Skip to content

@opntr opntr released this Jul 29, 2019 · 299 commits to hardened/12-stable/master since this release

Highlights:

  • MFC r349800,r349801: Fix misc fs fuzzing issues. (abeb80b) [FreeBSD-SA-Candidate]
  • MFC r349802 (from fsu@): Add additional check for 'blocks per group' and 'fragments per group' superblock fields. (fcbcaeb) [FreeBSD-SA-Candidate]
  • MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap. (388f0c1)
  • MFC r349880: Let linuxulator mprotect mask unsupported bits before calling kern_mprotect. (bc326df)
  • MFC r350260: mqueuefs: fix struct file leak (bcc8624) [FreeBSD-SA-19:15.mqueuefs CVE-2019-5603]
  • MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation (04ce7e7) [FreeBSD-SA-19:16.bhyve CVE-2019-5604]
  • MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets. (19e53c5) [FreeBSD-SA-19:17.fd CVE-2019-5607]
  • nand: create device with 0640 permission (88f580f)
  • MFC r349890: telnet: fix a couple of snprintf() buffer overflows (7e735c9) [FreeBSD-SA-19:12.telnet CVE-2019-0053]
  • MFC r349733: Defer funsetown() calls for a TTY to tty_rel_free(). (4c06d4c) [FreeBSD-SA-19:13.pts CVE-2019-5606]
  • MFC r349834 Ignore kern.vt.splash_cpu without graphics (b9fd720)
  • MFC r349581 netmap: fix two panics with emulated adapter (2672ab3)
  • MFC r349913: Ensure that mds_handler always points to a valid method. (c411b32) [FreeBSD-EN-19:13.mds]
  • MFC r349876: Apply a workaround to be able to build clang 8.0.0 headers with clang 3.4.1, which is still in the stable/10 branch. (4453d14)
  • MFC 347238: vmm(4): Pass through RDSEED feature bit to guests (e64222c)
  • MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes. (2c0a81a)
  • MFC r349753 netmap: Remove pointer leakage in netmap_mem2.c (b158d71)
  • MFC r349527,349538: Sync libarchive with vendor. (2767b0a) [FreeBSD-SA-Candidate]
  • cxgbe updates
  • libbe updates
  • bhyve updates
  • LLVM and Clang updates

Changelog

Oliver Pinter (5):
      HBSD: add libclang_rt.cfi-x86_64.a to ObsoleteFiles.inc
      Merge remote-tracking branch 'origin/freebsd/12-stable/master' into hardened/12-stable/master
      HBSD: fix merge conflict in src.conf.5 man page
      HBSD: fix merge conflict in amd64's pmap.c, it conflicted on opt_pax.h
      HBSD: fix clang related merge conflict and add missing cfi entry to ObsoleteFiles.inc

Oliver Pinter + (14):
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

ae (1):
      MFC r349940:   Correctly truncate the rule in case when it has several action opcodes.

asomers (4):
      MFC r349009:
      MFC r349041:
      MFC r349230, r349234, r349477
      MFC r349237:

avg (7):
      MFC r348355: revert r273728 and parts of r306589, iicbus no-stop by default feature
      MFC r348688: first step towards enforcing must-succeed semantics for bus accessors
      MFC r349406: owc.4: document how to set up the 1-wire bus on a device.hints system
      MFC r349408: gpio.4: document device hints common to all devices on gpiobus
      MFC r349428,r349433: owc_gpiobus: clean / fix up the driver module things
      MFC r349460: gpiobus: provide a new hint, pin_list
      MFC r349579: nctgpio: change default pin names to those used by the datasheet(s)

brooks (6):
      MFC r350098, r350100-r350101
      MFC r350102:
      MFC r350049:
      MFC r350067:
      MFC r350116:
      MFC r350117:

chuck (4):
      MFC r345957
      MFC r345956
      MFC r348781
      MFC r349969

cy (11):
      MFC r349842:
      MFC 349843:
      MFC r348986:
      MFC r348987, r348989:
      MFC r349929:
      MFC r349978:
      MFC r349898, r349916:
      MFC r349917:
      MFC r349979:
      MFC r349980:
      MFC r350063:

dim (5):
      MFC r349583:
      MFC r349876:
      MFC r349971:
      MFC r348504 (by kevans):
      MFC r348689 (by emaste):

dougm (1):
      MFC r349286, r349293

emaste (7):
      nand: create device with 0640 permission
      MFC r350244: bhyve: correct out-of-bounds read in XHCI device emulation
      MFC r349915 (seanc): usr.sbin/bhyve: initialize return value ...
      bhyve: Fix resource leak when using strdup
      MFC r350260: mqueuefs: fix struct file leak
      MFC r343606: Enable lld as the system linker on i386
      src.conf.5: regenerate after r350297 (lld for i386 MFC)

eugen (1):
      MFC r345632 by lwhsu: Fix `make` in sys/modules

fsu (1):
      MFC r349800,r349801:

hselasky (1):
      MFC r349645: Remove dead code added after r348743 in the LinuxKPI. The LINUXKPI_VERSION macro is not defined for any compiled LinuxKPI code which basically means __GFP_NOTWIRED is never checked when allocating pages. This should work fine with the existing external DRM code as long as the page wiring and unwiring is balanced.

jhb (4):
      MFC 348210: Add a constant for the LS config MSR on AMD CPUs.
      MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes.
      MFC 343068: Use capsicum_helpers(3) that allow us to simplify the code and its functions will return success when the kernel is built without support of the capability mode.
      MFC 347238: vmm(4): Pass through RDSEED feature bit to guests

jhibbits (2):
      MFC r346771
      MFC r349874

johalun (2):
      MFC r349277: LinuxKPI: Additions to rcu list.
      MFC r349276: LinuxKPI: Add atomic_long_sub macro.

kevans (4):
      MFC r348328: bectl(8): Address Coverity complaints
      MFC r344226, r344234: stand: zfs memory corruption bug
      MFC r348471: stand: zfs: Free bouncebuf on error path in vdev_read
      MFC r349380, r349383, r349455: bectl(8)/libbe(3) fixes

kib (9):
      MFC r349794: Document atomicity for read(2) and write(2).
      MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to clear the thread name.
      MFC r349913: Ensure that mds_handler always points to a valid method.
      MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.
      MFC r349988: In dmar_find(), refuse to search for DMAR unit for non-PCI device.
      MFC r350156: Fix leak of memory and file refs with sendmsg(2) over unix domain sockets.
      MFC r350091: bsearch.3: Improve the example
      MFC r344120: Unify i386 and amd64 getcontextx.c, and use ifuncs while there.
      MFC r347695, r347696, r347697, r347957, r349326: Lockless delayed invalidation for amd64 pmap.

kp (1):
      MFC r350095:

lwhsu (6):
      MFC r349539
      MFC r349472:
      MFC r349872:
      MFC r349543
      MFC r350219
      MFC r350221

markj (13):
      MFC r349612: Mark pages allocated from the per-CPU cache.
      MFC r349711: iwm: Drain callouts after stopping the device during detach.
      MFC r344629: rtsol: Use vwarnx(3) to log messages to standard error.
      MFC r349910: Fix some ISS bit definitions for data aborts.
      MFC r350054: Use a platform-independent constant for PKG_MAX_SIZE.
      MFC r350037: Fix the arm64 page table entry attribute mask.
      MFC r350048: Chase r350037.
      MFC r350086: Remove obsolete compatibility code from rtadvd.
      MFC r350082: Reference stdint.h types in ctf.5.
      MFC r350310: Fix the turnstile_lock() KPI.
      MFC r349840: Add a per-CPU page cache per VM free pool.
      MFC r349841: Elide the vm_reserv_free_page() call when PG_PCPU_CACHE is set.
      MFC r350182: Rename vm_page_{import,release}() to vm_page_zone_{import,release}().

mav (2):
      MFC r349418: Fix qlxgbe(4) static build.
      MFC r340093 (by imp): Document disbale_phy in ahcich sysctls.

mm (1):
      MFC r349527,349538: Sync libarchive with vendor.

np (4):
      MFC r349865:
      MFC r349956:
      MFC r349870:
      MFC r340173 (by jhb@):

pfg (1):
      MFC r349802 (from fsu@):

philip (1):
      MFC r349890:   telnet: fix a couple of snprintf() buffer overflows

sjg (2):
      libsecureboot: allow OpenPGP support to be dormant
      loader: ignore some variable settings if input unverified

tijl (3):
      MFC r349640, r349706:
      MFC r349641:
      MFC r349880:

vangyzen (1):
      MFC r349834

vmaffione (10):
      MFC r349752
      MFC r349753
      MFC r349966
      MFC r349581
      MFC r349869
      MFC r349803
      MFC r349867
      MFC r349868
      MFC r349935
      MFC r349952

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-12-STABLE-v1200059.2/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-bootonly.iso) = 825d5f5ac4aae2e7146984d4f267dbb235b72ec4d87037227a44474172d1665976c8cd21a58c2fd5b661a799aee861f3c7e99e25c5a13851fbff76ff9925e1ec
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-disc1.iso) = 517554a50ae942a5689b063188fd2b15fcadd3cf6cd890953072d1e949936a5134fcaee57fbcdac3a2b7f095f90957e9bc62e6962f1e5087218231758c54000f
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-memstick.img) = 6dc3d2b2ffb7d74798b24c5d56cdeea0bad48630a26c5c69ed94f95d9a0e622486d81a44d6fd6823e4944c9b957da2c122f4c741229ded2120200e765213adf9
SHA512 (HardenedBSD-12-STABLE-v1200059.2-amd64-mini-memstick.img) = 1e7c2e6c64d0fcb6687e15fb8f6efe313891a69532f806f8bb1dee333a1b07b8de0d217532c2be41d9459c7b7148efaec469ccf3993385396721c7b4756ee947

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAl0+XtoACgkQgZsRom/9
GI1fSg//eyKb4hpWHplMFgge6EsKzbpnwDUSmTTQ8jnT2oShRoOPJsveRsG3rmln
XUb2mOYm+xDptKzk+EounQbbz99i/BsPJ6TgPoWImhVfGKgFvzfb39BCLyzIaYC2
EiunpoyqpjVnfAYlE9lxea4gPaCZDQTk66uDQHpw0ccXZBV7rh3iM9AWxoftNGke
t3+KOjtLcuDIBtJY7PrE1LCvaQQF6WHmA9s723fjonzVslKZybJckfa3+ABFBDpk
YNZcpK8dUfM0+GniyjHuXppFzHu11I5hoxEapMsgysg4sqUOyzc11N42L5eN86SO
STqAuwJWJm7SYKI5kJPRKYLQNO0b1xKpv4VuJ1NvjRd936HrCETCRZ82WJIgCx6E
lZPasAdNZjqWBxm6LpJFmujqeVjFfdIqTxg1tlYPWXyqNJFJIlgJMHLj3shfnqbq
d2oodVCwJ4cj++V5Vi9erTWJMI7Q2jXqBIYW0lyTRyXatbs1as9XoXLxC1nI3WML
YB3kxbOIyJUAm67wtp4yrS8dkGRIWbNKitWE0mjl3zrmb7oPM0o3MY6Ej1yvk+bV
XHAafX/QW2xv+HNTrcSnkWZdbqVXFdZ9SqXeo0p6piTtpWyInDuQosj0RZgSxTYZ
YCzQNykEC7adikHafAJc6YfQXfM4Pyv617tS9dpVvR8mxRGgHig=
=Yfhd
-----END PGP SIGNATURE-----

CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
shortlog-HardenedBSD-12-STABLE-v1200059.2.txt

Assets 2
You can’t perform that action at this time.