Skip to content
Compare
Choose a tag to compare

HardenedBSD-11-STABLE-v1100056

@opntr opntr released this
· 38845 commits to hardened/12-stable/master since this release
Compare
Choose a tag to compare

Warning: this is an important update! We changed back to OpenSSL from LibreSSL. Fore more information, please consult hardenedbsd.org[1] site!

Highlights:

  • MFC r335558: Add support for selectively enabling LLVM targets (62b732f)
  • HBSD: Switch back to OpenSSL as the default crypto lib (1087d59)
  • MFC r335569: pf: Support "return" statements in passing rules when they fail. (9e4899f)
  • MFC r335641: Fix a stack overflow in mount_smbfs when hostname is too long. (0b39c76) [FreeBSD-SA-Candidate]
  • MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI. (bad2d0f)
  • loader updates
  • bhyve updates
  • libpcap updates

Changelog

Oliver Pinter + (20):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (5):
      HBSD: Switch back to OpenSSL as the default crypto lib
      HBSD: Regen src.conf.5 after OpenSSL switch
      HBSD: Bump __HardenedBSD_version after OpenSSL switch
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

araujo (1):
      MFC r333622, r334019, r334084

avg (11):
      MFC r333997: uchcom: report detected product based on USB product ID
      MFC r333998: uchcom: add DPRINTF-s to aid debugging of the driver
      MFC r333999: uchcom: add a hardware configuration tweak seen in Linux code
      MFC r334000: uchcom: reject parity and double stop bits as unsupported
      MFC r334001: uchcom: remove UCHCOM_REG_BREAK2 alias of UCHCOM_REG_LCR1
      MFC r334002: uchcom: extend hardware support to version 0x30
      MFC r333638: calibrate lapic timer in native_lapic_setup
      MFC r333994: stop and restart kernel event timers in the suspend / resume cycle
      MFC r334204,r334338: re-synchronize TSC-s on SMP systems after resume
      MFC r333268: for bus suspend, detach and shutdown iterate children in reverse order
      MFC r334340: add support for console resuming, implement it for uart, use on x86

bdrewery (2):
      MFC r321427,r321445:
      MFC r330090:

brooks (1):
      MFC r335641:

cperciva (1):
      MFC r335553: Make CLOCK_PROCESS_CPUTIME_ID more accurate by including the current timeslice, matching the behaviour of CLOCK_VIRTUAL and CLOCK_PROF.

cy (1):
      MFC r335355:

dim (1):
      MFC r335558:

dteske (1):
      MFC r335607: check-password.4th(8): Fix manual [in]accuracy

eadler (2):
      MFC r334208:
      MFC r302776, r302799:

ed (1):
      MFC r335565:

gjb (7):
      Document an issue with emulators/virtualbox-ose reported in Bugzilla 228535.
      Add a few missing drivers to the 11-STABLE hardware page.
      Document that a few device drivers were omitted from the 11.2 hardware page.
      Add an errata note that the URL in UPDATING for source-based upgrades is incorrect.
      MFC r325107, r335665:  r325107 (eadler, partial):   Update the updating URL in UPDATING.
      Add an entry about an incorrectly-listed driver name in the 11.2 announcement.
      Add an errata entry regarding Bugzilla 228536.

hselasky (2):
      MFC r334277, r334376, r334378 and r334418:
      MFC r335461: Permit the kernel environment to set an array of numeric values for a single sysctl(9) node.

kevans (13):
      MFC r333122: seq(1): Provide some long options
      MFC r333156: uniq(1): Add some long options
      MFC r333157: cmp(1): Provide some long options
      MFC r330086, r333155: seq(1) improvements
      MFC r333192: fcntl(2): Vaguely document that ENOTTY is possible + examples
      MFC r333221: rsu(4) does not require legal.realtek.license_ack=1
      MFC r335404: sort(1): Fix -m when only implicit stdin is used for input
      MFC r335458: Add debug.verbose_sysinit tunable for VERBOSE_SYSINIT
      MFC r332395 (ian): Use explicit_bzero() when cleaning values out of the kenv
      MFC r335467: Don't remove loader.conf(5) when built WITHOUT_FORTH
      MFC r334878: libsa(3): Correct statement about FS Write-support, name change
      MFC r334882, r334884-r334885: loader(8) boot flag <-> environment fixes
      MFC r335642, r335651: config(8) envvar support

kib (10):
      MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI.
      MFC r335258: Remove unused file.
      MFC r334928: libc qsort(3): stop aliasing.
      MFC r335604: bhyve/vmrun.sh: make -L functional.
      MFC r333087 (by cem): amd64/mp_machdep.c: Fix GCC build after r333059.
      MFC r335503: Update proc->p_ptevents annotation to reflect the actual locking.
      MFC r335504: fork: avoid endless wait with PTRACE_FORK and RFSTOPPED.
      MFC r335505: linux_clone_thread: mark new thread as TDB_BORN.
      MFC r335253: Rework ofed build.
      MFC r335635: Do not leave stray qword on top of stack for interrupts and exceptions without error code.  Doing so it mis-aligned the stack.

kp (1):
      MFC r335569:

markj (1):
      MFC r334881: Add DW_LANG_* definitions from DWARF 4 and 5.

np (1):
      cxgbe(4): Determine early in the ioctl whether it is allowed to sleep or not, instead of always starting a non-sleepable operation and re-adjusting later.  This ensures that an operation that is allowed to sleep (ifconfig up/down) never fails with EBUSY on the initial attempt to start a synchronized operation.

robak (1):
      MFC r327317:

slavash (1):
      MFC r335282: Fix false positive on failure

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-bootonly.iso) = 1df1060cea47345ddaa4be6a93de16f5443a5e4b299e58aa89aaa5c9af16251d80cdd76f4b7a083686b78e3cafbf361c69b844fb6b75ca7919f969cbffe769ad
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-disc1.iso) = 78281285ea05b4adeb1933c50e780054419edd6aabccd350df6304a06b9fca02ea39863a2a1edaa9d615ff8c2cf78e63e2fc0f254adab4da8f3f7ed618ee52c2
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-memstick.img) = 0000bcab6e06421c7fdf0054cd13ecc339f8dc894082fe3a6f0d7b5039b7313fa14f14ee1db1d84ad5b7ad6679c1bd53438d52ebb819a67786d8e29c09d956e1
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-mini-memstick.img) = 08066dc2de7e19a7535188fe30d79bf7bd78c6fc877001a75d562b5e1ace2fb31a7e429cf6022d13e15e4d0a4cefa6b9ba8787725ad545e8aa32020193503338

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAls8Mr0ACgkQgZsRom/9
GI0WzxAA0uatTUXE+5ukll9Ehvnkd077UoS0hUhVoYw/OuPt/zm4RQH3q/ADWlaM
Fbm2yPPU/JHBISg6cE9HSDCu//dMe+9MS8Jx1GuoTihRBwQ3/9skIYeUeNIiOixf
55y13PHBHlLoXKnEuGJEbBUAFr4a5cltl3Uqbtla2ltFXsBE0tEAuZw/f4DbsvIB
TekXruGiuOzypLT/B2SMVTA0a9JwQ8S3A7avvUU+jpuvJcibb7ZMEvMmzpnuuBdd
QGsvanXRXMrB7o17PQSjGwtShpPuFER3ZKQ06FwT5h4mvk+oN8TkmEZrZfzNngD4
qLhuXf+4xe+VJyDBV+daHumwrvnFph50MB+jqkTHUmXOOZQmDXIyW6GIx7MjW8en
jfPzrD21W/LGr5ntKAggETOPN/h3sUl5Ukd3ZZhwNrouaT8Locl4wF4UXVtKFjgK
Z73ty+S1q9xIJm53tfH0qQSdf9ZmcTJZPy4yv28btjnznkF52UbAL4poP1OTH64p
xIjR7erdN2y7KxIcU/8zaYpBIHNYlFppSX6CGK6gvLK1XiUky03lnquX26oM+9Jv
bsWswNJRUsZ4hQtYqXT0LihGh7M+niY9xxbDlaXjZ+L/ie40RF4SdPhcnp56WBc8
eChcSRM0dzNYQYWOkUUqX41hL5IiLySurD+GgTBIOB16kIGabfQ=
=HMQk
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100056.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
[1] https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl