Skip to content

@opntr opntr released this Aug 13, 2019 · 225 commits to hardened/12-stable/master since this release

Highlights:

  • MFC r350645: Correct ICMPv6/MLDv2 out-of-bounds memory access (6d7f541) [CVE-2019-5608 FreeBSD-SA-19:19.mldv2]
  • MFC r350635: bsnmp: add asn1 message length validation (be804d75b90865776e2d1174d40b6286a0679b950 [CVE-2019-5610 FreeBSD-SA-19:20.bsnmp]
  • MFC 350618: Validate guest-supplied length of headers for TSO transmit requests. (34ae5e4) [CVE-2019-5609 FreeBSD-SA-19:21.bhyve]
  • MFC of 349589, 350070, 350071, 350096, and 350187: Make filesystem-full messages limited per filesystem rather than systemwide; Add "untrusted" option to mount command (7b0bf49)
  • MFC r350362 r367068: stack protector fixes for LLVM generated codes (ad1889b) [FreeBSD-SA-Candidate]
  • HBSD: set LC_COLLATE to C by default (1ec32fd)
  • MFC r350310: Fix the turnstile_lock() KPI. (5a909d9) [FreeBSD-EN-19:14.epoch FreeBSD-SA-Candidate]

Changelog

Oliver Pinter (2):
      HBSD: fix mismerge in src.conf.5 regarding the state of lld
      HBSD: set LC_COLLATE to C by default

Oliver Pinter + (20):
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
      Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

ae (1):
      MFC r350417:   Add ipfw_get_action() function to get the pointer to action opcode.

arybchik (3):
      MFC r350369
      MFC r350370
      MFC r350371

bapt (1):
      MFC r350358:

brooks (7):
      MFC r350143, r350148
      MFC r350157:
      MFC r350158:
      MFC r350159:
      MFC r350160:
      MFC r350218:
      MFC r350228:

cy (4):
      MFC r350064:
      MFC r350548:
      MFC r350567:
      MFC r350568:

dim (2):
      MFC r350360:
      MFC r350362:

dougm (1):
      MFC r350183, r350359

emaste (5):
      MFC r350215: mptutil: emit a warning on big-endian architectures
      objdump: update deprecation notice
      MFC r350518: as: add deprecation notice to the man page
      MFC r350635: bsnmp: add asn1 message length validation
      MFC r350645: Correct ICMPv6/MLDv2 out-of-bounds memory access

gallatin (1):
      MFC r350245

ganbold (1):
      MFC r346993 Add a hw.model sysctl oid for arm64 which reports the CPU model similar to armv6/7.

jhb (1):
      MFC 350618: Validate guest-supplied length of headers for TSO transmit requests.

jilles (1):
      MFC r350425: printf(1): Note that \c only works in %b strings

kevans (1):
      MFC r350336: if_tun(4): Add TUNGIFNAME

kp (1):
      MFC r350416:

manu (16):
      MFC r340845-r340848, r340971, r340981, r342076
      MFC r340987, r340989, r341254, r341269, r341333
      MFC r342936, r343873
      MFC r342924, r343749-r343750, r343874, r344893-r344895, r345711
      MFC r345948, r345951
      MFC r346092, r346271-r346272
      MFC r346293:
      MFC r342008, r342010-r342020
      MFC r344633-r344634, r344638
      MFC r346305, r346691-r346694, r346696-r346697
      MFC r346295, r346297
      MFC r346298:
      MFC r346334, r346787-r346789, r347017
      MFC r347362:
      MFC r347489-r347491, r347512
      MFC r348179-r348182

markj (4):
      MFC r350513: Fix formatting.
      MFC r350514: Add an MLINK for daemonfd(3).
      MFC r350432: Merge r3778 and r3779 from ELFToolchain.
      MFC r350544: Add bzip2recover.1.

mckusick (1):
      MFC of 349589, 350070, 350071, 350096, and 350187

rmacklem (1):
      MFC: r350367 Lock the vnode before calling ufs_bmap_seekdata().

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-12-STABLE-v1200059.3/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-bootonly.iso) = 5557676ae6108964f2da47d28803da1912fd70cfa0a9d388e066f78a0e9bad58f7c5a2abad247116f11c7f399f79de2f74bc60c89823c14d6a9ddc8a3597d338
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-disc1.iso) = d49899b7f8b9922da3212c937e1b9ddd29c127002b6c257209694d24b0bc58758c8c785b906bdfe45c3fb8071f3d3bd127ace6d06a4eed3ddc15e3796eb669af
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-memstick.img) = abb3d156c423a55c23070b01a64f705eed33dc833fe56090c00cb6de69d63be2d880f3a4350ae860eaeb5e0b25eb02cddadb154c6d3b31d489f4ab28e8322da0
SHA512 (HardenedBSD-12-STABLE-v1200059.3-amd64-mini-memstick.img) = 1d812808356714e0df7048740e7d7d1e7b6b62de0fb5e0551bbb8e950a40a8f9f241b3c14d26fc9269bb1d00febe027ad65b7f6e60cb3c171d616c965e27e2f7

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAl1Ln+8ACgkQgZsRom/9
GI3ETw/+KH7pzMhOV5/FB1WO5mG76QQQdCOZ6kyBKvq2unOHYl/iWz2vXD098v56
R5yVsofVNameLhSrJUt9ZdavWaXfsUoz+IqNX7oO8n8iwdRhQj2hhq1sKbImOSms
3dfRXxBkuL7uKkf6API7qXU8bkwYsEQ8sIIfD2/ZwU8DwTrILeJK0OHf++SPD2F9
/055Ed+5TEO1eHuKkntT3L1vm80WBHHtKP9U68t87U1FRdwiNmNt8cvgQULEBBri
ZthR5w+QXjOHO1Dp9WQniyelqU9I2AdDYWS01Cc7LC4hhZfMElUJHyv9XjVvpGuM
2saKT5c6siPNrcCzbrSuWzHLbCiMmav/S81eKFMG7DkCPx7KqfKkEC7xZYELM1LA
E3a+SSKz3VQ4tGsgaxKsI3PHDe6XtsqPY0gT13V6okKS8w4XSYq3I+O8MOeh9ruH
WsbfkaZfesLncHEtLomKS+d3W0pCI6I0tfVgOfyfQJIEPdXTYsQUlAoADZse7fOB
sjxPDJU9NInwjFCt+dgr/4P7unKDPPhBTOsm/ideIAXLMhjXG7cvk3FfbfeWx8Yc
9TJsBXzaWiHZdaVagL8dLaUYKPVxQvUrN4bmomqzosxrsbcIv4t7tHIr7MIRbJDM
h0Em3oDmYJmi9zS38nLbd2yMUwja/U6gyXv+Cs1VRL2eXJvVJu8=
=Lquj
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-12-STABLE-v1200059.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

Assets 2
You can’t perform that action at this time.