HardenedBSD-10-STABLE-v1000048
opntr
released this
13 Jul 22:06
·
797 commits
to hardened/10-stable/master
since this release
Warning: this is a security update!
Highlights:
- MFC r320906: MFV r320905: Import upstream heimdal fix for CVE-2017-11103. (3955ce4) FreeBSD-SA-17:05.heimdal
- hbsd-update{,-build} updates
- enforce FreeBSD and HardenedBSD KPI version for external modules
- HBSD: fix broken pax_mprotect transitions (9161ed8)
Changelog
M.Shirk (1):
Updating hbsd-update-build to work with custom kernel configs.
Oliver Pinter (5):
HBSD: fix broken pax_mprotect transitions
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: resolve merge conflict in kern_exec.c after 3fdefba1f9cc0ba6cc359c2b104ca68158297dfe
HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
HBSD: bump __HardenedBSD_version to 1000048 after KPI enforcement
Oliver Pinter + (34):
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (16):
HBSD: Provide an option to not require binutils from pkg in hbsd-update-build
HBSD: Report hash on version check
HBSD: Bump copyright
HBSD: Enforce the existence of the DNS record
HBSD: Don't set TARGET/TARGET_ARCH when building obsolete files
HBSD: Add option to keep temporary files
HBSD: Bump dates
HBSD: Add installation hook scripting
HBSD: Bump copyright
HBSD: Remove debugging code
HBSD: Fix cross-build
HBSD: Add option in hbsd-update to not apply kernel distset
HBSD: Update passwd files with hbsd-update
HBSD: Remove dead code
HBSD: Fix hbsd-update-build
HBSD: Provide better version detection
alc (7):
MFC r314310 Refine the fix from r312954. Specifically, add a new PDE-only flag, PG_PROMOTED, that indicates whether lingering 4KB page mappings might need to be flushed on a PDE change that restricts or destroys a 2MB page mapping. This flag allows the pmap to avoid range invalidations that are both unnecessary and costly.
MFC r281720 Eliminate an unused variable.
MFC r281771 Eliminate an unused variable.
MFC r319605 The variable "breakout" is used like a Boolean, so actually define it as one.
MFC r320181 Eliminate an unused macro.
MFC r320049 Pages that are passed to swap_pager_putpages() should already be fully dirty. Assert that they are fully dirty rather than redundantly calling vm_page_dirty() on them.
MFC r319699 When allocating swap blocks, if the available number of free blocks in a subtree is already zero, then setting the "largest contiguous free block" hint for that subtree to anything other than zero makes no sense. (To be clear, assigning a value to the hint that is too large is not a correctness problem, only a pessimization.)
allanjude (1):
MFC r320644: Add deprecation notices for all rcmd tools
asomers (3):
MFC r318790, r319336
MFC r319337:
MFC r319900:
avg (2):
MFC r320259: jedec_ts: read device id from the correct register
MFC r308782: After some ZIL changes 6 years ago zil_slog_limit got partially broken due to zl_itx_list_sz not updated when async itx'es upgraded to sync. Actually because of other changes about that time zl_itx_list_sz is not really required to implement the functionality, so this patch removes some unneeded broken code and variables.
bdrewery (1):
MFC r289861:
cy (1):
MFC r320242, r320256:
davidcs (1):
MFC r320175 Add pkts_cnt_oversized to stats.
delphij (4):
MFC r320216: Fix use-after-free introduced in r300388.
MFC r320494: Fix double free by reverting r300385 and r300624 which was false positive reported by cppcheck.
MFC r320093: Check return value of seteuid() and bail out if we fail.
MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.
emaste (1):
MFC r317159: libstdc++: fix symbol version script for LLD
eugen (1):
MFC r310888:
gjb (4):
MFC r320488: Correct the branch naming convention in param.h. While here, consistently use upper-case 'X' to represent the version number.
MFC r320599: Fix Vagrant image upload after recent API changes.
MFC r320748: Allow passing NOPKG= to make(1) to enable the pkg-stage target from getting executed when NOPKG is defined but empty.
MFC r300761, r300762: r300761: Disconnect the AZURE target from the CLOUDWARE list.
jhb (1):
MFC 320675: Add deprecation notices for gdb and kgdb.
jilles (4):
MFC r315005: sh: Fix executing wrong command with ${x#$(y)}$(z).
MFC r318591: compress: Add basic tests.
MFC r317912: sh: Fix INTOFF leak after a builtin with different locale settings.
MFC r318592: compress: Allow uncompress -c with multiple pathnames, as required by POSIX.
ken (2):
MFC r320123:
MFC r320421:
kib (8):
MFC r320201: Assert that the protection of a new map entry is a subset of the max protection.
MFC r320202: Call pmap_copy() only for map entries which have the backing object instantiated.
MFC r320308: Translate between abridged and full x87 tags for compat32 ptrace(PT_GETFPREGS).
MFC r320316: Do not try to unmark MAP_ENTRY_IN_TRANSITION marked by other thread.
MFC r320332: Style.
MFC r320570: Correct signatures of several pthreads stubs.
MFC r320619: Resolve confusion between different error code spaces.
MFC r320658: When reporting undefined symbol, note the version, if specified.
marius (1):
MFC: r320577, r320620
markj (1):
MFC r320372: Fix a memory leak in ses_get_elm_devnames().
mckusick (1):
MFC of 320176:
mjg (2):
MFC r293295:
Remove waiters check from the inline rw wunlock routine.
ngie (7):
Fix up r319257
MFC r319634:
MFC r319637:
MFC r319626:
MFC r317179:
Regenerate src.conf(5)
MFC r317161:
pfg (2):
MFC r320079: ext2fs: Enable RO huge_file feature support.
MFC r320408: ext2fs: Support e2di_uid_high and e2di_gid_high.
rmacklem (3):
MFC: r319882 Define NFS_MAXXDR as the upper bound on XDR overhead in an NFS RPC.
MFC: r320062, r320070, r320126 This is a partial merge of only the NFS changes and not the maxbcachebuf tunable.
MFC: r320208 Ensure that the credentials field of the NFSv4 client open structure is initialized.
sephe (2):
MFC 320184
MFC 320490
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000048/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-bootonly.iso) = c22e3d4ca378240c253349059dc5c8a0e3d3c47dd7a952a25378a45ff1469db5c4ab898b5d243ba093416cbbc88085e59d139d01364e2e4b9637cd4dcf07483c
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-disc1.iso) = 65dd0cfcb8a8a55a121737fc00ff4eb24c30f33be8e6a7a49720419d28a41d468e7d1a659bd53ab7d6c3f3f182348dc492aba247c7a4bc4eb265f9b70a838b57
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-memstick.img) = 82761a7742c00ea9ae3d3caea2a7c4eb54a1b19d977050fbb96fa6e9b14aad0839124a1eb30e7bdae01fd32aeeb1c76a2c30c98e04ee17dce2397e38ac7db64f
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-mini-memstick.img) = 10e9fc97e4cc0eb0a4f5a61641596bd52a5b563a08950dfd079f871ae8703b8bec3e6b0be712bf220493a74411385a6ca638353a4ba4f42ff875161e4e3da123
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-bootonly.iso) = e7c6818cb51afd7381f453f41f7f9c16b8c23ad44b7b6b335d08d2b7e23aaa5d85627978a2515f4f0e6bbd7bbc71e235a7f25f981612d11530df50889c0849b9
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-disc1.iso) = 22d28027097287f77a238050d6ed698dbfbbbbd8cc9f9778da048343c2ec7bb3d48bf5b83756c024e7b6657f29a6eec45bbc9eed9d7ed9fed86be7a1c030ff07
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-memstick.img) = 2b370c6aa8d284ec3495f3c83d747ab818fb6a79f3b97986f89135c36ee9202a76b7300652dad3359dc13b109afb887d2005dc7c858ec9663ac1d103c18430ed
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-uefi-mini-memstick.img) = 7226ea5068c8f2dedeed6d6bce2ba66864915c9faf775b5540966a2bb4aea1b87d6042c219901cc652fa917b86b35900d4101229b49e561102f41827720168f5
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAllmx7QACgkQgZsRom/9
GI0aMw//SDSlCuSinsB35/5xcfPDpmfbSEp52uOWdlMW2ZwUtN+gqoEiGla32SmS
TT2Guy/PbgxfEKzHY2UyeRVAnKdZVcdJPqvYmLdh/hQoB3/41sx4nVkN+LSTgItz
khVXHtuJEeh+WWtM31ivS3dW+ENbd8qWo2DnKNPdRJjDzM6JE+LlGdX5gEOP7ldH
HhghBzciLHBq17fLEgEzQwLuzQeDjxXywUDZkfJqc7geNRihLj9S/6ogk8guuxDn
jRq6lJvm4KoPlqymKJP50vbYV+FkGH++QwKWLDNcgnvWlZtstqr7GVWmDh5KvPmf
zBvDH4RBhThQUBR6tuIhDePpAqKhGVoW26cd09nYLFKOEyLDWYYbpTPDhPijH5rb
BNd47aObPgayn3pDrYCedrwKhlLVwmR+yuAIaPivVoI3BUIgTDNR+rC8mSeBaqLY
n0hRRCOF8Yz7g6yx4AUfPTrtXbeqkZsZiAtFQLwLXB/M2z1t/roZf+9p2J/zPSs7
V4cjQWYb9zVQOx/LSV2/SvJvaGOoI2vBjciEgSova3T+oR/8QbrrDD9MytiT7kgl
sfRIywkhVnr9NuqUqleyTqPap2xCLNVC9jL5fPjfWmdKcgCaZ5hZQykuxEZKJBOh
fWfvgM3PjBKxwlKw1QbOsNGULIPZ+SeEOwDRiEIZlbRPqpenE48=
=XZJ8
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-10-STABLE-v1000048.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt