Release Notes: The toolchain was updated to Gentoo's hardened gcc-4.5.3-r1, glibc-2.12.2, and binutils-2.21.1-r1. The kernel was bumped to 3.0.4 plus GRSEC/PaX patches. About 265 packages were updated and 30 new ones added. Gnome was kept steady at 2.32.1, but Firefox was bumped to 7.0.1 (aka Aurora).
Release Notes: This is a major release with upgrades to every aspect of the system. The toolchain was updated to Gentoo's hardened gcc-4.4.5, glibc-2.12.2, and binutils-2.20.1. The kernel was updated to vanilla 2.6.38 plus GRSEC/PaX patches. System init was update to openrc. In all, about 400 packages were upgrade, including GNOME 2.32.1 and Namoroka (aka Firefox) 3.6.17.
Release Notes: The hardened toolchain was upgraded to gcc-4.4.4-r2, glibc-2.11.1, and binutils-2.20.1-r1. The kernel was upgraded to Gentoo's hardened-sources-2.6.32-r7 which is based on 126.96.36.199. In all, about 250 packages were updated with the new versions of gnome-2.28.2 and firefox-3.6.3.
Release Notes: This release switches the toolchain to Gentoo's hardened-dev overlay, which includes all of the hardening features of the previous release implemented at the compiler specs level rather than in the make.conf file and other manual hacks. The current toolchain is comprised of binutils-2.18-r3, glibc-2.9_p20081201-r4, and gcc-4.4.1-r2. No changes were made to the kernel, which is held at 2.6.28-hardened-r9. Approximately 125 packages were updated to sync upstream with Gentoo. Important updates include bash, coreutils, python, readline, gtk+, epiphany, and firefox.
Release Notes: This release continues the work of hardening the system libraries and binaries begun in the previous release with little changes to the kernel. The toolchain, composed of binutils-2-18, glibc-2.9, and gcc-4.3.3, was used to compile the system from scratch with the following hardening: -fstack-protector-all for everything (except glibc and evolution, where just -fstack-protect is required); -D_FORTIFY_SOURCE=2; PIC/PIE; and -Wl,-z,now,-z,relro (except for evolution which requires -z,lazy). The project has also been synchronized upstream with Gentoo, updating approximately 90 packages.
Release Notes: The boot process was cleaned up: initrd was replaced with intramfs, busybox was downgraded to 1.7.4 and statically compiled against uClibc, mdev is used to populate /dev rather than MAKEDEV, and init was improved to better locate the squashfs filesystem. The build scripts were cleaned up so that "building a new release" and "saving a running system to ISO" are the same process. Tin Hat is no longer built from VMware templates, but from a running system purely in RAM. The iso2usb.sh scripts were stabilized: booting from pen drive now uses syslinux rather than GRUB.
Release Notes: Security updates and bugfixes to many packages, syncing upstream with Gentoo. Partial support has been added for wireless and Bluetooth. Support has been added for RAID, LVM, FUSE, and EncFS filesystems.