September was rather busy for me, so I didn't get the monthly status report out. So this status report covers both September and October 2024.
We received a donation of four devices from Protectli. These devices will help us research and develop a censorship- and surveillance-resistant mesh network. More information can be found here.
In the source tree:
- Specifying a NULL environment variable in execve is now prohibited. This helps address ROP payloads that simply pass NULL as the envp.
- The hardening.kmalloc_zero regression is fixed.
- Use clang's C++ hardening integration. For more information, watch this presentation.
In ports:
- FORTIFY_SOURCE has been disabled for the following ports:
- net/samba416
- devel/libgtop
- sysutils/grub2-bhyve
- devel/kronosnet
- PIE was disabled for editors/libreoffice
- devel/bsddialog build was fixed
- PaX MPROTECT was disabled for www/node22
- the devel/boost and related ports were fixed
- base ranlib version detection was fixed
- Default ports llvm version was bumped to 18
- hardenedbsd/sourcezap was bumped to 1.2.1
- hardenedbsd/portzap was bumped to 1.2.1
In other news, HardenedBSD 13-STABLE is in the process of being archived. Folks who want continued support for 13-STABLE are encouraged to create a free account on our self-hosted GitLab and submit patches. Otherwise, we encourage everyone to enjoy HardenedBSD 14-STABLE and 15-CURRENT.
We are grateful for those who contribute to the project--no matter the form in which the contribution comes. Continued advocacy, patch submissions, financial support, and other contributions are appreciated and needed.