HardenedBSD-11-STABLE-v46.13

@opntr opntr released this Jan 11, 2017 · 12394 commits to hardened/10-stable/master since this release

WARNING: this is a security update!

Highlights:

  • Fix multiple OpenSSH vulnerabilities. (6fd1410) [https://security.freebsd.org/advisories/FreeBSD-SA-17:01.openssh.asc]
  • Changed settings for newsyslog (30d7a97741a4aa2e5059ce55bebac16fab)
  • Added /var/log/pkg.log log to store the packages lifecycle
  • Added support for SafeStack - disabled by default
  • Hypver-V updates
  • Clang 3.9.1
  • am-utils 6.2
  • hbsd-update-build cross-build support (b856ea9)
  • file 5.29
  • regression fix for SA-16:37.libc (6a7e18f)

Changelog

Oliver Pinter (9):
      HBSD MFC: Use correct size type in do_setopt_accept_filter
      HBSD: welcome 2017!
      HBSD: remove unneeded CTRs from ASLR code
      HBSD: Enhance bsdinstall hardening menu
      HBSD: print the proper name in bsdconfig
      HBSD: kern.randompid is read-only in HardenedBSD, remove this option
      HBSD: SafeStack isn't enough mature for 11-STABLE, disable them
      HBSD MFC: Fix PMC architecture check to handle later IPAs including Skylake.
      HBSD: log pkg changes to /var/log/pkg.log

Oliver Pinter + (95):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (22):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      HBSD: Check for failed acl_dup
      HBSD: Use VOP_GETATTR instead of vn_stat in SEGVGUARD
      HBSD SEGVGUARD: Check if SEGVGUARD is active before doing any work
      HBSD: Whitespace change for hbsd-update-build
      HBSD: Only care about the last TXT record
      HBSD: Teach hbsd-update-build to cross-build
      HBSD: Introducing SafeStack
      HBSD: Add SafeStack flags to CXXFLAGS
      HBSD: Do not enable SafeStack for LIB32
      HBSD: Enable SafeStack for amd64 by default
      HBSD: Add SafeStack src.conf.5 documentation glue
      HBSD: Install librt to /lib
      HBSD: Add librt from /usr/lib to ObsoleteFiles.inc
      HBSD: Style change to librt Makefile
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (6):
      MFC r309660:   Convert result of hash_packet6() into host byte order.
      MFC r309257:   Rework ip_tryforward() to use FIB4 KPI.
      MFC r309883:   Add ip6_tryforward() - a run to completion forwarding implementation   for IPv6.
      MFC r310783:   When we are sending IP fragments, update ip pointers in IP_PROBE() for   each fragment.
      MFC r310785:   Convert ipv4_flags and ipv4_offset fields into host byte order.   Also save only high bits in the ipv4_flags, because it is defined   as uint8_t. So now it will show DF and MF flags as 0x40 and 0x20.
      MFC r310258:   ip[6]_tryforward does inbound and outbound packet firewall processing.   This can lead to change of mbuf pointer (packet filter could do m_pullup(),   NAT, etc). Also in case of change of destination address, tryforward can   decide that packet should be handled by local system. In this case modified   mbuf can be returned to the ip[6]_input(). To handle this correctly, check   M_FASTFWD_OURS flag after return from ip[6]_tryforward. And if it is present,   update variables that depend from mbuf pointer and skip another inbound   firewall processing.

allanjude (1):
      HBSD MFC: Increase the default rotation threshold of log files from 100kb to 1000kb

araujo (1):
      MFC r309392, r309393

arybchik (65):
      MFC r310627
      MFC r310677
      MFC r310678
      MFC r310679
      MFC r310680
      MFC r310682
      MFC r310683
      MFC r310684
      MFC r310681
      MFC r310685
      MFC r310686
      MFC r310687
      MFC r310688
      MFC r310689
      MFC r310690
      MFC r310691
      MFC r310692
      MFC r310693
      MFC r310694
      MFC r310695
      MFC r310696
      MFC r310699
      MFC r310704
      MFC r310708
      MFC r310709
      MFC r310713
      MFC r310714
      MFC r310715
      MFC r310716
      MFC r310717
      MFC r310719
      MFC r310741
      MFC r310742
      MFC r310745
      MFC r310746
      MFC r310747
      MFC r310748
      MFC r310749
      MFC r310752
      MFC r310754
      MFC r310755
      MFC r310756
      MFC r310758
      MFC r310760
      MFC r310762
      MFC r310764
      MFC r310770
      MFC r310810
      MFC r310811
      MFC r310812
      MFC r310819
      MFC r310820
      MFC r310765
      MFC r310744
      MFC r310750
      MFC r310753
      MFC r310816
      MFC r310813
      MFC r310818
      MFC r310814
      MFC r310815
      MFC r310817
      MFC r311638
      MFC r311639
      MFC r311640

asomers (1):
      MFC r308806

avg (21):
      MFC r308480: pmc_process_csw_out: ignore deleted counters
      MFC r308527: smb: fix SMB_READB, SMB_READW, SMB_PCALL to work as documented
      MFC r308887,309090: fix unsafe modification of zfs_vnodeops when DIAGNOSTIC is enabled
      MFC r308985: revert r304520, set canmount=on is not supposed to mount the filesystem
      MFC r306589: Implement iicbus_write_ivar and impelemnt the NOSTOP ivar in both read and write.
      MFC r308104: add iic interface to ig4 driver, move isl and cyapa to iicbus
      MFC r309092: fwohci: report whether PhysicalUpperBound register is implemented
      MFC r308529: intpm: clean up intsmb_bread and intsmb_pcall
      MFC r309093: firewire: initialize tag label to -1 in fw_xfer_alloc()
      MFC r309119: virtio_pci: fix announcement of MSI-X interrupts for queues
      MFC r309097: MFV r308987: 7180 potential race between zfs_suspend_fs+zfs_resume_fs and zfs_ioc_rename
      MFC r309098: MFV r308988: 7199, 7200 dsl_dataset_rollback_sync may try to free already free blocks
      MFC r309099: MFV r308990: 7181 race between zfs_mount and zfs_ioc_rollback
      MFC r309250: MFV r309249: 3821 Race in rollback, zil close, and zil flush
      MFC r308219: ichiic/ig4: completely disengage from smbus
      MFC r308220: smbus: remove the potentially very dangerous slave probing code
      MFC r308221: fix typo in a comment
      MFC r308242: smbus: remove smbus_trans / SMB_TRANS
      MFC r308530: iicsmb: SMB_MAXBLOCKSIZE can be used again
      MFC r308532: update SMB_BWRITE documentation, clarify SMB_BREAD
      MFC r308528: smbmsg: use a more convenient way of accessing data read from a slave

avos (4):
      MFC r309534: Do not try to recreate wlan(4) interface if it already exists.
      MFC r310089: ifconfig: do not truncate SSID in verbose mode.
      MFC r310961: sysctl(8): fix typename for uint32_t
      MFC r311105: rsu: restore 40Mhz channel support.

bapt (10):
      MFC r309544:
      MFC r309795:
      MFC r309796:
      MFC r309803:
      MFC r309797-r309802
      MFC r309805:
      Regen after r309954
      Bump copyright year.
      MFC r310872, r310874
      MFC r311706:

bdrewery (27):
      MFC r305095:
      MFC r305216:
      MFC r304647:
      MFC r305009:
      MFC r305145:
      MFC r305244:
      MFC r304826:
      MFC r305253:
      MFC r305255:
      MFC r305148:
      MFC r305303:
      MFC r305254:
      MFC r305256:
      MFC r305257:
      MFC r305258:
      MFC r306775:
      MFC r308597:
      MFC r308598:
      MFC r305147:
      MFC r308599:
      MFC r308600:
      MFC r308601:
      MFC r308603:
      Revert MFC of r308603.
      MFC r309477:
      MFC r309478:
      MFC r310025:

brooks (2):
      MFC r310092:
      MFC r310088, r310090, r310095

brueffer (1):
      MFC: r309060

cperciva (2):
      MFC r310179: Avoid division by zero in the rare case that portsnap needs to fetch zero patches.  (This avoids two "dc: divide by zero" warnings.)
      MFC r308708: Reduce verbosity of warnings about truncating NFS fileids to 32-bit inode numbers.

cy (2):
      MFC r308493, r308619: Update amd from am-utils 6.1.5 to 6.2.
      MFC r311005

delphij (13):
      MFC r309184:
      MFC r303285:
      MFC r308420: MFV r308392: file 5.29.
      MFC r304875:
      MFC r309232-309234:
      MFC r309238,309239:
      MFC r309241,309243:
      MFC r311392:
      MFC r310608: Avoid use after free.
      MFC r310609: Don't use high precision clock for expiration as only second portion is used.
      MFC r310611:
      MFC r310614: Don't assign rtjp twice.
      MFC r311914: MFV r311913:

des (4):
      MFH (r308297): use what(1) instead of strings(1).
      MFH (r308996, r309051, r309738): refactor, avoid repeating DNS requests
      MFH (r309269): use malloc()ed buffers instead of stack buffers
      MFH (r310823): fix multi-line CONNECT responses

dim (17):
      MFC r309722:
      MFC r310013 (by cperciva):
      MFC r304696:
      MFC r306266 (by emaste):
      Merge r304542 from projects/clang390-import (this fix was obsoleted in head by an update to jemalloc 4.3.1 in r308473):
      MFC r305078 (by emaste):
      MFC r305393:
      Similar to r310545, make some additional -Wconstant-conversion warnings from clang 3.9.0 in si(4) non-fatal for now.
      MFC r309124:
      MFC r309191 (by rakuco):
      MFC r311131:
      MFC r311459:
      MFC r311565:
      MFC r311530:
      MFC r311649:
      MFC r311570:
      MFC r311688:

dteske (13):
      MFC r307402: Guard against bad service name argument(s) to load_rc_config()
      MFC r302798 [cy]: Restore lost comment from r301295.
      MFC r303943: Allow enforce_statfs (see jail(8)) to be set per jail
      MFC r305968 [trasz]: Make autofs use the "async" flag for msdosfs and ufs filesystems mounted on /media.
      MFC r305969 [trasz]: Make autofs use the "noatime" flag for msdosfs, ntfs, and ufs filesystems mounted on /media.
      MFC r306009 [trasz]: Make autofs(5) -media map also use "async" and "noatime" for ext2fs(5).
      MFC r306011 [trasz]: Stop appending "noatime" in the autofs -media map, and instead add it to auto_master, since all filesystems seem to support it.  It's cleaner this way, and easier to customize.
      MFC r306012 [trasz]: Fix -media to not mount ufs with "async"; it doesn't make sense when there is softupdates.
      MFC r307159: Add jail_confwarn="NO" (default YES)
      MFC r309504: Fix bug preventing limits(1) from being applied
      MFC r308615 [brd]: Attempt to make the parts that people are supposed to change stand out more by capitalizing them.
      MFC r309716: Add support for "hidden" Wi-Fi networks
      MFC improvements to bsdinstall's wlanconfig module

ed (1):
      MFC r309650:

emaste (14):
      MFC r309298: libm: remove duplicate version script entries
      MFC r306825: portsnap: use lam on the known good hash list
      MFC r305951: elfdump: adjust stdout/stderr capabilities
      MFC r307521: libmd: introduce functions that operate on fd instead of filename
      MFC r310274: Add ld.debug to ObsoleteFiles.inc
      Fix EFI self relocation code for rela architectures
      MFC r305854: Use arch-specific .text padding fill value in EFI loaders
      MFC r305994: Catch up to sys/capability.h rename to sys/capsicum.h in r263232
      MFC r306264: Use 32-bit value for .text padding, for linker portability
      MFC r310634: elfcopy: fix PE object section name corruption and crash
      MFC r309411: Retire long-broken/unused static rtld support
      MFC r310661: loader: use strip -o instead of cp and strip in place
      MFC r306966: Correct sense of WITHOUT_MANDOCDB knob
      MFC r310702: btxldr: process all PT_LOAD segments, not just the first two

fabient (1):
      MFC r308216:

gjb (1):
      Document EN-16:19, EN-16:20, EN-16:21, SA-16:36, SA-16:37, SA-16:38.

glebius (1):
      Merge rr309688: address regressions in SA-16:37.libc.

gnn (3):
      MFC: 309069
      MFC: 309669
      MFC: 310175

gonzo (6):
      MFC r309823:
      MFC r309822, r310375
      MFC r310170, r310492
      MFC r309999, r310012
      MFC r310612:
      MFC r310621:

hiren (2):
      MFC r307745
      MFC r309858 We currently don't do TSO if ip options are present. In case of IPv6, we look at in6p_options to check that. That is incorrect as we carry ip options in in6p_outputopts. Also, just checking for in6p_outputopts being NULL won't suffice as we combine ip options and ip header fields both in that one field. The commit fixes this by using ip6_optlen() which correctly calculates length of only ip options for IPv6.

hselasky (17):
      MFC r309406: Remove useless NULL checks.
      MFC r309734: Avoid malloc() warnings when using the LinuxKPI by zero-checking the allocation flags.
      MFC r309733: MSIX can support more than 256 IRQs. Make sure the invalid IRQ number set in the LinuxKPI is big enough.
      MFC r309731: Prefix the Linux KPI's kmem_xxx() functions with linux_ to avoid conflict with the opensolaris kernel module.
      MFC r309404: Fix return value from ng_uncallout().
      MFC r309732: Prefix some _pci_xxx() functions in the Linux KPI with linux_ and make sure the IRQ number used by these functions is unsigned.
      MFC r309736: Prefer function macros over regular macros in the LinuxKPI.
      MFC r309737: Add more LinuxKPI PCI definitions.
      MFC r309400: Fix for endless recursion in the ACPI GPE handler during boot.
      MFC r310388: Make a read only pointer constant.
      MFC r310387: Add more comments regarding collection of statistics counters.
      MFC r310058: Fix initialisation of mlx4_pci_table's .driver_data fields.
      MFC r310242: Defer USB enumeration until the SI_SUB_KICK_SCHEDULER is executed to avoid boot panics in conjunction with the recently added EARLY_AP_STARTUP feature. The panics happen due to using kernel facilities like callouts too early.
      MFC r310557: Use correct integer type when computing the maximum physical address for kmem_alloc_contig().
      MFC r310553: Improve LinuxKPI device support. Only delete own BSD devices and not the ones obtained through devclass_get_device(). Some minor code cleanups while at it.
      MFC r310589: Implement more list header file functions. Add definition guard for the list_head structure.
      MFC r310559 and r310583: Implement register and unregister chrdev in the LinuxKPI.

jah (1):
      MFC r310481:

jhb (15):
      MFC 309613: cxgbe(4): Update firmwares from version 1.16.12.0 to 1.16.22.0.
      MFC 308565: Allow scheduling during early boot.
      MFC 308690: Sync instruction cache's after writing user breakpoints on MIPS.
      MFC 309274: Use the correct name for the GCC macro indicating max_align_t is defined.
      MFC 308948: Initialize 'ticks' earlier in boot after 'hz' is set.
      MFC 309148: Permit timed sleeps for threads other than thread0 before timers are working.
      MFC 308820,308821: Fixes for fatal page faults on x86.
      MFC 309588: Don't attach to Host-PCI bridges with a bad bus number.
      MFC 309581,309582,310424: Document T6 support.
      MFC 310336: Don't spin in pause() during early boot for kthreads other than thread0.
      MFC 306562: Handle 64-bit system call arguments (off_t, id_t).
      MFC 306563: Decode arguments to truncate and ftruncate.
      MFC 306564: Expose kernel-only errno values if _WANT_KERNEL_ERRNO is defined.
      MFC 306565,306566: Use timercmp() and timersub() in kdump.
      MFC 307060: Fix printf format warning.

jhibbits (11):
      MFC r309167:
      Partial MFC r303693:
      MFC r303796:
      MFC r304047,r304068:
      MFC r305320,r306702:
      MFC r304052:
      MFC r305040:
      MFC r305677:
      MFC r307598:
      MFC r308669:
      MFC r309309,r310150:

jilles (2):
      MFC r309836: Add some tests for reaper functionality (in procctl()).
      MFC r309957: Add tests for reaper receiving SIGCHLD (r309886).

julian (2):
      MFH: r309408
      MFH: r309407

ken (3):
      MFC r307684, r307747   ------------------------------------------------------------------------   r307684 | ken | 2016-10-20 13:42:26 -0600 (Thu, 20 Oct 2016) | 13 lines
      MFC r309374, r309513, r309839, r309840:
      MFC, r310338:   ------------------------------------------------------------------------   r310338 | ken | 2016-12-20 14:17:07 -0700 (Tue, 20 Dec 2016) | 37 lines

kib (33):
      MFC r309539: Restructure the code to handle reporting of non-exited processes from wait(2).
      MFC r309550: Rename fast taskqueues used by DMAR.
      MFC r309630: Do not leak curthread->inact_mtx when cancelling in pthread_cond_wait(3).
      MFC r309708: Style.
      MFC r309709: Move map_generation snapshot value into struct faultstate.
      MFC r309854: Prefix hex memory addresses with 0x in diagnostic messages from the SRAT parser.
      MFC r310155: Fix typo.
      MFC r310097: Remove locking around accounting initialization of the default object.
      MFC r310098: Provide introductory description of the default pager.
      MFC r310205: Fix typo.  Remove spurious blank line.
      MFC r310159: Switch from stdatomic.h to atomic.h for kernel.
      MFC r310182: In swp_pager_meta_free_all(), fix type of the index variable.  Style.
      MFC r310302: Do not clear KN_INFLUX when not owning influx state.
      MFC r309887: Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal.
      MFC r309886: When a zombie gets reparented due to the parent exit, send SIGCHLD to the reaper.
      MFC r304957, r304958,  r306310 (by bde): Fix vm86 initialization.
      MFC r310552: Some style.
      MFC r310554: Some optimizations for kqueue timers.
      MFC r310234: Improve vm_object_scan_all_shadowed() to also check swap backing objects.
      MFC r310613: Style.
      MFC r310616: Remove redundancy in vmtotal().
      MFC r310834: Assert that the pages found on the object queue by vm_page_next() and vm_page_prev() have correct ownership.
      MFC r310821: Style.
      MFC r310925: Remove unused declaration.
      MFC r310982: Ansify vm/vm_pager.c.  Style.
      MFC r310496: Fix argument type and microoptimize swp_pager_meta_free().
      MFC r311014: Style fixes for vm_map_insert().
      MFC r311055: Remove unneeded externs keywords.  Reindent long lines.
      MFC r310615: Change knlist_destroy() to assertion.
      MFC r311108: Move common code from kern_statfs() and kern_fstatfs() into a new helper.
      MFC r311111: Style.
      MFC r311113: There is no need to use temporary statfs buffer for fsid obliteration and prison enforcement.  Do it on the caller buffer directly.
      MFC r311287: __vdso_gettc(): be extra careful with /dev/hpet mappings, never unmap the mapping which might be accessed by other threads.

kp (1):
      MFC r309563: pflog: Correctly initialise subrulenr

lifanov (1):
      MFC r310160

loos (17):
      MFC r303227
      MFC of r303230, r303253 and r303420:
      MFC of r305112, r305113, r305119, r305141 and r305432:
      MFC of r305114, r305115 and r305149:
      MFC r306376:
      MFC of r306388, r306510, r306511 and r306513:
      MFC r306654:
      MFC r306717:
      MFC r308659:
      MFC r308692:
      MFC r309113:
      MFC r309345:
      MFC r309461:
      MFC r309717:
      MFC r310000:
      Fixes the sensor initialization, always reset the digital outputs on start.
      MFC of r310887:

manu (19):
      MFC r306479 (mmel):
      MFC r304793 (jmcneill):
      MFC r309029:
      MFC r308704-r308705 (jmcneill)
      MFC r305349 (jmcneill):
      MFC r308309:
      MFC r308235 (jmcneill):
      MFC r302585 (jmcneill):
      MFC r305058 (jmcneill):
      MFC r304795, r307366 (jmcneill):
      MFC r302586 (jmcneill):
      MFC r302584 (jmcneill):
      MFC r302587 (jmcneill):
      MFC r304796, r308233 (jmcneill)
      MFC r308298, r308440
      MFC r302785, r308300, r308441
      MFC r309912:
      MFC r309063:
      MFC r309935:

marcel (3):
      MFC r305855, r306297, r306300, r306312-r306313
      MFC r306299:
      MFC r309394, r309787

markj (4):
      MFC r310423, r310454: Revert part of r300109.
      MFC r309657: Require the STACK option for code that captures stacks of running threads.
      MFC r309657: Require the STACK option for code that captures stacks of running threads.
      MFC r310647: Remove an obsolete pragma from dtrace.h.

mav (28):
      MFC 309714: Fix spa_alloc_tree sorting by offset in r305331.
      MFC r309297: Make SES status updates more aggressive.
      MFC r310230: Don't treat informational exceptions (warnings and impending failures) a.k.a. SCSI SMART events as errors.  Log them to console and continue.
      MFC r310257: Improve support for informational exceptions.
      MFC r310259: Following SPC-5, make REQUEST SENSE report "Logical unit not supported" in returned parameter data for not accessible LUNs.
      MFC r310265: Add set of macros to simplify code access to mode pages fields.
      MFC r310266: Add support for NUAR bit in Control mode page.
      MFC r310272: Add new bits into Extended Inquiry VPD page.
      MFC r310275: Fix typo in function name.
      MFC r310284: When writing fixed format sense data, set VALID bit only if provided value for INFORMATION field fit into available 4 bytes (has no non-zero bytes except last 4), as explicitly required by SPC-5 specification.
      MFC r310285: When reporting "Logical block address out of range" error, report the LBA in sense data INFORMATION field.
      MFC r310298: Improve error handling when I/O split between several BIOs.
      MFC r310339: Bump specifications support to SAM-6/SPC-5.
      MFC r310356: Add support for locally assigned RFC 4122 UUID LUN identifiers.
      MFC r310360, r310361: Report UUID and MD5 LUN IDs.
      MFC r310366: Add support for SITUA bit in Logical Block Provisioning mode page.
      MFC r310373: Add support for REPORTING OPTIONS == 3 in REPORT SUPPORTED OPERATION CODES.
      r310389: Fix REPORT SUPPORTED OPERATION CODES for READ/WRITE BUFFER commands.
      MFC r310390: Add support for REPD bit in RSTMF command.
      MFC r310478: Add place-holders for TAPE STREAM MIRRORING subcommands of XCOPY.
      MFC r310489: Implement printing forwarded sense data.
      MFC r310524: Improve length handling when writing sense data.
      MFC r310534: Improve third-party copy error reporting.
      MFC r311446: Fix bootverbose affecting code logic in r294558.
      MFC r310633: Add MAX_LUNS overflow safety checks.
      MFC r309251: Process port interrupt even is PxIS register is zero.
      MFC r309252: Add more ASMedia PCI IDs from different sources.
      MFC r310703: Pass proper arguments (handles, not directly structure pointers) to scif_cb_domain_device_removed().

mjg (10):
      MFC r309893,r309929:
      MFC r305378,r305379,r305386,r305684,r306224,r306608,r306803,r307650,r307685, r308407,r308665,r308667,r309067:
      MFC r305482:
      MFC r303921:
      MFC r303921:
      MFC r304927:
      MFC r305856:
      MFC r307653:
      MFC r309111:
      MFC r309307,r309308:

mm (2):
      Partial MFC r309300:
      MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:

ngie (74):
      MFC r309602:
      MFC r309774,r309778,r309779,r309780:
      MFC r309521:
      MFC r310186,r310187:
      MFC r309837:
      MFC r310203:
      MFC r310196:
      MFC r310202:
      MFC r310457:
      MFC r309869:
      MFC r310459:
      MFC r310503:
      MFC r310499:
      MFC r310592:
      MFC r310574:
      MFC r310458,r310466:
      MFC r310455:
      MFC r310654:
      MFC r310728:
      MFC r310662:
      MFC r310666,r310675:
      MFC r310648:
      MFC r310669:
      MFC r310662,r310663:
      MFC r310667:
      MFC r310500,r310660:
      MFC r310668:
      MFC r310498,r310591:
      MFC r310763:
      MFC r310996:
      MFC r310865:
      MFC r310986:
      MFC r310099,r311000,r311002:
      MFC r310664:
      MFC r310665:
      MFC r311001:
      MFC r310711:
      MFC r311003:
      MFC r311175:
      MFC r310873:
      MFC r311136:
      Regenerate src.conf(5)
      MFC r311239:
      MFC r311242:
      MFC r310954,r310987,r311222:
      MFC r310931,r310942,r310988:
      MFC r310497:
      MFC r310957,r310958,r310960:
      MFC r310952:
      MFC r311291:
      MFC r310501:
      MFC r311270:
      MFC r311246:
      MFC r311272:
      MFC r311249:
      MFC r311269:
      MFC r311271:
      MFC r311229:
      MFC r311250:
      MFC r311228:
      MFC r311233,r311377:
      MFC r311273:
      MFC r311240:
      MFC r311235:
      MFC r311248:
      MFC r311247:
      MFC r311245:
      MFC r310984,r311102:
      MFC r311393:
      MFC r311382:
      MFC r311384:
      MFC r311505:
      MFC r311112,r311115:
      MFC r311114:

np (2):
      MFC r309666, r310033, r310049, r310100, r310152, and r310807.
      MFC r310151 and r311173.

oleg (1):
      MFC r309281:

pfg (7):
      MFC r310132: libbfd: make sure variables are initialized before using them.
      MFC r309873: ed(1): Prevent possible overflows during allocation.
      MFC r310367: pax(1):  Fix a bug with archives smaller than 512 bytes.
      MFC r310705, r310706: style(9) cleanups.
      MFC r311012 Remove some uses of the GCC __nonnull() attribute.
      MFC r310976: Move __hidden attribute towards the end of the declaration.
      MFC   r310977: Addition of clang nullability qualifiers.

rmacklem (5):
      MFC: r309171 Stop "nfsstat -z" from clearing counts of NFSv4 state structures.
      MFC: r309197 Add a -E flag to nfsstat.c so that it prints out the NFSv4.1 procedure/operation counts. It also avoids clipping the counts at 9 digits.
      MFC: r309198, r309199 Document the -E flag for nfsstat. This is a content change.
      MFC: r309566 Fix the NFSv4.1 server for Open reclaim after a reboot.
      MFC: r309723 Patch the nfsd so that it doesn't register with rpcbind for an NFSv4 only server.

rpokala (1):
      MFC r309491: Build smbios.ko as a module for amd64 and i386

sephe (30):
      r310348
      MFC 308664,308742,308743
      MFC 308905
      MFC 308906
      MFC 308907
      MFC 308908,308909
      MFC 309030,309039,309080,309081,309083
      MFC 309085
      MFC 309128,309129,309131-309136,309138-309140,309224,309225
      MFC 309226-309231,309235
      MFC 309236,309237
      MFC 309240,309242,309244,309245,309670
      MFC 309310,309311,309316,309318
      MFC 309319
      MFC 309320
      MFC 309346,309348,309353
      MFC 309704
      MFC 309705
      MFC 309726,309728
      MFC 309874,309875
      MFC 310048,310101,310239
      MFC 310312-310314
      MFC 310315
      MFC 310317
      MFC 310318
      MFC 310324
      MFC 310347
      MFC 310462,310465
      MFC 310651
      MFC 310652,310657,310658

trasz (6):
      MFC r308637:
      MFC r308611:
      MFC r308386:
      MFC r306095:
      MFC r307774:
      MFC r307902:

tuexen (22):
      MFC r305810:
      MFC r307726:
      MFC r307727, r307746:
      MFC r308616:
      MFC r308745:
      MFC r308832:
      MFC r309397:
      MFC r306082:
      MFC r307216:
      MFC r307217:
      MFC r307779:
      MFC r309607:
      MFC r309682:
      MFC r309683: Fix a bug in sctp_sendmsgx(), where the sid provided by the user was hot honored.
      MFC r309685:
      MFC r309743:
      MFC r309744:
      MFC r309851:
      MFC r310193:
      MFC r310547:
      MFC r310590:
      MFC r310642:

ume (1):
      MFC r311426:   When displaying netstat details with libxo in JSON   or XML modes, the value conversion for tcp6 and udp6   port numbers drops last digit.

vangyzen (4):
      MFC r309364 r309367 r309624
      MFC r309625
      MFC r309460
      MFC r309676

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v46.13/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.13-amd64-bootonly.iso) = 5ab50a1b2b6f5ababcc7ba31979b1054e867da4f171062630c2ddfac5e1886637a427fe4a00d2dafa3170864983f001aef6dc0296eee01fa348fef07034dae1f
SHA512 (HardenedBSD-11-STABLE-v46.13-amd64-disc1.iso) = 53e08090a71199d2328b080a79053554ac27855c38dbff9cc7b4428a652f7841909ace3f7be70753e998f4db679b166bd8f073e619ad55172db8fab5472f209b
SHA512 (HardenedBSD-11-STABLE-v46.13-amd64-memstick.img) = 33fe65a6b0bd537a5cf772448765b8fac148743008b8be478076a83783889c3beecb334075aad5bbba0ae8724df287f800c8fb5ce1cf6133010ad911a55d0743
SHA512 (HardenedBSD-11-STABLE-v46.13-amd64-mini-memstick.img) = 71b458cdd3913e3328791354e7ec6179a765d420b33cbaa5e34a06a112c82dc6741562f2d508c3f614ff0d1ba295546859eed72692acdcf460d4bd515356008c

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlh28NAACgkQgZsRom/9
GI188BAAnzE0yfMjnG/bpCfCCE9j4HeB7X5F8jnEDmRjiE3X1V+smau9+ILHaZgi
rCafXmM82gUkqTqmHitBVAJUJbNH0PhnmP0O0ohRf2/jbjAVGaly0R50Gj1LH89P
2fttYC97WifiJQffAKZBGnMYZw2zSUa8iio6IZHZh+v7QQwckjiSdhqvxu9tQnyu
W5E8H9hSZg1vwx4I0it41Kc2uxiUUwHvUadfW7gOBXQfSFwUcBn+AHlw62ifU0H1
v3GM10Ej8+4hIh9dkwO2QihjqKk36wd2LScrj6G1KcBVDf13l2+GxUnPrSZIKody
/rW7MHl4N++WFFIxqe2XusrP8I3P+sUoCnuwZNeILu4224UhqX0rR42MUs2ufo7Y
c/fCNdccLDMp4BblzF1/5AYTfUrX/FgmnH/n+44RiTT+IeA6QYGrjs+LEsrd1bvN
6RcERt4SiDOg923TolHO5dSuhQaNCMcWQhZB4B2Govc7QBLufEX9cjJVXV/RNVBP
24bqbTdXhCz6XSY0Fccb727ZcU8LeX0HN8iDc1qVjhCVmC28Tk1MRe+KDHyNAJrl
eqdeQNLV8NBy4yjtU9cMY2QrpTGxojBXpakQBtFK/sbyu5cde2hqP5A2uv9Yw+kX
soxImzgbLieOifOiA/uZfZASJNZb9K2qmigtRirrKiRK8wLOgbY=
=SZ2C
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v46.13.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

Downloads