HardenedBSD May 2024 Status Report
9 views
Skip to first unread message
Shawn Webb
May 27, 2024, 11:02:27 AMMay 27
to HardenedBSD Users
Hey all,
May 2024 was pretty quiet overall.
In FreeBSD land, The FreeBSD Foundation and Stormshield both sponsored a port of
NetBSD's _FORTIFY_SOURCE implementation. Within twenty-four hours, we set
_FORTIFY_SOURCE to 2 for the entirety of the base userland and the ports tree.
June will see the first 15-CURRENT/amd64 package build with _FORTIFY_SOURCE=2
set by default. I'm sure there will be a lot of fallout to address in ports.
I'm making final preparations to give the HardenedBSD talk at BSDCan[1]. That is
the reason I'm writing this status report early. I will post my slides after the
conclusion of my presentation.
In ports,
1. 0x1eef updated hardenedbsd/portzap to v0.12.0
2. Shawn disabled fortify source on a few select ports:
- lang/gcc10
- lang/gcc11
- lang/gcc12
- lang/gcc13
- multimedia/libv4l
- devel/libepoll-shim
3. ports-mgmt/poudriere-hbsd was updated to 3.4.1.
4. sysutils/cpu-microcode-intel build was fixed
5. ports-mgmt/pkg was updated to 1.21.3
[1]: https://indico.bsdcan.org/event/1/contributions/9/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
May 2024 was pretty quiet overall.
In FreeBSD land, The FreeBSD Foundation and Stormshield both sponsored a port of
NetBSD's _FORTIFY_SOURCE implementation. Within twenty-four hours, we set
_FORTIFY_SOURCE to 2 for the entirety of the base userland and the ports tree.
June will see the first 15-CURRENT/amd64 package build with _FORTIFY_SOURCE=2
set by default. I'm sure there will be a lot of fallout to address in ports.
I'm making final preparations to give the HardenedBSD talk at BSDCan[1]. That is
the reason I'm writing this status report early. I will post my slides after the
conclusion of my presentation.
In ports,
1. 0x1eef updated hardenedbsd/portzap to v0.12.0
2. Shawn disabled fortify source on a few select ports:
- lang/gcc10
- lang/gcc11
- lang/gcc12
- lang/gcc13
- multimedia/libv4l
- devel/libepoll-shim
3. ports-mgmt/poudriere-hbsd was updated to 3.4.1.
4. sysutils/cpu-microcode-intel build was fixed
5. ports-mgmt/pkg was updated to 1.21.3
[1]: https://indico.bsdcan.org/event/1/contributions/9/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages