      MFC r289861:

cy (1):
      MFC r320242, r320256:

davidcs (1):
      MFC r320175 Add pkts_cnt_oversized to stats.

delphij (4):
      MFC r320216: Fix use-after-free introduced in r300388.
      MFC r320494: Fix double free by reverting r300385 and r300624 which was false positive reported by cppcheck.
      MFC r320093: Check return value of seteuid() and bail out if we fail.
      MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.

emaste (1):
      MFC r317159: libstdc++: fix symbol version script for LLD

eugen (1):
      MFC r310888:

gjb (4):
      MFC r320488:  Correct the branch naming convention in param.h.  While here, consistently use upper-case 'X' to represent the  version number.
      MFC r320599:  Fix Vagrant image upload after recent API changes.
      MFC r320748:  Allow passing NOPKG= to make(1) to enable the pkg-stage target  from getting executed when NOPKG is defined but empty.
      MFC r300761, r300762:  r300761:   Disconnect the AZURE target from the CLOUDWARE list.

jhb (1):
      MFC 320675: Add deprecation notices for gdb and kgdb.

jilles (4):
      MFC r315005: sh: Fix executing wrong command with ${x#$(y)}$(z).
      MFC r318591: compress: Add basic tests.
      MFC r317912: sh: Fix INTOFF leak after a builtin with different locale settings.
      MFC r318592: compress: Allow uncompress -c with multiple pathnames, as required by POSIX.

ken (2):
      MFC r320123:
      MFC r320421:

kib (8):
      MFC r320201: Assert that the protection of a new map entry is a subset of the max protection.
      MFC r320202: Call pmap_copy() only for map entries which have the backing object instantiated.
      MFC r320308: Translate between abridged and full x87 tags for compat32 ptrace(PT_GETFPREGS).
      MFC r320316: Do not try to unmark MAP_ENTRY_IN_TRANSITION marked by other thread.
      MFC r320332: Style.
      MFC r320570: Correct signatures of several pthreads stubs.
      MFC r320619: Resolve confusion between different error code spaces.
      MFC r320658: When reporting undefined symbol, note the version, if specified.

marius (1):
      MFC: r320577, r320620

markj (1):
      MFC r320372: Fix a memory leak in ses_get_elm_devnames().

mckusick (1):
      MFC of 320176:

mjg (2):
      MFC r293295:
      Remove waiters check from the inline rw wunlock routine.

ngie (7):
      Fix up r319257
      MFC r319634:
      MFC r319637:
      MFC r319626:
      MFC r317179:
      Regenerate src.conf(5)
      MFC r317161:

pfg (2):
      MFC r320079: ext2fs: Enable RO huge_file feature support.
      MFC r320408: ext2fs: Support e2di_uid_high and e2di_gid_high.

rmacklem (3):
      MFC: r319882 Define NFS_MAXXDR as the upper bound on XDR overhead in an NFS RPC.
      MFC: r320062, r320070, r320126 This is a partial merge of only the NFS changes and not the maxbcachebuf tunable.
      MFC: r320208 Ensure that the credentials field of the NFSv4 client open structure is initialized.

sephe (2):
      MFC 320184
      MFC 320490

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000048/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-bootonly.iso) = c22e3d4ca378240c253349059dc5c8a0e3d3c47dd7a952a25378a45ff1469db5c4ab898b5d243ba093416cbbc88085e59d139d01364e2e4b9637cd4dcf07483c
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-disc1.iso) = 65dd0cfcb8a8a55a121737fc00ff4eb24c30f33be8e6a7a49720419d28a41d468e7d1a659bd53ab7d6c3f3f182348dc492aba247c7a4bc4eb265f9b70a838b57
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-memstick.img) = 82761a7742c00ea9ae3d3caea2a7c4eb54a1b19d977050fbb96fa6e9b14aad0839124a1eb30e7bdae01fd32aeeb1c76a2c30c98e04ee17dce2397e38ac7db64f
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-mini-memstick.img) = 10e9fc97e4cc0eb0a4f5a61641596bd52a5b563a08950dfd079f871ae8703b8bec3e6b0be712bf220493a74411385a6ca638353a4ba4f42ff875161e4e3da123
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-bootonly.iso) = e7c6818cb51afd7381f453f41f7f9c16b8c23ad44b7b6b335d08d2b7e23aaa5d85627978a2515f4f0e6bbd7bbc71e235a7f25f981612d11530df50889c0849b9
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-disc1.iso) = 22d28027097287f77a238050d6ed698dbfbbbbd8cc9f9778da048343c2ec7bb3d48bf5b83756c024e7b6657f29a6eec45bbc9eed9d7ed9fed86be7a1c030ff07
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-memstick.img) = 2b370c6aa8d284ec3495f3c83d747ab818fb6a79f3b97986f89135c36ee9202a76b7300652dad3359dc13b109afb887d2005dc7c858ec9663ac1d103c18430ed
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-mini-memstick.img) = 7226ea5068c8f2dedeed6d6bce2ba66864915c9faf775b5540966a2bb4aea1b87d6042c219901cc652fa917b86b35900d4101229b49e561102f41827720168f5

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAllmx7QACgkQgZsRom/9
GI0aMw//SDSlCuSinsB35/5xcfPDpmfbSEp52uOWdlMW2ZwUtN+gqoEiGla32SmS
TT2Guy/PbgxfEKzHY2UyeRVAnKdZVcdJPqvYmLdh/hQoB3/41sx4nVkN+LSTgItz
khVXHtuJEeh+WWtM31ivS3dW+ENbd8qWo2DnKNPdRJjDzM6JE+LlGdX5gEOP7ldH
HhghBzciLHBq17fLEgEzQwLuzQeDjxXywUDZkfJqc7geNRihLj9S/6ogk8guuxDn
jRq6lJvm4KoPlqymKJP50vbYV+FkGH++QwKWLDNcgnvWlZtstqr7GVWmDh5KvPmf
zBvDH4RBhThQUBR6tuIhDePpAqKhGVoW26cd09nYLFKOEyLDWYYbpTPDhPijH5rb
BNd47aObPgayn3pDrYCedrwKhlLVwmR+yuAIaPivVoI3BUIgTDNR+rC8mSeBaqLY
n0hRRCOF8Yz7g6yx4AUfPTrtXbeqkZsZiAtFQLwLXB/M2z1t/roZf+9p2J/zPSs7
V4cjQWYb9zVQOx/LSV2/SvJvaGOoI2vBjciEgSova3T+oR/8QbrrDD9MytiT7kgl
sfRIywkhVnr9NuqUqleyTqPap2xCLNVC9jL5fPjfWmdKcgCaZ5hZQykuxEZKJBOh
fWfvgM3PjBKxwlKw1QbOsNGULIPZ+SeEOwDRiEIZlbRPqpenE48=
=XZJ8
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-10-STABLE-v1000048.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt