Tweet
This month was a crazy month for me (Shawn Webb). My wife and I adopted a new puppy, so life has been a bit on the exciting side. I'm hoping to get back into the swing of things in the next month or two.
With that said, let's get right into it.
In src:
In ports:
For hbsdfw (the HardenedBSD 13-STABLE fork of OPNsense):
Today (30 Jul 2022), I published a new build[1]. It migrates us to PHP 8.0 and Python 3.9. It appears that the PHP 8.0 Radius extension (php80-pecl-radius) has issues, so I removed the package from the build. So if you're testing hbsdfw out and rely on Radius authentication, you'll want to skip this build.
I haven't had the time to fully bring up the infrastructure needed for in-place updates for hbsdfw, so the normal process of backing up the running config, reinstalling with the new build, and restoring the config is needed for this build and at least the following next few builds.
Please test the build out and let me know how it goes for you. Any message, whether it's "works fine for me" or "hey, we got a problem" helps me determine follow-up tasks for this fork.
The default username is "root" and the password is "dynfi". (The reason for the password being "dynfi" is because we use a forked version of the dynfi build scripts, which pull in the default dynfi opnsense config.)
SHA256 (hbsdfw_installer_vga_13.1-20220729-224841.iso.xz) =
99876a3ba436a274564f4ce51f83b71f901559d8e49926a18c 438b483e3d288c
[0]: https://groups.google.com/a/hardened...m/8g2NPClyAwAJ
[1]: https://hardenedbsd.org/~shawn/hbsdf...-224841.iso.xz
With that said, let's get right into it.
In src:
- TPE and RTLD hardening were merged into 13-STABLE. I had posted a HEADS UP email on the users@ mailing list[0]. If you build your own ports/packages, please take note. RTLD hardening can cause issues when building ports/packages.
In ports:
- Loic fixed misc/rump
- Loic fixed sysutils/bareos18-server
- Loic disabled PaX MPROTECT and PAGEEXEC for lang/python39
- Loic fixed math/libpgmath
- Loic fixed building openjdk8 and openjdk11 for 14-CURRENT
- Loic fixed graphics/scrot
- Loic fixed devel/objecthash
- Loic fixed lang/perl5.36
- Loic fixed GCC 12 and 13-devel
- Loic fixed net/waypipe
- Loic fixed devel/vxlog
- Loic fixed www/vdr-plugin-live
- Loic fixed comms/telldus-core
- Loic fixed graphics/enblend
- Shawn enabled MTP support by default for multimedia/vlc
- Loic disabled PIE for net/ndpi
- Ibrahim Kaikaa (Mr.UNIX) disabled PaX SEGVGUARD for memcheck-amd64-freebsd in devel/valgrind-devel and devel/valgrind
- Ibrahim Kaikaa disabled PaX MPROTECT for net-im/signal-desktop
- Ibrahim Kaikaa fixed lang/gcc11
For hbsdfw (the HardenedBSD 13-STABLE fork of OPNsense):
Today (30 Jul 2022), I published a new build[1]. It migrates us to PHP 8.0 and Python 3.9. It appears that the PHP 8.0 Radius extension (php80-pecl-radius) has issues, so I removed the package from the build. So if you're testing hbsdfw out and rely on Radius authentication, you'll want to skip this build.
I haven't had the time to fully bring up the infrastructure needed for in-place updates for hbsdfw, so the normal process of backing up the running config, reinstalling with the new build, and restoring the config is needed for this build and at least the following next few builds.
Please test the build out and let me know how it goes for you. Any message, whether it's "works fine for me" or "hey, we got a problem" helps me determine follow-up tasks for this fork.
The default username is "root" and the password is "dynfi". (The reason for the password being "dynfi" is because we use a forked version of the dynfi build scripts, which pull in the default dynfi opnsense config.)
SHA256 (hbsdfw_installer_vga_13.1-20220729-224841.iso.xz) =
99876a3ba436a274564f4ce51f83b71f901559d8e49926a18c 438b483e3d288c
[0]: https://groups.google.com/a/hardened...m/8g2NPClyAwAJ
[1]: https://hardenedbsd.org/~shawn/hbsdf...-224841.iso.xz