This month saw a few improvements in HardenedBSD's source tree.

We can now boot to multi-user on the StarFive VisionFive2 riscv64 SBC dev boards. They use a 39-bit address space, so we had to tune down our ASLR deltas for this board as if we were operating on a 32-bit architecture. This is obviously far from optimal, but it's what we have.

Changes to the src tree:

1. Ensure libhbsdcontrol operates only on regular files.
2. Ensure hbsdcontrol does not follow symlinks by default. Provide an option to override.
3. Allow the RTLD ASLR delta to be overridden in the kernel config file.
4. Lower ASLR deltas for StarFive VisionFive2 SBC boards.
5. Drop TCP SYN+FIN packets by default.

In ports:

1. Do not override the default LLVM version in devel/electron32
2. Bring in the -ftrivial-var-auto-init=zero patch from HardenedBSD src for:
   1. devel/llvm17
   2. devel/llvm18
   3. devel/llvm19
3. Bump net-p2p/heartwood-httpd to 0.17.1
4. Disable _FORTIFY_SOURCE for:
   1. x11/swaylock
   2. x11/swaybg
   3. x11-wm/sway
5. Bump hardenedbsd/hbsdmon to 1.0_13
6. Disable PaX PAGEEXEC for www/firefox
7. Set default LLVM version to 19 for 15-CURRENT systems

We performed emergency maintenance on the 14-STABLE build server. We replaced three sticks of RAM. As of this writing, it appears we have to replace more sticks. Once the package build that's running right now finishes, we will do that.

We received a large donation specifically for the purchase of a new Framework laptop. That purchase has been made and we are awaiting shipping. The timing of this couldn't be better as the laptop I used to use for when I'm bed-bound is now too old to run modern HardenedBSD. (The problem being the video card is ancient and there are no supporte drivers for it.) Many of you know I have various random health issues (migraines, back injury, chronic fatigue), so having a more mobile system will help me be active where ever I am.

We will soon be ordering some new hard drives for our NAS server. Once ordered and installed, we will reconfigure how we are storing build artifacts. Right now, each build server has enough storage to store its own build artifacts. However, this means that when we perform maintnance on the build server, the build artifacts are temporarily unavailable. Centralizing artifact storage onto a NAS will enable us to be more efficient when performing maintanance. We plan to make that purchase in January 2025.

I have started a discussion with the FreeBSD Foundation, the HardenedBSD Foundation, the Colorado BSD User's Group, and the Google Summer of Code student Aymeric Wibo, to organize a hackathon in January or February 2025. This hackathon will be geared towards getting the BATMAN-adv mesh networking GSoC work to a state where it can be reviewed for merging into FreeBSD. I'm excited to see where this goes and its human rights impact as we design, build, and deploy surveillance- and censorship-resistant mesh networks.