Skip to content

@opntr opntr released this Jul 4, 2018 · 36824 commits to hardened/12-stable/master since this release

Warning: this is an important update! We changed back to OpenSSL from LibreSSL. Fore more information, please consult hardenedbsd.org[1] site!

Highlights:

  • MFC r335558: Add support for selectively enabling LLVM targets (62b732f)
  • HBSD: Switch back to OpenSSL as the default crypto lib (1087d59)
  • MFC r335569: pf: Support "return" statements in passing rules when they fail. (9e4899f)
  • MFC r335641: Fix a stack overflow in mount_smbfs when hostname is too long. (0b39c76) [FreeBSD-SA-Candidate]
  • MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI. (bad2d0f)
  • loader updates
  • bhyve updates
  • libpcap updates

Changelog

Oliver Pinter + (20):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (5):
      HBSD: Switch back to OpenSSL as the default crypto lib
      HBSD: Regen src.conf.5 after OpenSSL switch
      HBSD: Bump __HardenedBSD_version after OpenSSL switch
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

araujo (1):
      MFC r333622, r334019, r334084

avg (11):
      MFC r333997: uchcom: report detected product based on USB product ID
      MFC r333998: uchcom: add DPRINTF-s to aid debugging of the driver
      MFC r333999: uchcom: add a hardware configuration tweak seen in Linux code
      MFC r334000: uchcom: reject parity and double stop bits as unsupported
      MFC r334001: uchcom: remove UCHCOM_REG_BREAK2 alias of UCHCOM_REG_LCR1
      MFC r334002: uchcom: extend hardware support to version 0x30
      MFC r333638: calibrate lapic timer in native_lapic_setup
      MFC r333994: stop and restart kernel event timers in the suspend / resume cycle
      MFC r334204,r334338: re-synchronize TSC-s on SMP systems after resume
      MFC r333268: for bus suspend, detach and shutdown iterate children in reverse order
      MFC r334340: add support for console resuming, implement it for uart, use on x86

bdrewery (2):
      MFC r321427,r321445:
      MFC r330090:

brooks (1):
      MFC r335641:

cperciva (1):
      MFC r335553: Make CLOCK_PROCESS_CPUTIME_ID more accurate by including the current timeslice, matching the behaviour of CLOCK_VIRTUAL and CLOCK_PROF.

cy (1):
      MFC r335355:

dim (1):
      MFC r335558:

dteske (1):
      MFC r335607: check-password.4th(8): Fix manual [in]accuracy

eadler (2):
      MFC r334208:
      MFC r302776, r302799:

ed (1):
      MFC r335565:

gjb (7):
      Document an issue with emulators/virtualbox-ose reported in Bugzilla 228535.
      Add a few missing drivers to the 11-STABLE hardware page.
      Document that a few device drivers were omitted from the 11.2 hardware page.
      Add an errata note that the URL in UPDATING for source-based upgrades is incorrect.
      MFC r325107, r335665:  r325107 (eadler, partial):   Update the updating URL in UPDATING.
      Add an entry about an incorrectly-listed driver name in the 11.2 announcement.
      Add an errata entry regarding Bugzilla 228536.

hselasky (2):
      MFC r334277, r334376, r334378 and r334418:
      MFC r335461: Permit the kernel environment to set an array of numeric values for a single sysctl(9) node.

kevans (13):
      MFC r333122: seq(1): Provide some long options
      MFC r333156: uniq(1): Add some long options
      MFC r333157: cmp(1): Provide some long options
      MFC r330086, r333155: seq(1) improvements
      MFC r333192: fcntl(2): Vaguely document that ENOTTY is possible + examples
      MFC r333221: rsu(4) does not require legal.realtek.license_ack=1
      MFC r335404: sort(1): Fix -m when only implicit stdin is used for input
      MFC r335458: Add debug.verbose_sysinit tunable for VERBOSE_SYSINIT
      MFC r332395 (ian): Use explicit_bzero() when cleaning values out of the kenv
      MFC r335467: Don't remove loader.conf(5) when built WITHOUT_FORTH
      MFC r334878: libsa(3): Correct statement about FS Write-support, name change
      MFC r334882, r334884-r334885: loader(8) boot flag <-> environment fixes
      MFC r335642, r335651: config(8) envvar support

kib (10):
      MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI.
      MFC r335258: Remove unused file.
      MFC r334928: libc qsort(3): stop aliasing.
      MFC r335604: bhyve/vmrun.sh: make -L functional.
      MFC r333087 (by cem): amd64/mp_machdep.c: Fix GCC build after r333059.
      MFC r335503: Update proc->p_ptevents annotation to reflect the actual locking.
      MFC r335504: fork: avoid endless wait with PTRACE_FORK and RFSTOPPED.
      MFC r335505: linux_clone_thread: mark new thread as TDB_BORN.
      MFC r335253: Rework ofed build.
      MFC r335635: Do not leave stray qword on top of stack for interrupts and exceptions without error code.  Doing so it mis-aligned the stack.

kp (1):
      MFC r335569:

markj (1):
      MFC r334881: Add DW_LANG_* definitions from DWARF 4 and 5.

np (1):
      cxgbe(4): Determine early in the ioctl whether it is allowed to sleep or not, instead of always starting a non-sleepable operation and re-adjusting later.  This ensures that an operation that is allowed to sleep (ifconfig up/down) never fails with EBUSY on the initial attempt to start a synchronized operation.

robak (1):
      MFC r327317:

slavash (1):
      MFC r335282: Fix false positive on failure

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-bootonly.iso) = 1df1060cea47345ddaa4be6a93de16f5443a5e4b299e58aa89aaa5c9af16251d80cdd76f4b7a083686b78e3cafbf361c69b844fb6b75ca7919f969cbffe769ad
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-disc1.iso) = 78281285ea05b4adeb1933c50e780054419edd6aabccd350df6304a06b9fca02ea39863a2a1edaa9d615ff8c2cf78e63e2fc0f254adab4da8f3f7ed618ee52c2
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-memstick.img) = 0000bcab6e06421c7fdf0054cd13ecc339f8dc894082fe3a6f0d7b5039b7313fa14f14ee1db1d84ad5b7ad6679c1bd53438d52ebb819a67786d8e29c09d956e1
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-mini-memstick.img) = 08066dc2de7e19a7535188fe30d79bf7bd78c6fc877001a75d562b5e1ace2fb31a7e429cf6022d13e15e4d0a4cefa6b9ba8787725ad545e8aa32020193503338

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAls8Mr0ACgkQgZsRom/9
GI0WzxAA0uatTUXE+5ukll9Ehvnkd077UoS0hUhVoYw/OuPt/zm4RQH3q/ADWlaM
Fbm2yPPU/JHBISg6cE9HSDCu//dMe+9MS8Jx1GuoTihRBwQ3/9skIYeUeNIiOixf
55y13PHBHlLoXKnEuGJEbBUAFr4a5cltl3Uqbtla2ltFXsBE0tEAuZw/f4DbsvIB
TekXruGiuOzypLT/B2SMVTA0a9JwQ8S3A7avvUU+jpuvJcibb7ZMEvMmzpnuuBdd
QGsvanXRXMrB7o17PQSjGwtShpPuFER3ZKQ06FwT5h4mvk+oN8TkmEZrZfzNngD4
qLhuXf+4xe+VJyDBV+daHumwrvnFph50MB+jqkTHUmXOOZQmDXIyW6GIx7MjW8en
jfPzrD21W/LGr5ntKAggETOPN/h3sUl5Ukd3ZZhwNrouaT8Locl4wF4UXVtKFjgK
Z73ty+S1q9xIJm53tfH0qQSdf9ZmcTJZPy4yv28btjnznkF52UbAL4poP1OTH64p
xIjR7erdN2y7KxIcU/8zaYpBIHNYlFppSX6CGK6gvLK1XiUky03lnquX26oM+9Jv
bsWswNJRUsZ4hQtYqXT0LihGh7M+niY9xxbDlaXjZ+L/ie40RF4SdPhcnp56WBc8
eChcSRM0dzNYQYWOkUUqX41hL5IiLySurD+GgTBIOB16kIGabfQ=
=HMQk
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100056.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
[1] https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl

Assets 2
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.