Highlights:

  • MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages. (0526a0c) [CVE-2019-5596 FreeBSD-SA-19:02.fd]
  • MFC r343780: amd64: clear callee-preserved registers on syscall exit. (bd0cbe8 CVE-2019-5595 FreeBSD-SA-19:01.syscall]
  • MFC r343587: Add a simple port filter to SIFTR. (ab2d372)
  • MFC r343060: [drm] Fix off-by-one error when accessing driver-specific ioctl handlers array (c53a074)
  • MFC r341472: Add ability to request listing and deleting only for dynamic states. (caad386)
  • MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used (0441c4f)
  • MFC r343418: pf: Fix use-after-free of counters (824b38d)
  • MFC r343395: Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6 connectivity. (69483a2)
  • HBSD: Add EFIRT to the HARDENEDBSD amd64 kernel (23220bd)
  • HBSD: Disable cfi-icall for mount_nfs and showmount (924afb0)
  • MFC of 343449 and 343483 Update tunefs to allow '_' in label names. (3df8523)
  • MFC r343363, r343364: Fix an LLE lookup race. (4b6ead6) [FreeBSD-EN-19:07.lle]
  • MFC r343089: Limit the user-controllable amount of memory the kernel allocates via IPPROTO_SCTP level socket options. (1d3e563)
  • MFC r342857: Avoid overfow in vtruncbuf() (5dafae6)
  • HBSD: Disable cfi-icall for NFS RPC utilities (d09bc59)
  • MFC r343082: Implement shmat(2) flag SHM_REMAP. (58501d9)
  • MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS. (0e46cd7)
  • MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}. (d5dd66e)
  • MFC linuxulator stack memory disclosure fixes (c69e471)
  • MFC r343017: Handle overflow in calculating max kmem size. (ef32d9a)
  • nvdimm updates
  • pf updates
  • ipfilter updates
  • ipfw updates
  • netmap updates
  • net80211 updates

Changelog

Oliver Pinter (1):
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

Oliver Pinter + (50):
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

Shawn Webb (3):
      HBSD: Disable cfi-icall for NFS RPC utilities
      HBSD: Disable cfi-icall for mount_nfs and showmount
      HBSD: Add EFIRT to the HARDENEDBSD amd64 kernel

ae (2):
      MFC r341471:   Reimplement how net.inet.ip.fw.dyn_keep_states works.
      MFC r341472:   Add ability to request listing and deleting only for dynamic states.

araujo (1):
      MFC r343077:

avg (1):
      MFC r342170: add support for marking interrupt handlers as suspended

avos (24):
      MFC r343088: rtwn_usb(4): add new USB id for RTL8821AU
      MFC r342991: net80211: provide rate validation for injected frames.
      MFC r343092: rtwn(4): clear 'basic' rate bit before calculating RTS/CTS rate.
      MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap.
      MFC r343244: devd.conf(5): add otus(4) into wifi-driver-regex
      MFC r343249: Fix duplicate wpa_supplicant(8) / hostapd(8) startup with devd(8)
      MFC r343213: net80211: resolve ioctl <-> detach race for ieee80211com structure
      MFC r343341: ifconfig: drop unused macros from ifieee80211.c
      MFC r343235: iwn(4): drop return code from iwn_*attach functions (they cannot fail)
      MFC r343340: net80211: fix channel list construction for non-auto operating mode.
      MFC r343342: net80211: turn channel mode check into assertion.
      MFC r343234: run(4): add more length checks in Rx path.
      MFC r343238: urtw(4): add length checks in Rx path.
      MFC r343472: otus(4): fix a typo in man page (802.11 -> 802.11n)
      MFC r343473: geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced
      MFC r343495: wlan.4: improve wording
      MFC r343497: Unbreak devd.conf(5) regex after r343249
      MFC r343496: pcf(4): fix parentheses in if condition
      MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used
      MFC r343518: rtwn_usb(4): add new USB id.
      MFC r343502: Remove RADIUS-related files when WITHOUT_RADIUS_SUPPORT=true is set in src.conf(5)
      MFC r343576: ndiscvt(8): abort if no IDs were found during conversion.
      MFC r343524: rsu(4): do not ignore mgmtrate / mcastrate / ucastrate.
      MFC r343541: Drop some unneeded includes from wireless USB drivers.

bapt (1):
      MFC: 343546

bcr (2):
      Add ZFS usage tips to freebsd-tips.
      MFC r343532: A few corrections and clarifications to r343406.

brooks (7):
      MFC r343162:
      MFC r343305:
      MFC r343366:
      MFC r340242:
      MFC r340129, r340195, r340198
      Regen after r343596: enable ppoll in capability mode.
      MFC r343587:

cy (5):
      MFC r343073:
      MFC r343103:
      MFC r343486:
      MFC r343600:
      MFC r342815:

delphij (4):
      MFC r342845,342846: Port NetBSD improvements:
      MFC r342856: Added support for the SIOCGI2C ioctl.
      MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version.
      MFC r342813: Remove unneeded headers.

emaste (3):
      MFC r343153: freebsd-update.8: mandoc -Tlint fixes
      MFC linuxulator stack memory disclosure fixes
      MFC r339960 (cem): freebsd-update: add a progress report

gallatin (2):
      MFC r341095:
      MFC r343430

gjb (1):
      MFC r343259:  Correct a typo: was -> way.

gonzo (18):
      MFC r343450:
      MFC r343443, r343446, r343448, r343452
      MFC r343028, r343104
      MFC r343009, r343109-r343110, r343128, r343232
      MFC r343222-r343223, r343338
      MFC r343008:
      MFC r343029:
      MFC r343060:
      MFC r343069:
      MFC r343106:
      MFC r343127:
      MFC r343129:
      MFC r343156:
      MFC r343224, r343533
      MFC r343170:
      MFC r343391:
      MFC r343458:
      MFC r343516:

hselasky (7):
      MFC r343392: Fix duplicate acquiring of refcount when joining IPv6 multicast groups. This was observed by starting and stopping rpcbind(8) multiple times.
      MFC r343393: Add debugging sysctl to disable incoming MLD v2 messages similar to the existing sysctl for MLD v1 messages.
      MFC r343394: When detaching a network interface drain the workqueue freeing the inm's because the destructor will access the if_ioctl() callback in the ifnet pointer which is about to be freed. This prevents use-after-free.
      MFC r343395: Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6 connectivity.
      Build fix for missing NET_EPOCH_XXX() dependencies after r343650. This patch is to be reverted when the relevant changes are MFC'ed. This is a direct commit.
      MFC r343451: Add full support for PCI_ANY_ID when matching PCI IDs in the LinuxKPI.
      MFC r343453: Add new USB quirk.

jah (1):
      MFC r343005: Handle SIGIO for listening sockets

jhibbits (3):
      MFC r342988:
      MFC r341387:
      MFC r342671:

jilles (1):
      MFC r343105: libedit: Avoid out of bounds read in 'bind' command

kevans (2):
      MFC r342903, r342911: libbe(3)/bectl(8) refactor and fix mount for deep BEs
      MFC r342757: getopt_long(3): fix case of malformed long opt

kib (17):
      MFC r343108: Trim whitespace at EoL, use tabs instead of spaces for indent.
      MFC r343017: Handle overflow in calculating max kmem size.
      MFC r343081: Trim spaces at the end of lines.
      MFC r343082: Implement shmat(2) flag SHM_REMAP.
      MFC r343085: Improve iflib busdma(9) KPI use.
      MFC r343086: Remove unused prototype.
      MFC r343087: Style(9) fixes for x86/busdma_bounce.c.
      MFC r343302: Remove unused *_sysinit_flags() declarations.
      MFC r339461: nvdimm(4): Fix GCC 6.4.0 build
      MFC r343143: nvdimm: add a driver for the NVDIMM root device
      MFC r343144: nvdimm: initialize SPA uuids statically.
      MFC r343145: MI VM: Make it possible to set size of superpage at boot instead of compile time.
      MFC r343146: x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.
      MFC r343147: i386/PAE busdma: allow more bounce pages.
      MFC r343484: Remove now redundand ifunc relocation code which should have been removed as part of r341441.
      MFC r343607: Reserve a bit in the FreeBSD feature control note for marking the image as not compatible with ASLR.
      MFC r343780: amd64: clear callee-preserved registers on syscall exit.

kp (7):
      MFC r342989
      MFC r342990
      MFC r343130
      MFC r343041
      MFC r343295:
      MFC r343297:
      MFC r343418:

marius (2):
      MFC: r342634
      MFC: r343481

markj (12):
      MFC r343117: Fix handling of rights on stdio streams.
      MFC r343245: Revert r343117.
      Properly commit the revert of r343205.
      MFC r342864: Specify the correct option level when emulating SO_PEERCRED.
      MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}.
      MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS.
      MFC r343348: ocs_fc: Ensure that we zero-initialize memory before copying it out.
      MFC r343363, r343364: Fix an LLE lookup race.
      MFC r343274, r343275: Optimize RISC-V copyin(9)/copyout(9) routines.
      MFC r343247: Fix cmp(1) tests for "special" mode.
      MFC r343353: Correct uma_prealloc()'s use of domainset iterators after r339925.
      MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages.

mav (6):
      MFC r342977 (by cem): amdtemp(4): Add support for Family 15h, Model >=60h
      MFC r342399: Remove CAM SIM lock from NVMe SIM.
      Increase MTX_POOL_SLEEP_SIZE from 128 to 1024.
      MFC r342546: Add descriptions to NVMe interrupts.
      MFC r342558: Switch from mutexes to atomics in GEOM_DEV I/O path.
      MFC r342557, r342559: Reimplement nvd(4) detach handling.

mckusick (1):
      MFC of 343449 and 343483

mw (1):
      MFC r343074: Suppress excessive error prints in ENA TX hotpath

np (1):
      MFC r342603: cxgbe(4): Attach to two T540 variants.

nyan (2):
      MFC: r342964
      MFC: r342965

pfg (3):
      MFC r343023: msun: reduce diff between src/e_j0.c and src/e_j0f.c
      MFC r343459: ext2fs: Add some extra consistency checks for the superblock.
      MFC r342379, r342383: gai_strerror() - Update string error messages according to RFC 3493.

sef (1):
      MFC r342928:    Change ZFS quotas to return EINVAL when not present (matches man page).

shurd (1):
      MFC r343047:

tsoome (3):
      MFC r343123: loader should ignore active multi_vdev_crash_dump feature on zpool
      MFC r343124:
      MFC r343225: Unbreak mip64 build after r328437

tuexen (3):
      MFC r342857:
      MFC r342879:
      MFC r343089:

vmaffione (2):
      MFC r343413
      MFC r343552

wulf (3):
      MFC r340338: wmt(4): Add PNP record so it could be picked by devd/devmatch. Fix uhid(4) conflict with blacklisting of multitouch HID-usages in uhid(4) probe handler.
      MFC r340912,r340913:
      MFC r340926:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-12-STABLE-v1200058.3/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-bootonly.iso) = 75661d8fc8c6508c6e27ad36c1bc18f5a6a43b95e71623d3b227b29e439b4cf835ab3525343e045e91d9db061b7926722b9342c27d6613534eff632f7b5c4567
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-disc1.iso) = 4d368903e3edbe6ca5290b3ad3a4bf2c85455731839a55b38113283ee7e2ffbdf020c983f6d24fed7141af754e55592f5d55b2d334b108b3f3e5b5a0423c1d32
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-memstick.img) = 8debd3c0702cb3733d6bafbff05c6d54838fa4c5be68fb0cda778cc38a2c5fcc8e85009de30d7e96fe7161c6dfb2edfbf430b76f9380829435423c7cf9e1dc69
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-mini-memstick.img) = 6325fa8feeea551c065e6b6009809c6048a1ed4d2ef6fe657ad1e2ed59345bb72f4fdae0950b69491725b0d46680da81b24cb539a439dc8765c9889a15977fde

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlxaN5gACgkQgZsRom/9
GI3aOhAAtAhGQ2nlQI+bll2DSBj2gV1Ph0z3M1zeL6Wyii1JtZLroLmUHoTnkN5P
smCLgPoNXDQlkRlBTjF/UtEuguxEQfa30U3q+lEs3SBprvCK214QXS7fTazs7Im6
vNdyoqGAgGmN6HViybRHL2ZilaxYoQBdl7zimFgphlQ/Qa8p8zkBMv+mZp7wwrDn
kK/1RYlioJsw2bNEYTVTRPy/pBTDolNlkc0z2NZ21V5QObJRxLphrqaY8Yl5B7zV
W+TRDWV+dFcCjiMUxHrzkTWNBcBAlsjZo9bWXPhgxvygqfHzD7J7wbliVkEKLz8N
8nYga5KtlMUBN5IRoRtwOpVLUerfKxmbDvqzyMYR1mLGD3giVXzvGQX5jdaHSkSs
+3lEBXghVrAj0nXHq3r0XZawLi6bOwe9XDfOcSue2CblGlhOpknIvh2bY6gCF1Pt
BcfduhG1QSmL3dcCgkQkmOnqVVVKkraBdUpAZET3OhAsnD+Q/u1aW00TygLlEUh7
Msj4AxCSCqgS0xE/zzLbXwXfGV9RPbJ2LFz4zNuz54mOnUmWD5qd9Yzl2ezyG5c0
w5FWdjlxWPJmJovQEfAOuUJ5UyhjPVMnaTd9W1occNWgHwFk931NRMG/HrG13yWj
oPj2e7HcDrS5guh+m56S6HuZG8lw3nGhT6KyhxfF+TByCYLNMkg=
=C22B
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-12-STABLE-v1200058.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

Assets 2