@opntr opntr released this May 9, 2018 · 1340 commits to hardened/11-stable/master since this release

Assets 2

Warning: this is a security update!

Highlights:

  • MFC r333368: Prepare DB# handler for deferred trigger of watchpoints. (5801fdd) [CVE-2018-8897, FreeBSD-SA-18:06.debugreg]
  • Turn off IBRS on suspend. (dbda57b)
  • MFC r333247: Import tzdata 2018e (2beb6fb)
  • MFC r333234: zfs_ioctl: avoid out-of-bound read (e7e4020) [FreeBSD-SA-Candidate]
  • MFC r332559: mountd: fix a crash when getgrouplist reports too many groups (e6e3f0e) [FreeBSD-SA-Candidate]
  • Carefully update stack guard bytes inside __guard_setup(). (1086bca)
  • Correct undesirable interaction between caching of %cr4 in bhyve and invltlb_glob(). (1135b57)
  • Handle Apollo Lake errata APL31. (6fd5da7)
  • Add PROC_PDEATHSIG_SET to procctl interface. (a31a7b8)
  • Fix use of pointer after being set NULL. In NFS. (4223ca8)
  • Add hybrid ISO/memstick image support (47b4595)
  • bnxt updates
  • clang updates
  • e1000 updates
  • hyperv updates
  • iflib updates
  • ixl updates
  • makefs updates
  • mlx5 updates
  • zfs updates

Changelog

Oliver Pinter + (38):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

ae (3):
      MFC r332812:   Add dead_bpf_if structure, that should be used as fake bpf_if   during ifnet detach.
      MFC r332886:   icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is   considered as originated by our host packet. And thus rcvif should be   NULL, since it is used by ipfw(4) to determine that packet was originated   from this host. Some of icmp6_reflect() consumers reuse mbuf and m_pkthdr   without resetting rcvif pointer. To avoid this always reset m_pkthdr.rcvif   pointer to NULL in icmp6_reflect(). Also remove such line and comment   describing this from icmp6_error(), since it does not longer matters.
      MFC r333016:   Merge r1.22-1.23 from NetBSD:     Don't assume M_PKTHDR is set only on the first mbuf of the chain.     The check is replaced by (m1 != m), which is equivalent to the previous     code: we want to modify m->m_pkthdr.len only when 'm' was not passed in     m_adj().

avg (4):
      MFC r332426: allow ZFS pool to have temporary name for duration of current import
      MFC r332559: mountd: fix a crash when getgrouplist reports too many groups
      MFC r332730: don't check for kdb reentry in trap_fatal(), it's impossible
      MFC r332752: set kdb_why to "trap" when calling kdb_trap from trap_fatal

benno (15):
      MFC r331949, r332437, r332438
      Actually MFC r331949, r332437, r332438
      MFC r332436, r332440
      MFC r332082
      MFC r332083:
      MFC r332084
      MFC r332085
      MFC r314117
      MFC r315304
      MFC r316572
      MFC r307927
      MFC r316579
      MFC r331463 (partial), r331467, r331468, r331843
      MFC r332345, r332346, r332661, r333005
      MFC r333007

brooks (1):
      MFC r332997:

cperciva (1):
      MFC r332663: Move panic-related settings from sysctl.conf to loader.conf so that they apply if an EC2 instance panics while booting.

delphij (1):
      MFC r332877: Correct size for allocation and bzero of fdsr.

dexuan (1):
      MFC: 332385

dim (2):
      MFC r332414:
      MFC r332833:

emaste (8):
      MFC r332673: Remove mention of tools/recoverdisk, now in sbin
      MFC r332649: lld: add a __FreeBSD_version-style identifier to version
      pwd_mkdb: add legacy support deprecation notice
      MFC r332090: stand: pass --no-rosegment for i386 bits when linking with lld
      MFC r332902: pwd_mkdb: default to network (big) endian hash order
      MFC r332849: lldb: propagate error to user if memory read fails
      MFC r333234: zfs_ioctl: avoid out-of-bound read
      MFC r333368: Prepare DB# handler for deferred trigger of watchpoints.

erj (3):
      MFC r319797, r320972:
      MFC r326571:  ifconfig(8): Display extended compliance code string for SFP transceivers
      MFC r333149: ixl(4): Update to 1.9.9-k

gjb (4):
      MFC r332674:  Increase the msdosfs partition size on arm SoC images where the  current size may not be sufficiently large for development and/or  testing.
      MFC r333262, r333264:
      Document EN-18:05, EN-18:06, SA-18:06.
      Belatedly bump copyright year.

hselasky (4):
      MFC r332869: Remove the "load drivers" logic from libibverbs.
      MFC r333015: Add network device event for priority code point, PCP, changes.
      MFC r333100: Improve fix in r304629 by allowing configuration of the behaviour through a SYSCTL instead of a compile time define.
      MFC r333108: Define USEC_PER_MSEC and USEC_PER_SEC in the LinuxKPI.

ian (4):
      Fix wl(4) after r332288, using the same fix applied in r332331.  This driver no longer exists in head, so this is a direct commit to 11-stable.
      MFC r331868, r332046, r332194-r332196, r332198, r332219, r332231, r332233, r332240, r332258-r332259, r332261, r332292
      MFC r332518, r332527
      MFC r308767 by br:

jhb (4):
      MFC 332657: Properly do a deep copy of the ioctls capability array for fget_cap().
      MFC 332733: Workaround fixed I/O port resources encoded as I/O port ranges in _CRS.
      MFC 332735: Fix two off-by-one errors when allocating MSI and MSI-X interrupts.
      MFC 332975: Document the TRAP_CAP code for SIGTRAP.

jilles (1):
      MFC r333092: sh: Don't have [ match any [[:class:]]

jtl (8):
      MFC r307083:  Currently, when tcp_input() receives a packet on a session that matches a  TCPCB, it checks (so->so_options & SO_ACCEPTCONN) to determine whether or  not the socket is a listening socket. However, this causes the code to  access a different cacheline. If we first check if the socket is in the  LISTEN state, we can avoid accessing so->so_options when processing packets  received for ESTABLISHED sessions.
      MFC r313447:   Ensure the idle thread's loop services interrupts in a timely way when   using the ACPI C1/mwait sleep method.
      MFC r314116:   Fix a panic during boot caused by inadequate locking of some vt(4) driver   data structures.
      MFC r314286:   Do some minimal work to better conform to the 802.3ad (LACP) standard.   In particular, don't set the synchronized bit for the peer unless it truly   appears to be synchronized to us. Also, don't set our own synchronized bit   unless we have actually seen a remote system.
      MFC r319214:   Enforce the limit on ICMP messages before doing work to formulate the   response.
      MFC r319215:   Fix two places in the ICMP6 code where we could dereference a NULL pointer   in the icmp6_input() function.
      MFC r319216:   Fix an unnecessary/incorrect check in the PKTOPT_EXTHDRCPY macro.
      MFC r331745 (by np):   Fix RSS build (broken in r331309).

kevans (1):
      MFC r332773: Fix ddb rc script

kib (16):
      MFC r331622: Allow to specify PCP on packets not belonging to any VLAN.
      MFC r332737: For fatal traps other than pagefaults, print raw fault error codes.
      MFC r332970: Use IS_BSP() macro.
      MFC r332971: Ensure that cmci_monitor() is not executed in parallel.
      MFC r332972: Extend ap_boot_mtx scope to also cover mca_init().
      MFC r333002: Use CPUID leaf 0x15 to get TSC frequency when the calibration is disabled.
      MFC r332740: Add PROC_PDEATHSIG_SET to procctl interface.
      MFC r332934: Use relaxed atomics to access the monitor line.
      MFC r332973: Make the sysctl machdep.idle also a tunable.
      MFC r333025: Some style and minor code improvements for idle selection.
      MFC r333026: Handle Apollo Lake errata APL31.
      MFC r332932: Correct undesirable interaction between caching of %cr4 in bhyve and invltlb_glob().
      MFC r332940: Carefully update stack guard bytes inside __guard_setup().
      MFC r333208: Style.
      MFC r333091: Eliminate some vm object relocks in vm fault.
      MFC r333125: Turn off IBRS on suspend.

kp (1):
      MFC r333084:

lidl (1):
      MFC r332671: top: fix warnings from clang/gcc

marius (2):
      MFC: r327312, r327842, r327865
      MFC: r330803

markj (2):
      MFC r332658: Ensure that m and skip_m belong to the same object.
      MFC r332364: Assert that dtrace_probe() doesn't re-enter itself.

nyan (1):
      whitespace changes to reduce diffs from i386. still broken pc98 boot.

pfg (1):
      MFC r332986: makefs: Use ENODATA instead of ENOMSG as a translation for missing ENOATTR.

philip (1):
      MFC r333247: Import tzdata 2018e

ram (2):
      MFC r332471, r332646:    Check if STACK is defined before using the stack(9).    Moved opts-stack.h include before all other includes.
      MFC r332386, r332430:   Updated mentors information.   Added entry in the correct section.

riggs (1):
      MFC r332861:

rmacklem (2):
      MFC: r332790 Fix OpenDowngrade for NFSv4.1 if a client sets the OPEN_SHARE_ACCESS_WANT* bits.
      MFC: r332813 Fix use of pointer after being set NULL.

sbruno (2):
      MFC r333137:
      MFC r333210

shurd (4):
      Merge iflib changes to 11-STABLE
      Direct commit to stable/11 to fix botched r333338
      MFC r333253-r333254
      MFC: r308728, r314369, r315243, r316026, r316581, r316616, r318359, r319922, r319990, r321481, r323232-323233, r323321, r323874, r323955, r324323, r324964, r325169, r325488, r325620, r326985, r326999-327001, r327003, r329335

slavash (2):
      MFC r332003: Bump driver version number in mlx5en(4).
      MFC r333115: libibumad/umad.c: In get_port, ignore sysctl get rate errors

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100055.3/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100055.3-amd64-bootonly.iso) = e84a88f6909dee4155b6eb70d4471f0c07271f23d1df3c227def32e3e47d5cf78e5bd4c4150c0796ce52c79d61af0915136bf595bf598f898f777af5967e7156
SHA512 (HardenedBSD-11-STABLE-v1100055.3-amd64-disc1.iso) = c3ddf6e6c439b53419442f56773b39e60f75e56cd9f28b4bfccf9623f478d63c307f4851eea75df785058d30f60e981b0c5342c11e1259796a0a0b4c3af0ccd9
SHA512 (HardenedBSD-11-STABLE-v1100055.3-amd64-memstick.img) = 52b1597b74b6f83591ae7a2e678e4129e6ab3cfe07dfa5db8bf6748247c8137853806ea5e6dcb749540874dd35b673e19a9625d07d19d037b50f894ffea442cc
SHA512 (HardenedBSD-11-STABLE-v1100055.3-amd64-mini-memstick.img) = 69c7709b601f5287a1b7a1938d52c8681648175402bc096b5793ba1f8f253b48ca3a019f2e70ad9e32857e812147951eb42c8fb2bec40e098f4ab40d68bfa521

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlryWWcACgkQgZsRom/9
GI1bABAAwJM+ZF9W3DGS2YCsMbNGHXWICmSWrqGO7Wa4B1s2JfhoIHOi4W7rDWfB
cBr++IkTf3bh0g7A38OJ2s8HWpDZ0IEAzl3KSNHtpvKMKJ6uuBeM79mLb5nAxQQM
lrApsfJ6njSu/kvwaKJLu20pZd1g1EqplC9PQ8D+UTDq9wgfDc0m3gaE7jOGc81Z
OIgw12pVg7bIur2EQVWyNpbEvCBQSTf1w9Ce7RZ2w7irGvptlB/AbrVPKLHraZTV
R6pVHUZnJ8KRvu0S5DpO0Gzr+H9gtfWypVs8H2ys1nn38/tZVpUVQC3S+0X3cSX2
kZbX7WPPK6z+XJF0e0V2V/7DuPPHkqkDe9tNkl+lVLDDwYlEIXVwgC9lRJR1+bML
uwY4VEH8Py2mZw7r8up0i1bNtfo2J+NOaJTvE549W+120zSgKrlzlz95p/jhP3Wj
NYyDOV/gPuxDXbpJEbWbA0XECmS+ijAQ61238/WTh9Gas6gAwXI3EVrm8DEYkpqn
Aj11++8Rh7WOEf6N0rWMy0NciZMLix/tcnoaGeABN6XsyieRTvAnrV/nJM+tbtti
5CxcnyVo4VYrh4zpY7hrF14PifM8WIKlN838N7Bkg3CL+xsWgDDcbs86ayY7B4a1
Bi+JZ95N8UIS00jJbRIbYjhcpHAiuwHbk1ZmAPbdMj76RFjMSbo=
=lVsG
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100055.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt