Skip to content

@opntr opntr released this Aug 9, 2018 · 37244 commits to hardened/12-stable/master since this release

Highlights:

  • HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes. (6840ef5)
  • crypto/libressl: Security update to 2.6.5 (ace3164)
  • MFC r336761 & r336781: Allow a EVFILT_TIMER kevent to be updated. (a1143bb)
  • MFC r337384: Address concerns about CPU usage while doing TCP reassembly. (db2e2ee) [FreeBSD-SA-18:08.tcp CVE-2018-6922]
  • MFC r336919, r336924: efirt: Add tunable to allow disabling EFI Runtime Services
  • Libarchive update (3ff0943) [CVE-2017-14503]
  • HBSD MFC r313168: Fix VIMAGE-related bugs in TFO. (7a58c5a)
  • HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error (c4bda35)
  • MFC r336763: Add workarounds for several Ryzen erratas, on amd64. (b261576)
  • MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server. (88b6d0a)
  • MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state. (e0245ae)
  • MFC r336188: Improve bhyve exit(3) error code. (ff4bc3f)
  • HBSD: Really bring hbsd-update current (630cab9)
  • mlx5 updates
  • ofed updates
  • arm64 updates
  • msun updates

Changelog

Bernard Spil (1):
      crypto/libressl: Security update to 2.6.5

Oliver Pinter (6):
      HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error
      HBSD MFC r330000: Fix harmless locking bug in tfp_fastopen_check_cookie().
      HBSD MFC r313168: Fix VIMAGE-related bugs in TFO.
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: resolve merge conflict in sys/amd64/amd64/pmap.c after 29d795aae8d763aa6c7d9825fcf50085b9e13c9b
      HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes.

Oliver Pinter + (26):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (3):
      HBSD: Really bring hbsd-update current
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

araujo (1):
      MFC r336188:

asomers (4):
      MFC r332631:
      MFC r335899:
      MFC r336205:
      MFC r336319:

avg (4):
      MFC r334479: call AcpiLeaveSleepStatePrep after re-enabling interrupts
      MFC r334786: x86: reorganize code that deals with unexpected NMI-s
      MFC r335934: remove unneeded inclusion of sys/interrupt.h from several files
      MFC r336641: fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check

dab (2):
      MFC r336457:
      MFC r336761 & r336781:

delphij (2):
      MFC r336156:
      MFC r336236: Detect and handle invalid number of FATs.

dexuan (1):
      MFC: 336426

dim (1):
      MFC r327400 (by eadler):

eadler (2):
      MFC r335629:
      MFC r335631:

emaste (2):
      MFC r336664: lld: fix addends with partial linking
      MFC r335459: acpidump.8: include NFIT in the man page list of tables

gjb (4):
      Following r336726, explicitly invoke the 'obj' target when setting BOOTFILES.  On stable/11, without this change, the .OBJDIR expands to /usr/src/stand instead /usr/obj/<foo>.
      As part of r336741, BOOTFILES needs special handling when cross building on stable/11, where the path should be:
      MFC r336721, r336750 [1]:
      Document SA-18:08.

hselasky (52):
      MFC r335669: Improve the userspace USB string reading function in LibUSB. Some USB devices does not allow a partial descriptor readout.
      MFC r335700: Improve the kernel's USB descriptor reading function. Some USB devices does not allow a partial descriptor readout.
      MFC r336632: Update modify counter when setting a mixer control.
      MFC r335094 and r335123: Revert r335094 and properly fix OFED build after r335053.
      MFC r336363: Process address resolve requests at least one time per second in ibcore.
      MFC r336364: Only update source address when resolving is successful in ibcore.
      MFC r336365: Add lock to multicast handlers in ibcore.
      MFC r336366: If the MGID/MLID pair is not on the list return an error in ibcore.
      MFC r336367: Add native FreeBSD support for multicast in ibcore.
      MFC r336368: Fix for RDMA loopback over VLAN in ibcore.
      MFC r336369: For multicast functions in ibcore, verify that LIDs are multicast LIDs.
      MFC r336370: Set RoCEv2 MGID according to spec in ibcore.
      MFC r336371: Set default GID type as RoCE when resolving RoCE route in ibcore.
      MFC r336372: Add support for prio-tagged traffic for RDMA in ibcore.
      MFC r336373: Ensure that CM_ID exists prior to access it in ibcore.
      MFC r336374: Avoid that ib_drain_qp() triggers an out-of-bounds stack access in ibcore.
      MFC r336375: Fix access to non-initialized CM_ID object in ibcore.
      MFC r336376: Fix NULL pointer dereference during device removal in ibcore.
      MFC r336377: Fix kernel panic while using XRC_TGT QP type in ibcore.
      MFC r336379: Check for a cm_id->device in all user calls that need it in ibcore.
      MFC r336380: Check AF family prior resolving address and introduce safer rdma_addr_size() variants in ibcore.
      MFC r336381: Fix kernel crash during fail to initialize device in ibcore.
      MFC r336382: Depend on IPv6 stack to resolve link local address for RoCEv2 in ibcore.
      MFC r336383: Check port number supplied by user verbs cmds in ibcore.
      MFC r336384: Fix for loopback detection in address resolve logic in ibcore.
      MFC r336385: Set IPv4 TOS and IPv6 traffic class field for RoCEv2 traffic in ibcore.
      MFC r336386: Honor port_num while resolving GID for IB link layer in ibcore.
      MFC r336387: Honor return status of ib_init_ah_from_mcmember() in ibcore.
      MFC r336388: Add support for RoCEv2 multicast in ibcore.
      MFC r336389: Add support for IPv6 multicast in ibcore.
      MFC r336391: Use __FBSDID() for RCS tags in ibcore.
      MFC r336964: Only NULL check the VNET pointer when VIMAGE is enabled in ibcore. Else a NULL VNET pointer should be ignored. This fixes address resolving when VIMAGE is disabled.
      MFC r336392: Implement support for Differentiated Service Code Point, DSCP, in mlx5en(4).
      MFC r336393: Use static device naming instead of dynamic one in mlx5ib.
      MFC r336394: Don't pass unsupported events to ibcore from mlx5ib.
      MFC r336395: Update version information for the mlx5ib module.
      MFC r336396: Remove redundant newline character in mlx5core.
      MFC r336397: Refactor access to CR-space into using VSC APIs in mlx5core.
      MFC r336398: Make sure the state variable is set atomically instead of using a mutex in mlx5core.
      MFC r336399: Remove redundant call to mlx5_vsc_find_cap() in mlx5core.
      MFC r336401: Correctly write atomic variable in mlx5en(4).
      MFC r336402: Do not hint about 'trust both' mode when the mlx5en(4) hardware does not support it.
      MFC r336403: Add context numbers for HW elements in mlx5en(4).
      MFC r336404: Enable both receive and transmit pauseframes by default in mlx5en(4).
      MFC r336407: Handle jumbo frames without requiring big clusters in mlx5en(4).
      MFC r336410: Add module parameter to limit number of MSIX EQ vectors in mlx5en(4).
      MFC r336411: Use a mbuf header instead of a mbuf cluster for debugging interrupts in mlx5en(4).
      MFC r336450: Do not inline transmit headers and use HW VLAN tagging if supported by mlx5en(4).
      MFC r336451: Update version information for the mlx5 and mlx5en(4) modules.
      MFC r336452: Add ability to parse sysfs paths under FreeBSD in libibumad.
      MFC r336453: Use unspecified address family when connecting as a client in libibverbs example utilities.
      MFC r337056: Don't refer to non-existing atomic functions, even though not compiled, in the LinuxKPI.

jhb (3):
      MFC 330823,332335: Cosmetic cleanups to some Linuxulator files.
      MFC 332782: Simplify the code to allocate stack for auxv, argv[], and environment vectors.
      MFC 333416: Report TRAP_BRKPT for breakpoint traps on sparc64.

jtl (2):
      MFC r337384:
      MFC r337390: Bump date after r337384.

kevans (6):
      MFC r307967,324082,325955: config(8) fixes
      MFC r335526: Let -s actually work.
      kenv MFC: r335998, r336019, r336026, r336036, r336217, r336335, r336337, r336415-r336416, r336419
      MFC r336973-r336975
      MFC r336152-r336154, r336157
      MFC r336919, r336924

kib (6):
      MFC r336498: When reporting an error, print the errno value.
      MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state.
      MFC r336763: Add workarounds for several Ryzen erratas, on amd64.
      MFC r336980: Provide compat32 shims for sched_rr_get_interval(2).
      Regen.
      MFC r336987: For compat32, emulate the same wraparound check as occurs on the real ILP32 system.

manu (2):
      MFC r336598-r336600, r336721
      MFC r336997:

markj (12):
      MFC r336460: Port r324665 and r325285 to arm64.
      MFC r336504, r336507: Provide the full module path to preload_delete_name().
      MFC r336556: Initialize the L3 page's wire count correctly after a L2 entry demotion.
      MFC r336591: Disable optimization of the libproc test program.
      MFC r336614: Add a regression test for PR 131876.
      Revert r335693, r335694, r335695 by eadler.
      MFC r336922: Remove a redundant check.
      MFC r336505, r336764 Have preload_delete_name() free pages backing preloaded data.
      MFC r337015: COMPAT_LINUX32 has not depended on COMPAT_43 in some time.
      Fix a mismerge in r337262.
      MFC r337323: Fix a flag collision introduced in r327451.
      MFC r336957: Add a regression test related to PR 131876.

mav (2):
      MFC r308296 (by scottl): asc/ascq 44/0 is typically a non-transient, permanent error (at least until the components are reset).  Therefore retries are pointless.  This is very visible in SATL systems, for example an LSI SAS controller and a SATA HDD/SSD.
      MFC r336590: Stop further SCSI recovery attempts after one has failed.

mm (1):
      MFH r336801,r336854:

np (1):
      cxgbe/iw_cxgbe: Do not call soaccept twice on the same socket.

pfg (1):
      MFC r336926: sed: unsign some indexes to fix sign-compare warnings.

rmacklem (5):
      MFC: r334492 Add the BindConnectiontoSession operation to the NFSv4.1 server.
      MFC: r334966 Add a couple of safety belt checks to the NFSv4.1 client related to sessions.
      MFC: r335866 Fix the server side krpc so that the kernel nfsd threads terminate.
      MFC: r336215 Ignore the cookie verifier for NFSv4.1 when the cookie is 0.
      MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server.

rpokala (1):
      MFC r336662,r336682

slavash (1):
      MFC r334318:

wulf (2):
      MFC r334555:
      MFC r336577:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.2/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-bootonly.iso) = 2f75e591853aa932b8a6576ff5499b530fbddd0974a19463cd88b269e9faed6021282204485240486608033b3e05d9ed65463849263785efe9a97b7cc0065a50
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-disc1.iso) = 25545b3ab97265b53984609886b5bd2941a4140a742d5285816bbb37720584a20e8d9f16fa001eb854aa27c498a6341af0e48848109aceafea0086ab451527bc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-memstick.img) = 3d6080deccb880b1e228636869598e0763cb40d4ec1a228d82b39f9a169cec1f5c846db3ccc2045e654ec8880c27c2e9be4b873c6201c5bae3060a6b923106fc
SHA512 (HardenedBSD-11-STABLE-v1100056.2-amd64-mini-memstick.img) = cb49fa02e29d9aacf18d84e94bcdfe0d90f874903047dcb4bf06aae40ec54b0b4f68114a38d54599d04a0f972ffd1f60d9ddfbb2a06e5c3a2a4682cf59d934c1

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAltrW9gACgkQgZsRom/9
GI1MVRAA0xwNbOIVimbAyxqmkYuF1DhqgJmLT2Gr3pN9pg03LLpGH0f6rVCi/cKM
Sr1rY3O7eOSUvc6vhQroQT3B1APU2YCEv3VO3vY0oc9wcw1qpcogkHrsjlxUlMlD
B4PaiUtHCyHiYI5xfMKt+/kmwLUUOSapUhfv1A3HfpQOJrd7jCtBekhOjZJHbVAH
ZDJnsjio4P7aXxIm7LGxuk8EU+C8Sj+oqGZpSqsfjoaBvTvqDTSSII1z1HoLCHDx
Zmx2zSX5dhwLHvbs89sTfd2WU3898r0FRibMnKZFPsoLGzEzrMjQRxnY8IS328Gj
FPbcWGgjT0P/NdhKe+HXyhmrq/ZQLZJEqbSz5x528ZXboQvQA5JXeXqstnqNWQiv
OO9C9qtXD/uLgW76FYBiEElhS/G1bD5FrCzLfIzuBcrmx2Un+FNt/vrB3EjSlk8L
Zyhfa6tb+n3t44J1HYMSgzQ+7ulOrZrYkT2we3qN2p+JnzKBAWIpIXKz/g/r0dRw
K9tAyBCqEGXpNE521i24G26gurm7HqzamrvwphNW71ju3TEd9PZDqi++3Bm6aF3J
mADB7Tts8JBmD0fkp/8lyCiIlonmCVdQZ7cJMkVX6i+yLBvEG91fKq3c37zKuT2R
FMYnU4PIf/AdzNASWYBwVVJZ7dNkgSHUJyU1zXvkjuchvNA/tiw=
=eU3I
-----END PGP SIGNATURE-----

CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
shortlog-HardenedBSD-11-STABLE-v1100056.2.txt

Assets 2
You can’t perform that action at this time.