Assets 2

Highlights:

  • MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from (4bfdb79) [FreeBSD-SA-18:12.elf CVE-2018-6924]
  • MFC r338126: MFV r338092: ntp 4.2.8p12. (900dde8) [CVE-2018-12327]
  • MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI. (d9d4e90)
  • MFC r333063: Update ELF Tool Chain to r3614 (e90f3bf)
  • MFC r337505, r337865, r337869: dd status=progress (8c00a8c)

Changelog

Oliver Pinter (2):
      HBSD: update motd file
      HBSD: add .tags to .gitignore

Oliver Pinter + (27):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Piotr Kubaj (2):
      HBSD: Fix wpa build with LibreSSL 2.6
      HBSD: Correct OPENSSL_VER in LibreSSL

ae (1):
      MFC r337736:   Restore ability to send ICMP and ICMPv6 redirects.

cy (1):
      Avoid printing extraneous function names when searching man page database (apropos, man -k). This commit Replaces .SS with .SH, similar to the man page provided by original heimdal (as in port).

delphij (3):
      MFC r336754: Improve --strip-trailing-cr handling.
      MFC r337522:
      MFC r338126: MFV r338092: ntp 4.2.8p12.

ed (1):
      MFC r336086:

emaste (4):
      MFC r337045: libelf: reload section headers after update with ELF_C_WRITE
      MFC r333062: elf_common.h: add DT_SUNW_ASLR tag
      MFC r336745: elf_common: update ARM ABI flag names
      MFC r333063: Update ELF Tool Chain to r3614

eugen (3):
      MFC r316615 by sevan: Remove the last vestiges of FDC_DEBUG & FD_DEBUG
      MFC r316623: fix build after incomplete MFC r338544 by me.
      MFC r338468: Fix "ipfw fwd" to work for incoming IPv4 packets when ip_tryforward() chooses fast forwarding path, as it already works for IPv6 and for both of them on old slow path.

gjb (1):
      Fix the port name in the 2018-06-26 errata entry for 11.2-RELEASE.

gordon (1):
      MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from disclosing memory.

hselasky (9):
      MFC r338489: Maximum number of mbuf frags is off-by-one for worst case scenario in mlx5en(4).
      MFC r338490: Don't stall transmit queue on drops in mlx5en(4).
      MFC r338492: Add support for receive side scaling stride, RSSS, in mlx5en(4).
      MFC r338493: Make the MSIX module parameter limit per device, in mlx5en(4).
      MFC r338495: Add proper support for VIMAGE to krping.
      MFC r338526: Implement get network interface by params function in ipoib.
      MFC r338541: Introduce and use sgid_index in CM requests in ibcore.
      Fix compile warning about missing prototype when WANT_FUNCTIONS is defined.
      MFC r338491: ibcore: Fix endless loop in searching for matching VLAN device

jhb (3):
      MFC 332906,332907,332976,333679,336053: Expand testing of breakpoints.
      MFC 332909: Report proper signal codes for SIGTRAP traps on MIPS.
      MFC 332908: Add two tests for TRAP_* signal codes for SIGTRAP.

kevans (1):
      MFC r337505, r337865, r337869: dd status=progress

kib (15):
      MFC r337714: Prevent some parallel swap-ins, rate-limit swapper swap-ins.
      MFC r337983, r338044: Add pthread_get_name_np(3).
      MFC r338312: Unify amd64 and i386 vmspace0 pmap activation.
      MFC r338313: Remove dead code in i386 cpu_throw().
      MFC r338024: Rudimentary AER reading code for ddb(4).
      MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI.
      MFC r338357: Fix compat32 ftruncate cap mode.
      Regen.
      MFC r324856: Don't call realpath(3) from libmap rtld code.
      MFC r338428: Style cleanup.
      MFC r338370: Remove {max/min}_offset() macros, use vm_map_{max/min}() inlines.
      MFC r338459: amd64: For non-PTI mode, do not initialize PCPU kcr3 to KPML4phys.
      MFC r338433: Normalize use of semicolon with EFI_TIME_LOCK macros.
      MFC r338435: Improve error messages from clock_if.m method failures.
      MFC r334856, r338434: Don't bother looking for non-executable pages when a process is excluded from PTI.

kp (2):
      MFC r338183, r338183:
      MFC r338406:

lidl (1):
      MFC r338201: increase heap size during "loader" on sparc64

marius (2):
      MFC: r338304
      MFC: r338261

markj (12):
      MFC r338142: Set arc_kmem_cache_reap_retry_ms to 0 and make it configurable.
      MFC r333280: Style.
      MFC r332968: Add a UMA zone flag to disable the use of buckets.
      MFC r337926: Add partial documentation for dtrace(1)'s -x configuration options.
      MFC r338365: Add a sysctl for the ZFS abd_scatter_enabled setting.
      MFC r338350: Add missing endpwent() and endgrent() calls to nfsuserd(8).
      MFC r338416: Re-compute the ARC size before computing the MFU target.
      MFC r338375: sed: Fix -i option behavior with 'q' command.
      MFC r337974: Add INVARIANTS-only fences around lockless vnode refcount updates.
      Revert an unintentional change from r338462.
      MFC r337423: Improve handling of control message truncation.
      MFC r337329: Fix the regression test for PR 181741.

mav (2):
      MFC r338105: Remove extra M_ZERO from NG_MKRESPONSE() argument.
      MFV r338288: Unblock speculative prefetcher also on pool creation.

oshogbo (2):
      MFC r337965:   capsicum: allow the setproctitle(3) function in capability mode
      MFC r314000:

philip (2):
      MFC r319508:   Fix a memory leak with last   free memory allocated to 'buf'
      MFC r338353:   Add libxo(3) support to lastlogin(8).

sobomax (1):
      MFC r312296 and r323254, which is new a socket option SO_TS_CLOCK to pick from several different clock sources to return timestamps when SO_TIMESTAMP is enabled and two new nanosecond-precision timestamp types. This also fixes recvmsg32() system call to properly down-convert layout of the 64-bit structures to match what 32-bit app(s) expect.

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.5/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-bootonly.iso) = 5b0deba102a2c9da3fe3fcc015c3217b95ad63a01d83a0c33a6934f805486f8f0482ef6e60d3f209c4a996bd309cccb404b84cc5ded2724589f95f12106a660c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-disc1.iso) = 5b37ba3d75559d8cf9745f9b9c1898f402636949159ef9dc0a40dec31a0d839bd68cd3ca73aa69eef7c2adbf7fe18a6ac6363000cf7930c34cc0b2964be0e29c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-memstick.img) = c8b90115ae6585da0288d6017b896d23bfbd68ea821d04585422cfce36edef61507f076264c03f7298fbc8104f79ebb42d68c3ac4d9542e8795d26ce0ddc8946
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-mini-memstick.img) = d76c735ff59bd2ebccdd13e353c2ccd2694aa056d1d656df16ae65dadd589ce26062184a18e2bfaba4acde7290c2aecd7ecbe6031dcd4f7c4b443ce0e1afbeec

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAluZ1ZUACgkQgZsRom/9
GI37txAAkyqAsGx0mCUsKu8JWnnhw3DG1n0KMRJ+aSvWYIGL+b0fN4kTivhBKSVs
Ln/FKfvymQ5jVLDSOXRbwI9hd/Kadm967Vp0/lI2wBZfsrJ6oPUMs0cfCzJ8ZE9/
i76lCY8icS1Wl/eTKA5dPwSZSuJcYVbxXhg4zK2pMssOfFTGhycHGd86Znvfe/LM
qlybRqG4uC70rWQc3IgqrgMa1/cvCMSmKb792l2Bfs2FmLoXatxYtkjsWtnMWDQL
TGTcv0fOL5NRSXRlJj4QP+4NNpKq3ThN3kW2svJZzqMZRG+QZsIm7kfIbmleXHWQ
54r26dj1C74oR1r8CAC2OyiDJaGx19a7FXM/gdg/9AuTyMO4kEX7DyJhRAxZBchi
hr/uF+uiKS1BTXQOd2/Xjb8bkPl1TRnCa7N+BZoEToHWIUHCeiHRMD5K85Kyvue8
OA3ruhtW9dDYcq8WVoWSaAJdZpWQZGM3iPfwNI2P5YgdRGBDg51dYgMq2ofDueCc
0XJkeU+ysp+tlYPmYhLIqhZR1vA4iLzlXPa+0srITQJWbkS0WC+0cZqPgtyyIGBp
lQc8VWu+ncCKluZzndgff6SBE8404YRjgt8VQvJZqE2P1gZMwN4oGLmLnnyQVdYu
Qj98k0AkvLD2t7//cAFP62HTazpMfodhOt9ny2F0Zw9UEnSbTKk=
=sBkB
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100056.5.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt