HardenedBSD August 2022 Status Report
8 prikaza
Preskoči na prvu nepročitanu poruku
Shawn Webb
31. kol 2022. 19:13:1131. 08. 2022.
u HardenedBSD Users
Hey all,
It's that time of the month for the HardenedBSD status report! My own status is
pretty darn simple: Little time, no hacks. I hope to be back in the
swing of things by the beginning of November. Life is keeping me busy.
So I'm ever more grateful for the continued contributions by the
HardenedBSD community.
However, Loic and MrUnix fixed a number of issues in both the source and ports
repos.
In src:
1. Loic fixed an issue MrUnix reported about a missing PaX ASLR macro when
building a kernel with COMPAT_FREEBSD32 enabled.
2. Loic updated bsdinstall with a few changes, updating which sysctl nodes to
set.
3. I pulled in a change from OpenBSD that randomizes how often the
chacha20-based arc4random(3) reseeds itself.
4. HardenedBSD user "apache2" enabled multi-console booting by default, enabling
use of the serial console by default.
In ports:
1. Loic disabled PIE for java/eclipse
2. I disabled SafeStack for x11-servers/xorg-server
3. Loic added a new port: hardenedbsd/kernel-nodebug
4. Loic disabled PIE for sysutils/grub2-efi
5. Loic disabled PIE for net-im/profanity
6. Loic disabled PIE for astr/xephem
7. Loic disabled PIE for lang/zig-devel
8. Loic fixed sysutils/pefs-kmod
9. Loic fixed textproc/sxml
10. Loic disabled PIE for sysutils/fluent-bit
11. Loic disabled PIE for mat/4ti2
12. Loic disabled PIE for mat/mprime
13. Loic disabled DTRACE for lang/erlang-runtime25
14. Loic disabled the PDF option in comms/fl_moxgen
15. Loic fixed mail/bogofilter
16. Loic fixed lang/gcc13-devel
17. Shawn disable variable auto-init for security/tor
For hbsdfw:
hbsdfw, aka the HardenedBSD Firewall, has a new build for this month. As usual,
the process for updating is:
1. Backup your config
2. Reinstall with the new build
3. Restore your config
The default username and password have been changed:
Username: root
Password: hbsdfw
You can find the new build at [0].
[0]: https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_13.1-20220824-140520.iso.xz
SHA256 (hbsdfw_installer_vga_13.1-20220824-140520.iso.xz) =
0656808643dfaf2ba640c561686da5f861969dadd3ebb9185abfa7c640a6af44
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
It's that time of the month for the HardenedBSD status report! My own status is
pretty darn simple: Little time, no hacks. I hope to be back in the
swing of things by the beginning of November. Life is keeping me busy.
So I'm ever more grateful for the continued contributions by the
HardenedBSD community.
However, Loic and MrUnix fixed a number of issues in both the source and ports
repos.
In src:
1. Loic fixed an issue MrUnix reported about a missing PaX ASLR macro when
building a kernel with COMPAT_FREEBSD32 enabled.
2. Loic updated bsdinstall with a few changes, updating which sysctl nodes to
set.
3. I pulled in a change from OpenBSD that randomizes how often the
chacha20-based arc4random(3) reseeds itself.
4. HardenedBSD user "apache2" enabled multi-console booting by default, enabling
use of the serial console by default.
In ports:
1. Loic disabled PIE for java/eclipse
2. I disabled SafeStack for x11-servers/xorg-server
3. Loic added a new port: hardenedbsd/kernel-nodebug
4. Loic disabled PIE for sysutils/grub2-efi
5. Loic disabled PIE for net-im/profanity
6. Loic disabled PIE for astr/xephem
7. Loic disabled PIE for lang/zig-devel
8. Loic fixed sysutils/pefs-kmod
9. Loic fixed textproc/sxml
10. Loic disabled PIE for sysutils/fluent-bit
11. Loic disabled PIE for mat/4ti2
12. Loic disabled PIE for mat/mprime
13. Loic disabled DTRACE for lang/erlang-runtime25
14. Loic disabled the PDF option in comms/fl_moxgen
15. Loic fixed mail/bogofilter
16. Loic fixed lang/gcc13-devel
17. Shawn disable variable auto-init for security/tor
For hbsdfw:
hbsdfw, aka the HardenedBSD Firewall, has a new build for this month. As usual,
the process for updating is:
1. Backup your config
2. Reinstall with the new build
3. Restore your config
The default username and password have been changed:
Username: root
Password: hbsdfw
You can find the new build at [0].
[0]: https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_13.1-20220824-140520.iso.xz
SHA256 (hbsdfw_installer_vga_13.1-20220824-140520.iso.xz) =
0656808643dfaf2ba640c561686da5f861969dadd3ebb9185abfa7c640a6af44
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Shawn Webb
31. kol 2022. 19:38:2231. 08. 2022.
u HardenedBSD Users
Sorry for that!
1. MrUnix disabled the JIT for net-im/signal-desktop
2. MrUnix disabled MPROTECT and PAGEEXEC for games/veloren
3. MrUnix fixed the build of lang/mono5.10, lang/mono5.20, and
lang/mono6.8
Odgovori svima
Odgovori autoru
Proslijedi
0 novih poruka