Tin Hat 20100219 is out.

This release does not incorporate any feature enhancements, but polishes up the 20091218 release. No new packages were introduced and the 70 or so updated packages were just minor version bumps reflecting bug fixes. It was important, however, to sync upstream with Gentoo and so we took the opportunity to spruce up the theme with new artwork for both the GDM and the desktop. We went with a green plus tin grey theme, overlaying a circuit board. Something different to break from the purely abstract images of the past.

Tor-ramdisk 20100125

This release comes close on the heels of the last one to accommodate an important upstream security fix. Due to a break of their servers, the tor team has had to rotate two of the seven v3 authority keys. The only change to our image was bumping tor to version 0.2.1.22. The change was incorporated into all of our supported arches, i686, x86_64 and MIPS. Since privacy is the hallmark of tor, the natural question is, did the breach compromise anonymity. The answer is no because tor requires consensus of four of the seven v3 authorities for its directory.

Tor-ramdisk 20100115

About two weeks ago the tor team announce the release of tor-0.2.1.21. Since we had to update our images, we took this opportunity to incorporate a feature request that was made shortly after our last release. When we incorporated DHCP as an alternative means to set up networking, we accepted the IP address, router and DNS server handed out by the DHCP server. But Georg pointed out that the Danish ISPs implement DNS blocking. He wanted to be able to use his own DNS servers, like OpenDNS or the like, and not the ones handed to him by the ISP.

Tin Hat 20091218 is out!

This is primarily a maintenance release with minor bug fixes and lots of updates. The kernel was held steady at 2.6.28-r9, the tool chain was upgraded to gcc-4.4.2-r1, glibc-2.11-r1and binutils-2.20, and over 300 other packages were also upgraded. The tool chain provides all the usual nice hardening techniques, relro, ssp, nx, pie, and all our system binaries were compiled with these features, except for evolution which still requires -z,lazy because of its circular library dependencies.

Tor-ramdisk 20091123 (i686) and 20091124 (MIPS) released

The Tor team has been moving up the 0.2.1.x branch fixing bugs and stabilizing the code, and we're following closely behind. Recently the team announced the release of tor-0.2.1.20. Three major bugs were addressed, one of which is a memory leak, a sure kill for the tiny tor-ramdisk environment especially since it can be remotely triggered --- see Tor ChangeLog. Both the i686 and MIPS releases update tor to 0.2.1.20 to incorporate these fixes.

Tin Hat 20091003 released!

In this release, we take the leap from our old toolchain and adopt Gentoo's hardened-dev overlay which includes all of the hardening features of the previous release, but implemented using the compiler specs rather than using make.conf and other unsavory hacks. The current toolchain is comprised of binutils-2.18-r3, glibc-2.9_p20081201-r4, and gcc-4.4.1-r2. The entire system build just fine with the exception of epiphany which still has to be linked using -z,lazy due to its ugly interrelated libraries.

Tor-ramdisk 20090926 (i686) and 20090927 (MIPS) released

Andrew Lewman of the tor project asked if some future version of tor-ramdisk could support DHCP. This was an easy enough request. About two weeks ago I edited the setup scripts to allow for one more menu item which invoked busybox's DHCP client, udhcpcd. After a round of debugging I had it ready for i686 and then for the MIPS port. After running on Simba for over a week, its time for their release: the i686 release is named 20090926 and the MIPS port is 20090927. Hmm ... perhaps I should use some other versioning scheme!

Tor-ramdisk MIPS 20090828

I'm a day late in announcing it, but here's the MIPS port of the 20090821 release. Tor and busybox were similarly updated but the kernel needed reconfiguring to allow for the FILE_LOCKING feature which the tor-0.2.1.x branch makes use of. This in turn required block devices to be enabled in the kernel which a pure ram image doesn't necessarily need, and we didn't have im place when we were working with the 0.2.0.x branch.

Both the little and big endian QEMU images were tested as well as atheros image. Tor node "mufusa" is currently running the later image on a Mikrotik 433AH board.

Announcing tor-ramdisk 20090821

The tor team recently moved their stable branch from tor 0.2.0.x to 0.2.1.x which introduced many feature improvements and bug fixes --- see their changelog. The new codebase, however, revealed a bug in the stack smashing protector (SSP) of gentoo's stock hardened compiler gcc-3.4.6 --- see tor bug #1060.

Tin Hat 20090727 is in the wild!

This is perhaps our tightest release yet. While the kernel remained stable at hardened-2.6.28 (a minor bump from -r7 to -r9), we concentrated further on improving the toolchain. After painstakingly wading through a sea of binaries, figuring out what breaks and what doesn't with various toolchain hardening, we able to apply -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -fPIE to cc1, and -pie, -now, -relro to the linker in producing all of our libraries and binaries. Trouble only came from glibc and evolution.

Syndicate content