@opntr opntr released this Aug 27, 2018 · 98 commits to hardened/11-stable/master since this release

Assets 2

Highlights:

  • MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64. (ebd8a26)
  • MFC r337615: Fix a really subtle miscompile due to a somewhat glaring bug in EFLAGS copy lowering. (24eeeec)
  • MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7. (121df03)
  • MFC r337969: pf: Limit the maximum number of fragments per packet (340f9f0) [CVE-2018-5391]
  • HBSD: hook in hbsdcontrol into build (09a80cf)
  • HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol (1326740)
  • MFH r337745: Sync libarchive with vendor.. (02f8199) [CVE-2017-14501]
  • MFC: r337791 Merge OpenSSL 1.0.2p. (04b30e3) [CVE-2018-0732 CVE-2018-0737]
  • MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data (89cd8f5) [CVE-2018-14526 FreeBSD-SA-18:11.hostapd]
  • MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531 Update wpa 2.5 --> 2.6. (2c0c29a)

Changelog

Oliver Pinter (7):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol
      HBSD: hook in libhbsdcontrol
      HBSD: hook in hbsdcontrol into build
      HBSD: remove ZFS leftovers when WITHOUT_ZFS is set
      HBSD: remove hyper-v leftovers when WITHOUT_HYPERV is set
      HBSD: and one more round of ZFS leftovers

Oliver Pinter + (27):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Piotr Kubaj (2):
      HBSD: fix wpa_supplicant builds with LibreSSL
      HBSD: And missing bracket to wpa_supplicant's tls_openssl.c

Shawn Webb (3):
      HBSD: Partially resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (2):
      MFC r337469:   Use host byte order when comparing mss values.
      MFC r337536:   If -q flag is specified, do not complain when we are trying to delete   nonexistent NAT instance or nonexistent rule.

avatar (1):
      MFC r338038: Extending the delay cycles to give the codec more time to pump ADC data across the AC-link.

brooks (1):
      MFC r337727:

cperciva (1):
      MFC r336420,336433,336593,336621,336622,336624,337394,337401,338141

cy (6):
      MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531
      MFC r337558, r337560
      MFC r337410:
      MFC r338045:
      MFC r338046:
      MFC r338047:

delphij (1):
      MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data

dim (2):
      MFC r337322:
      MFC r337615:

eadler (1):
      MFC r333919, r333922, r333944, r337442:

emaste (1):
      MFC r337569: readelf: display NT_GNU_PROPERTY_TYPE_0 note name

eugen (2):
      MFC r336461: bge(4): disable MSI for BGE_ASICREV_BCM5784/BGE_CHIPREV_5784_AX found in some MacBook Pro.
      MFC 338013: bsnmpd(8): fix and optimize interface description processing

gjb (3):
      MFC r337717, r337718:
      Document SA-18:09 through SA-18:11.
      Fix the BEAGLEBONE image build on stable/11.

hselasky (6):
      MFC r337529: Implement missing atomic_fcmpset_XXX() support for i386.
      MFC r337232: Implement ktime_add_ms() and ktime_before() in the LinuxKPI.
      MFC r337373: Define __poll_t type in the LinuxKPI.
      MFC r337374: Implement atomic_long_cmpxchg() function in the LinuxKPI.
      MFC r337376: Implement current_work() function in the LinuxKPI.
      MFC r337527: Use atomic_fcmpset_XXX() instead of atomic_cmpset_XXX() when possible in the LinuxKPI.

jamie (3):
      MFC r331332:
      Load filesystem modules associated with allow.mount permissions.
      MFC r337867:

jkim (1):
      MFC:	r337791

kevans (18):
      ubldr: Bump heap size, 1MB -> 2MB
      MFC r337520: Fix WITHOUT_LOADER_GELI (gptboot) and isoboot in general
      MFC r337504: apply(1): Fix magic number substitution with a magic space
      MFC r337506: ls(1): Enable colors with COLORTERM is set in the environment
      Revert r337826: MFC of ls(1) COLORTERM honoring
      MFC r337559: Makefile.inc1: Add libl to -legacy as well
      MFC r335785, r335812
      MFC r336184: net80211: Fix ifdetach w/o ifattach, small whitespace cleanup
      MFC r337570-r337573
      MFC r337665: krb5-config build: Remove gratuitous escaping
      MFC r337523: libsa: exit on EOF in ngets
      MFC r337524: libi386: Fix typo in pxe.h
      MFC r337666: getopt_long(3): Document behavior, optstring leading characters
      MFC r337696: Use INCS for non-sys/ libnvpair and libzfs_core includes
      MFC boot tagging support:  r337518, r337544-r337546, r337548, r337579-r337580, r337952
      MFC r338120: config(8): Allow escape-quoted empty strings
      MFC r338020: res_find: Fix fallback logic
      MFC r337906: Document KERNCONFDIR

kib (9):
      MFC r337770: Fix typo.
      MFC r337330: Swap in WKILLED processes.
      MFC r336570: Enable OFED build (without extras) by default. For stable/11, this is only done on amd64.
      MFC r338048: Use tab for indent.
      MFC r338049: Clarify that memset_s(3) requires __STDC_WANT_LIB_EXT1__ for visibility. Fix typos and other nits.
      MFC r338051: Provide set_constraint_handler_s(3) man page.
      MFC r338016: Print L1D FLUSH feature.
      MFC r337981: Reorder alphabetically.
      MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64.

kp (2):
      MFC r337643:
      MFC r337969:

loos (6):
      MFC r312953:
      MFC r313911:
      MFC r317800:
      MFC r321649:
      MFC r312770 and r337854:
      MFC r321316, r337860:

markj (3):
      MFC r337328: Don't check rcv sockbuf limits when sending on a unix stream socket.
      MFC r337230: Verify that each frame pointer lies within the thread's kstack.
      MFC r337500: Use the right variable when updating interface routes.

mm (1):
      MFH r337745: Sync libarchive with vendor..

pfg (4):
      MFC r337458, r337618: Fix printf(1) ignores width and precision in %b format.
      MFC r337422: libc: fix cases of undefined behavior.
      MFC r337456: msdosfs: fixes for Undefined Behavior.
      MFC r337728: (committed by jilles) printf: Add test for width and precision in %b format

rmacklem (2):
      MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7.
      MFC: r337438 Allow newnfs_request() to retry all callback RPCs with an NFSERR_DELAY reply.

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.4/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-bootonly.iso) = c39f7dc83fa405852bdf0d67ddd9767248d51089d267a7c63033d7bb10a525341f1406ac1856d32d9004fa271ae70c94bf2726fd40de57f55a2bc14d757668cc
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-disc1.iso) = 0ad47e752f7e309d6651b249429022f5e9970c169162af4f20fe1aff99f07be533f5a18e453ea2dbfb513e256fb37cf009ba0d09fb7e7f58ed6a36a245400c90
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-memstick.img) = 3f1723169babd884f960328165e32aff9e8fe5eabafcbb8c67e6cf317fae19ce3740e54dd80ccbef9ba0ba14087aabc85745b5e707a9dce30a6278357723916d
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-mini-memstick.img) = 763803d0d996b381a15eb54491684269ee09407366b75fa68d82cb8e1e3f10dd5b9b2ea6908be237c7cbd364f980eab8b40c5694fe46ebb87c7190b5a6972d7d

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAluDUNgACgkQgZsRom/9
GI3xJxAAndi77pvbsXre+A0/LQ6B9rFd6ZUHj/Jk2yWZGF/A7Yr5VVEgBNzuff9y
3iU/Ma9SGBG5jTSo/LxIvZhw/cibp1U87+8Kisf9iGqbgXNKWlZNHeK9uzH+g2Zp
lNVxuLGFSeBULm3PijOBsMRTlxmT7Y9i54wNGB3pmLB1b8tXCasMaw8ivbjlW0B8
mjNml9XNrSxPl+nO8u3dfRGAa55PGdwe9mN7fKFB9DAyjG4S68UDhax8/p3Q8WNE
I4FlPNsRujc+M+qSupl5j4xxbBuwsLz93chC6e8DBBD604Pllk5o0C41XJ07yEQE
QxQSpXwvKwztf5IkooP8OTPKkdmuM2W0KWuwWp+/Y4zhQDG5SseBy12xvSFMKB/z
d5vw9FwTg0N0PD5ZYW0mHagWWeyyT+HVSQdxt8GK5iAnyIRe7bP0UjDjyBVMgqHp
d6BFYPi6Qg4hjD6bZCyqLo4oDjsEQrdr6d1ijk+8LyMdQtnHPjRn5c7avqqkQFrc
99jtK2Y/zZuXj4D1OmGvpz0+btaQ6suJHc2rWqRcID02U/gwnD3zoTF5I852KpAv
H1rnK60C0BdFEAwEjcwZKq28mtTIsfsKBRTeuTUZIk8ij2xx7y8+9e8n25kYJbOS
dSg1WSgfLYttR6Cqv66a9NXWC1IaF5RXlVN4BCB/9L9yKpj9CK4=
=j6H/
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100056.4.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt