@opntr opntr released this Nov 30, 2017 · 3596 commits to hardened/11-stable/master since this release

Assets 2

Highlights:

  • fixed syslogd - restore host name handling in UDP case (1bbaa03)
  • fixed ARM64 control flow problem (1ea13dc) [FreeBSD-SA-Candidate]
  • fixed MAP_GUARRD issues (96cbc3d)
  • upgrade to Unicode 10.0.0 (909e9ad)
  • ZFS fixes
  • (side note: the recent OpenSSL security issues (FreeBSD-SA-17:11.openssl) are already fixed in previous releases)

Changelog

Oliver Pinter + (26):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

ae (1):
      MFC r325960:   Unconditionally enable support for O_IPSEC opcode.

andrew (1):
      MFC r326137:

asomers (8):
      MFC r322854, r323995, r324568, r324991
      MFC r323275, r324112
      MFC r324805:
      MFC r324457:
      MFC r324940:
      MFC r325011, r325016
      MFC r322258, r324941, r324956, r325018
      MFC r325363:

avg (6):
      MFC r325227,r325272: geom_slice: do not destroy softc until providers are gone
      MFC r325606: MFV r325605: 8713 Buffer overflow in dsl_dataset_name()
      MFC r325608: MFV r325607: 8607 zfs: variable set but not used
      MFC r325228: vdev_geom_close: close errored consumer even if vdev_reopening is set
      MFC r325035: MFV r325013,r325034: 640 number_to_scaled_string is duplicated in several commands
      MFC r325610: MFV r325609: 7531 Assign correct flags to prefetched buffers

bapt (3):
      MFC r325361:
      MFC: 325359
      MFC r325888:

bcr (1):
      MFC r325441:

brooks (1):
      MFC r326307:

delphij (3):
      MFC r325383:
      MFC r325532: Update arcmsr(4) to 1.40.00.01:
      MFC r325755: Be more careful when doing calculation with request from userland.

emaste (6):
      MFC r325683: vnic: apply BPF tap before passing packet to hardware
      MFC r325444: ANSIfy sys/kern/md4c.c
      MFC r325811: vnic: report that the driver supports multicast
      MFC r325813 (bz): Unbreak IPv6.
      MFC r325042: libdtrace: replace "DOODAD" with more descriptive string
      MFC r326046: dt_modtext: return error on archs lacking an implementation

eugen (1):
      MFC r325436: RTF_PINNED for an interface

gjb (6):
      MFC r320252, r320686, r325769:  r320252:   In release/release.sh:   - Rename chroot_arm_armv6_build_release() to chroot_arm_build_release()     and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64).   - Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can     be used for arm/armv6 and arm64/aarch64.   - Update comments and copyright.
      MFC r325863:  Only copy /etc/resolv.conf to ${CHROOTDIR} if /etc/resolv.conf does  not already exist within ${CHROOTDIR}.  This allows re-using a build  chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR  set to '/' in release.conf.
      MFC r325950, r325953:  r325950:   Sort variables for consistency.
      MFC r325373, r325861:  r325373 (manu):   release/arm: Do not install ubldr
      MFC r326068:  Remove /etc/resolv.conf from virtual machine images, which is  copied from the build host.  It is renamed to /etc/resolv.conf.bak  on boot, so never used anyway.
      Document SA-17:06 through SA-17:11 and EN-17:07 through EN:17-10.

glebius (2):
      MFC r325558:
      Revert r326103, as it appeared to be incorrect.

hselasky (4):
      MFC r325533: Make the dma_alloc_coherent() function in the LinuxKPI NULL safe with regard to the "dev" argument.
      MFC r325614: Multiple fixes for using IPv6 link-local addresses with RDMA in ibcore.
      MFC r325615: Make sure the IPv6 scope ID gets zeroed when exchanging CMA messages in ibcore. Else the IPv6 address matching might fail. This change adds support for both embedded and non-embedded IPv6 scope IDs when passing a IPv6 link-local socket address to RDMA. Prior to this change only global IPv6 addresses would work with RDMA.
      MFC r325616: Make sure sin_zero is zero in ibcore. Else socket address maching using bcmp() might fail.

jhb (4):
      MFC 324993: Add a test for sending a signal while stepping a thread via PT_STEP.
      MFC 325039: Rework pass through changes in r305485 to be safer.
      MFC 319517: Add a cross-reference to sysdecode_socket_protocol(3).
      MFC 319493,319509,319520,319595,319677,319679-319681,319688,319689, 319761-319768,320010,322899,322959,323020,323021,323151:

kib (3):
      MFC r325758: Style bug.
      MFC r325759: Do not leak PMC_PO_OWNS_LOGFILE on error.
      MFC r326098: Return different error code for the guard page layout violation.

manu (1):
      MFC r325517, r325554

markj (10):
      MFC r324864, r324865: Cleanups for ctf.5.
      MFC r325887: Avoid holding the process in uread() and uwrite().
      MFC r325561: Allow various page daemon parameters to be set from loader.conf.
      MFC r325528: Correct the type of foff.
      MFC r319824 (by sevan), r320624, r326173: Fixups for the lockstat provider man page.
      MFC r326055: Allow for fictitious physical pages in vm_page_scan_contig().
      MFC r326060: Clean up the SYSINIT_FLAGS definitions for rwlock(9) and rmlock(9).
      MFC r326061, r326063: DTrace test fixups.
      MFC r326093: Use the right variable for the IP header parameter to tcp:::send.
      MFC r326096: Annotate pragma/err.invalidlibdep.ksh as EXFAIL.

mav (2):
      MFC r325552: s/NgSendMsgReply/NgSendReplyMsg/ in man to match the code.
      MFC r325571: Add some PCI IDs found on AMD Epyc system.

pfg (1):
      MFC r326028: iconv: Fix a pointer mismatch.

vangyzen (2):
      MFC r325764
      MFC r325766

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100054.1/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-bootonly.iso) = 83725667faf1aadb34f154934f8da4790b3fe8993e98dc852d149fee4529625bf5dec04ee04a59dd577cdaaa1b6b6a2378abad39933c9d9c87dd8354757210a2
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-disc1.iso) = 9b0e2243f7b46a395e6c62c7daf279683ad961985e9129ccc30654672d368ea54b8bc718f6a94d74b47dd6aca049146d5dda36a0a1530d7a62d11812cf75f8de
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-memstick.img) = cfe23f59d9969f3bbe958916a02ae830b7b65b506c4000edcf17ab513df0214c71c95700f1e27afa1f5290323bd5b9844bab1b817107ab6828b36b7a4d49cd8d
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-mini-memstick.img) = ddf2e9e6a9fe32d7b104184e14c0abb6261770e00ae1cad37f58a3c8a18dc5cd021fa9e160740387812171dd9ede6fdc6322035ddc70885e7eac15086bfade12

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlofe1QACgkQgZsRom/9
GI0lZhAA5evBJtIaEdpeYbtmlEUHJiXz+D94slp1CLKg2nzcZFU73e8FrkB8zbgA
qzfqq7v2SGzYHRSdI/f7iVDsXnsid9/t2PP9mn8OU0Sc1ZcgWwKNnaCcSf5lzNUz
yGNpuxFMy4OqYfO+CnIzihDYptEt/aFvgkrGYxPURjcM/veVcema9UFuT0lNjlhw
y3lvNouFrhF8k9vWLrZyW3J5Pe4MBTKFGm9thqm/p5fnHI0iCOsQIpLcWlxhMJHh
6GBUW+vszxLQGOxExrYxrIoY5FJyJN7zFwyh7jIhN/+OI9JOgMLPHFniOTpsJ/gm
N0QOTSzNBQ7AGNJBku4M6cEArfDujqwH61wbDOkVUqkG1gRu5AygSDy1nBwmUqSz
m5Of1iSMOl8qcKqjMkPlI+6CTFlcimb14jX6HMl4/WMvoe7dMLXEnfe6hl9/Tcqn
0ctJrNBck2k7vnYTc+4vwpdfnlmrvZqfFah2sOPPmFst9iJ4ahcAoxoRrS/beVn1
0f11GBDEf4BkkqIercR/XKUQmH+50apdypzjTcvLUspNIqlKekivUgDAo6r5hGOp
g1FnhkILpW1Wm6y0kLwt16y4ICculisa95mmbuKZ+gINDZo3hdtTyW+Kz3s+O71j
XrLAoqShGH+Ml/hZDJD7CbmrYbCmJjkTK3J3qSuq4dZJaYvQRyw=
=g8Bo
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100054.1.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt