HardenedBSD May 2024 Status Report

May 2024 was pretty quiet overall.

In FreeBSD land, The FreeBSD Foundation and Stormshield both sponsored a port of NetBSD's _FORTIFY_SOURCE implementation. Within twenty-four hours, we set _FORTIFY_SOURCE to 2 for the entirety of the base userland and the ports tree. June will see the first 15-CURRENT/amd64 package build with _FORTIFY_SOURCE=2 set by default. I'm sure there will be a lot of fallout to address in ports.

I'm making final preparations to give the HardenedBSD talk at BSDCan. That is the reason I'm writing this status report early. I will post my slides after the conclusion of my presentation.

In ports:

  1. 0x1eef updated hardenedbsd/portzap to v0.12.0
  2. Shawn disabled fortify source on a few select ports:
    • lang/gcc10
    • lang/gcc11
    • lang/gcc12
    • lang/gcc13
    • multimedia/libv4l
    • devel/libepoll-shim
  3. ports-mgmt/poudriere-hbsd was updated to 3.4.1.
  4. sysutils/cpu-microcode-intel build was fixed.
  5. ports-mgmt/pkg was updated to 1.21.3