It has been a busy month for me personally, so not too much was accomplished in HardenedBSD. It got really hot here at home, and the server room's temperatures kept creeping higher than desired. So I spent some time trying to get temperature control more efficient and I made a lot of progress. At the beginning of the month, the server room got up to 76F. After installing foam panels in the window, and doing some more weatherproofing, the room now averages 69F at the hotest, and 60F at the coolest. I taught our infrastructure monitoring daemon (hbsdmon) how to monitor CPU temperatures. I also taught it how to take action when a monitor transitions from nominal success to failure, and vice-versa. hbsdmon alerts me if the CPU temp hits 80C, and shuts down the server if the CPU temp hits 90C. So now I don't have to worry if I go on vacation, or if the A/C unit dies while I'm asleep. :-) We received a new server donation. This server will allow us to centralize storage. We'll likely budget for ten 8TB drives (six hot, four spare). In src: I fixed a kernel panic when a PaX MPROTECT error handling code path was chosen. I coordinated _FORTIFY_SOURCE changes and testing with FreeBSD's Kyle Evans. In ports: Fabien Amelinck fixed a custom patch we have in ports-mgmt/poudriere-hbsd Shawn Webb fixed x11/station-tweak Shawn Webb enabled PIE and RELRO for textproc/unix2ascii Shawn Webb updated various net-p2p/heartwood* related ports Fabien Amelinck fixed emulators/virtualbox-ose Fabien Amelinck fixed an issue with secadm's manual page path 0x1eef updated the hardenedbsd/sourcezap port Shawn Webb marked math/pspp broken for all supported src branches Shawn Webb updated the hardenedbsd/hbsdmon port I also published (and deployed locally) a new build of hbsdfw. hbsdfw is a HardenedBSD 14-STABLE based fork of OPNsense that we maintain as a hobby side-project. As usual, your update process is: Backup your config Reinstall with the new image Restore your config Default username: root Default password: hbsdfw You can find the install media here: https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_14.1-20240801... $ wc -c hbsdfw_installer_vga_14.1-20240801-154128.iso.xz 1547783764 hbsdfw_installer_vga_14.1-20240801-154128.iso.xz $ sha256 hbsdfw_installer_vga_14.1-20240801-154128.iso.xz SHA256 (hbsdfw_installer_vga_14.1-20240801-154128.iso.xz) = 639e87b17fc999acd143c6c731e665f7299a3efe8d551674d0833a475b46cb8e...