@opntr opntr released this Nov 2, 2016 · 3092 commits to hardened/10-stable/master since this release

Assets 2

WARNING: this is a security update!

Highlights:

  • OpenSSL: Don't allow too many consecutive warning alerts. CVE-2016-8610 (3944e88) [FreeBSD-SA-16:35.openssl]
  • MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (bb8c1d3) [FreeBSD-SA-16:33.openssh]
  • MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer. (1e74d34)

Changelog

Oliver Pinter + (15):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

avg (6):
      MFC r306801: implement zfs_vptocnp() using z_parent property
      MFC r305539: work around AMD erratum 793 for family 16h, models 00h-0Fh
      MFC r307130: smbus: allow child devices to be added via hints
      MFC r307131: install header files required development with libzfs_core
      MFC r307141: remove a few stray spaces from sys/param.h
      bump __FreeBSD_version for libzfs_core.h

bapt (1):
      MFC r307785:

davidcs (1):
      MFC r307578

delphij (2):
      MFC r308197: MFV r308196:
      Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:

dim (1):
      Pull in r228705 from upstream libc++ trunk (by Eric Fiselier):

ed (1):
      Add posix_tnode to <search.h>.

gjb (1):
      Document EN-16:17-18, SA-16:26-32

hselasky (1):
      MFC r307651: Add support for adjusting the hardware buffering delay for USB audio.

jhb (5):
      MFC 303002: Include process IDs in core dumps.
      MFC 272079,272080: cxgbe/tom: Update for syncache_add locking changes.
      MFC 282039: Don't use ifm_data.  It was used only for self checking debug.
      MFC 289401: cxgbe(4): support for the kernel RSS option.
      MFC 291665,291685,291856,297467,302110,302263: Add support for VIs.

kib (3):
      MFC r306807: When making a pause after detecting hard kill of the single-user shell, ensure that we do sleep for at least the specified time, in presence of signals.
      MFC r306808: Add verbosity around failed reboot(2) call.
      MFC r307821: Use proper type for local variable.

mav (15):
      MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer.
      MFC r294329 (by asomers): Disallow zvol-backed ZFS pools
      MFC r298786 (by asomers): Refactor vdev_geom_attach and friends to reduce code duplication
      MFC r298814 (by asomers): Fix a use-after-free when "zpool import" fails
      MFC r300059 (by asomers): Speed up vdev_geom_open_by_guids
      MFC r300881, r302058 (by asomers): Avoid issuing spa config updates for physical path when not necessary
      MFC r307731: Add names for some DASP devices.
      MFC r304918: Decode some new ATA commands found in ACS-3.
      MFC r307350: Add LUN options to limit UNMAP and WRITE SAME sizes.
      MFC r307374: Add LU option to control reported provisioning type.
      MFC r307507, r307509, r307515: Consider device as clean even if SYNCHRONIZE CACHE failed.
      MFC r306424: MFV r306422: 7254 ztest failed assertion in ztest_dataset_dirobj_verify: dirobjs + 1 == usedo bjs
      MFC r306425: MFV r306423: 7402 Create tunable to ignore hole_birth feature
      MFC r306456: Add #ifdef _KERNEL around send_holes_without_birth_time sysctl.
      MFC r307523: Make pass driver better support CAM_CDB_POINTER flag.

mm (1):
      MFC r307861: Update libarchive to 3.2.2

sbruno (1):
      MFC r308038:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v46.17/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-bootonly.iso) = aad9e8d4c879e77aebe8f6da63654f5f3a5b8fc1dd67cf20e158d537255ca2d0ca1ec9752814a0b7466231e4e49a61be31cc8b9d00e8ceae4f5bf5991a246626
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-disc1.iso) = 4cfb825fad4c9bf2872d3da3aa8e9ec0e58ac9eb75441c9af87f062cf9a6a5353340984d59efeaf906bb184e15b574d82e908d868c45fc7fe6885a326c59972e
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-memstick.img) = e1287439ab32fe7cc8738ff35b2c6fa7faf8960b85104512a28bb5bb3c39ec07c30669e19cb8bf6223e85cce0286a33927f52c38522efde5c92c7a4c103bbc65
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-mini-memstick.img) = f14b0dbe4c2af31a02a8d919fd8ffaf0835a3ac4ff59330a51bb38ba993ea963493e48fabe9c89c564be46eacb0506d060e45356e319315c0d6f94dea28eab12
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-bootonly.iso) = 05170a1ea94e3b828ba501a76bf544d7c3082539b7ed0c555381c0c53faa878e103d2faf155fcda8d705ebefb8e0b4e08288a56e9412f1c8d15b7bd771c9a5cc
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-disc1.iso) = 36e8325dc103e12472b0a68ccae88ff632400fb9fc70f77857ee757c33342ab0f22f877801384ecc39cd77dbccf1e2cc78cf0564b0d86a3f3d225cc6fcded5c3
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-memstick.img) = 58d1abe6a6e55d88e77840a4ea804c0b789b79981f11a1c0ee4d4c0ec8ddecd3dbf6754d97f254d06bfeabdd0ffa725c6d76150ecd64604c85b23760ddbd92ef
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-mini-memstick.img) = 7cae17f04dec06c67f4307dc12114897fd87560a5dcf800b79497316ca328abbcaba2406daf9d4bb1e728f5b50741ee9217215b2bd425aa9bd32309328d8173e

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYGdoMAAoJEIGbEaJv/RiNyWIQAMVKOe8zAIrAQLiIvx2GqGMp
JluKdh5+dgRcDlDXBrnbpWthsCNx22zfIYfPKezH7qVdd+yIMAI5pr3K19IADWDb
JkJjAishvAnxmUsF0MjLuk7zWkuKmxpN7ZBRTZUrSkN6qzQqvelK68NPi+fXCJJr
62kMOmoQfmswNu9SzCAPCSN9eSsg2f4F36oYLCiHsVAybWhyDWiikJLii74cCOVx
YgSSnLU07mDhq3DKHV5l41lKHtGEL99UwoaVT0fdQrPqf/saSb0Pw7Z019cOeg7e
vq4o+uAKgbPe6w+QUAYnc6hNU5w/md1ljP5cXHGg1GkXw5sHVXnvbS871/4tyghx
v05MOeM1srHyLkv0EznA/raWfs2okZ7P59pCrNvd9FYeJquk4dk7ItSF20fStoEm
RN1g6cCrLwtfzKNWKaP66vnLjtdZt4kKTkSvXomIzJlI4mHAWIAxH430/zqOEy4O
QUWrN3I7FHA3O0HCVdEm6fcyMmlL6YN5Cb9waMyDMM/jZX/ZePnpgZd7S2o1nRpa
HxkpIllpsclYr0cEzGwucdSWOUUf2xYvnjF5P5koaUI/B98ZfDS8j1oBqvizJtGf
ArWZsGlrPmSZkJF5LiB0nJ7d2JBESB5CrAKpcEN1hfskLnyQWEfyFlpDLNJydW4u
XGtCwRGzoGcaFGir3D1g
=z6fM
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-10-STABLE-v46.17.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt