@opntr opntr released this Feb 10, 2018 · 3352 commits to hardened/11-stable/master since this release

Assets 2

Note: this was released on 2018-01-13.

Highlights:

  • Make it possible to re-evaluate cpu_features. (a586b97)
  • Fix a null-pointer dereference and a tautological check in cam_get_device (b55f0a5)
  • Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it. (5fb1dbc)
  • Improve the performance of the hpet timer in bhyve guests by making the timer frequency a power of two. (d21bd84)
  • fix memory disclosure in hpt* ioctls (8f534ab)
  • ACPICA 20171214. (7e248a6)
  • crypto/libressl: Update to 2.6.4 (0dfcdb6)
  • Update tcpdump to 4.9.2 (ed596e7) [CVE-2017-lot-of-numbers-here]
  • hbsd-update updates
  • llvm/clang/lldb/libc++ 5.0.1
  • GELI updates
  • VM updates
  • VFS updates
  • lock primitive updates

Changelog

Bernard Spil (1):
      crypto/libressl: Update to 2.6.4

Oliver Pinter (3):
      HBSD: bump copyright year
      erge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: fix merge conflict in .gitignore file

Oliver Pinter + (59):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (9):
      HBSD: Update the release artifact directory in hbsd-update-build
      HBSD: Sort the list of programs hbsd-update uses
      HBSD: Ensure a clean /usr/src
      HBSD: Support revoking key material in hbsd-update
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      HBSD: Fix typo in hbsd-update
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflicts

ae (5):
      MFC r326510:   Fix format string warning with enabled DEBUGGING.
      MFC r326847:   Fix mbuf leak when TCPMD5_OUTPUT() method returns error.
      MFC r326898:   Fix possible memory leak.
      MFC r326876:   Follow the RFC6980 and silently ignore following IPv6 NDP messages   that had the IPv6 fragmentation header:    o  Neighbor Solicitation    o  Neighbor Advertisement    o  Router Solicitation    o  Router Advertisement    o  Redirect
      MFC r327140:   Fix rule number truncation, use uint16_t type to specify rulenum.   Also sort variable declartions by size.

alc (1):
      MFC r326982   Document the semantics of atomic_thread_fence operations.

asomers (23):
      MFC r325959:
      MFC r326032:
      MFC r326036:
      MFC r326039:
      MFC r326041:
      MFC r304443, r326034, r326065
      MFC r326040:
      MFC r326100:
      MFC r326101:
      MFC r326289:
      MFC r326290:
      MFC r326401:
      MFC r326455:
      MFC r326624:
      MFC r326640:
      MFC r326646:
      MFC r326698:
      MFC r326799:
      MFC r326834, r326853
      MFC r309373 (by bdrewery)
      MFC r313962, r313972-r313973, r315230
      MFC r315292
      MFC r327862

bapt (1):
      MFC r326769:

bryanv (3):
      MFC r326744:
      MFC r326480:
      MFC r326654:

bz (1):
      MFC r327435:

cperciva (2):
      Add vfs.nfs.suppress_32bits_warning sysctl which reduces the frequency of 'fileid > 32bits' warnings from at most once per minute to at most once per day.
      MFC r326565: Make EC2 instances use Amazon's NTP service for time synchronization.

cy (5):
      MFC r324248:
      MFC r326558, r326566:
      MFC r327336:
      MFC r327540:
      MFC 327737:

delphij (11):
      MFC r326244:
      MFC r325723:
      MFC r326361: Remove unused include.
      MFC r326391: Prevent OOB access on corrupted msdos directories.
      MFC r326562: Use strlcpy().
      MFC r326560: Create links for xzdiff.
      MFC r326561: Use strlcpy().
      MFC r326185: Set errno to EFTYPE instead of EINVAL to be more consistent with the rest of code.
      MFC r326791: Close the correct file descriptor.
      MFC r327236:
      MFC r327235:

dim (9):
      MFC r326669:
      MFC r326670:
      MFC r326748:
      MFC r326776:
      MFC r326880:
      MFC r324536 (by emaste):
      MFC r326496:
      MFC r327167:
      MFC r327164:

eadler (6):
      MFC r327183:
      MFC r302480:
      MFC r327420:
      MFC r327396:
      MFC r327398:
      MFC r327578:

ed (1):
      MFC r326228 and r326229:

emaste (7):
      MFC r326547: lld: make -v behave similarly to GNU ld.bfd
      MFC r326597: vnic: apply hardware L3 checksum only for IPv4
      MFC r326030: Install strings unconditionally
      MFC r317409 by glebius:
      MFC r326613: Update tcpdump to 4.9.2
      MFC r327497, r327498: fix memory disclosure in hpt* ioctls
      MFC r327489: elfcopy: copy raw (untranslated) contents to binary output

eugen (3):
      MFC r326655,326668: correct error handling for graid SINGLE/CONCAT/RAID5 volumes.
      MFC r326738: pw(8): correct expiration period handling   and command line overrides to preconfigured values for -e, -p and -w flags.
      MFC r326872: fix expiration arithmetic after r326738 and MFC.

fsu (3):
      MFC r326282, r326317: Remap ENOATTR to ENODATA in the linuxulator. In the linux ENOADATA is frequently #defined as ENOATTR. The change is required for an xattrs support implementation.
      MFC r326808, r326824: Move buffer size checks outside of the vnode locks.
      MFC r326807: Fix extattr getters in case of neither uio nor buffer was not passed to VOP_*.

ian (21):
      MFC (conceptually) r326752, r326754:
      MFC r319987, r324107-r324108
      MFC r324169:
      MFC r324185:
      MFC r324413, r324415
      Fix imx6 hdmi init after r323553.
      MFC r325060:
      MFC r325045, r325054-r325056, r325061, r325063, r325065
      MFC r325108:
      MFC r326750:
      MFC r326924-r326925
      MFC r327032:
      MFC r327048-r327050
      MFC r327367:
      MFC r327439:
      MFC r327226, r327356
      MFC r327222:
      MFC r327220-r327221
      Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it.
      Add description files for WITH/WITHOUT_LINT.  These should have been part of r327837.
      Fix fallout from applying a patch twice.

jilles (1):
      MFC r327211: nandtool: Add missing mode for open() with O_CREAT

jkim (2):
      MFC:	r324501
      MFC:	r323076, r324502, r325670, r326866

karels (1):
      MFC r326734:

kib (24):
      MFC r326311: Fix index calculation for the page table pages for efirt 1:1 map.
      MFC r326657: Fix livelock in ufsdirhash_create().
      MFC r326851: In devfs_lookupx() dotdot lookup case, avoid dereferencing dvp->v_mount after dvp is unlocked.
      MFC r326977: mlx5en: Avoid SFENCe on x86.
      MFC r327118: Add missed AVX512VL (128 and 256 bit vector length) extension identification bit.
      MFC r326971, r327047 (by ian), r327053 (by marius), r327074, r327097: Add atomic_load(9) and atomic_store(9) operations.
      MFC r326973: Use atomic_load(9) to read ppsinfo sequence numbers.
      MFC r327088: Update HISTORY section for the atomic(9) page.
      MFC r327437: Remove MP SAFE marks and stray register name in comments.
      MFC r327264i (by imp), r327283: Fix returns without cleanups.
      MFC r327284: Style.  Remove useless return.
      MFC r327469: Add CR4.SMAP control bit.
      MFC r327319: Clean up the comment.
      MFC r327316: In vm_swapout_map_deactivate_pages(), it is enough to lock the map for read.
      MFC r327285: Make kern_proc_vmmap_resident() externally accesible, and move the vmmap_skip_res_cnt control check inside it.
      MFC r327286: Reuse kern_proc_vmmap_resident() for procfs_map resident count.
      MFC r327354: Style.
      MFC r327359: Do not lock vm map in swapout_procs().
      MFC r327472: Avoid re-check of usermode condition.
      MFC r327468: Do not let vm_daemon run unbounded.
      MFC r327625: Document kern.smp.disabled tunable.
      MFC r327517: Use the new SDM-approved way to serialize x2APIC MSR writes.
      MFC r327730: Fix year.
      MFC r327597: Make it possible to re-evaluate cpu_features.

manu (1):
      MFC r312914, r322694

markj (23):
      MFC r326629: Use unique wait messages in the page daemon control loop.
      MFC r326732: Fix the act_scan_laundry_weight mechanism.
      MFC r326731: Provide a sysctl to force synchronous initialization of inode blocks.
      MFC r326438: Plug a name cache lock leak.
      MFC r326796-r326798: Fix sc_writes tracking, and address a lost wakeup.
      MFC r326813: MFV r326785: 8880 improve DTrace error checking
      MFC r326409: Update gmirror metadata less frequently when synchronizing.
      MFC r326410: Document gmirror sysctls.
      MFC r326881, r326882: Minor cleanup.
      MFC r326877: Skip gnop tests if the corresponding kernel module isn't available.
      MFC r326878: Mark uctf/err.user64mode.ksh as EXFAIL for now.
      MFC r326919: Unregister the ARC lowmem event handler earlier in arc_fini().
      MFC r326935: Avoid CPU migration in dtrace_gethrtime() on x86.
      MFC r326983: Avoid using bioq_* in gmirror.
      MFC r326774, r326811: Pass the trap frame to fasttrap hooks.
      MFC r326912: Fix a logic bug in makefs lazy inode initialization.
      MFC r326861-r326863: Add some gmirror tests and fix indentation in existing tests.
      MFC r322547: Add vm_page_alloc_after().
      MFC r325530 (jeff), r325566 (kib), r325588 (kib): Replace many instances of VM_WAIT with blocking page allocation flags.
      MFC r327168, r327213: Fix two problems with the page daemon control loop.
      MFC r327525: Add missing newlines to a couple of error messages.
      MFC r327698: Release the queue lock before restarting the worker loop.
      MFC r324125 (andreast): Initialize mdsize to make gcc happy again.

mav (4):
      MFC r326273: Make ctlstat -n option work reasonably for sparse LUN list.
      MFC r326186: Slightly fix bidirectional stream number allocation.
      MFC r326835: Reduce size of several on-stack string buffers.
      MFC r327094:  Add AHCI/XHCI device IDs found on AMD Ryzen+B350 system.

mjg (14):
      MFC r321922:     amd64: annotate the syscall return address check with __predict_false
      MFC r323234,r323305,r323306,r324044:
      MFC r324127:
      MFC r324547:
      MFC r323235,r323236,r324789,r324863:
      MFC r323307,r323308,r323385,r324378,r325266,r325268,r325433,r325451,r325456,     r325458:
      MFC r325725:
      MFC r320561,r323236,r324041,r324314,r324609,r324613,r324778,r324780,r324787,     r324803,r324836,r325469,r325706,r325917,r325918,r325919,r325920,r325921,     r325922,r325925,r325963,r326106,r326107,r326110,r326111,r326112,r326194,     r326195,r326196,r326197,r326198,r326199,r326200,r326237:
      MFC r324045:
      MFC r327394,r327395:
      MFC r324335,r327393,r327397,r327401,r327402:
      MFC r324867,r324869:
      MFC r325924:
      MFC r324328:

pfg (4):
      MFC r327295: Start syncing changes from OpenBSD's ip6_id.c instead of ip_id.c.
      MFC r327329: dev/txp: Update if_txpreg.h to match OpenBSD's version.
      MFC r327289: rpc.sprayd: Bring some changes from NetBSD.
      MFC r327697, r327699:

rmacklem (1):
      MFC: r326544 Avoid the overhead of acquiring a lock in nfsrv_checkgetattr() when there are no write delegations issued.

roberto (1):
      In stable/11, support for including config. files is broken and only the last one is taken into account.

smh (1):
      MFC r322812:

ume (1):
      MFC r327029: 	Don't ignore trailing spaces after numerical IP addresses.

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100054.3/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-bootonly.iso) = f14531adfa78667d69c6b3839f304e715bb5aa121d6fa307937e33e30c5f83ff57179a70a4e4fbaddf866f1d27123f6e3acd26b333f0977f62759f829d06b7e8
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-disc1.iso) = 47499cc46e8c437740f99600b96a11cfaaffcb4425f26e9331dfd643cf0cb629c424095cd4993008a97adf65216f8f25522c620adb791470d664b6ae75c185d4
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-memstick.img) = bf8d56c025c5c84714da7b6321086b2acbcb46ad46c548297ed9262bc8b3c75e62f913f7fb942796976a51ccaaf9caa04087522a782a34549a1f8501ac4f06c5
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-mini-memstick.img) = f69002a55be3aa46d25edb75b973a3e12a6a602ce907f4a0e5cb6de756bb417ec37626565d2836a95e88a2051c70595a09863939b3965ebb8d12044b8fc8a191

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlpayEAACgkQgZsRom/9
GI33/hAAyy3BvAutJ8uohh/sW3flyv1tng0L3rqG2fB/fenpjzMWgy0s9Il5NfRu
9X85FtIT51+h0fz1XopvaR8Cc9N6YrsA8P9Vi8xYAilZxPoTnaC4bzGG2QXwed6Q
7FgMTTHfHo9sQ0jUNBgu05P+fLuj/a/TFdZdCVejRjH784nTakUGIv13FGrQWAjB
67C47L4KHWXv7e5EeiCOoQNRxDG6sZ3m3RzI8vY+k3x4NkVrRMeHkjAGsDAnuY4A
wUz83pKKnj8cFN/uSqqcP/4h4YERfZlEGVfUzOedpfLvC6NIKxVgUdDpai8uz/O/
00fBc4JOlA2F8t/ubNXhPAySj+8Rkn/Wfjt9zaeJrrIiI1fH+88cbXSt8Vo6p/CV
HhkKawZgI/bTtNr4Ci73+lsShPo6UiOCWSQibyglzZnPP83cMMQfBrhUVHIPJW1r
bYiEkkSfIK4EGbzpd8asWUYmGzi4HUopEquu7I+e7OQ56DyK/PZ0u3NfP0Ub10Ab
6FprLcXED7sI62F4ZgVtqziqzVqkEcZCsUbi87V4kVVHueWhYOsi/gj8Wp8UOFG7
sduAEQ8wM6yaWZbyVllRi96II5ulsu/66Sh5HfvBmZF5ih6uvyJ9IwU+OS9uZq2I
aGxNOtnA+WLzsL7Hql9kGGXFuDoDanEOFWyedTN+24Tbwm2lBVA=
=mvEc
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100054.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt