Tin Hat Changelog

What's new in Tin Hat 20130228

Mar 1, 2013
  • The hardened toolchain and kernel were updated to:
  • gcc-4.6.3
  • glibc-2.15-r3
  • binutils-2.22-r1
  • hardened-sources-3.7.5-r1 = vanilla-3.7.5 + genpatches-3.7-7 + grsecurity-2.9.1-3.7.5-201301311811
  • Over 400 packages were upgraded.

New in Tin Hat 20121015 (Oct 17, 2012)

  • gcc-4.5.4
  • glibc-2.15-r2
  • binutils-2.22-r1
  • hardened-sources-3.2.30-r3 =vanilla-3.2.30 + genpatches-3.2-16 + grsecurity-2.9.1-3.2.30-201210071704
  • Approximately 240 packages were updated.

New in Tin Hat 20120625 (Jun 26, 2012)

  • gcc-4.5.3-r2
  • glibc-2.14.1-r1
  • binutils-2.22-r1
  • hardened-sources-3.2.0 = vanilla 3.2.20 + genpatches-3.2-15 + grsecurity-2.9.1-3.2.20-201206171957

New in Tin Hat 20111107 (Nov 8, 2011)

  • gcc-4.5.3-r1
  • glibc-2.12.2
  • binutils-2.21.1-r1
  • hardened-sources-3.0.4-r5 = vanilla 3.0.4 + genpatches-3.0-7 + grsecurity-2.2.2-3.0.4-201110080819

New in Tin Hat 20110613 (Jun 14, 2011)

  • The hardened kernel was updated to 2.6.38 branch for greater stability. The hardened toolchain was updated:
  • gcc-4.4.5
  • glibc-2.12.2
  • binutils-2.20.1-r1 (unchanged)
  • hardened-sources-2.6.38-r6 = vanilla 2.6.38.7 + genpatches-2.6.38-7 + grsecurity-2.2.2-2.6.38.7-201105222331
  • Approximately 380 packages were updated and 20 were removed. The following links shows a full list of the upgraded packages: amd64 and i686.

New in Tin Hat 20101219 (Dec 22, 2010)

  • This is a maintenance release addressing a few small bugs.
  • The toolchain was kept steady with just a minor bump in glibc to 2.11.2.
  • The kernel was updated to 2.6.32.27 plus grsecurity patches.
  • About 120 packages were bumped to sync with Gentoo upstream.

New in Tin Hat 20100901 (Sep 2, 2010)

  • The hardened toolchain was kept steady with only a minor bump to glibc.
  • The kernel was updated to Gentoo's hardened-sources-2.6.34-r2 based on vanilla 2.6.34.4.
  • Over 260 packages were upgraded, including Gnome 2.30.2 and Firefox 3.6.8.

New in Tin Hat 20100601 (Jun 1, 2010)

  • The hardened toolchain and kernel were updated:
  • gcc-4.4.4-r2
  • glibc-2.11.1
  • binutils-2.20.1-r1
  • hardened-sources-2.6.32-r7 = 2.6.32.13 + grsec-2.1.14-2.6.32.13-201005151340
  • Approximately 250 packages also updated, the most important of which were gnome-2.28.2 and firefox-3.6.3.

New in Tin Hat 20091003 (Oct 5, 2009)

  • This release switches the toolchain to Gentoo's hardened-dev overlay, which includes all of the hardening features of the previous release implemented at the compiler specs level rather than in the make.conf file and other manual hacks.
  • The current toolchain is comprised of binutils-2.18-r3, glibc-2.9_p20081201-r4, and gcc-4.4.1-r2.
  • No changes were made to the kernel, which is held at 2.6.28-hardened-r9.
  • Approximately 125 packages were updated to sync upstream with Gentoo.
  • Important updates include bash, coreutils, python, readline, gtk+, epiphany, and firefox.

New in Tin Hat 20090404 (Apr 5, 2009)

  • This release addresses many important updates from upstream, particularly:
  • hardened-sources-2.6.28-r7
  • openssl-0.9.8k
  • openssh-5.2_p1-r1
  • glibc-2.8_p20080602-r1
  • gnupg-2.0.10
  • gnome-2.24.1
  • Approximately 130 other packages were also upgraded.

New in Tin Hat 20090309 (Mar 10, 2009)

  • This is primarily a maintenance release that addresses approximately 90 updates and synchronizes with the upstream hardened Gentoo.
  • Some minor bugfixes to the desktop were made.

New in Tin Hat 20090119 (Jan 19, 2009)

  • This release addresses several security issues and bugfixes, and syncs upstream with stable hardened Gentoo.
  • Over 30 packages are upgraded, including the following important updates: hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j, e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4

New in Tin Hat 20081229 (Dec 30, 2008)

  • The boot process was cleaned up: initrd was replaced with intramfs, busybox was downgraded to 1.7.4 and statically compiled against uClibc, mdev is used to populate /dev rather than MAKEDEV, and init was improved to better locate the squashfs filesystem.
  • The build scripts were cleaned up so that "building a new release" and "saving a running system to ISO" are the same process.
  • Tin Hat is no longer built from VMware templates, but from a running system purely in RAM.
  • The iso2usb.sh scripts were stabilized: booting from pen drive now uses syslinux rather than GRUB.

New in Tin Hat 20081025 (Oct 28, 2008)

  • No new features have been added, but many packages were updated to sync up with Gentoo. In particular, Gnome was updated to 2.22.3, and the kernel was updated to hardened 2.6.25-r8. Postfix was also updated to 2.5.5 to address a security issue.

New in Tin Hat 20080830 (Aug 31, 2008)

  • Security updates and bugfixes to many packages, syncing upstream with Gentoo.
  • Partial support has been added for wireless and Bluetooth.
  • Support has been added for RAID, LVM, FUSE, and EncFS filesystems.