@opntr opntr released this Aug 2, 2017 · 14291 commits to hardened/10-stable/master since this release

Assets 2

Highlights:

  • Restrict permissions on /dev/ksyms to 0400. (0781c59) [FreeBSD-SA-Candidate]
  • ZFS updates
  • Add virtio-console support to bhyve (eaaa8cd)
  • Update to libarchice 3.3.2

Changelog

Oliver Pinter + (47):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (2):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (1):
      MFC r321203:   Add HPE FlexFabric 10Gb 4-port 536FLR-T device id to the bxe(4) driver.

alc (8):
      MFC r315597   Style fixes.  In particular, the variable "bogus" is used like a Boolean.   Define it as such.
      MFC r320498   Clear the MAP_WIREFUTURE flag on the vm map in exec_new_vmspace() when it   recycles the current vm space.  Otherwise, an mlockall(MCL_FUTURE) could   still be in effect on the process after an execve(2), which violates the   specification for mlockall(2).
      MFC r315621   Use IDX_TO_OFF(), not ptoa(), when converting the difference between two   vm_pindex_t's into a vm_ooffset_t.
      MFC r320546   When "force" is specified to pmap_invalidate_cache_range(), the given   start address is not required to be page aligned.  However, the loop   within pmap_invalidate_cache_range() that performs the actual cache   line invalidations requires that the starting address be truncated to   a multiple of the cache line size.  This change corrects an error in   that truncation.
      MFC r319756   Style and comment fixes
      MFC r320319   Increase the pageout cluster size to 32 pages.
      MFC r319905
      MFC r320077   Change blist_alloc()'s allocation policy from first-fit to next-fit so   that disk writes are more likely to be sequential.  This change is   beneficial on both the solid state and mechanical disks that I've   tested.  (A similar change in allocation policy was made by DragonFly   BSD in 2013 to speed up Poudriere with "stressful memory parameters".)

avos (1):
      MFC r321401: net80211: do not allow to unload rate control module if it is still in use.

bapt (2):
      MFC r320988:
      MFC r320267, r320270-r320271, r320478

bcr (1):
      MFC r321023:

bdrewery (4):
      MFC r320806:
      MFC r320883:
      MFC r320292:
      MFC r320273:

davidcs (3):
      MFC 320694 Allow MTU changes without ifconfig down/up
      MFC 320705   Release mtx hw_lock before calling pause() in qla_stop() and   qla_error_recovery()
      MFC 321233   Raise the watchdog timer interval to 2 ticks, there by guaranteeing   that it fires between 1ms and 2ms. `   Treat two consecutive occurrences of Heartbeat failures as a legitimate   Heartbeat failure

dchagin (4):
      MFC r320814:
      MFC r321366:
      MFC r320836:
      MFC r320837:

delphij (3):
      MFC r320986:
      MFC r320433:
      MFC r320468:

dim (3):
      MFC r321305:
      MFC r321306:
      MFC r321342:

ed (1):
      MFC r320240:

emaste (18):
      MFC r320056: arm: set appropriate section flags for .init_pagetable
      MFC r320065: arm: add .arch_extension sec for smc instruction
      MFC r319219: add a sanity check before installworld on the running system
      MFC r319516: tsan: set noexec stack on aarch64
      MFC r319890: Correct bitwise test in mac_bsdextended ugidfw_rule_valid()
      MFC r320235: retire arm64 kernel module linker workaround
      MFC r313547, r313777: fix mouse selection when vt(4) scrolls
      readelf: fix printing of DT_FILTER and some other DT_* values
      MFC r321218: zfs: Fix a typo in the delay_min_dirty_percent sysctl description
      MFC r319718: arm64: add ".arch armv8-a+crc" to allow use of crc instructions
      MFC r312857: Use cross-NM (XNM) in compat32 build
      MFC r316055: makefs: sort roundup with the other off_t members in fsinfo_t
      MFC r319513: linux vdso: pass -fPIC to the assembler, not linker
      MFC r321302: add arm64 objcopy output target for embedfs
      MFC r321294: acpidump: use C99 designated initializers
      MFC r321299: acpidump: add GIC ITS srat type
      revert r321601, it depends on an ACPICA update not yet merged
      MFC r321436: ar: handle partial writes from archive_write_data

gjb (10):
      MFC r320969:  Fix a missing comment marker.
      - Set stable/11 from -PRERELEASE back to -STABLE. - Update version entities in release.ent.
      - Fix the 'release.prev' entity for the 11.1-RELEASE errata. - Prune stale entries from 11.0-RELEASE. - Bump copyright year.
      Prune one more missed entry from 11.0-RELEASE.
      Fix a typo.
      Trim stale entries from 11.0.
      Mention arm64 lacking EFI RTC support, and a workaround.
      Document a late-discovered issue where 'root on ZFS' installations on arm64 fail to find the root pool.
      Add a note regarding VirtualBox vboxguest panics during 11.1-RC2.
      Add an errata entry to reflect an incorrect attribution for r315330.

jhb (1):
      MFC 321075: Set the current vnet pointer in the socket buffer AIO handler.

ken (1):
      MFC r321207:   ------------------------------------------------------------------------   r321207 | ken | 2017-07-19 09:39:01 -0600 (Wed, 19 Jul 2017) | 14 lines

kib (14):
      MFC r320989: Language improvements.
      MFC r320868: Fix warnings, adjust style.
      MFC r320936,r320937,r320938: Fix size argument to vm_pager_allocate().
      MFC r320982: Correct sysent flags for dynamically loaded syscalls.
      MFC r321173: Convert assertion that only vmspace owner grows the stack, into a check blocking grow from other processes accesses.
      MFC r319871: Make struct syscall_args visible to userspace compilation environment from machine/proc.h, consistently on all architectures.
      MFC r319873: Move struct syscall_args syscall arguments parameters container into struct thread.
      MFC r319874: Print unimplemented syscall number to the ctty on SIGSYS, if enabled by the knob kern.lognosys.
      MFC r319875: Add ptrace(PT_GET_SC_ARGS) command to return debuggee' current syscall arguments.
      MFC r319876: Update scescx test to print syscall number and arguments.
      MFC r321247: Add pctrie_init() and vm_radix_init() to initialize generic pctrie and vm_radix trie.
      MFC r321217: Remove unused function swap_pager_isswapped().
      MFC r314319 (by oshogbo): Don't try to open devices in the gettc() function  which will always fail in the Capability mode. Instead silently fallback to the syscall method, which is done for example in the gettimeofday(2) function.
      MFC r321371: Do not allocate struct kinfo_vmobject on stack.

kp (2):
      MFC r312943
      MFC r321370

markj (9):
      MFC r320895: Don't dlclose NSS modules from nss_atexit().
      MFC r320918, r321035: Have mkdumpheader() handle version string truncation.
      MFC r321356: Fix top(1) output when zfs.ko is loaded but ZFS is not in use.
      MFC r320896: Add a subroutine for comparing kerneldump identifiers.
      Include stdbool.h for r321447.
      MFC r321228: Allow matches of truncated version strings.
      MFC r321437: Fix style and wrap lines to 80 columns in savecore.c.
      MFC r321639: Restrict permissions on /dev/ksyms to 0400.
      MFC r321640: Fix style bugs in ksyms.c.

mav (74):
      MFC r320729: Add GEOM::descr attribute for symmetry with GEOM::ident.
      MFC r302850: Make PCI interupts allocation static when using bootrom (UEFI).
      Revert unexpected changes leaked into r321411.
      MFC r305898, r309120, r309121 (by jceel): Add virtio-console support to bhyve.
      MFC r302843: Increase number of I/O APIC pins from 24 to 32 to give PCI up to 16 IRQs.
      MFC r303630 (by allanjude): Make boot code and loader check for unsupported ZFS feature flags
      MFC r305701 (by allanjude): MFV r268120: 4936 lz4 could theoretically overflow a pointer with a certain input
      MFC r309096 (by avg): MFV r308989: 6428 set canmount=off on unmounted filesystem tries to unmount children
      MFC r312535: MFV 312436
      MFC r313813: MFV 313786
      MFC r314112 (by tsoome): loader: update symlink support in zfs reader
      Fix mismerge in r321525.
      MFC r314267: MFV 314243
      MFC r314280: MFV 314276
      MFC r315896: MFV r315290, r315291: 7303 dynamic metaslab selection
      MFC r316037: MFV: 315989
      MFC r317235: MFV 316868
      MFC r317237: MFV 316870
      MFC r317238: MFV 316871
      MFC r317267: MFV 316891
      MFC r317414: MFV 316894
      MFC r317507: MFV 316895
      MFC r317511: MFV 316896
      MFC r317522: MFV 316897
      MFC r317527: MFV 316898
      MFC r317533: MFV 316900
      MFC r317541: MFV 316905
      MFC r317648: Fix misport of compressed ZFS send/recv from 317414
      MFC r318812: MFV r316860: 7545 zdb should disable reference tracking
      MFC r318814: MFC r316904: 7729 libzfs_core`lzc_rollback() leaks result nvl
      MFC r318818: MFV r316907: 1300 filename normalization doesn't work for removes
      MFC r318819: MFV r316908: 7541 zpool import/tryimport ioctl returns ENOMEM because provided buffer is too small for config
      MFC r318821: MFV r316912: 7793 ztest fails assertion in dmu_tx_willuse_space
      MFC r318822: MFC r316913: 7869 panic in bpobj_space(): null pointer dereference
      MFC r318823: MFC r316914: 7801 add more by-dnode routines
      MFC r318824: MFV r316915: 7801 add more by-dnode routines (lint)
      MFC r318827: MFV r316916: 7970 zfs_arc_num_sublists_per_state should be common to all multilists
      MFC r318828: MFV r316917: 7968 multi-threaded spa_sync()
      MFC r318829: MFV r316920: 8023 Panic destroying a metaslab deferred range tree
      MFC r318831: MFV r316922: 5380 receive of a send -p stream doesn't need to try renaming snapshots
      MFC r318833: MFV r316925: 6101 attempt to lzc_create() a filesystem under a volume results in a panic
      MFC r318920: MFV r316924: 8061 sa_find_idx_tab can be declared more type-safely
      MFC r318921: MFV r316928: 7256 low probability race in zfs_get_data
      MFC r318923: zfs_putpages: assert that sa_bulk_update() must succeed
      MFC r318924 (by avg): arc_init: make code closer to upstream by introducing 'allmem' variable
      MFC r318925: MFV r316929: 6914 kernel virtual memory fragmentation leads to hang
      MFC r318928: MFV r318927: 8025 dbuf_read() creates unnecessary zio_root() for bonus buf
      MFC r318930: MFV r318929: 7786 zfs`vdev_online() needs better notification about state changes
      MFC r318932: MFV r318931: 8063 verify that we do not attempt to access inactive txg
      MFC r318935: MFV r318934: 8070 Add some ZFS comments
      MFC r318945: MFV r318944: 8265 Reserve send stream flag for large dnode feature
      MFC r319672 (by allanjude): New sentences start on new lines, fix two violations
      MFC r319748: MFV r319738: 8155 simplify dmu_write_policy handling of pre-compressed buffers
      MFC r319749: MFV r319739: 8005 poor performance of 1MB writes on certain RAID-Z configuration s
      MFC r319750: MFV r319741: 8156 dbuf_evict_notify() does not need dbuf_evict_lock
      MFC r319751: MFV r319740: 8168 NULL pointer dereference in zfs_create()
      MFC r319947: MFV r319945,r319946: 8264 want support for promoting datasets in libzfs_core
      MFC r319949: MFV r319948: 5428 provide fts(), reallocarray(), and strtonum()
      MFC r319953: MFV r319951: 8311 ZFS_READONLY is a little too strict
      MFC r320153: revert r315852 which introduced zio_buf_alloc_nowait for use in vdev_queue_aggregate
      MFC r320156, r320185, r320186, r320262, r320452, r321111: MFV r318946: 8021 ARC buf data scatter-ization
      MFC r320237: MFV r318947: 7578 Fix/improve some aspects of ZIL writing.
      MFC r320238: MFV r319742: 8056 zfs send size estimate is inaccurate for some zvols
      MFC r320239: MFV r319950: 5220 L2ARC does not support devices that do not provide 512B access
      MFC r320352: zfs: port vdev_file part of illumos change 3306
      MFC r320152 (by avg): fstyp: move sys/ include path after zfs include paths
      MFC r307865 (by tsoome): loader should boot pre-feature flags pools.
      MFC r314504 (by tsoome): loader: r314112 did introduce dereference freed pointer entry
      MFC r320492: Polish target_id/target_lun setting for ATIOs/INOTs.
      MFC r320574: Slightly unify SNS requests for post- and pre-24xx.
      MFC r320575: Move comment respecting previous commit.
      MFC r320604, r320865: Switch fabric scans from GID_FT to GID_PT+GFF_ID/GFT_ID.
      MFC r320493: Unify INOT/ATIO setup.
      MFC r320495: Allow status aggregation for ramdisk reads.

mm (1):
      MFC r320927,320931,320932: Bump libarchive to 3.3.2

ngie (72):
      MFC r318325:
      MFC r319834,r319841,r320723,r320724:
      MFC r319928:
      MFC r319855,r319856,r319858:
      MFC r319857:
      MFC r320172,r320173:
      MFC r318180:
      MFC r319846:
      MFC r319836:
      MFC r307873,r314397,r314399,r314419,r314420,r314533,r316553:
      MFC r321109:
      MFC r316557:
      MFC r316549,r316550,r316551,r316554:
      MFC r316558:
      MFC r318705,r318711:
      MFC r318257,r318278:
      MFC r319844,r319845:
      MFC r318695:
      MFC r318701,r319842:
      MFC r303212,r319642,r319830:
      MFC r319850:
      MFC r318255:
      MFC r319800,r319806:
      MFC r302500,r319339,r319543,r319544,r319551,r321138:
      MFC r316552,r319662:
      MFC r319048,r319049,r319051,r319054:
      MFC r318715,r318717,r318718,r318719,r318720,r318721:
      MFC r318710:
      MFC r318704,r318708,r318709:
      MFC r318280:
      MFC r318707:
      MFC r318703:
      MFC r318712:
      MFC r318706:
      MFC r318702:
      MFC r319026:
      MFC r319063:
      MFC r319293:
      MFC r318693,r318694:
      MFC r318722:
      MFC r316817:
      MFC r318723:
      MFC r312521,r313397:
      Relnotes:	yes (subtle output/behavior change)
      MFC r316602:
      MFC r316600:
      MFC r316601:
      MFC note:	cnv(9) diff ignored since API/manpage not present on 		^/stable/11.
      MFC note:	content changes based on r309745 not included.
      MFC r316076:
      MFC r321235:
      MFC r310329: r310329 (by cem):
      MFC r316818:
      MFC note:	content changes of r317315 were reversed. .Dd is being updated 		for diff reduction purposes.
      MFC note:	only the newsyslog.conf.d change has been backported to unbreak 		"make distribution" with etc/newsyslog.conf.d/opensm.conf 		installation. The cron.d and syslog.d changes were omitted by 		request to avoid churn on ^/stable/{10,11}. Requested by:	jhb, peter
      MFC r320135:
      MFC r318960,r319545,r319546,r319548,r321261:
      MFC r316102:
      MFC r314893:
      MFC r314654:
      MFC r314653:
      MFC r314479:
      MFC r314454,r314455:
      MFC r314475:
      MFC r314543:
      MFC r321240:
      MFC r316603,r321214:
      MFC r320445:
      MFC r320446:
      MFC r320443,r320444:
      MFC r320441,r320442:
      MFC r320491:

pfg (2):
      Revert r316779: Remove (yet again) the definition for the GCC __nonnull() attribute.
      MFC r320990, r321011:

philip (1):
      MFC r320941: Fix GRE over IPv6 tunnels with IPFW

rmacklem (3):
      MFC: r320659 Add a Bugs section that indicates that the nfsuserd doesn't work when jails are being used on the system. It is hoped that the patches in PR#205193 will someday get tested/debugged so that they can be MFC'd to fix this.
      MFC: r321248 Update the nfsv4 man page to reflect recent changes to support the newer RFCs (5661 and 7530). The main man changes are for the case of "numbers in strings" for user/groups that RFC7530 allows and avoids use of nfsuserd(8).
      MFC: r321314 r320062 introduced a bug when doing NFSv4.1 mounts against some non-FreeBSD servers.

sephe (5):
      MFC 321286
      MFC 321406
      MFC 321407
      MFC 321408
      MFC 321409

sjg (1):
      MFC bmake-20170720

trasz (1):
      MFC r320359:

wulf (1):
      MFC r319162: psm: add support for evdev protocol

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100048.1/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100048.1-amd64-bootonly.iso) = c487f5693e2fac4d722a6cf72084e7fca243ef1864bfa9966c3a3e1fe621c0a92e6496bdf06845b3a6ab66e087df061701f9bc4f00921481ae45e328b026ef17
SHA512 (HardenedBSD-11-STABLE-v1100048.1-amd64-disc1.iso) = 12dc23a7b121b83c5fdcde13eb75456b7d0ab1c47d7591346771ca37533415cebae81c0245a51afe467a9fcb1a342781823a3cf6e971d13fb050b511a835da4a
SHA512 (HardenedBSD-11-STABLE-v1100048.1-amd64-memstick.img) = 28f7d76b8e3ed76a46bd3d1378074171173d0504f8a20cea87d22380a6c4d0e2713f7d20cbe58d5a97632eaabe395b393d4b85dd9d5f29835d85f5fba3e5eb9a
SHA512 (HardenedBSD-11-STABLE-v1100048.1-amd64-mini-memstick.img) = b4c48c49ff4ce4b1ff40f92ce977699ed03e59eff633d20e9fd81712d2980d91edd65665b190d990f109937a0676a3489aa9c3de9044405781b6af5ff5acee76

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlmBLeoACgkQgZsRom/9
GI1HRg/9FRZb0k5hO63oKoVpUL1Qq0lCx7A9tLRwklDAR7uyIPlJNgZFuLMCThOo
AvJYRQ/gmpIVagTTjAZJL4lr786eBX3SxAy/dqxa3DtTgxqoVNHiIZD82WVhkVAr
Ih4U3W4b8RzTRneEjJaSxNlXgwcY8Nitxl6LQMojPOmo+/pBE5FqvkaHC3vMQOZB
RjoubIA6S/fYBxf0Hsdx/ZKpR3FJdsYB345ANSavmQx+y2rcZ3/cUYEPn3dJKy3I
oQVmYS1IzRJFtdcLXUMOqV6y1BGvQoyRvdggr7N3akmxGBFOYTseLzED8F6CipgT
Jwk0sLKuwNtMbHQ0Dpnrk79rJowcoOuj9l6AeTMDyLxrY1NKuqBPL19y5zxZsLhK
u7P9uufgbKG8oty2g/2DOrIODxBETtiPvvvnGLmvb3hL/67VSBEa3wNJ1OnDR8+Q
XD2026MAFPpdJn9olMQFxNp4YT5PvU2TKT6kGdOe8D9vznGjwevrKsi2IL/tojnf
lHoKyC+N3FzGae59q3B8HzNF97sIV0Yx9cPDoSE0QQRMDFAcrsgv1YnGgBeOqP12
RvmOH8PgnGX41JaD5iAZoUUhpGhjehk6/7l33l04k9y+gTaQ9tQRq9gGJ4thNXjn
PJJ7uoMGRZG6W18K+MlNnyLdtYQnao7UPoZuG5asb75op3ha1mY=
=O8kk
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100048.1.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt