HardenedBSD April 2024 Status Report

April was relatively quiet. In src, the only change was to mitigate the LESSOPEN vulnerability (CVE-2024-32487). I spent a little bit of time studying the dance between the CSU, libc, the RTLD, and libthr.

In ports:

1. ports-mgmt/poudriere-hbsd build is fixed
2. 0x1eef contributed a new port: hardenedbsd/portzap
3. ports-mgmt/pkg was updated to 1.21.2
4. graphics/waffle is now built as a PIE
5. net/td-system-tools build is fixed

We collaborated with the Radicle project. I have some local patches that allow Radicle to compile on FreeBSD/HardenedBSD. I need to clean up those patches so they're upstream-worthy. We helped deploy a test seed node in my fully Tor-ified home network, exposing the node as a Tor Onion Service endpoint.

I'm hoping that in the long term, we will be able to switch from GitLab to Radicle for hosting our repositories. We made an attempt to provide src and ports over Radicle, but the repos are a little bit too large for Radicle to handle at the moment. We will continue working with the Radicle team to help support larger repositories.