HardenedBSD August 2022 Status Report

Submitted by Shawn Webb on

It's that time of the month for the HardenedBSD status report! My own status is pretty darn simple: Little time, no hacks. I hope to be back in the swing of things by the beginning of November. Life is keeping me busy. So I'm ever more grateful for the continued contributions by the HardenedBSD community.

However, Loic and MrUnix fixed a number of issues in both the source and ports repos.

In src:

  1. Loic fixed an issue MrUnix reported about a missing PaX ASLR macro when building a kernel with COMPAT_FREEBSD32 enabled.
  2. Loic updated bsdinstall with a few changes, updating which sysctl nodes to set.
  3. I pulled in a change from OpenBSD that randomizes how often the chacha20-based arc4random(3) reseeds itself.
  4. HardenedBSD user "apache2" enabled multi-console booting by default, enabling use of the serial console by default.

In ports:

  1. Loic disabled PIE for java/eclipse
  2. I disabled SafeStack for x11-servers/xorg-server
  3. Loic added a new port: hardenedbsd/kernel-nodebug
  4. Loic disabled PIE for sysutils/grub2-efi
  5. Loic disabled PIE for net-im/profanity
  6. Loic disabled PIE for astr/xephem
  7. Loic disabled PIE for lang/zig-devel
  8. Loic fixed sysutils/pefs-kmod
  9. Loic fixed textproc/sxml
  10. Loic disabled PIE for sysutils/fluent-bit
  11. Loic disabled PIE for mat/4ti2
  12. Loic disabled PIE for mat/mprime
  13. Loic disabled DTRACE for lang/erlang-runtime25
  14. Loic disabled the PDF option in comms/fl_moxgen
  15. Loic fixed mail/bogofilter
  16. Loic fixed lang/gcc13-devel
  17. Shawn disable variable auto-init for security/tor
  18. MrUNIX disabled the JIT for net-im/signal-desktop
  19. MrUNIX disabled MPROTECT and PAGEEXEC for games/veloren
  20. MrUNIX fixed the build of lang/mono5.10, lang/mono5.20, and lang/mono6.8

For hbsdfw:

hbsdfw, aka the HardenedBSD Firewall, has a new build for this month. As usual, the process for updating is:

  1. Backup your config
  2. Reinstall with the new build
  3. Restore your config

The default username and password have been changed:

Username: root
Password: hbsdfw

You can find the new build at [0].

[0]: https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_13.1-20220824...

SHA256 (hbsdfw_installer_vga_13.1-20220824-140520.iso.xz) = 0656808643dfaf2ba640c561686da5f861969dadd3ebb9185abfa7c640a6af44