@opntr opntr released this Jan 2, 2018 · 44735 commits to hardened/11-stable/master since this release

Assets 2

Highlights:

  • HBSD MFC r321963: Rework and simplify the ksyms(4) implementation. (8dd00d8)
  • MFC r326872: fix expiration arithmetic in pw after r326738 and MFC. (1e062f6)
  • Fix error state handling in openssl (22fbcdc) [CVE-2017-3737 FreeBSD-SA-17:12.openssl]
  • MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (c5f9120) [CVE-2014-8503]
  • MFC r326136: bfd: avoid crash on corrupt binaries (e10e409) [CVE-2014-8501 CVE-2014-8502]
  • Avoid out-of-bounds read in openssl (276fd80) [CVE-2017-3735 FreeBSD-SA-17:11.openssl]
  • MFC 325039: Rework pass through changes in r305485 to be safer. (00e656a)
  • Properly bzero kldstat structure to prevent kernel information leak. (904c1c3) [FreeBSD-SA-17:10.kldstat CVE-2017-1088]
  • MFH (r325010): don't bother verifying a password that we know is too long. (5ebf270) [CVE-2016-6210]
  • Separate POSIX sem/shmand mqueue objects in jails. (568bd26)
  • Zero whole struct ptrace_lwpinfo to not leak kernel stack data. (a19cbcf) [CVE-2017-1086]
  • Fix out-of-bounds read in libc/regex. (70a215a)
  • Add extended attributes support to fuse kernel module. (cca3840)
  • hbsd-update updates
  • clang updates
  • zfs updates
  • geom updates
  • nfs updates

Changelog

Oliver Pinter (4):
      HBSD MFC r321842: Let lockstat use ksyms(4)'s mmap interface.
      HBSD MFC r321843: Remove local variables missed in r321842.
      HBSD MFC r321963: Rework and simplify the ksyms(4) implementation.
      HBSD: bump year in copyright.h

Oliver Pinter + (78):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (5):
      HBSD: Update the release artifact directory in hbsd-update-build
      HBSD: Sort the list of programs hbsd-update uses
      HBSD: Ensure a clean /usr/src
      HBSD: Support revoking key material in hbsd-update
      HBSD: Fix typo in hbsd-update

ae (2):
      MFC r324947:   Add IPv6 support for O_TCPDATALEN opcode.
      MFC r326898:   Fix possible memory leak.

asomers (10):
      MFC r322546:
      MFC r322868:
      MFC r323193:
      MFC r323194:
      MFC r323275, r324112
      MFC r323813:
      MFC r324220:
      MFC r324221:
      MFC r324805:
      MFC r325363:

avg (15):
      MFC r324345: MFV r316877: 7571 non-present readonly numeric ZFS props do not have default valu
      MFC r324346: MFV r316931: 6268 zfs diff confused by moving a file to another directory
      MFC r324347: MFV r316933: 5142 libzfs support raidz root pool (loader project)
      MFC r324348: MFV r316934: 7340 receive manual origin should override automatic origin
      MFC r324689: iscsi: do not hold the global lock while tearing down a session
      MFC r324694: never retry oustanding requests when terminating iscsi session
      MFC r324957: iscsi_shutdown_post: do nothing if panic-ing
      MFC r324757: remove spa_sync_on assert from spa_async_thread_vd
      MFC r325227,r325272: geom_slice: do not destroy softc until providers are gone
      MFC r325606: MFV r325605: 8713 Buffer overflow in dsl_dataset_name()
      MFC r325228: vdev_geom_close: close errored consumer even if vdev_reopening is set
      MFC r325035: MFV r325013,r325034: 640 number_to_scaled_string is duplicated in several commands
      MFC r325610: MFV r325609: 7531 Assign correct flags to prefetched buffers
      MFC r326067: make illumos uiocopy use vn_io_fault_uiomove
      MFC r326070: zfs_write: fix problem with writes appearing to succeed when over quota

bapt (6):
      MFC r325716:
      MFC r325717:
      MFC r325737:
      MFC r326526:
      MFC r326527:
      MFC r326633:

brooks (1):
      MFC r301679 (partial), r309626, r326307

cy (5):
      Sync (make same) the offsetof macro definition in include/ with the definition of the same in sys/sys/. The problem was discovered while working on implementing a new C11 gets_s() for libc. (The new gets_s() requires rsize_t found in include/stddef.h.) The solution to sync the two definitions was suggested by ed@ while discussing D12667.
      MFC r325030:
      MFC r326343:
      MFC r324248:
      MFC r326558, r326566:

delphij (12):
      MFC r325383:
      MFC r325532: Update arcmsr(4) to 1.40.00.01:
      MFC r325755: Be more careful when doing calculation with request from userland.
      Avoid out-of-bounds read.
      MFC r326244:
      MFC r325723:
      Revert r326763.  The change depends on r264387 which was not merged.
      MFC r326361: Remove unused include.
      MFC r326391: Prevent OOB access on corrupted msdos directories.
      MFC r326562: Use strlcpy().
      MFC r326185: Set errno to EFTYPE instead of EINVAL to be more consistent with the rest of code.
      MFC r326791: Close the correct file descriptor.

des (1):
      MFH (r325010): don't bother verifying a password that we know is too long.

dim (4):
      MFC r326669:
      MFC r326670:
      MFC r326748:
      MFC r326880:

emaste (3):
      MFC r326082: freebsd-update: do not duplicate patchlist entries
      MFC r326136: bfd: avoid crash on corrupt binaries
      MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file

eugen (8):
      MFC r324364: ftpd(8): fix user context handling
      MFC r324212:
      MFC r325559: ifconfig_<interface>_descr
      Fix breakage in r325799 that removed a bit of code by my mistake.
      MFC r325436: RTF_PINNED for an interface
      MFC r326655,326668: correct error handling for graid SINGLE/CONCAT/RAID5 volumes.
      MFC r326738: pw(8): correct expiration period handling   and command line overrides to preconfigured values for -e, -p and -w flags.
      MFC r326872: fix expiration arithmetic after r326738 and MFC.

gjb (8):
      MFC r325156:  Set a default hostname for virtual machine images.
      MFC r320252, r320686, r325769:  r320252:   In release/release.sh:   - Rename chroot_arm_armv6_build_release() to chroot_arm_build_release()     and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64).   - Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can     be used for arm/armv6 and arm64/aarch64.   - Update comments and copyright.
      MFC r325863:  Only copy /etc/resolv.conf to ${CHROOTDIR} if /etc/resolv.conf does  not already exist within ${CHROOTDIR}.  This allows re-using a build  chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR  set to '/' in release.conf.
      MFC r325950, r325953:  r325950:   Sort variables for consistency.
      MFC r325373, r325861:  r325373 (manu):   release/arm: Do not install ubldr
      MFC r326068:  Remove /etc/resolv.conf from virtual machine images, which is  copied from the build host.  It is renamed to /etc/resolv.conf.bak  on boot, so never used anyway.
      Document SA-17:06 through SA-17:11 and EN-17:07 through EN:17-10.
      MFC r326315, r326330, r326331, r326412:

gordon (2):
      MFC r325865
      Fix error state handling.

grog (2):
      Correct character set.
      Revert revision 326923

hselasky (15):
      Use MAC-based GID format for the GID table entries in mlx5ib(4) to be compatible with the ibcore module in FreeBSD 10-stable.
      MFC r324490: Add support for parsing and using IPv6 addresses in krping.
      MFC r324792: The remote DMA TCP portspace selector, RDMA_PS_TCP, is used for both iWarp and RoCE in ibcore. The selection of RDMA_PS_TCP can not be used to indicate iWarp protocol use. Backport the proper IB device capabilities from Linux upstream to distinguish between iWarp and RoCE. Only allocate the additional socket required for iWarp for RDMA IDs when at least one iWarp device present. This resolves interopability issues between iWarp and RoCE in ibcore
      MFC r325278: Unconditionally include "opt_inet6.h" in the LinuxKPI. This makes sure the INET6 macro gets properly defined, also for kernel module builds.
      Remove the now obsolete "unify_tcp_port_space" ibcore module parameter. Missed as part of the MFC of r324792 in r325611.
      MFC r325533: Make the dma_alloc_coherent() function in the LinuxKPI NULL safe with regard to the "dev" argument.
      MFC r325614: Multiple fixes for using IPv6 link-local addresses with RDMA.
      MFC r325615: Make sure the IPv6 scope ID gets zeroed when exchanging CMA messages in ibcore. Else the IPv6 address matching might fail. This change adds support for both embedded and non-embedded IPv6 scope IDs when passing a IPv6 link-local socket address to RDMA. Prior to this change only global IPv6 addresses would work with RDMA.
      MFC r325616: Make sure sin_zero is zero in ibcore. Else socket address maching using bcmp() might fail.
      MFC r299674 and r299931: Handle case of class being set, but not parent when calling device_register() in the LinuxKPI.
      MFC r326392: Properly define the VLAN_XXX() function macros to avoid miscompilation when used inside "if" statements comparing with another value.
      MFC r326161: Implement atomic_fetchadd_64() for i386. This function is needed by the atomic64 header file in the LinuxKPI for i386.
      MFC r325897: Improve the library dependencies helper script in src/tools.
      MFC r326362: Disallow TUN and TAP character device IOCTLs to modify the network device type to any value. This can cause page faults and panics due to accessing uninitialized fields in the "struct ifnet" which are specific to the network device type.
      Add support for IPv6 based addresses as part of the TCP unify portspace feature in ibcore. This resolves an interopability issue when using both iWarp(T6) and RDMA(CX-4 and CX-5) devices at the same time.

jamie (1):
      MFC r297935:

jhb (1):
      MFC 325039: Rework pass through changes in r305485 to be safer.

jkim (1):
      MFC:	r267961, r309361, r322710, r323286, r326378, r326383, r326407

julian (1):
      Steps to Reproduce: #ngctl mkpeer ipfw: patch 7 in #ngctl name ipfw:7 tcp_rst #ngctl connect ipfw: tcp_rst: 8 out #ngctl msg tcp_rst: setconfig { count=1 csum_flags=0 ops=[ { mode=8 value=4 length=1 offset=33 } ] } ngctl: send msg: Argument list too long

ken (1):
      MFC r325371   ------------------------------------------------------------------------   r325371 | ken | 2017-11-03 15:04:22 -0600 (Fri, 03 Nov 2017) | 19 lines

kib (9):
      MFC r324853: Remove the support for mknod(S_IFMT), which created dummy vnodes with VBAD type.
      MFC r325270: Consistently ensure that we do not load MXCSR with reserved bits set.
      MFC r325567: Zero whole struct ptrace_lwpinfo to not leak kernel stack data.
      MFC r325671: Check that the pmc index is less than the number of hardware PMCs, instead of asserting the condition.
      MFC r326098: Return different error code for the guard page layout violation.
      MFC r326122: Kill all descendants of the reaper, even if they are descendants of a subordinate reaper.  Also, mark reapers when listing pids.
      MFC r326424: Add comment for vm_map_find_min().
      MFC r326657: Fix livelock in ufsdirhash_create().
      MFC r326851: In devfs_lookupx() dotdot lookup case, avoid dereferencing dvp->v_mount after dvp is unlocked.

kp (1):
      MFC r325850: pfctl: teach route-to to deal with interfaces with multiple addresses

markj (2):
      MFC r324704: Fix a racy VI_DOOMED check in MNT_VNODE_FOREACH_ALL().
      MFC r324809: Free the right address range if kmem_back() fails in memguard_alloc().

mav (1):
      MFC r325552: s/NgSendMsgReply/NgSendReplyMsg/ in man to match the code.

ngie (3):
      Install missing test input file missed in r324418
      MFC r324862:
      MFC r324928:

pfg (7):
      MFC r324620 (by fsu@): Add extended attributes support to fuse kernel module.
      MFC r325066: Fix out-of-bounds read in libc/regex.
      MFC r325067: bsnmpd: Only refresh devtree if devd event is a new or removed device.
      MFC r325397: ANSI-fy exec_shell_imgact().
      MFC r324962 (by fsu@):
      MFC r326028: iconv: Fix a pointer mismatch.
      MFC r326282: (by fsu)

philip (1):
      MFC r325059: import tzdata 2017c

rmacklem (3):
      MFC: r324506 Fix forced dismount when a pNFS mount is hung on a DS.
      MFC: r324639 Fix the client IP address reported by nfsdumpstate for 64bit arch and NFSv4.1.
      MFC: r326544 Avoid the overhead of acquiring a lock in nfsrv_checkgetattr() when there are no write delegations issued.

se (1):
      MFC 324721: Add references to sysrc(8) to SEE ALSO. MFC 324823: Mention sysrc(8) as scripting interface for config files.

truckman (1):
      MFC r325008

ume (1):
      MFC r327029: 	Don't ignore trailing spaces after numerical IP addresses.

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000050.1/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-bootonly.iso) = 572c2482aadcc4a84750cfa5b4e158fb5a22f8c8cda4863978e383b48264fa8de9ad30d973267cca3fca95cd26b2ab117851e0ad620ae475ba9c429a4460a6a2
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-disc1.iso) = b731119acd686b23aed7abd2e15fe6fcd0771977a3d5061b68e6de6ebd3829d049da14e5efa204b768306e86d3443c10e67be282c72ac52143b3cd78476255fc
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-memstick.img) = 0ab7aa228f1cb00f362025db96222b8e7cd7ca7477812e1856803c63392612bbf0f384477ce9217b09ef19b4c336f7082f35fd9c3e8f95fbed77f946fb9d46b0
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-mini-memstick.img) = 46739eb96dbd9e11687cb0ce7c3a88182ce3e9e7c87e80862bac243b2d96cd1d108af6aca1d6e61f1becb6027a2c3cc5d895a8ed3b1961b40e6a0a83fb1742af
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-bootonly.iso) = 390a21ea4cb2ba6c208cd653a1fa5b33896b8bb68c6cb4932c7a690037f4390507f6406b6274075e7817f69f5123642416123a348a10bf5db42d600b56839529
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-disc1.iso) = 09a8653cb4818e43424b077e4c4872f0272a156f14f7e8af4328bece967928ace0fce803850056d7d5a667a22a15a8b621a92e45c4d944a7092c5f9a052cd9ee
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-memstick.img) = 3ce7aad46ba1506bc07df910ea59bf54290baf57ee32fe5efcf7506e4db38fdede243c26bc1d5f240e25d45c12b7e275d45a37135193f4cfea37f8b3cdc8b39d
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-mini-memstick.img) = 5c219a50583169d3b8ef192088db61691a97c2cacfdb3ba5f31a698ae867f7d4c1803fb7e97880847a753cf659fca53e0daaf9c4c6a0dde7c9c7a4d5fb93cc18

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlpK6VIACgkQgZsRom/9
GI3ZYxAAyzDFF0kl29rRAh85tSfL7IER8Vvtb5ZW2ub7QOiqr3S8KL2QfGBpLi5m
nxLn4M+7R1PhH2D6MRU9b9axe/Q3l+5BZ6ZEKSx3PH/tUJ5636bDvqRMFewW1fsU
Z5JNx9xZ3Vj9+6xIPvFWXIqws4TgMZi1Is03akcN60uoiJ+w6Vt2q0y7WIDq24xn
y1m/hbuuX85x8AjhXPCfJWoFdxf60So6nm4Ft4ExVllyseP4UXaEDhjublB7vxth
joxg46FpGTNGzM0y25ImJLP6c4YB7G+sr3XdR3vU3Vp1zsCjTjNhg88YClrRkr1e
BZ2MTCY0PxSaSSqLoGn815MQBJVCrMvSuzEKcDSfH2ji9qF17qI9mnBnyqInNjRf
1hRFc08QYBAkXz8aY/FXseFReBlN7//jw6tXRxzvepJZu0V9LXPZIlupk1ADAOHk
s6LSlurSe6OgHptDZ8LV7NI6kBoVfQCpCNYknp/BQH6UUhIUSN4O3dV1YZyh5wWj
tDp1QLmQwoYsvUvosEJXDzYbGwb46TKMC0E/RwWVJcX+w5OsbcbLK7ZrvUaU/1x5
XElvMX+bm9Em6Qhy4ojNkNd6ZlFOfI+I1YFFYGfX+f16enLFIKNuUoOFNxYal8yd
koSL+d4Ihwx/88KaI8VAIsxwU7UY02vP/EYBoFehJis72YdiiS0=
=33Sp
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-10-STABLE-v1000050.1.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt