New Build

We've just published a new build, so head on over to the Latest Builds page to check it out. The new build contains a new HardenedBSD-only change (so a change we will not upstream) that adds a sysctl tunable to fully disable mmap(MAP_32BIT) support on amd64. Mappings that reside only in the 32bit address space don't have enough bits to randomize, so disabling this feature entirely removes one more attack vector. Now that pkg 1.3.7 is out, we're building our first pkg repo. Over time, we'll apply security-centric patches to the ports tree and this pkg repo will be a good developmental/test repo. My next goal is to automate the build process so we can have nightly builds of base and weekly (or semi-weekly) builds of ports.

Tags: