  <project cat='proj'>
    <title>HardenedBSD Status Report</title>

    <contact>
      <person>
	<name>
	  <given>Shawn</given>
	  <common>Webb</common>
	</name>

	<email>shawn.webb@hardenedbsd.org</email>
      </person>
      <person>
	<name>
	  <given>Oliver</given>
	  <common>Pinter</common>
	</name>

	<email>oliver.pinter@hardenedbsd.org</email>
      </person>
    </contact>

    <links>
      <url href="https://hardenedbsd.org/" />
      <url href="https://hardenedbsd.org/article/shawn-webb/2015-12-31/introducing-hardenedbsds-new-binary-updater">Introducing HardenedBSD's New Binary Updater</url>
      <url href="https://hardenedbsd.org/article/shawn-webb/2015-11-22/introducing-secadm-030-beta-01">secadm Beta Published</url>
      <url href="https://hardenedbsd.org/article/admin/2015-11-22/new-package-building-server">New Package Building Server</url>
      <url href="https://github.com/HardenedBSD/secadm">secadm</url>
      <url href="https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/experimental/master-i915">HardenedBSD Haswell Support</url>
      <url href="http://jenkins.hardenedbsd.org/builds/HardenedBSD-CURRENT-i915kms-amd64-LATEST/">Nightly Builds for HardenedBSD Haswell Support</url>
    </links>

    <body>
      <p>HardenedBSD has been hard at work attempting to improve
the performance and stability of our additions.  Security flags
are now per-thread instead of per-process, removing some locking
overhead.  ASLR for mmap(MAP_32BIT) requests has been refactored,
but lib32 is now disabled by default.</p>

      <p>We've developed a new binary update utility,
	<tt>hbsd-update</tt> akin to <tt>freebsd-update</tt>.
	In addition to normal OS installs, it can als update
	jails and ZFS Boot Environments (ZFS BEs).  Updates are
	signed using X.509 certificates.</p>

      <p><tt>secadm</tt> 0.3-beta has landed.  It has been
	rewritten from scratch in order to be more efficient.  As part of
	the rewrite, the rule syntax has changed and users must update
	their rulesets as described in the README.</p>

      <p>Thanks to generous donations of a server from G2, Inc and
	hosting from Automated Tendencies, we can now do full
	package builds in just 35 hours, down from 75 hours.
	This machine will also provide weekly binary updates for
	the kernel and base system.</p>

      <p>Owing partly to the needs of the developers, we have
	an experimental branch that includes the work
	&a.dumbbell; has underway for Haswell graphics support,
	on top of &os; 11-current.  Binary updates are also
	provided for this branch.</p>

      <p>Unfortunately, in order to focus our efforts on improving
	HardenedBSD, we have had to pull back from submitting our ASLR
	patches to &os;.  The past two years' efforts to address comments
	on the submission have taken their toll, and the effort is no
	longer sustainable.  We are proud to be based on &os; and believe
	that the whole community could benefit from the security
	technologies we are developing, and we hope that someone else will
	be able to step forward and finish off the task of integrating
	ASLR into &os;.</p>
    </body>

    <sponsor>
      Automated Tendencies
    </sponsor>

    <sponsor>
      G2, Inc
    </sponsor>

    <sponsor>
      SoldierX
    </sponsor>
  </project>
