This release deepens the hardening of the binaries from the previous release with little changes to the kernel. The toolchain, composed of binutils-2-18, glibc-2.9 and gcc-4.3.3 was used to compile the system from scratch with the following features:

  • -fstack-protector-all - only glibc and evolution were compiled with just -fstack-protector
  • -fPIC -fPIE and -pie
  • -Wl,-z,now,-z,relro - only evolution was compiled with -z,lazy

Also, approximately 90 packages were updated to sync upstream with Gentoo. The following links are the full list of updates for amd64 and i686. The more noteworthy updates are

  • 2.6.28-hardened-r9 from 2.6.28-hardened-r7
  • glibc-2.9 from glibc-2.8
  • postfix-2.5.7
  • firefox-3.0.11
  • lftp-3.7.14
  • portage-