September was rather busy for me, so I didn't get the monthly status report out. So this status report covers both September and October 2024.

We received a donation of four devices from Protectli. These devices will help us research and develop a censorship- and surveillance-resistant mesh network. More information can be found here.

In the source tree:

1. Specifying a NULL environment variable in execve is now prohibited. This helps address ROP payloads that simply pass NULL as the envp.
2. The hardening.kmalloc_zero regression is fixed.
3. Use clang's C++ hardening integration. For more information, watch this presentation.

In ports:

1. FORTIFY_SOURCE has been disabled for the following ports:
   • net/samba416
   • devel/libgtop
   • sysutils/grub2-bhyve
   • devel/kronosnet
2. PIE was disabled for editors/libreoffice
3. devel/bsddialog build was fixed
4. PaX MPROTECT was disabled for www/node22
5. the devel/boost and related ports were fixed
6. base ranlib version detection was fixed
7. Default ports llvm version was bumped to 18
8. hardenedbsd/sourcezap was bumped to 1.2.1
9. hardenedbsd/portzap was bumped to 1.2.1

In other news, HardenedBSD 13-STABLE is in the process of being archived. Folks who want continued support for 13-STABLE are encouraged to create a free account on our self-hosted GitLab and submit patches. Otherwise, we encourage everyone to enjoy HardenedBSD 14-STABLE and 15-CURRENT.

We are grateful for those who contribute to the project--no matter the form in which the contribution comes. Continued advocacy, patch submissions, financial support, and other contributions are appreciated and needed.