Softpedia >Linux >System >Operating Systems >Other >HardenedBSD >  Changelog

HardenedBSD Changelog

What's new in HardenedBSD 1200058.2

Jan 21, 2019
  • MFC r343043: scp: disallow empty or current directory (40c2d4eb5cda74b65cc1d2d1187e11d87e3231d5) [CVE-2018-20685 FreeBSD-SA-candidate]
  • MFC r342887: Stop setting if_linkmib in vlan(4) ifnets. (9752824a67b8e026c748df9f55d7a4dc34cc3e5b) [FreeBSD-SA-candidate]
  • MFC r342849: libbe(3): Don't allow bootfs to be destroyed (43c025931749622500ddd40f733833a2326eb8c3)
  • MFC r342792, r342805: Provide rc_service variable for rc service scripts (43d929cc947061353022f4fd65f384bf5e5b623d)
  • MFC r342966: net80211: fix possible panic for some drivers after r342463 (afe64a5242c51756aa8e7278a93e78bef8ffbccf)
  • MFC r342883: net80211: fix panic when device is removed during initialization (86c848990612b065fd125e3d067494a9ca62d302)
  • MFC r342787: Add a bounds check to the tws(4) passthrough ioctl handler. (09c4a5a5c19860d0f062452a120bf3db56bec588) [FreeBSD-SA-candidate]
  • MFC r342575, r342580: ar: detect and error out on 32-bit symbol table overflow (932f2a3ad15b84e2f4584e8b4cc4930acaa94b36)
  • MFC r342686: Avoid setting PG_U unconditionally in pmap_enter_quick_locked(). (6a790261240984576e7ab3ae4982feda89938f4a)
  • MFC of 342135 and 342290 Properly respond to error from VFS_ROOT() during mount. (3d8c9836cc1b5b82f970b571dabd1cc4c524d6b2)
  • MFC r342362-r342363: config(8) duplicate option handling (b43601807a39b452a3a234d5a9ef33ba0bf6370c)
  • MFC r341101-r341103, r341148, r341391, r341422-r341423, r341454, r341780-r341781, r341805, r342026 Make powerpc booke kernels boot from ubldr. (5f1960a5ad7dcf7320f04827f86d2543a9cec92a)
  • MFC 339899: Make battery emptying rate available as sysctl variable. (fcad6d3887e9e0df176d8d9a4d01ce8e4dd1c780)
  • MFC 339620: Add a "live" mode to ktrdump. (9eec96ef7c166142d06d0bed137f98ee55c3b9e6)
  • MFC 340460: Convert the number of MSI IRQs on x86 from a constant to a tunable. (38147cee96c0cdfbd10ce81c8eb8d11ce87d0c93)
  • MFC: r342286 Fix the NFSv4 server to obey vfs.nfsd.nfs_privport. (9e714b03dcf913fc1daeaab8f970f37bd6a91367)
  • MFC r341998: pf: Fix endless loop on NAT exhaustion with sticky-address (8df6e4a6eaf85ac40c35fe353f2150a99f5685be) [FreeBSD-SA-candidate]
  • MFC r342211: net80211: fix out-of-bounds read in ieee80211_amrr(9) (d8b9265f4a6ad7c6a1e2446b98e7f6e9a7ccd4b8)
  • MFC r341833: pf: Prevent integer overflow in PF when calculating the adaptive timeout. (4e14cefd62c1612b7eba62cd71097429fd6d29fc)
  • MFC r339746,339751,339794,340866,340939,342042: Sync libarchive with vendor. (7e7a6e66b6497594e376667d1b0f653787927a6e)
  • MFC r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000) (5f41f06ad996ced8460e267ae51526eb89dc661d)
  • HBSD: log pkg changes to /var/log/pkg.log (9135625701b316445fd42809c2ccefada1b39c93)
  • MFC r342030: Plug memory leak for AES_*_NIST_GMAC algorithms. (1f3faa484174d1cb5e572cdd3b1910764cfd326c)
  • amd64 string primitive optimizations
  • asmc updates
  • cxgbe updates
  • ichwd updates
  • loader updates
  • mrsas updates
  • netmap updates
  • riscv updates
  • rtwn updates
  • sfxge updates
  • tzdata updates
  • zfs updates

New in HardenedBSD 1200058.1 (Jan 18, 2019)

  • MFC r342227: bootpd: validate hardware type (cc913fb4818ab0f1ffdb93ddc0145798964b98ba) [FreeBSD-SA-18:15.bootpd]
  • MFC r339909: Allow changing lagg(4) MTU. (8b8bd1f610ade0928bf728a849b344f74b33dcb3)
  • MFC: r340090, r342056 Merge ACPICA 20181031 and 20181213. (2f4ca9c8f0a8780b44ccba39043972baa0c01a92)
  • MFC r342125: Fix bugs in plugable CC algorithm and siftr sysctls. (92b6550b7f9b8b4b1bb75882de619dadd72851a7) [CVE-candidate]
  • MFC r342127 Revert r331567 CC Cubic: fix underflow for cubic_cwnd() (38ba9644182faa835efb437e0bec504161ba3c69)

New in HardenedBSD 1200058 (Dec 18, 2018)

  • Non-Cross-DSO Control-Flow Integrity (CFI) for applications on amd64 and arm64. At this time, CFI is not applied to the kernel. More info on CFI is below.
  • Jailed bhyve.
  • Per-jail toggles for unprivileged process debugging (the security.bsd.unprivileged_process_debug sysctl node).
  • Spectre v2 mitigation with retpoline applied to the entirety of base and ports.
  • Symmetric Multi-Threading (SMT) disabled by default (re-enable by setting machdep.hyperthreading_allowed to 1 in loader.conf(5)).
  • Migration of more compiler toolchain components to llvm's implementations (llvm-ar, llvm-nm, and llvm-objdump).
  • Compilation of applications with Link-Time Optimization (LTO).

New in HardenedBSD 1100056.9 (Dec 5, 2018)

  • MFC r340899: Plug some kernel memory disclosures via kevent(2). (57fd4999023fbedc45061430d5dbcdb98547b407) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r340856: Ensure that directory entry padding bytes are zeroed. (3dc6e9a2e5b3a446ecb0c2c198bca46619f8590d) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r339818: rcorder(8): Add support for /etc/rc.resume (9837413dd9835df60a41e4cf3e30338bee65f358)
  • MFC r339808: Prevent ip_input() from panicing due to unprotected access to INADDR_HASH. [CVE candidate]
  • MFC r340783: Plug some networking sysctl leaks. (e1128261727c1eedda33c25158753d4f09545d5b) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r340772: Clear unused bytes in ia32_osendsig(). (782079682d680e076598653d244323b8a5b90a8a) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r340771: proto: change device permissions to 0600 (91dc34763d7783d5cc2e3d268e4c8ed85ff3b166) [CVE candidate]
  • MFC r340663 (rmacklem): Improve sanity checking for the dircount hint argument to NFSv3's ReaddirPlus and NFSv4's Readdir operations. (3bb4648083f3148398021abd35df925aa5c003f2) [FreeBSD-SA-18:13.nfs CVE-2018-17157 CVE-2018-17158 CVE-2018-17159]
  • MFC r340699: Clear pad bytes in the struct exported by kern.ntp_pll.gettime. 6c88f7d90bde0d335bc0687a41bc141ffb55e2bf [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • MFC r340674: Fix another user address dereference in linux_sendmsg syscall (1162e5190b51c01b6386baec10dbcd0ddcaf4b38)
  • MFC r340631: Do proper copyin of control message data in the Linux sendmsg syscall. (a7710016b5015643786ff0ceb070cae982e80ddb)
  • Merge OpenSSL 1.0.2q (9424b8c43e2d3d7b45201e34799fd5c5193f7f68) [CVE-2018-5407 CVE-2018-0734]
  • MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map. (a1e236f6c4f29f04befe42250d20312424c12deb)
  • MFC r339465: rc.initdiskless: add support for auxiliary NVRAM. (889791af8eb9cb4b19cd96d2891836e4205473f0)
  • MFC 339312,339364: Restore more descriptors during VM exits. (5093c36b3316b62e306dc18ff9e2bf7eac33dbe1) [CVE candidate]
  • MFC 338511: bhyve: Use MAP_GUARD when mapping guest memory ranges. (6dc9464d89d89a37d4d114ba519d004ee25649b5)
  • MFC r340260 (emaste): Avoid buffer underwrite in icmp_error (6033b7ab1ac6064008c8d99b64d95ebb815e1e74) [CVE-2018-17156]
  • HBSD MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map. (a408354173f2c5724a9a603831936ab42c11fe82)