It's that time of the month for the HardenedBSD status report! My own status is pretty darn simple: Little time, no hacks. I hope to be back in the swing of things by the beginning of November. Life is keeping me busy. So I'm ever more grateful for the continued contributions by the HardenedBSD community.
However, Loic and MrUnix fixed a number of issues in both the source and ports repos.
- Loic fixed an issue MrUnix reported about a missing PaX ASLR macro when building a kernel with COMPAT_FREEBSD32 enabled.
- Loic updated bsdinstall with a few changes, updating which sysctl nodes to set.
- I pulled in a change from OpenBSD that randomizes how often the chacha20-based arc4random(3) reseeds itself.
- HardenedBSD user "apache2" enabled multi-console booting by default, enabling use of the serial console by default.
- Loic disabled PIE for java/eclipse
- I disabled SafeStack for x11-servers/xorg-server
- Loic added a new port: hardenedbsd/kernel-nodebug
- Loic disabled PIE for sysutils/grub2-efi
- Loic disabled PIE for net-im/profanity
- Loic disabled PIE for astr/xephem
- Loic disabled PIE for lang/zig-devel
- Loic fixed sysutils/pefs-kmod
- Loic fixed textproc/sxml
- Loic disabled PIE for sysutils/fluent-bit
- Loic disabled PIE for mat/4ti2
- Loic disabled PIE for mat/mprime
- Loic disabled DTRACE for lang/erlang-runtime25
- Loic disabled the PDF option in comms/fl_moxgen
- Loic fixed mail/bogofilter
- Loic fixed lang/gcc13-devel
- Shawn disable variable auto-init for security/tor
- MrUNIX disabled the JIT for net-im/signal-desktop
- MrUNIX disabled MPROTECT and PAGEEXEC for games/veloren
- MrUNIX fixed the build of lang/mono5.10, lang/mono5.20, and lang/mono6.8
hbsdfw, aka the HardenedBSD Firewall, has a new build for this month. As usual, the process for updating is:
- Backup your config
- Reinstall with the new build
- Restore your config
The default username and password have been changed:
You can find the new build at .
SHA256 (hbsdfw_installer_vga_13.1-20220824-140520.iso.xz) = 0656808643dfaf2ba640c561686da5f861969dadd3ebb9185abfa7c640a6af44