HardenedBSD April 2024 Status Report
7 views
Skip to first unread message
Shawn Webb
May 5, 2024, 3:08:45 PMMay 5
to HardenedBSD Users
Hey all,
April was relatively quiet. In src, the only change was to mitigate the LESSOPEN
vulnerability (CVE-2024-32487). I spent a little bit of time studying the dance
between the CSU, libc, the RTLD, and libthr.
In ports:
1. ports-mgmt/poudriere-hbsd build is fixed
2. 0x1eef contributed a new port: hardenedbsd/portzap
3. ports-mgmt/pkg was updated to 1.21.2
4. graphics/waffle is now built as a PIE
5. net/td-system-tools build is fixed
We collaborated[1] with the Radicle[2] project. I have some local patches that
allow Radicle to compile on FreeBSD/HardenedBSD. I need to clean up those
patches so they're upstream-worthy. We helped deploy a test seed node in my
fully Tor-ified home network, exposing the node as a Tor Onion Service endpoint.
I'm hoping that in the long term, we will be able to switch from GitLab to
Radicle for hosting our repositories. We made an attempt to provide src and
ports over Radicle, but the repos are a little bit too large for Radicle to
handle at the moment. We will continue working with the Radicle team to help
support larger repositories.
[1]: https://bsd.network/@lattera/112327645276464251
[2]: https://radicle.xyz/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
April was relatively quiet. In src, the only change was to mitigate the LESSOPEN
vulnerability (CVE-2024-32487). I spent a little bit of time studying the dance
between the CSU, libc, the RTLD, and libthr.
In ports:
1. ports-mgmt/poudriere-hbsd build is fixed
2. 0x1eef contributed a new port: hardenedbsd/portzap
3. ports-mgmt/pkg was updated to 1.21.2
4. graphics/waffle is now built as a PIE
5. net/td-system-tools build is fixed
We collaborated[1] with the Radicle[2] project. I have some local patches that
allow Radicle to compile on FreeBSD/HardenedBSD. I need to clean up those
patches so they're upstream-worthy. We helped deploy a test seed node in my
fully Tor-ified home network, exposing the node as a Tor Onion Service endpoint.
I'm hoping that in the long term, we will be able to switch from GitLab to
Radicle for hosting our repositories. We made an attempt to provide src and
ports over Radicle, but the repos are a little bit too large for Radicle to
handle at the moment. We will continue working with the Radicle team to help
support larger repositories.
[1]: https://bsd.network/@lattera/112327645276464251
[2]: https://radicle.xyz/
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages