@opntr opntr released this Sep 16, 2017 · 394 commits to hardened/10-stable/master since this release

Assets 2

Warning: this is a security update!

Highlights:

  • HBSD: Update DNSSEC root key 257 (d51b783)
  • MFC r322677: pw usermod: handle empty secondary group lists (-G '') (9cbb330) [FreeBSD-SA-Candidate]
  • MFC r322678: pw useradd: Validate the user name before creating the entry (73846ec) [FreeBSD-SA-Candidate]
  • MFC: r321293 date: avoid crash on invalid time (d014d34) [FreeBSD-SA-Candidate]
  • MFC r323278: Fix an incorrectly used conditional causing buffer overflow. (cec050b) [CVE-2017-1000249]
  • HBSD: constify pax_elf()'s mode parameter (a660c95)
  • HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL (d4a5dab)
  • HBSD: API change, swap the first and second argument of pax_elf (2135308)
  • HBSD: update mirror list in bsdinstall
  • HBSD: print out the __{Hardened,Free}BSD_version and version at panic time (0a7d696)
  • HBSD: improve logging - hide early hardenedbsd related boot messages under bootverbose
  • Upgrade OpenSSH to 7.3p1. (b3ef7b3) [FreeBSD-SA-Candidate]
  • HBSD MFC: r319365, r321670 Merge ACPICA 20170728.
  • HBSD: disable coredump helper for devctl (389bdb5)
  • HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.

Changelog

Oliver Pinter (16):
      HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.
      HBSD: comment this part of etc/devd.conf once more, just to be sure
      HBSD: disable coredump helper for devctl
      HBSD MFC:	r319365, r321670
      HBSD: fix typo in kern_sig.c - CTLFLAG_RO -> CTLFLAG_RD
      HBSD: improve logging
      HBSD: print out the __{Hardened,Free}BSD_version and version at panic time
      HBSD: update mirror list in bsdinstall
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: resolve merge conflict in openssh's moduli after the update
      HBSD: style a little bit the debug info at panic time
      HBSD: API change, swap the first and second argument of pax_elf
      HBSD: Bump __HardenedBSD_version after API change
      HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL
      HBSD: constify pax_elf()'s mode parameter
      HBSD MFC r322802: Fix off-by-one error when parsing SRAT table.

Oliver Pinter + (21):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (1):
      HBSD: Update DNSSEC root key 257

cy (2):
      MFC r321806:
      MFC r322073:

davidcs (4):
      MFC r322331   Provide compile option to choose receive processing in either Ithread or   Taskqueue Thread.
      MFC r322408 Performance enhancements to reduce CPU utililization for large number of TCP connections (order of tens of thousands), with predominantly Transmits.
      MFC 322771
      MFC r322852 Fix qlnx_tso_check() so that every window of (ETH_TX_LSO_WINDOW_BDS_NUM - nbds_in_hdr) has atleast ETH_TX_LSO_WINDOW_MIN_LEN bytes

des (3):
      Upgrade OpenSSH to 7.3p1.
      Revert OpenSSH 7.3p1; something went wrong between testing and committing.
      Upgrade OpenSSH to 7.3p1.

dim (1):
      MFC r323001:

emaste (6):
      MFC r323002: zfs: do not advertise unsupported hash algorithms
      MFC r322678: pw useradd: Validate the user name before creating the entry
      MFC r322677: pw usermod: handle empty secondary group lists (-G '')
      MFC r322374: bsdinstall: record DHCP config after obtaining lease
      MFC r320069: Add ZFS to Linux statfs ftype
      MFC r323448: bsdinstall: Ignore error return from newaliases(1)

gjb (7):
      MFC r322544:  Always expand the full path to the configuration file specified  with the '-c' flag.  This fixes an issue where the configuration  file would not properly be located intermittently.
      MFC r322770, r322796:
      Document r320312 and r321074, cancel-safe support in stdio(3) and syslog(3).
      Document r320772, syslogd(8) logging retry after restarting unexpectedly.
      Fix an indentation mistake that snuck in with r323590.
      Document r316348, pw(8) respecting pw.conf(5). Document r322793, GEOM_JOURNAL flush_queue handling fixed.
      Document r301772, Dummynet AQM imported to the base system.

gordon (1):
      MFC r323278: Fix an incorrectly used conditional causing buffer overflow.

hselasky (1):
      MFC r322810 and r322830: Add new mlx5ib(4) driver to the kernel source tree which supports Remote DMA over Converged Ethernet, RoCE, for the ConnectX-4 series of PCI express network cards.

ken (1):
      MFC r322410:   ------------------------------------------------------------------------   r322410 | ken | 2017-08-11 12:43:52 -0600 (Fri, 11 Aug 2017) | 16 lines

marius (10):
      MFC: r322726
      Update stable/10 to BETA2 in preparation for 10.4-BETA2 builds.
      MFC: r308643, r312427, r312641, r322986
      Update stable/10 to BETA3 in preparation for 10.4-BETA3 builds.
      Fix a typo in the hard link creation for a WANDBOARD DTB file. Just like r322666 which introduced this bug, this is a direct commit to stable/10.
      MFC: r321293
      - Ever since the workaround for the silicon bug of TSO4 causing MAC hangs   was committed in r295133 (MFCed to stable/10 in r295287), CSUM_TSO gets   always disabled by em(4) on the first invocation of em_init_locked() as   at that point no link is established, yet. In turn, this causes CSUM_TSO   also to be off when em(4) is used as a parent device for vlan(4), i. e.   besides IFCAP_TSO4, IFCAP_VLAN_HWTSO effectively doesn't work either.
      Update stable/10 to BETA4 in preparation for 10.4-BETA4 builds.
      MFC: r323382, MFV: r323381
      - Reset stable/10 back to -PRERELEASE status now that releng/10.4   has been branched. - Update __FreeBSD_version to reflect the new -STABLE branch. - Switch the pkg(8) configuration for the default installation and the   DVD image creation back to the latest set, i. e. revert r322737.

mckusick (3):
      MFC of 269692, 322179, 322463, and 322464:
      MFC of 276737, 322200, 322201, 322271, and 322297
      Note change brought on by 322860 MFC.

oleg (1):
      MFC r322628: Fix BSD label partition end sector calculation.

will (1):
      MFC r278479,278494,278525,278545,278592,279237,280410:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000049/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-bootonly.iso) = 5c3c682db8a57124c2852ecbc3ccbeded6fac7534b04aac1b434035ffa64a6048b520f4d3ae4a76d06f1d2f994b74d40392a1b70e89d6abdcd9c1299a179dffe
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-disc1.iso) = 1434b67f2192f96ce01e5a3ff1880b0166fa9d75963d114d68eea03cd6e6985497419e7c4afd604d461c072b3bc119d0693b7b39b658e376a830c395ee00a35b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-memstick.img) = 3c727b04ea288bf985c85aef8f81de9d22bce99884f79f61496142a8de70d73ada0aaa9d0a5e987149caee5c7ec9c7b3b5368af5155cd96068528bd124a6bd4b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-mini-memstick.img) = b69249bacb713b976f3799f95b7737ddc48b62e96e92e1fc166fbb23f536a7401935060d506fd39c87c1a675e03d061472b6956be1a45c161602109fdd4be6ca
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-bootonly.iso) = 400d1967dbcfc01071bd9cd744bc6a49ef1b5f7553491311bcb39f7685605f37495ff6f9f31565203d7103cbfeea79e4f5ccd2d9e9e801a62e7b752d72ce2acf
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-disc1.iso) = b2cd9572970eda037ee149c09d172f6431bd236aec992cae895e8898e3ca007003265f2b98b93322a19331b0a4f1b5a481adfa6250e5f1165daf3e24098d53e6
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-memstick.img) = e053d87807fcfe574f6f41fbb22f01f2395a7273e5f0397136569753532d366b06bc30b3a020bec54ac59a62d1ec708ee10c10a1fb13de352b72cb10e2a2ff8b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-mini-memstick.img) = 0409c88284cc9d14f2c64978e713845c5a581ea5bbe77b424383becf39a9a05c0c3c92d29bd2bc7235035bbd35a16db9a677d8a9a01251eab097002f01c81b6f

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlm8eTcACgkQgZsRom/9
GI3qTA/+NrQJL2m4aelDXcOJbERPyXmTt/r6Lew2ZVKWo1BGG3ukkksIO4ixmfXH
tbbkQj+RDFfK8QmRHFUSz7kur7A/D79ia5CKXDUMoNAw2mMA8oiO5SgcPv3hShyV
a7miKcszaRL8brrFEzZ5ZU7YhJ/d50oEcbhU06fe07V4I1p0mSGfX0Xq144tE3vA
bFjFwZIu1EYQSpVPERtsl+7nB/F1FIHvbnpKakS04N2utuFzUmjfdMaS1/Is5kr0
VRGlboa7wx0SlWuWwHMRiFIzRYojaN6Vl+X+4clVE23q0vGfhHVmvxyGncench3P
5/jNjdkNXS5GSfdkbzFeDyZ54V7UIlf87AzxOS4d1yYgA/o7HUZjeFhD4EWLQOf1
0QX5hhMw7sa8zIO9IWLLulaerpI+AP1zFg/AFF+g2BF/szl7Bcf+LMwzfIVYSjaj
TszokJIrUahDDe3odhEVoQAqpn3nDHhzbDzo2FjWWmNUz3Mh1i9RyPTzCBcrf2M5
P23/ZFc41StAGSRUm1Cmla97OLWPR4MkwqtivM8VEug2nMYcsl+ZXMKMVlBd/5Bc
gfLNzpWCvEvQw8s9jCZAYMD4uAHSbYevOxEykOj+JJHNdGxqOadwWRQV/YJlPMC3
2/hHXFQ+nGeytsKDHRalGX35amvqymARtf9ZcynL757cThz1TPo=
=TWDw
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-10-STABLE-v1000049.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt