HardenedBSD-10-STABLE-v46.23

@opntr opntr released this Jan 11, 2017 · 386 commits to hardened/10-stable/master since this release

WARNING: this is a security update!

Highlights:

  • Fix multiple OpenSSH vulnerabilities. (01991d8) [https://security.freebsd.org/advisories/FreeBSD-SA-17:01.openssh.asc]
  • Skylake support for hwpmc
  • Changed settings for newsyslog (7043b78)
  • Added /var/log/pkg.log log to store the packages lifecycle
  • Update to ACPICA 2016122 to fix Skylake issues
  • Hyper-V updates

Changelog

Oliver Pinter (35):
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: fix merge conlict in contrib/libarchive/tar/test/test_option_lz4.c
      HBSD: welcome 2017!
      HBSD: remove unneeded CTRs from ASLR code
      HBSD MFC: Relax sanity check of number fields in tar header even more.
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: resolve merge conflict in lib/libarchive/tests/Makefile
      HBSD MFC: Use the correct event table for Haswell Xeon events
      HBSD MFC: hwpmc style(9) cleanup
      HBSD MFC: Fix various bugs in Haswell counter definitions
      HBSD MFC: Fix pmc unit restrictions to match documentation
      HBSD MFC: Add manpage for Haswell Xeon pmc implementation
      HBSD MFC: Fix Sandy Bridge+ hwpmc branch counters
      HBSD MFC: Support architectural events on Haswell/Ivy Bridge
      HBSD MFC: Fix Ivy Bridge+ MEM_UOPS_RETIRED counters
      HBSD MFC: Add missing counter definitions
      HBSD MFC: hwpmc: Fix event number to match enum name
      HBSD MFC: Remove extra whitespaces from hwmpc.
      HBSD MFC: hwpmc: add initial Intel Broadwell support.
      HBSD MFC: Use fixed enum values for PMC_CLASSES().
      HBSD MFC: properly inherit the pmcids in child
      HBSD MFC: Add support for Intel Skylake and Intel Broadwell PMC's.
      HBSD MFC: add backward compatible way to provide tunables
      HBSD MFC: More fixes in the various intel processors.
      HBSD MFC: Remove tautological cast.
      HBSD MFC: fix the "[pmc,X] negative increment" assertion on the context switch
      HBSD MFC: Don't panic in hwpmc when stopping sampling.
      HBSD MFC: hwpmc: remove sys/capability.h backwards compatibility
      HBSD MFC: Connect pmc.haswellxeon(3) to the build; looks like it was missed in r279829.
      HBSD MFC: Fix PMC architecture check to handle later IPAs including Skylake
      HBSD MFC: Restore priority value for OGIO_KEYMAP
      HBSD: log pkg changes to /var/log/pkg.log
      HBSD MFC: Merge ACPICA 20161222 from FreeBSD 12-CURRENT.
      HBSD: add the output destination to the correct line in syslog.conf
      HBSD MFC: Increase the default rotation threshold of log files from 100kb to 1000kb

Oliver Pinter + (39):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

arybchik (65):
      MFC r310627
      MFC r310677
      MFC r310678
      MFC r310679
      MFC r310680
      MFC r310681
      MFC r310682
      MFC r310683
      MFC r310684
      MFC r310685
      MFC r310686
      MFC r310687
      MFC r310688
      MFC r310689
      MFC r310690
      MFC r310691
      MFC r310692
      MFC r310693
      MFC r310694
      MFC r310695
      MFC r310696
      MFC r310699
      MFC r310704
      MFC r310708
      MFC r310709
      MFC r310713
      MFC r310714
      MFC r310715
      MFC r310716
      MFC r310717
      MFC r310719
      MFC r310741
      MFC r310742
      MFC r310745
      MFC r310746
      MFC r310747
      MFC r310748
      MFC r310749
      MFC r310752
      MFC r310754
      MFC r310755
      MFC r310756
      MFC r310758
      MFC r310760
      MFC r310762
      MFC r310764
      MFC r310770
      MFC r310810
      MFC r310811
      MFC r310812
      MFC r310819
      MFC r310820
      MFC r310744
      MFC r310750
      MFC r310753
      MFC r310816
      MFC r310765
      MFC r310813
      MFC r310818
      MFC r310814
      MFC r310815
      MFC r310817
      MFC r311638
      MFC r311639
      MFC r311640

avg (6):
      define Maxmem for ia64, the only platform that didn't have it
      MFC r309097: MFV r308987: 7180 potential race between zfs_suspend_fs+zfs_resume_fs and zfs_ioc_rename
      MFC r309098: MFV r308988: 7199, 7200 dsl_dataset_rollback_sync may try to free already free blocks
      MFC r309099: MFV r308990: 7181 race between zfs_mount and zfs_ioc_rollback
      MFC r309250: MFV r309249: 3821 Race in rollback, zil close, and zil flush
      MFC r308530: iicsmb: SMB_MAXBLOCKSIZE can be used again

bapt (1):
      Bump copyright year.

bdrewery (1):
      MFC r309477:

cy (1):
      MFC r311005

delphij (5):
      MFC r310608: Avoid use after free.
      MFC r310609: Don't use high precision clock for expiration as only second portion is used.
      MFC r310611:
      MFC r310614: Don't assign rtjp twice.
      MFC r311914: MFV r311913:

des (2):
      MFH (r267371, r297754, r299520): nits and style
      MFH (r301027): fix 307 / 308 redirects MFH (r310823): fix multi-line CONNECT responses

dim (1):
      MFC r257398 (by sbruno):

hselasky (4):
      MFC r310388: Make a read only pointer constant.
      MFC r310387: Add more comments regarding collection of statistics counters.
      MFC r310058: Fix initialisation of mlx4_pci_table's .driver_data fields.
      MFC r310242: Defer USB enumeration until the SI_SUB_KICK_SCHEDULER is executed to avoid boot panics in conjunction with the recently added EARLY_AP_STARTUP feature. The panics happen due to using kernel facilities like callouts too early.

jhb (4):
      MFC 309581,309582,310424: Document T6 support.
      MFC 306562: Handle 64-bit system call arguments (off_t, id_t).
      MFC 306563: Decode arguments to truncate and ftruncate.
      MFC 306564: Expose kernel-only errno values if _WANT_KERNEL_ERRNO is defined.

jilles (2):
      MFC r309836: Add some tests for reaper functionality (in procctl()).
      MFC r309957: Add tests for reaper receiving SIGCHLD (r309886).

kib (17):
      MFC r310302: Do not clear KN_INFLUX when not owning influx state.
      MFC r309886: When a zombie gets reparented due to the parent exit, send SIGCHLD to the reaper.
      MFC r310552: Some style.
      MFC r310554: Some optimizations for kqueue timers.
      Remove stray blank line added due to mismerge.
      MFC r310613: Style.
      MFC r310616: Remove redundancy in vmtotal().
      MFC r310834: Assert that the pages found on the object queue by vm_page_next() and vm_page_prev() have correct ownership.
      MFC r310821: Style.
      MFC r310925: Remove unused declaration.
      MFC r310982: Ansify vm/vm_pager.c.  Style.
      MFC r267546 (by alc): Tidy up the early parts of vm_map_insert().
      MFC r311055: Remove unneeded externs keywords.  Reindent long lines.
      MFC r310615: Change knlist_destroy() to assertion.
      MFC r311108: Move common code from kern_statfs() and kern_fstatfs() into a new helper.
      MFC r311111: Style.
      MFC r311113: There is no need to use temporary statfs buffer for fsid obliteration and prison enforcement.  Do it on the caller buffer directly.

markj (1):
      MFC r310647: Remove an obsolete pragma from dtrace.h.

mav (32):
      MFC r309297: Make SES status updates more aggressive.
      MFC r310230: Don't treat informational exceptions (warnings and impending failures) a.k.a. SCSI SMART events as errors.  Log them to console and continue.
      MFC r294558: Hide "soconnect() error" messages under bootverbose.
      MFC r295476 (by trasz):  Remove stray semicolons from the iSCSI code.
      MFC r298810 (by pfg): sys/cam: spelling fixes in comments.
      MFC r310257: Improve support for informational exceptions.
      MFC r310259: Following SPC-5, make REQUEST SENSE report "Logical unit not supported" in returned parameter data for not accessible LUNs.
      MFC r310265: Add set of macros to simplify code access to mode pages fields.
      MFC r310266: Add support for NUAR bit in Control mode page.
      MFC r310272: Add new bits into Extended Inquiry VPD page.
      MFC r310275: Fix typo in function name.
      MFC r310284: When writing fixed format sense data, set VALID bit only if provided value for INFORMATION field fit into available 4 bytes (has no non-zero bytes except last 4), as explicitly required by SPC-5 specification.
      MFC r310285: When reporting "Logical block address out of range" error, report the LBA in sense data INFORMATION field.
      MFC r310298: Improve error handling when I/O split between several BIOs.
      MFC r310339: Bump specifications support to SAM-6/SPC-5.
      MFC r310356: Add support for locally assigned RFC 4122 UUID LUN identifiers.
      MFC r310360, r310361: Report UUID and MD5 LUN IDs.
      MFC r310366: Add support for SITUA bit in Logical Block Provisioning mode page.
      MFC r310373: Add support for REPORTING OPTIONS == 3 in REPORT SUPPORTED OPERATION CODES.
      MFC r310389: Fix REPORT SUPPORTED OPERATION CODES for READ/WRITE BUFFER commands.
      MFC r310390: Add support for REPD bit in RSTMF command.
      MFC r310478: Add place-holders for TAPE STREAM MIRRORING subcommands of XCOPY.
      MFC r310489: Implement printing forwarded sense data.
      MFC r310524: Improve length handling when writing sense data.
      MFC r310534: Improve third-party copy error reporting.
      MFC r297756: Add couple new constants from SPC5r08.
      MFC r305591: Decode ATA Status Return descriptor.
      MFC r311446: Fix bootverbose affecting code logic in r294558.
      MFC r310633: Add MAX_LUNS overflow safety checks.
      MFC r309251: Process port interrupt even is PxIS register is zero.
      MFC r309252: Add more ASMedia PCI IDs from different sources.
      MFC r310703: Pass proper arguments (handles, not directly structure pointers) to scif_cb_domain_device_removed().

mjg (3):
      MFC r303583:
      MFC r301157:
      MFC r285706,r303562,r303563,r303584,r303643,r303652,r303655,r303707:

mm (1):
      MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:

ngie (67):
      MFstable/11 r310506:
      MFstable/11 r310561:
      MFstable/11 r310563:
      MFstable/11 r310565:
      MFstable/11 r310567:
      MFstable/11 r310569:
      MFstable/11 r310571:
      MFstable/11 r310670:
      MFstable/11 r310672:
      MFstable/11 r310730:
      MFstable/11 r310732:
      MFstable/11 r310875:
      MFstable/11 r310877:
      MFstable/11 r310899:
      MFstable/11 r310901:
      MFstable/11 r310904:
      MFstable/11 r310905:
      MFstable/11 r310909:
      MFstable/11 r310911:
      MFstable/11 r310902:
      MFstable/11 r310896:
      MFstable/11 r310897:
      MFstable/11 r310990:
      MFstable/11 r310992:
      MFstable/11 r310997:
      MFstable/11 r311107:
      MFstable/11 r311152:
      MFstable/11 r311207:
      MFstable/11 r311209:
      MFstable/11 r311212:
      MFstable/11 r311213:
      MFstable/11 r311215:
      MFstable/11 r311217:
      MFstable/11 r311465:
      MFstable/11 r311467:
      MFstable/11 r311551:
      Regenerate src.conf(5)
      MFC r311239:
      MFC r311242:
      MFC r310954,r310987,r311222:
      MFC r310931,r310942,r310988:
      MFC r310497:
      MFC r310957,r310958,r310960:
      MFC r310952:
      MFC r310501:
      MFC r311291:
      MFC r311270:
      MFC r311246:
      MFC r311272:
      MFC r311249:
      MFC r311269:
      MFC r311271:
      MFC r311250:
      MFC r311228:
      MFC r311273:
      MFC r311240:
      MFC r311235:
      MFC r311248:
      MFC r311247:
      MFC r311245:
      MFC r310984,r311102:
      MFC r311393:
      MFC r311382:
      MFC r311384:
      MFC r311505:
      MFC r311112,r311115:
      MFC r311114:

np (2):
      MFC r309666, r310033, r310049, r310100, r310152, and r310807.
      MFC r310151 and r311173.

pfg (2):
      MFC r310367: pax(1):  Fix a bug with archives smaller than 512 bytes.
      MFC r310705, r310706: style(9) cleanups.

sephe (27):
      MFC 308664,308742,308743
      MFC 308905
      MFC 308906
      MFC 308907
      MFC 308908,308909
      MFC 309030,309039,309080,309081,309083
      MFC 309085
      MFC 309128,309129,309131-309136,309138-309140,309224,309225
      MFC 309226-309231,309235
      MFC 309236,309237
      MFC 309240,309242,309244,309245,309319,309670
      MFC 309310,309311,309316,309318
      MFC 309320,309726,309728
      MFC 309346,309348
      MFC 309704
      MFC 309705
      MFC 309874,309875
      MFC 310048,310101
      MFC 310312-310314
      MFC 310315
      MFC 310317
      MFC 310318
      MFC 310324
      MFC 310347
      MFC 310462,310465
      MFC 310651
      MFC 310652,310657,310658

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v46.23/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-bootonly.iso) = beaeb17d9e57d1cbb99ffc42720ce02c47da022774d15c1e7572f7b740218934687fb881e952eaaf0876a14b15458f592fcdd1c9681873be0f53f57894167f5d
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-disc1.iso) = 97e534f74b9b05c75eb883190517509204ad5d45793822b7d70d82bbdab4a6bca81d06122c144fdc0f17d26e08f12a9dd50e3ce0ad855689320e0d4ea63cdd5c
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-memstick.img) = e55c0cbb1494854b84ebd0a32d60c259f2341e100c81c6eaa60faeb95e94aaee6dd855583b1575e2b0dc971f392236c19f8e5759b94df83bdbd70beeaa0eaa5f
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-mini-memstick.img) = f3df1e031cc56c1abba6cf1577c079b6f9234bac04b6c4ee290c6982cbece49cdc0d0980a3bfe14e28a27c5c796387c4c5a3131e2afe439e6cf0966bad5c7eb3
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-bootonly.iso) = 2201d710301b936a7726b82ba5ebd00210d4fef2bb555ee685e9425c29bf4433c95af4cbdb85a26981f00edff4397ff321c39f40b830812abf24c99d0b373ee7
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-disc1.iso) = b98006e8905200449cbf50c0e9dcb99a6705eccf9ee21be5d80bade5dd2762da4a16a51d8722cc4db557a7d35b0cf07d7b33e378a9ccac88c46f76f701e57b93
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-memstick.img) = a48329729e328b12b90930b1231b3720af41fdf44e7e6c2f2c1cd8307811da4089ab13fa17e66c5098d9320120f1a1eaf34d6a3b29e67520b9aa2371daa36b76
SHA512 (HardenedBSD-10-STABLE-v46.23-amd64-uefi-mini-memstick.img) = 0c71b037d5569da32b87fd749477c51e7d8756f08613b99660a294ae1d502d3d235d5d4323ab82ada3f0922a40a439dafdc309fdb92a435224aa591b32e9cf00

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlh21KwACgkQgZsRom/9
GI1qrA/8CizObUwE2nzZG7PXq0c4si1W/cVeMKFGvrp5MkSLG7hZfxtnNJmck1rF
dS/nNRQ2P1Rur4MI+m1GR33D3uF2bTV03YNXtclJ8D/R3eeYRd0Ee8V8cOh/ZcVa
BukZPhvlWiwJmhMacZh2cv+b85GUbaE9VzWhAYNffKtUeFJMHLhmJmILoHigdwRN
RCUKMl/oQZqcegxFnAoxmStJgkEui8HcrsoKprsWmWon4pmerMw5hkbPq8PBntea
nC79eVWy00QSWeloRHncLnFLQxWpcO2FU5HH3cpXGNV0JXE4G7ihxPaz3KMc318G
Ptvme6nMfKULZMDBVXd7XpXJP56x9fCUlGmJrhumMBfDyv8mAkTud7aJx0yS9PAc
Orl82U3Jbk2BAX/FJjeQhGUoNYKyrBQp19T5/hJO00MqEc+/xkxdQNjc7Cd3f8jL
P/BDdUwqZFEmVjZTONamBaKA5HazD+LXuJv107qTLxO257xwoSJbwlccFh/rcHrE
vgBpULno486o84fEzyOUe4gME04U2VjwlsGF+FCtAIwgciQc1gLXZRfXXLv1KfU1
kzww4hKMy/ubfdoLRawXYCM6AB+AjMg0eoVIYBQaWyV/I/AA2rYHzycanxCaU1yy
O4Mwbl50UW2pnHq5Ebq+I++g2QZTQ07KzPiPPq2UCh7Dz5jkJ9g=
=RvOg
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-10-STABLE-v46.23.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

Downloads