diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index c1c95b201a..18fcab9bf1 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2831 +1,2839 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:05.route"
+date = "2026-02-24"
+
+[[advisories]]
+name = "FreeBSD-SA-26:04.jail"
+date = "2026-02-24"
+
[[advisories]]
name = "FreeBSD-SA-26:03.blocklistd"
date = "2026-02-10"
[[advisories]]
name = "FreeBSD-SA-26:02.jail"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-26:01.openssl"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-25:12.rtsold"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:11.ipfw"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:10.unbound"
date = "2025-11-26"
[[advisories]]
name = "FreeBSD-SA-25:09.netinet"
date = "2025-10-22"
[[advisories]]
name = "FreeBSD-SA-25:08.openssl"
date = "2025-09-30"
[[advisories]]
name = "FreeBSD-SA-25:07.libarchive"
date = "2025-08-08"
[[advisories]]
name = "FreeBSD-SA-25:06.xz"
date = "2025-07-02"
[[advisories]]
name = "FreeBSD-SA-25:05.openssh"
date = "2025-02-21"
[[advisories]]
name = "FreeBSD-SA-25:04.ktrace"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:03.etcupdate"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:02.fs"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:01.openssh"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-24:19.fetch"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:18.ctl"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:17.bhyve"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:16.libnv"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:15.bhyve"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:14.umtx"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:13.openssl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:12.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:11.ctl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:10.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:09.libnv"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:08.openssh"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:07.nfsclient"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:06.ktrace"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:05.pf"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/static/security/advisories/FreeBSD-SA-26:04.jail.asc b/website/static/security/advisories/FreeBSD-SA-26:04.jail.asc
new file mode 100644
index 0000000000..92716c237c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:04.jail.asc
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:04.jail Security Advisory
+ The FreeBSD Project
+
+Topic: Jail chroot escape via fd exchange with a different jail
+
+Category: core
+Module: jail
+Announced: 2026-02-24
+Affects: FreeBSD 14.3 and 13.5.
+Corrected: 2025-07-29 12:49:03 UTC (stable/14, 14.3-STABLE)
+ 2026-02-24 16:01:32 UTC (releng/14.3, 14.3-RELEASE-p9)
+ 2026-02-09 20:44:00 UTC (stable/13, 13.4-STABLE)
+ 2026-02-24 16:04:42 UTC (releng/13.5, 13.5-RELEASE-p10)
+CVE Name: CVE-2025-15576
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+Jails are an operating system virtualization technology which allow
+administrators to confine processes within an environment with limited ability
+to affect the system outside of that environment. In particular, jailed
+processes typically have their filesystem access restricted by a chroot-like
+mechanism.
+
+nullfs(4) is a pseudo-filesystem which allows a directory to be mounted at
+another point in the filesystem hierarchy.
+
+unix domain sockets are a mechanism for interprocess communication. They
+behave similarly to Internet sockets but are identified by names in the local
+filesystem. unix domain sockets allow processes to exchange file descriptors
+using control messages.
+
+II. Problem Description
+
+If two sibling jails are restricted to separate filesystem trees, which is to
+say that neither of the two jail root directories is an ancestor of the other,
+jailed processes may nonetheless be able to access a shared directory via a
+nullfs mount, if the administrator has configured one.
+
+In this case, cooperating processes in the two jails may establish a connection
+using a unix domain socket and exchange directory descriptors with each other.
+
+When performing a filesystem name lookup, at each step of the lookup, the
+kernel checks whether the lookup would descend below the jail root of the
+current process. If the jail root directory is not encountered, the lookup
+continues.
+
+III. Impact
+
+In a configuration where processes in two different jails are able to exchange
+file descriptors using a unix domain socket, it is possible for a jailed
+process to receive a directory for a descriptor that is below that process'
+jail root. This enables full filesystem access for a jailed process, breaking
+the chroot.
+
+Note that the system administrator is still responsible for ensuring that an
+unprivileged user on the jail host is not able to pass directory descriptors
+to a jailed process, even in a patched kernel.
+
+IV. Workaround
+
+No workaround is available. Note that in order to exploit this problem, an
+attacker requires control over processes in two jails which share a nullfs
+mount in which a unix socket can be installed.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, which were not installed using base
+system packages, can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:04/jail-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:04/jail-14.patch.asc
+# gpg --verify jail-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-26:04/jail-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:04/jail-13.patch.asc
+# gpg --verify jail-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 3ad3ab5f9b6e stable/14-n272076
+releng/14.3/ fbc35b3e6615 releng/14.3-n271471
+stable/13/ 73530e4c2ea9 stable/13-n259752
+releng/13.5/ e6b96891ef7c releng/13.5-n259202
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmmd0NwACgkQbljekB8A
+Gu9WrxAAzgjxobnwhy+3RrD4XSOViKv7Dk6va/cqZtiP+SEv1lwM86P4aeUbqCOL
+XPGItri1El9gQoBYsLS/b5ODbevV/CBaTeZbGwm129B9xdrJ4lQgQrDBh3qgo55k
+OxQTnZbJgnF0YtjcSnkC+oWs4selpADEevEe2ohVUrV4OjXjVoCc3hVibPPwFh+8
+G5lPqcI26kXXimjb+zC+5yFQwNy/an9sYeiVnYceCuAOxxoV0Uf23Z5Ndc5oPBUD
+lYMfrfuqmuhX6AtxTSU7x4BDx4MGTDIMYjU/LXptzMI5bpvqUy4F4lqx0t8vXV8F
+T8vpbzGt8uhyRoD9Wp9LCIS7PpjBNm3YINY4Zd9z46tiC5ItTSV5mkJzatDB2zW+
+4iMcFQxHFGksHyrGn3epYKm1C3NtbKc5lEVHnKZqg11H2xUtDkTRn8AVcy8a9Bh+
+FDo1+yAb96W5by9UGA7nCdF8xwr9+ea/k6JDDfHxgVsOKzOgXsh7wmJ686kTIT2I
+2REIMLY79xs50Lii5EMvN1oSjXxb7+WFphe+XCoH39JDTI3ekg7EpnFHcXLzMaVt
+rciDlmPBU8h5A8U8GyI359DbIlha2IY5R2yC/opHUkOq/wBDJUZcL2y41BEH11jb
+uFxRavagcRePVrSHSuXOH1vSdmsdrtl/h7HBP83J4X6ZG3nnr90=
+=cwB8
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:05.route.asc b/website/static/security/advisories/FreeBSD-SA-26:05.route.asc
new file mode 100644
index 0000000000..9e4edbab24
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:05.route.asc
@@ -0,0 +1,161 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:05.route Security Advisory
+ The FreeBSD Project
+
+Topic: Local DoS and possible privilege escalation via routing sockets
+
+Category: core
+Module: route
+Announced: 2026-02-24
+Credits: Adam Crosser of the Praetorian Labs team
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-02-24 16:00:26 UTC (stable/15, 15.0-STABLE)
+ 2026-02-24 16:00:39 UTC (releng/15.0, 15.0-RELEASE-p4)
+ 2026-02-24 16:00:56 UTC (stable/14, 14.4-STABLE)
+ 2026-02-24 16:02:31 UTC (releng/14.4, 14.4-RC1)
+ 2026-02-24 16:01:35 UTC (releng/14.3, 14.3-RELEASE-p9)
+ 2026-02-24 16:03:17 UTC (stable/13, 13.5-STABLE)
+ 2026-02-24 16:04:45 UTC (releng/13.5, 13.5-RELEASE-p10)
+CVE Name: CVE-2026-3038
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The routing socket interface, route(4), lets users query the state of the
+kernel's routing tables. Most routing socket operations require root
+privileges, but unprivileged users may send RTM_GET messages to obtain
+information about routing table entries.
+
+II. Problem Description
+
+The rtsock_msg_buffer() function serializes routing information into a buffer.
+As a part of this, it copies sockaddr structures into a sockaddr_storage
+structure on the stack. It assumes that the source sockaddr length field had
+already been validated, but this is not necessarily the case, and it's possible
+for a malicious userspace program to craft a request which triggers a 127-byte
+overflow.
+
+In practice, this overflow immediately overwrites the canary for the
+rtsock_msg_buffer() stack frame, resulting in a panic once the function
+returns.
+
+III. Impact
+
+The bug allows an unprivileged user to crash the kernel by triggering a stack
+buffer overflow in rtsock_msg_buffer(). In particular, the overflow will
+corrupt a stack canary value that is verified when the function returns; this
+mitigates the impact of the stack overflow by triggering a kernel panic.
+
+Other kernel bugs may exist which allow userspace to find the canary value and
+thus defeat the mitigation, at which point local privilege escalation may be
+possible.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, which were not installed using base
+system packages, can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:05/route.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:05/route.patch.asc
+# gpg --verify route.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ df932377e7dd stable/15-n282455
+releng/15.0/ 5de6a55c70ba releng/15.0-n281009
+stable/14/ 1eb2beb3686c stable/14-n273785
+releng/14.4/ 7465d0b094b7 releng/14.4-n273667
+releng/14.3/ d521badafdaa releng/14.3-n271474
+stable/13/ 8b476ffc4ea3 stable/13-n259798
+releng/13.5/ c2e2bfbd9e09 releng/13.5-n259205
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmmdz7cACgkQbljekB8A
+Gu+9ehAAziBGPEv4RtXdh5OPqRkmJrZbxYNsiDmsqCO1alaEq/P64uLSI3ShOEf7
+K51oW4P+pukw13mJ7koDfWIFcJ5Jr4p+4vPIUenHafgXzOB9i6prn9kF0RFJN9zX
+ziUaz8DGKd7B01eUoFj0p5l6rm00Z8q9l47ePOXfa+CS90lZxV/9z55UbmmCioQv
+Ar98kPvaRmrmUqifuj72Jh1Wf69XLMDv4CI7BRumXIQnrHJ1xco4T9hHrHzPyNCf
+cObfVsYMew/OGL2WgqfWvOEbmmC4mSW080kjPNmJxA+WG5fc0xQWaF41Kq1YDSWD
+23SLqgjzTEP7zcsN/bW1k/7maf7lkKUWjtC/sjcqJRPfgWfHjDCVcMTKSjje65ld
+Ml4sw4Ea2+jbOZqNcQhtFLo69atTu3oOgN2Gc677rvpkLl+HSivrX7D/1ULYfE0x
+TbtW8Y8fqyNaPPOc1PktUcvQsZ1Sq8OKghOd/JAv1sKLZnxs61fWEMJKTJZEMHQB
+NOnvw8PO2JPNMgJhPJz1CuD0pUCyTDqHYvfEI6TQikJmqKfrhAOBl8ccfNMyMmje
+ZPW1f6hXud7c11OQXJ/u3QyBe7E+3v9MOf7Tn/mbFviwMx/xmG2VbgAuBBOVx6qb
+QnHv9Ce+szmMV+9i0dj5KlsxhuFfUaDIIc9+iZ/1k8GkjkizDjE=
+=V8QD
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:04/jail-13.patch b/website/static/security/patches/SA-26:04/jail-13.patch
new file mode 100644
index 0000000000..d59176e649
--- /dev/null
+++ b/website/static/security/patches/SA-26:04/jail-13.patch
@@ -0,0 +1,1132 @@
+--- sys/compat/cloudabi/cloudabi_fd.c.orig
++++ sys/compat/cloudabi/cloudabi_fd.c
+@@ -389,7 +389,7 @@
+ int error, oflags;
+
+ /* Obtain file descriptor properties. */
+- error = fget_cap(td, uap->fd, cap_rights_init(&rights), &fp,
++ error = fget_cap(td, uap->fd, cap_rights_init(&rights), NULL, &fp,
+ &fcaps);
+ if (error != 0)
+ return (error);
+--- sys/fs/fdescfs/fdesc_vnops.c.orig
++++ sys/fs/fdescfs/fdesc_vnops.c
+@@ -515,7 +515,7 @@
+ cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
+ } else {
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_SET), NULL, &fp);
+ }
+ if (error) {
+ /*
+@@ -652,7 +652,7 @@
+ VOP_UNLOCK(vn);
+
+ td = curthread;
+- error = fget_cap(td, fd_fd, &cap_no_rights, &fp, NULL);
++ error = fget_cap(td, fd_fd, &cap_no_rights, NULL, &fp, NULL);
+ if (error != 0)
+ goto out;
+
+--- sys/kern/kern_descrip.c.orig
++++ sys/kern/kern_descrip.c
+@@ -114,7 +114,8 @@
+ static void fdunused(struct filedesc *fdp, int fd);
+ static void fdused(struct filedesc *fdp, int fd);
+ static int fget_unlocked_seq(struct filedesc *fdp, int fd,
+- cap_rights_t *needrightsp, struct file **fpp, seqc_t *seqp);
++ const cap_rights_t *needrightsp, uint8_t *flagsp,
++ struct file **fpp, seqc_t *seqp);
+ static int getmaxfd(struct thread *td);
+ static u_long *filecaps_copy_prep(const struct filecaps *src);
+ static void filecaps_copy_finish(const struct filecaps *src,
+@@ -470,6 +471,8 @@
+ return (error);
+ }
+
++#define FD_RESOLVE_BENEATH 2
++
+ int
+ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
+ {
+@@ -519,7 +522,9 @@
+ fde = fdeget_locked(fdp, fd);
+ if (fde != NULL) {
+ td->td_retval[0] =
+- (fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0;
++ ((fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0) |
++ ((fde->fde_flags & UF_RESOLVE_BENEATH) ?
++ FD_RESOLVE_BENEATH : 0);
+ error = 0;
+ }
+ FILEDESC_SUNLOCK(fdp);
+@@ -530,8 +535,13 @@
+ FILEDESC_XLOCK(fdp);
+ fde = fdeget_locked(fdp, fd);
+ if (fde != NULL) {
++ /*
++ * UF_RESOLVE_BENEATH is sticky and cannot be cleared.
++ */
+ fde->fde_flags = (fde->fde_flags & ~UF_EXCLOSE) |
+- (arg & FD_CLOEXEC ? UF_EXCLOSE : 0);
++ ((arg & FD_CLOEXEC) != 0 ? UF_EXCLOSE : 0) |
++ ((arg & FD_RESOLVE_BENEATH) != 0 ?
++ UF_RESOLVE_BENEATH : 0);
+ error = 0;
+ }
+ FILEDESC_XUNLOCK(fdp);
+@@ -2158,7 +2168,8 @@
+ seqc_write_begin(&fde->fde_seqc);
+ #endif
+ fde->fde_file = fp;
+- fde->fde_flags = (flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0;
++ fde->fde_flags = ((flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0) |
++ ((flags & O_RESOLVE_BENEATH) != 0 ? UF_RESOLVE_BENEATH : 0);
+ if (fcaps != NULL)
+ filecaps_move(fcaps, &fde->fde_caps);
+ else
+@@ -2978,7 +2989,7 @@
+ }
+
+ int
+-fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_cap_locked(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp, struct filecaps *havecapsp)
+ {
+ struct filedescent *fde;
+@@ -3010,8 +3021,8 @@
+ }
+
+ int
+-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp)
++fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp)
+ {
+ struct filedesc *fdp = td->td_proc->p_fd;
+ int error;
+@@ -3025,7 +3036,8 @@
+
+ *fpp = NULL;
+ for (;;) {
+- error = fget_unlocked_seq(fdp, fd, needrightsp, &fp, &seq);
++ error = fget_unlocked_seq(fdp, fd, needrightsp, flagsp, &fp,
++ &seq);
+ if (error != 0)
+ return (error);
+
+@@ -3089,7 +3101,7 @@
+
+ #ifdef CAPABILITIES
+ int
+-fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
++fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, int *flagsp)
+ {
+ const struct filedescent *fde;
+ const struct fdescenttbl *fdt;
+@@ -3099,6 +3111,7 @@
+ const cap_rights_t *haverights;
+ cap_rights_t rights;
+ seqc_t seq;
++ int flags;
+
+ VFS_SMR_ASSERT_ENTERED();
+
+@@ -3117,7 +3130,9 @@
+ return (EAGAIN);
+ if (__predict_false(cap_check_inline_transient(haverights, &rights)))
+ return (EAGAIN);
+- *fsearch = ((fp->f_flag & FSEARCH) != 0);
++ flags = fp->f_flag & FSEARCH;
++ flags |= (fde->fde_flags & UF_RESOLVE_BENEATH) != 0 ?
++ O_RESOLVE_BENEATH : 0;
+ vp = fp->f_vnode;
+ if (__predict_false(vp == NULL)) {
+ return (EAGAIN);
+@@ -3151,16 +3166,19 @@
+ #endif
+ }
+ *vpp = vp;
++ *flagsp = flags;
+ return (0);
+ }
+ #else
+ int
+-fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
++fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, int *flagsp)
+ {
++ const struct filedescent *fde;
+ const struct fdescenttbl *fdt;
+ struct filedesc *fdp;
+ struct file *fp;
+ struct vnode *vp;
++ int flags;
+
+ VFS_SMR_ASSERT_ENTERED();
+
+@@ -3168,10 +3186,13 @@
+ fdt = fdp->fd_files;
+ if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
+ return (EBADF);
+- fp = fdt->fdt_ofiles[fd].fde_file;
++ fde = &fdt->fdt_ofiles[fd];
++ fp = fde->fde_file;
+ if (__predict_false(fp == NULL))
+ return (EAGAIN);
+- *fsearch = ((fp->f_flag & FSEARCH) != 0);
++ flags = fp->f_flag & FSEARCH;
++ flags |= (fde->fde_flags & UF_RESOLVE_BENEATH) != 0 ?
++ O_RESOLVE_BENEATH : 0;
+ vp = fp->f_vnode;
+ if (__predict_false(vp == NULL || vp->v_type != VDIR)) {
+ return (EAGAIN);
+@@ -3186,6 +3207,7 @@
+ return (EAGAIN);
+ filecaps_fill(&ndp->ni_filecaps);
+ *vpp = vp;
++ *flagsp = flags;
+ return (0);
+ }
+ #endif
+@@ -3199,13 +3221,15 @@
+ struct componentname *cnp;
+ cap_rights_t rights;
+ int error;
++ uint8_t flags;
+
+ td = curthread;
+ rights = *ndp->ni_rightsneeded;
+ cap_rights_set_one(&rights, CAP_LOOKUP);
+ cnp = &ndp->ni_cnd;
+
+- error = fget_cap(td, ndp->ni_dirfd, &rights, &fp, &ndp->ni_filecaps);
++ error = fget_cap(td, ndp->ni_dirfd, &rights, &flags, &fp,
++ &ndp->ni_filecaps);
+ if (__predict_false(error != 0))
+ return (error);
+ if (__predict_false(fp->f_ops == &badfileops)) {
+@@ -3223,6 +3247,10 @@
+ */
+ if ((fp->f_flag & FSEARCH) != 0)
+ cnp->cn_flags |= NOEXECCHECK;
++ if ((flags & UF_RESOLVE_BENEATH) != 0) {
++ cnp->cn_flags |= RBENEATH;
++ ndp->ni_resflags |= NIRES_BENEATH;
++ }
+ fdrop(fp, td);
+
+ #ifdef CAPABILITIES
+@@ -3256,12 +3284,10 @@
+ }
+
+ static int
+-fget_unlocked_seq(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, seqc_t *seqp)
++fget_unlocked_seq(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, seqc_t *seqp)
+ {
+-#ifdef CAPABILITIES
+ const struct filedescent *fde;
+-#endif
+ const struct fdescenttbl *fdt;
+ struct file *fp;
+ #ifdef CAPABILITIES
+@@ -3269,6 +3295,7 @@
+ cap_rights_t haverights;
+ int error;
+ #endif
++ uint8_t flags;
+
+ fdt = fdp->fd_files;
+ if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
+@@ -3287,10 +3314,13 @@
+ fde = &fdt->fdt_ofiles[fd];
+ haverights = *cap_rights_fde_inline(fde);
+ fp = fde->fde_file;
++ flags = fde->fde_flags;
+ if (!seqc_consistent(fd_seqc(fdt, fd), seq))
+ continue;
+ #else
+- fp = fdt->fdt_ofiles[fd].fde_file;
++ fde = &fdt->fdt_ofiles[fd];
++ flags = fde->fde_flags;
++ fp = fde->fde_file;
+ #endif
+ if (fp == NULL)
+ return (EBADF);
+@@ -3323,6 +3353,8 @@
+ fdrop(fp, curthread);
+ }
+ *fpp = fp;
++ if (flagsp != NULL)
++ *flagsp = flags;
+ if (seqp != NULL) {
+ #ifdef CAPABILITIES
+ *seqp = seq;
+@@ -3339,8 +3371,8 @@
+ * racing with itself.
+ */
+ int
+-fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp)
++fget_unlocked_flags(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp)
+ {
+ #ifdef CAPABILITIES
+ const struct filedescent *fde;
+@@ -3351,6 +3383,7 @@
+ seqc_t seq;
+ const cap_rights_t *haverights;
+ #endif
++ uint8_t flags;
+
+ fdt = fdp->fd_files;
+ if (__predict_false((u_int)fd >= fdt->fdt_nfiles)) {
+@@ -3362,8 +3395,10 @@
+ fde = &fdt->fdt_ofiles[fd];
+ haverights = cap_rights_fde_inline(fde);
+ fp = fde->fde_file;
++ flags = fde->fde_flags;
+ #else
+ fp = fdt->fdt_ofiles[fd].fde_file;
++ flags = fdt->fdt_ofiles[fd].fde_flags;
+ #endif
+ if (__predict_false(fp == NULL))
+ goto out_fallback;
+@@ -3387,12 +3422,21 @@
+ #endif
+ goto out_fdrop;
+ *fpp = fp;
++ if (flagsp != NULL)
++ *flagsp = flags;
+ return (0);
+ out_fdrop:
+ fdrop(fp, curthread);
+ out_fallback:
+ *fpp = NULL;
+- return (fget_unlocked_seq(fdp, fd, needrightsp, fpp, NULL));
++ return (fget_unlocked_seq(fdp, fd, needrightsp, flagsp, fpp, NULL));
++}
++
++int
++fget_unlocked(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
++ struct file **fpp)
++{
++ return (fget_unlocked_flags(fdp, fd, needrightsp, NULL, fpp));
+ }
+
+ /*
+@@ -3406,7 +3450,7 @@
+ */
+ #ifdef CAPABILITIES
+ int
+-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp)
+ {
+ const struct filedescent *fde;
+@@ -3436,7 +3480,7 @@
+ }
+ #else
+ int
+-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp)
+ {
+ struct file *fp;
+@@ -3472,7 +3516,7 @@
+ */
+ static __inline int
+ _fget(struct thread *td, int fd, struct file **fpp, int flags,
+- cap_rights_t *needrightsp)
++ const cap_rights_t *needrightsp)
+ {
+ struct filedesc *fdp;
+ struct file *fp;
+@@ -3520,15 +3564,15 @@
+ }
+
+ int
+-fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget(struct thread *td, int fd, const cap_rights_t *rightsp, struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, 0, rightsp));
+ }
+
+ int
+-fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
+- struct file **fpp)
++fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
++ vm_prot_t *maxprotp, struct file **fpp)
+ {
+ int error;
+ #ifndef CAPABILITIES
+@@ -3546,7 +3590,7 @@
+ fdp = td->td_proc->p_fd;
+ MPASS(cap_rights_is_set(rightsp, CAP_MMAP));
+ for (;;) {
+- error = fget_unlocked_seq(fdp, fd, rightsp, &fp, &seq);
++ error = fget_unlocked_seq(fdp, fd, rightsp, NULL, &fp, &seq);
+ if (__predict_false(error != 0))
+ return (error);
+ if (__predict_false(fp->f_ops == &badfileops)) {
+@@ -3571,22 +3615,24 @@
+ }
+
+ int
+-fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, FREAD, rightsp));
+ }
+
+ int
+-fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, FWRITE, rightsp));
+ }
+
+ int
+-fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
+- struct file **fpp)
++fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
++ int needfcntl, struct file **fpp)
+ {
+ struct filedesc *fdp = td->td_proc->p_fd;
+ #ifndef CAPABILITIES
+@@ -3599,7 +3645,7 @@
+ *fpp = NULL;
+ MPASS(cap_rights_is_set(rightsp, CAP_FCNTL));
+ for (;;) {
+- error = fget_unlocked_seq(fdp, fd, rightsp, &fp, &seq);
++ error = fget_unlocked_seq(fdp, fd, rightsp, NULL, &fp, &seq);
+ if (error != 0)
+ return (error);
+ error = cap_fcntl_check(fdp, fd, needfcntl);
+@@ -3624,7 +3670,7 @@
+ * XXX: what about the unused flags ?
+ */
+ static __inline int
+-_fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
++_fgetvp(struct thread *td, int fd, int flags, const cap_rights_t *needrightsp,
+ struct vnode **vpp)
+ {
+ struct file *fp;
+@@ -3646,21 +3692,22 @@
+ }
+
+ int
+-fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, 0, rightsp, vpp));
+ }
+
+ int
+-fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
++fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
+ struct filecaps *havecaps, struct vnode **vpp)
+ {
+ struct filecaps caps;
+ struct file *fp;
+ int error;
+
+- error = fget_cap(td, fd, needrightsp, &fp, &caps);
++ error = fget_cap(td, fd, needrightsp, NULL, &fp, &caps);
+ if (error != 0)
+ return (error);
+ if (fp->f_ops == &badfileops) {
+@@ -3685,14 +3732,16 @@
+ }
+
+ int
+-fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, FREAD, rightsp, vpp));
+ }
+
+ int
+-fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, FEXEC, rightsp, vpp));
+@@ -3700,7 +3749,7 @@
+
+ #ifdef notyet
+ int
+-fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
++fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp)
+ {
+
+--- sys/kern/sys_procdesc.c.orig
++++ sys/kern/sys_procdesc.c
+@@ -121,7 +121,7 @@
+ * died.
+ */
+ int
+-procdesc_find(struct thread *td, int fd, cap_rights_t *rightsp,
++procdesc_find(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct proc **p)
+ {
+ struct procdesc *pd;
+@@ -168,7 +168,8 @@
+ * Retrieve the PID associated with a process descriptor.
+ */
+ int
+-kern_pdgetpid(struct thread *td, int fd, cap_rights_t *rightsp, pid_t *pidp)
++kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp,
++ pid_t *pidp)
+ {
+ struct file *fp;
+ int error;
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -2160,13 +2160,14 @@
+ return (error);
+ }
+
+-typedef int (*_fgetf)(struct thread *, int, cap_rights_t *, struct file **);
++typedef int (*_fgetf)(struct thread *, int, const cap_rights_t *,
++ struct file **);
+
+ /*
+ * Get message queue by giving file slot
+ */
+ static int
+-_getmq(struct thread *td, int fd, cap_rights_t *rightsp, _fgetf func,
++_getmq(struct thread *td, int fd, const cap_rights_t *rightsp, _fgetf func,
+ struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)
+ {
+ struct mqfs_node *pn;
+--- sys/kern/uipc_sem.c.orig
++++ sys/kern/uipc_sem.c
+@@ -123,8 +123,8 @@
+ semid_t *semidp, mode_t mode, unsigned int value,
+ int flags, int compat32);
+ static void ksem_drop(struct ksem *ks);
+-static int ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
+- struct file **fpp);
++static int ksem_get(struct thread *td, semid_t id,
++ const cap_rights_t *rightsp, struct file **fpp);
+ static struct ksem *ksem_hold(struct ksem *ks);
+ static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks);
+ static struct ksem *ksem_lookup(char *path, Fnv32_t fnv);
+@@ -588,7 +588,7 @@
+ }
+
+ static int
+-ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
++ksem_get(struct thread *td, semid_t id, const cap_rights_t *rightsp,
+ struct file **fpp)
+ {
+ struct ksem *ks;
+--- sys/kern/uipc_syscalls.c.orig
++++ sys/kern/uipc_syscalls.c
+@@ -91,13 +91,13 @@
+ * A reference on the file entry is held upon returning.
+ */
+ int
+-getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
++getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp, u_int *fflagp, struct filecaps *havecapsp)
+ {
+ struct file *fp;
+ int error;
+
+- error = fget_cap(td, fd, rightsp, &fp, havecapsp);
++ error = fget_cap(td, fd, rightsp, NULL, &fp, havecapsp);
+ if (error != 0)
+ return (error);
+ if (fp->f_type != DTYPE_SOCKET) {
+@@ -727,7 +727,7 @@
+ struct uio auio;
+ struct iovec *iov;
+ struct socket *so;
+- cap_rights_t *rights;
++ const cap_rights_t *rights;
+ #ifdef KTRACE
+ struct uio *ktruio = NULL;
+ #endif
+--- sys/kern/uipc_usrreq.c.orig
++++ sys/kern/uipc_usrreq.c
+@@ -57,7 +57,6 @@
+ * need a proper out-of-band
+ */
+
+-#include
+ #include "opt_ddb.h"
+
+ #include
+@@ -67,6 +66,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -1993,22 +1993,34 @@
+ free(fdep[0], M_FILECAPS);
+ }
+
++static bool
++restrict_rights(struct file *fp, struct thread *td)
++{
++ struct prison *prison1, *prison2;
++
++ prison1 = fp->f_cred->cr_prison;
++ prison2 = td->td_ucred->cr_prison;
++ return (prison1 != prison2 && prison1->pr_root != prison2->pr_root &&
++ prison2 != &prison0);
++}
++
+ static int
+ unp_externalize(struct mbuf *control, struct mbuf **controlp, int flags)
+ {
+ struct thread *td = curthread; /* XXX */
+ struct cmsghdr *cm = mtod(control, struct cmsghdr *);
+- int i;
+ int *fdp;
+ struct filedesc *fdesc = td->td_proc->p_fd;
+ struct filedescent **fdep;
+ void *data;
+ socklen_t clen = control->m_len, datalen;
+- int error, newfds;
++ int error, fdflags, newfds;
+ u_int newlen;
+
+ UNP_LINK_UNLOCK_ASSERT();
+
++ fdflags = (flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
++
+ error = 0;
+ if (controlp != NULL) /* controlp == NULL => free control messages */
+ *controlp = NULL;
+@@ -2059,11 +2071,14 @@
+ *controlp = NULL;
+ goto next;
+ }
+- for (i = 0; i < newfds; i++, fdp++) {
+- _finstall(fdesc, fdep[i]->fde_file, *fdp,
+- (flags & MSG_CMSG_CLOEXEC) != 0 ? O_CLOEXEC : 0,
+- &fdep[i]->fde_caps);
+- unp_externalize_fp(fdep[i]->fde_file);
++ for (int i = 0; i < newfds; i++, fdp++) {
++ struct file *fp;
++
++ fp = fdep[i]->fde_file;
++ _finstall(fdesc, fp, *fdp, fdflags |
++ (restrict_rights(fp, td) ?
++ O_RESOLVE_BENEATH : 0), &fdep[i]->fde_caps);
++ unp_externalize_fp(fp);
+ }
+
+ /*
+--- sys/kern/vfs_acl.c.orig
++++ sys/kern/vfs_acl.c
+@@ -433,7 +433,7 @@
+
+ AUDIT_ARG_FD(uap->filedes);
+ error = getvnode_path(td, uap->filedes,
+- cap_rights_init_one(&rights, CAP_ACL_GET), &fp);
++ cap_rights_init_one(&rights, CAP_ACL_GET), NULL, &fp);
+ if (error == 0) {
+ error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
+ fdrop(fp, td);
+@@ -566,7 +566,7 @@
+
+ AUDIT_ARG_FD(uap->filedes);
+ error = getvnode_path(td, uap->filedes,
+- cap_rights_init_one(&rights, CAP_ACL_CHECK), &fp);
++ cap_rights_init_one(&rights, CAP_ACL_CHECK), NULL, &fp);
+ if (error == 0) {
+ error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
+ fdrop(fp, td);
+--- sys/kern/vfs_cache.c.orig
++++ sys/kern/vfs_cache.c
+@@ -4364,17 +4364,23 @@
+ {
+ struct nameidata *ndp;
+ struct componentname *cnp;
+- int error;
+- bool fsearch;
++ int error, flags;
+
+ ndp = fpl->ndp;
+ cnp = fpl->cnp;
+
+- error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch);
++ error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &flags);
+ if (__predict_false(error != 0)) {
+ return (cache_fpl_aborted(fpl));
+ }
+- fpl->fsearch = fsearch;
++ if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) {
++ _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0,
++ "RBENEATH supported by fplookup");
++ cache_fpl_smr_exit(fpl);
++ cache_fpl_aborted(fpl);
++ return (EOPNOTSUPP);
++ }
++ fpl->fsearch = (flags & FSEARCH) != 0;
+ if ((*vpp)->v_type != VDIR) {
+ if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
+ cache_fpl_smr_exit(fpl);
+--- sys/kern/vfs_extattr.c.orig
++++ sys/kern/vfs_extattr.c
+@@ -241,7 +241,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, uap->fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_SET), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -408,7 +408,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, uap->fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_GET), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -543,7 +543,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, uap->fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -689,7 +689,7 @@
+ AUDIT_ARG_FD(uap->fd);
+ AUDIT_ARG_VALUE(uap->attrnamespace);
+ error = getvnode_path(td, uap->fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_LIST), NULL, &fp);
+ if (error)
+ return (error);
+
+--- sys/kern/vfs_syscalls.c.orig
++++ sys/kern/vfs_syscalls.c
+@@ -373,7 +373,7 @@
+ int error;
+
+ AUDIT_ARG_FD(fd);
+- error = getvnode_path(td, fd, &cap_fstatfs_rights, &fp);
++ error = getvnode_path(td, fd, &cap_fstatfs_rights, NULL, &fp);
+ if (error != 0)
+ return (error);
+ vp = fp->f_vnode;
+@@ -887,12 +887,17 @@
+ struct mount *mp;
+ struct file *fp;
+ int error;
++ uint8_t fdflags;
+
+ AUDIT_ARG_FD(uap->fd);
+- error = getvnode_path(td, uap->fd, &cap_fchdir_rights,
++ error = getvnode_path(td, uap->fd, &cap_fchdir_rights, &fdflags,
+ &fp);
+ if (error != 0)
+ return (error);
++ if ((fdflags & UF_RESOLVE_BENEATH) != 0) {
++ fdrop(fp, td);
++ return (ENOTCAPABLE);
++ }
+ vp = fp->f_vnode;
+ vrefact(vp);
+ fdrop(fp, td);
+@@ -1243,6 +1248,10 @@
+ else
+ #endif
+ fcaps = NULL;
++ if ((nd.ni_resflags & NIRES_BENEATH) != 0)
++ flags |= O_RESOLVE_BENEATH;
++ else
++ flags &= ~O_RESOLVE_BENEATH;
+ error = finstall_refed(td, fp, &indx, flags, fcaps);
+ /* On success finstall_refed() consumes fcaps. */
+ if (error != 0) {
+@@ -1933,7 +1942,7 @@
+
+ fp = NULL;
+ if (fd != FD_NONE) {
+- error = getvnode_path(td, fd, &cap_no_rights, &fp);
++ error = getvnode_path(td, fd, &cap_no_rights, NULL, &fp);
+ if (error != 0)
+ return (error);
+ }
+@@ -4315,13 +4324,14 @@
+ * semantics.
+ */
+ int
+-getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
+- struct file **fpp)
++getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
++ uint8_t *flagsp, struct file **fpp)
+ {
+ struct file *fp;
+ int error;
+
+- error = fget_unlocked(td->td_proc->p_fd, fd, rightsp, &fp);
++ error = fget_unlocked_flags(td->td_proc->p_fd, fd, rightsp, flagsp,
++ &fp);
+ if (error != 0)
+ return (error);
+
+@@ -4353,11 +4363,12 @@
+ * A reference on the file entry is held upon returning.
+ */
+ int
+-getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+ int error;
+
+- error = getvnode_path(td, fd, rightsp, fpp);
++ error = getvnode_path(td, fd, rightsp, NULL, fpp);
+
+ /*
+ * Filter out O_PATH file descriptors, most getvnode() callers
+--- sys/sys/file.h.orig
++++ sys/sys/file.h
+@@ -251,14 +251,15 @@
+ extern int maxfiles; /* kernel limit on number of open files */
+ extern int maxfilesperproc; /* per process limit on number of open files */
+
+-int fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp);
+-int fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp);
++int fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ vm_prot_t *maxprotp, struct file **fpp);
+-int fget_read(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+-int fget_write(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+-int fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
+ int needfcntl, struct file **fpp);
+ int _fdrop(struct file *fp, struct thread *td);
+ int fget_remote(struct thread *td, struct proc *p, int fd, struct file **fpp);
+@@ -281,17 +282,17 @@
+
+ void finit(struct file *, u_int, short, void *, struct fileops *);
+ void finit_vnode(struct file *, u_int, void *, struct fileops *);
+-int fgetvp(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
++int fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
+ struct filecaps *havecaps, struct vnode **vpp);
+-int fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, bool *fsearch);
++int fgetvp_lookup_smr(int fd, struct nameidata *ndp, struct vnode **vpp, int *flagsp);
+ int fgetvp_lookup(int fd, struct nameidata *ndp, struct vnode **vpp);
+
+ static __inline __result_use_check bool
+--- sys/sys/filedesc.h.orig
++++ sys/sys/filedesc.h
+@@ -136,6 +136,7 @@
+ * Per-process open flags.
+ */
+ #define UF_EXCLOSE 0x01 /* auto-close on exec */
++#define UF_RESOLVE_BENEATH 0x02 /* lookups must be beneath this dir */
+
+ #ifdef _KERNEL
+
+@@ -267,22 +268,26 @@
+ struct filedesc_to_leader *
+ filedesc_to_leader_share(struct filedesc_to_leader *fdtol,
+ struct filedesc *fdp);
+-int getvnode(struct thread *td, int fd, cap_rights_t *rightsp,
+- struct file **fpp);
+-int getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
++int getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
++int getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
++ uint8_t *flagsp, struct file **fpp);
+ void mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
+
+-int fget_cap_locked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp);
+-int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp);
++int fget_cap_locked(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp,
++ struct filecaps *havecapsp);
++int fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp);
+ /* Return a referenced file from an unlocked descriptor. */
+-int fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++int fget_unlocked(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp);
++int fget_unlocked_flags(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, uint8_t *flagsp,
+ struct file **fpp);
+ /* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */
+-int fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp);
++int fget_only_user(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp);
+ #define fput_only_user(fdp, fp) ({ \
+ MPASS(FILEDESC_IS_ONLY_USER(fdp)); \
+ MPASS(refcount_load(&fp->f_count) > 0); \
+--- sys/sys/namei.h.orig
++++ sys/sys/namei.h
+@@ -72,7 +72,7 @@
+ */
+ const char *ni_dirp; /* pathname pointer */
+ enum uio_seg ni_segflg; /* location of pathname */
+- cap_rights_t *ni_rightsneeded; /* rights required to look up vnode */
++ const cap_rights_t *ni_rightsneeded; /* rights needed to look up vnode */
+ /*
+ * Arguments to lookup.
+ */
+@@ -208,6 +208,7 @@
+ #define NIRES_ABS 0x00000001 /* Path was absolute */
+ #define NIRES_STRICTREL 0x00000002 /* Restricted lookup result */
+ #define NIRES_EMPTYPATH 0x00000004 /* EMPTYPATH used */
++#define NIRES_BENEATH 0x00000008 /* O_RESOLVE_BENEATH is to be inherited */
+
+ /*
+ * Flags in ni_lcf, valid for the duration of the namei call.
+@@ -250,7 +251,7 @@
+ #define NDINIT_ALL(ndp, op, flags, segflg, namep, dirfd, startdir, rightsp, td) \
+ do { \
+ struct nameidata *_ndp = (ndp); \
+- cap_rights_t *_rightsp = (rightsp); \
++ const cap_rights_t *_rightsp = (rightsp); \
+ MPASS(_rightsp != NULL); \
+ NDINIT_PREFILL(_ndp); \
+ NDINIT_DBG(_ndp); \
+--- sys/sys/procdesc.h.orig
++++ sys/sys/procdesc.h
+@@ -94,8 +94,10 @@
+ * In-kernel interfaces to process descriptors.
+ */
+ int procdesc_exit(struct proc *);
+-int procdesc_find(struct thread *, int fd, cap_rights_t *, struct proc **);
+-int kern_pdgetpid(struct thread *, int fd, cap_rights_t *, pid_t *pidp);
++int procdesc_find(struct thread *, int fd, const cap_rights_t *,
++ struct proc **);
++int kern_pdgetpid(struct thread *, int fd, const cap_rights_t *,
++ pid_t *pidp);
+ void procdesc_new(struct proc *, int);
+ void procdesc_finit(struct procdesc *, struct file *);
+ pid_t procdesc_pid(struct file *);
+--- sys/sys/socketvar.h.orig
++++ sys/sys/socketvar.h
+@@ -418,7 +418,7 @@
+ */
+ int getsockaddr(struct sockaddr **namp, const struct sockaddr *uaddr,
+ size_t len);
+-int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
++int getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp, u_int *fflagp, struct filecaps *havecaps);
+ void soabort(struct socket *so);
+ int soaccept(struct socket *so, struct sockaddr **nam);
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -75,6 +75,7 @@
+ LIBADD.sendfile_helper+= pthread
+ LIBADD.fdgrowtable_test+= util pthread kvm procstat
+ LIBADD.sigwait+= rt
++LIBADD.unix_passfd_test+= jail
+
+ NETBSD_ATF_TESTS_C+= lockf_test
+ NETBSD_ATF_TESTS_C+= mqueue_test
+--- tests/sys/kern/unix_passfd_test.c.orig
++++ tests/sys/kern/unix_passfd_test.c
+@@ -25,15 +25,18 @@
+ * SUCH DAMAGE.
+ */
+
+-#include
+-#include
++#include
++#include
+ #include
+ #include
+ #include
+ #include
++#include
+
++#include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -713,6 +716,132 @@
+ (void)close(putfd);
+ }
+
++ATF_TC_WITH_CLEANUP(cross_jail_dirfd);
++ATF_TC_HEAD(cross_jail_dirfd, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(cross_jail_dirfd, tc)
++{
++ int error, sock[2], jid1, jid2, status;
++ pid_t pid1, pid2;
++
++ domainsocketpair(sock);
++
++ error = mkdir("./a", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./b", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./c", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./a/c", 0755);
++ ATF_REQUIRE(error == 0);
++
++ jid1 = jail_setv(JAIL_CREATE,
++ "name", "passfd_test_cross_jail_dirfd1",
++ "path", "./a",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid1 >= 0, "jail_setv: %s", jail_errmsg);
++
++ jid2 = jail_setv(JAIL_CREATE,
++ "name", "passfd_test_cross_jail_dirfd2",
++ "path", "./b",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid2 >= 0, "jail_setv: %s", jail_errmsg);
++
++ pid1 = fork();
++ ATF_REQUIRE(pid1 >= 0);
++ if (pid1 == 0) {
++ ssize_t len;
++ int dfd, error;
++ char ch;
++
++ error = jail_attach(jid1);
++ if (error != 0)
++ err(1, "jail_attach");
++
++ dfd = open(".", O_RDONLY | O_DIRECTORY);
++ if (dfd < 0)
++ err(1, "open(\".\") in jail %d", jid1);
++
++ ch = 0;
++ len = sendfd_payload(sock[0], dfd, &ch, sizeof(ch));
++ if (len == -1)
++ err(1, "sendmsg");
++
++ _exit(0);
++ }
++
++ pid2 = fork();
++ ATF_REQUIRE(pid2 >= 0);
++ if (pid2 == 0) {
++ int dfd, dfd2, error, fd;
++ char ch;
++
++ error = jail_attach(jid2);
++ if (error != 0)
++ err(1, "jail_attach");
++
++ /* Get a directory from outside the jail root. */
++ recvfd_payload(sock[1], &dfd, &ch, sizeof(ch),
++ CMSG_SPACE(sizeof(int)), 0);
++
++ if ((fcntl(dfd, F_GETFD) & 2) == 0)
++ errx(1, "dfd does not have FD_RESOLVE_BENEATH set");
++
++ /* Make sure we can't chdir. */
++ error = fchdir(dfd);
++ if (error == 0)
++ errx(1, "fchdir succeeded");
++ if (errno != ENOTCAPABLE)
++ err(1, "fchdir");
++
++ /* Make sure a dotdot access fails. */
++ fd = openat(dfd, "../c", O_RDONLY | O_DIRECTORY);
++ if (fd >= 0)
++ errx(1, "openat(\"../c\") succeeded");
++ if (errno != ENOTCAPABLE)
++ err(1, "openat");
++
++ /* Accesses within the sender's jail root are ok. */
++ fd = openat(dfd, "c", O_RDONLY | O_DIRECTORY);
++ if (fd < 0)
++ err(1, "openat(\"c\")");
++
++ dfd2 = openat(dfd, "", O_EMPTY_PATH | O_RDONLY | O_DIRECTORY);
++ if (dfd2 < 0)
++ err(1, "openat(\"\")");
++ if ((fcntl(dfd2, F_GETFD) & 2) == 0)
++ errx(1, "dfd2 does not have FD_RESOLVE_BENEATH set");
++
++ _exit(0);
++ }
++
++ error = waitpid(pid1, &status, 0);
++ ATF_REQUIRE(error != -1);
++ ATF_REQUIRE(WIFEXITED(status));
++ ATF_REQUIRE(WEXITSTATUS(status) == 0);
++ error = waitpid(pid2, &status, 0);
++ ATF_REQUIRE(error != -1);
++ ATF_REQUIRE(WIFEXITED(status));
++ ATF_REQUIRE(WEXITSTATUS(status) == 0);
++
++ closesocketpair(sock);
++}
++ATF_TC_CLEANUP(cross_jail_dirfd, tc)
++{
++ int jid;
++
++ jid = jail_getid("passfd_test_cross_jail_dirfd1");
++ if (jid >= 0 && jail_remove(jid) != 0)
++ err(1, "jail_remove");
++ jid = jail_getid("passfd_test_cross_jail_dirfd2");
++ if (jid >= 0 && jail_remove(jid) != 0)
++ err(1, "jail_remove");
++}
++
+ ATF_TP_ADD_TCS(tp)
+ {
+
+@@ -728,6 +857,7 @@
+ ATF_TP_ADD_TC(tp, truncated_rights);
+ ATF_TP_ADD_TC(tp, copyout_rights_error);
+ ATF_TP_ADD_TC(tp, empty_rights_message);
++ ATF_TP_ADD_TC(tp, cross_jail_dirfd);
+
+ return (atf_no_error());
+ }
diff --git a/website/static/security/patches/SA-26:04/jail-13.patch.asc b/website/static/security/patches/SA-26:04/jail-13.patch.asc
new file mode 100644
index 0000000000..fd49904b66
--- /dev/null
+++ b/website/static/security/patches/SA-26:04/jail-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmmd0N0ACgkQbljekB8A
+Gu8+TRAAsBfswJ30fVrbbTg5U3DaBQ6dk3mkaGoG90h+2w7wyM23soU0feBc5G+h
+/VVKzvde06F0IeRU4QpV2b+ueYo6QEYfVH12X6ZBg8TFOEvRY3J3jXS+Yn3xPso3
+C8ekal+RartuuyztBBZ/XZ750G4+nCWbm+wrhu1p0o3hW2ZCELnBhLEMolKJSJQH
+ZuJTdHREC18qLRsgADJrY7/ruY1JUq1lz95cmh954nP4io/bb4uuwAHslWmLiUB8
+pW/E53xzGjB0G/JECtLWQDpVEr2dcLjSPXMUKCKLiV5ciCbsqC17OHKDNcpqarag
+NhFQldmF89fkfKH297XjgTCwTVyYu9097754vPNkKJLSYc7dxE3N1RJuKtzGLp/n
+IMq3M4CRXnsZ4BVdHVC7V+6s24LzelR95TVb5ViTV7L/sUoyAYObZEThvsOnHvKp
+ZXmKNDGz2QLOWEp65nXnxRCwCs5AaiRap74Mqy+b6/Eakfvzcw53za827DovrhOL
+0l131sy6Fpk3aqJ775TimeVWoKzkBBRWRyGq2m9pYIowdGeBXrvuOSjlAx40hV6r
+BfbenKk9+WtzFhKGX7C/dZm4cT33w8ZfX+WSQgfksTP8tESFCQZQ2F9svmqiiPNw
+K484e8YAd/aXmcYuQKfKj2KITg89NXhDTauOEr/n0SWlnRSFHgg=
+=DnsX
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:04/jail-14.patch b/website/static/security/patches/SA-26:04/jail-14.patch
new file mode 100644
index 0000000000..74d05e79e1
--- /dev/null
+++ b/website/static/security/patches/SA-26:04/jail-14.patch
@@ -0,0 +1,1173 @@
+--- sys/fs/fdescfs/fdesc_vnops.c.orig
++++ sys/fs/fdescfs/fdesc_vnops.c
+@@ -504,7 +504,7 @@
+ cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
+ } else {
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_SET), NULL, &fp);
+ }
+ if (error) {
+ /*
+@@ -641,7 +641,7 @@
+ VOP_UNLOCK(vn);
+
+ td = curthread;
+- error = fget_cap(td, fd_fd, &cap_no_rights, &fp, NULL);
++ error = fget_cap(td, fd_fd, &cap_no_rights, NULL, &fp, NULL);
+ if (error != 0)
+ goto out;
+
+--- sys/kern/kern_descrip.c.orig
++++ sys/kern/kern_descrip.c
+@@ -111,7 +111,8 @@
+ static void fdunused(struct filedesc *fdp, int fd);
+ static void fdused(struct filedesc *fdp, int fd);
+ static int fget_unlocked_seq(struct thread *td, int fd,
+- cap_rights_t *needrightsp, struct file **fpp, seqc_t *seqp);
++ const cap_rights_t *needrightsp, uint8_t *flagsp,
++ struct file **fpp, seqc_t *seqp);
+ static int getmaxfd(struct thread *td);
+ static u_long *filecaps_copy_prep(const struct filecaps *src);
+ static void filecaps_copy_finish(const struct filecaps *src,
+@@ -479,6 +480,8 @@
+ return (error);
+ }
+
++#define FD_RESOLVE_BENEATH 2
++
+ int
+ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
+ {
+@@ -528,7 +531,9 @@
+ fde = fdeget_noref(fdp, fd);
+ if (fde != NULL) {
+ td->td_retval[0] =
+- (fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0;
++ ((fde->fde_flags & UF_EXCLOSE) ? FD_CLOEXEC : 0) |
++ ((fde->fde_flags & UF_RESOLVE_BENEATH) ?
++ FD_RESOLVE_BENEATH : 0);
+ error = 0;
+ }
+ FILEDESC_SUNLOCK(fdp);
+@@ -539,8 +544,13 @@
+ FILEDESC_XLOCK(fdp);
+ fde = fdeget_noref(fdp, fd);
+ if (fde != NULL) {
++ /*
++ * UF_RESOLVE_BENEATH is sticky and cannot be cleared.
++ */
+ fde->fde_flags = (fde->fde_flags & ~UF_EXCLOSE) |
+- (arg & FD_CLOEXEC ? UF_EXCLOSE : 0);
++ ((arg & FD_CLOEXEC) != 0 ? UF_EXCLOSE : 0) |
++ ((arg & FD_RESOLVE_BENEATH) != 0 ?
++ UF_RESOLVE_BENEATH : 0);
+ error = 0;
+ }
+ FILEDESC_XUNLOCK(fdp);
+@@ -2165,7 +2175,8 @@
+ seqc_write_begin(&fde->fde_seqc);
+ #endif
+ fde->fde_file = fp;
+- fde->fde_flags = (flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0;
++ fde->fde_flags = ((flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0) |
++ ((flags & O_RESOLVE_BENEATH) != 0 ? UF_RESOLVE_BENEATH : 0);
+ if (fcaps != NULL)
+ filecaps_move(fcaps, &fde->fde_caps);
+ else
+@@ -2879,7 +2890,7 @@
+ }
+
+ int
+-fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_cap_noref(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp, struct filecaps *havecapsp)
+ {
+ struct filedescent *fde;
+@@ -2912,8 +2923,8 @@
+
+ #ifdef CAPABILITIES
+ int
+-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp)
++fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp)
+ {
+ struct filedesc *fdp = td->td_proc->p_fd;
+ int error;
+@@ -2922,7 +2933,8 @@
+
+ *fpp = NULL;
+ for (;;) {
+- error = fget_unlocked_seq(td, fd, needrightsp, &fp, &seq);
++ error = fget_unlocked_seq(td, fd, needrightsp, flagsp, &fp,
++ &seq);
+ if (error != 0)
+ return (error);
+
+@@ -2952,11 +2964,11 @@
+ }
+ #else
+ int
+-fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp)
++fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp)
+ {
+ int error;
+- error = fget_unlocked(td, fd, needrightsp, fpp);
++ error = fget_unlocked_flags(td, fd, needrightsp, flagsp, fpp);
+ if (havecapsp != NULL && error == 0)
+ filecaps_fill(havecapsp);
+
+@@ -3039,7 +3051,7 @@
+
+ #ifdef CAPABILITIES
+ int
+-fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
++fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, int *flagsp)
+ {
+ const struct filedescent *fde;
+ const struct fdescenttbl *fdt;
+@@ -3049,7 +3061,7 @@
+ const cap_rights_t *haverights;
+ cap_rights_t rights;
+ seqc_t seq;
+- int fd;
++ int fd, flags;
+
+ VFS_SMR_ASSERT_ENTERED();
+
+@@ -3069,7 +3081,9 @@
+ return (EAGAIN);
+ if (__predict_false(cap_check_inline_transient(haverights, &rights)))
+ return (EAGAIN);
+- *fsearch = ((fp->f_flag & FSEARCH) != 0);
++ flags = fp->f_flag & FSEARCH;
++ flags |= (fde->fde_flags & UF_RESOLVE_BENEATH) != 0 ?
++ O_RESOLVE_BENEATH : 0;
+ vp = fp->f_vnode;
+ if (__predict_false(vp == NULL)) {
+ return (EAGAIN);
+@@ -3103,17 +3117,19 @@
+ #endif
+ }
+ *vpp = vp;
++ *flagsp = flags;
+ return (0);
+ }
+ #else
+ int
+-fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, bool *fsearch)
++fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, int *flagsp)
+ {
++ const struct filedescent *fde;
+ const struct fdescenttbl *fdt;
+ struct filedesc *fdp;
+ struct file *fp;
+ struct vnode *vp;
+- int fd;
++ int fd, flags;
+
+ VFS_SMR_ASSERT_ENTERED();
+
+@@ -3122,10 +3138,13 @@
+ fdt = fdp->fd_files;
+ if (__predict_false((u_int)fd >= fdt->fdt_nfiles))
+ return (EBADF);
+- fp = fdt->fdt_ofiles[fd].fde_file;
++ fde = &fdt->fdt_ofiles[fd];
++ fp = fde->fde_file;
+ if (__predict_false(fp == NULL))
+ return (EAGAIN);
+- *fsearch = ((fp->f_flag & FSEARCH) != 0);
++ flags = fp->f_flag & FSEARCH;
++ flags |= (fde->fde_flags & UF_RESOLVE_BENEATH) != 0 ?
++ O_RESOLVE_BENEATH : 0;
+ vp = fp->f_vnode;
+ if (__predict_false(vp == NULL || vp->v_type != VDIR)) {
+ return (EAGAIN);
+@@ -3140,6 +3159,7 @@
+ return (EAGAIN);
+ filecaps_fill(&ndp->ni_filecaps);
+ *vpp = vp;
++ *flagsp = flags;
+ return (0);
+ }
+ #endif
+@@ -3153,13 +3173,15 @@
+ struct componentname *cnp;
+ cap_rights_t rights;
+ int error;
++ uint8_t flags;
+
+ td = curthread;
+ rights = *ndp->ni_rightsneeded;
+ cap_rights_set_one(&rights, CAP_LOOKUP);
+ cnp = &ndp->ni_cnd;
+
+- error = fget_cap(td, ndp->ni_dirfd, &rights, &fp, &ndp->ni_filecaps);
++ error = fget_cap(td, ndp->ni_dirfd, &rights, &flags, &fp,
++ &ndp->ni_filecaps);
+ if (__predict_false(error != 0))
+ return (error);
+ if (__predict_false(fp->f_ops == &badfileops)) {
+@@ -3177,6 +3199,10 @@
+ */
+ if ((fp->f_flag & FSEARCH) != 0)
+ cnp->cn_flags |= NOEXECCHECK;
++ if ((flags & UF_RESOLVE_BENEATH) != 0) {
++ cnp->cn_flags |= RBENEATH;
++ ndp->ni_resflags |= NIRES_BENEATH;
++ }
+ fdrop(fp, td);
+
+ #ifdef CAPABILITIES
+@@ -3223,8 +3249,8 @@
+ */
+ #ifdef CAPABILITIES
+ static int
+-fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, seqc_t *seqp)
++fget_unlocked_seq(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, seqc_t *seqp)
+ {
+ struct filedesc *fdp;
+ const struct filedescent *fde;
+@@ -3233,6 +3259,7 @@
+ seqc_t seq;
+ cap_rights_t haverights;
+ int error;
++ uint8_t flags;
+
+ fdp = td->td_proc->p_fd;
+ fdt = fdp->fd_files;
+@@ -3244,6 +3271,7 @@
+ fde = &fdt->fdt_ofiles[fd];
+ haverights = *cap_rights_fde_inline(fde);
+ fp = fde->fde_file;
++ flags = fde->fde_flags;
+ if (__predict_false(fp == NULL)) {
+ if (seqc_consistent(fd_seqc(fdt, fd), seq))
+ return (EBADF);
+@@ -3272,19 +3300,21 @@
+ fdrop(fp, td);
+ }
+ *fpp = fp;
+- if (seqp != NULL) {
++ if (flagsp != NULL)
++ *flagsp = flags;
++ if (seqp != NULL)
+ *seqp = seq;
+- }
+ return (0);
+ }
+ #else
+ static int
+-fget_unlocked_seq(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, seqc_t *seqp __unused)
++fget_unlocked_seq(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, seqc_t *seqp __unused)
+ {
+ struct filedesc *fdp;
+ const struct fdescenttbl *fdt;
+ struct file *fp;
++ uint8_t flags;
+
+ fdp = td->td_proc->p_fd;
+ fdt = fdp->fd_files;
+@@ -3293,6 +3323,7 @@
+
+ for (;;) {
+ fp = fdt->fdt_ofiles[fd].fde_file;
++ flags = fdt->fdt_ofiles[fd].fde_flags;
+ if (__predict_false(fp == NULL))
+ return (EBADF);
+ if (__predict_false(!refcount_acquire_if_not_zero(&fp->f_count))) {
+@@ -3309,6 +3340,8 @@
+ break;
+ fdrop(fp, td);
+ }
++ if (flagsp != NULL)
++ *flagsp = flags;
+ *fpp = fp;
+ return (0);
+ }
+@@ -3322,8 +3355,8 @@
+ * racing with itself.
+ */
+ int
+-fget_unlocked(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp)
++fget_unlocked_flags(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp)
+ {
+ struct filedesc *fdp;
+ #ifdef CAPABILITIES
+@@ -3335,6 +3368,7 @@
+ seqc_t seq;
+ const cap_rights_t *haverights;
+ #endif
++ uint8_t flags;
+
+ fdp = td->td_proc->p_fd;
+ fdt = fdp->fd_files;
+@@ -3347,8 +3381,10 @@
+ fde = &fdt->fdt_ofiles[fd];
+ haverights = cap_rights_fde_inline(fde);
+ fp = fde->fde_file;
++ flags = fde->fde_flags;
+ #else
+ fp = fdt->fdt_ofiles[fd].fde_file;
++ flags = fdt->fdt_ofiles[fd].fde_flags;
+ #endif
+ if (__predict_false(fp == NULL))
+ goto out_fallback;
+@@ -3372,12 +3408,21 @@
+ #endif
+ goto out_fdrop;
+ *fpp = fp;
++ if (flagsp != NULL)
++ *flagsp = flags;
+ return (0);
+ out_fdrop:
+ fdrop(fp, td);
+ out_fallback:
+ *fpp = NULL;
+- return (fget_unlocked_seq(td, fd, needrightsp, fpp, NULL));
++ return (fget_unlocked_seq(td, fd, needrightsp, flagsp, fpp, NULL));
++}
++
++int
++fget_unlocked(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ struct file **fpp)
++{
++ return (fget_unlocked_flags(td, fd, needrightsp, NULL, fpp));
+ }
+
+ /*
+@@ -3391,7 +3436,7 @@
+ */
+ #ifdef CAPABILITIES
+ int
+-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp)
+ {
+ const struct filedescent *fde;
+@@ -3421,7 +3466,7 @@
+ }
+ #else
+ int
+-fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
++fget_only_user(struct filedesc *fdp, int fd, const cap_rights_t *needrightsp,
+ struct file **fpp)
+ {
+ struct file *fp;
+@@ -3457,7 +3502,7 @@
+ */
+ static __inline int
+ _fget(struct thread *td, int fd, struct file **fpp, int flags,
+- cap_rights_t *needrightsp)
++ const cap_rights_t *needrightsp)
+ {
+ struct file *fp;
+ int error;
+@@ -3503,15 +3548,15 @@
+ }
+
+ int
+-fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget(struct thread *td, int fd, const cap_rights_t *rightsp, struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, 0, rightsp));
+ }
+
+ int
+-fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp, vm_prot_t *maxprotp,
+- struct file **fpp)
++fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
++ vm_prot_t *maxprotp, struct file **fpp)
+ {
+ int error;
+ #ifndef CAPABILITIES
+@@ -3529,7 +3574,7 @@
+ fdp = td->td_proc->p_fd;
+ MPASS(cap_rights_is_set(rightsp, CAP_MMAP));
+ for (;;) {
+- error = fget_unlocked_seq(td, fd, rightsp, &fp, &seq);
++ error = fget_unlocked_seq(td, fd, rightsp, NULL, &fp, &seq);
+ if (__predict_false(error != 0))
+ return (error);
+ if (__predict_false(fp->f_ops == &badfileops)) {
+@@ -3554,22 +3599,24 @@
+ }
+
+ int
+-fget_read(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, FREAD, rightsp));
+ }
+
+ int
+-fget_write(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+
+ return (_fget(td, fd, fpp, FWRITE, rightsp));
+ }
+
+ int
+-fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp, int needfcntl,
+- struct file **fpp)
++fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
++ int needfcntl, struct file **fpp)
+ {
+ #ifndef CAPABILITIES
+ return (fget_unlocked(td, fd, rightsp, fpp));
+@@ -3582,7 +3629,7 @@
+ *fpp = NULL;
+ MPASS(cap_rights_is_set(rightsp, CAP_FCNTL));
+ for (;;) {
+- error = fget_unlocked_seq(td, fd, rightsp, &fp, &seq);
++ error = fget_unlocked_seq(td, fd, rightsp, NULL, &fp, &seq);
+ if (error != 0)
+ return (error);
+ error = cap_fcntl_check(fdp, fd, needfcntl);
+@@ -3607,7 +3654,7 @@
+ * XXX: what about the unused flags ?
+ */
+ static __inline int
+-_fgetvp(struct thread *td, int fd, int flags, cap_rights_t *needrightsp,
++_fgetvp(struct thread *td, int fd, int flags, const cap_rights_t *needrightsp,
+ struct vnode **vpp)
+ {
+ struct file *fp;
+@@ -3629,21 +3676,22 @@
+ }
+
+ int
+-fgetvp(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, 0, rightsp, vpp));
+ }
+
+ int
+-fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
++fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
+ struct filecaps *havecaps, struct vnode **vpp)
+ {
+ struct filecaps caps;
+ struct file *fp;
+ int error;
+
+- error = fget_cap(td, fd, needrightsp, &fp, &caps);
++ error = fget_cap(td, fd, needrightsp, NULL, &fp, &caps);
+ if (error != 0)
+ return (error);
+ if (fp->f_ops == &badfileops) {
+@@ -3668,14 +3716,16 @@
+ }
+
+ int
+-fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, FREAD, rightsp, vpp));
+ }
+
+ int
+-fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp, struct vnode **vpp)
++fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct vnode **vpp)
+ {
+
+ return (_fgetvp(td, fd, FEXEC, rightsp, vpp));
+@@ -3683,7 +3733,7 @@
+
+ #ifdef notyet
+ int
+-fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
++fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp)
+ {
+
+--- sys/kern/sys_procdesc.c.orig
++++ sys/kern/sys_procdesc.c
+@@ -121,7 +121,7 @@
+ * died.
+ */
+ int
+-procdesc_find(struct thread *td, int fd, cap_rights_t *rightsp,
++procdesc_find(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct proc **p)
+ {
+ struct procdesc *pd;
+@@ -168,7 +168,8 @@
+ * Retrieve the PID associated with a process descriptor.
+ */
+ int
+-kern_pdgetpid(struct thread *td, int fd, cap_rights_t *rightsp, pid_t *pidp)
++kern_pdgetpid(struct thread *td, int fd, const cap_rights_t *rightsp,
++ pid_t *pidp)
+ {
+ struct file *fp;
+ int error;
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -2155,13 +2155,14 @@
+ return (error);
+ }
+
+-typedef int (*_fgetf)(struct thread *, int, cap_rights_t *, struct file **);
++typedef int (*_fgetf)(struct thread *, int, const cap_rights_t *,
++ struct file **);
+
+ /*
+ * Get message queue by giving file slot
+ */
+ static int
+-_getmq(struct thread *td, int fd, cap_rights_t *rightsp, _fgetf func,
++_getmq(struct thread *td, int fd, const cap_rights_t *rightsp, _fgetf func,
+ struct file **fpp, struct mqfs_node **ppn, struct mqueue **pmq)
+ {
+ struct mqfs_node *pn;
+--- sys/kern/uipc_sem.c.orig
++++ sys/kern/uipc_sem.c
+@@ -123,8 +123,8 @@
+ semid_t *semidp, mode_t mode, unsigned int value,
+ int flags, int compat32);
+ static void ksem_drop(struct ksem *ks);
+-static int ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
+- struct file **fpp);
++static int ksem_get(struct thread *td, semid_t id,
++ const cap_rights_t *rightsp, struct file **fpp);
+ static struct ksem *ksem_hold(struct ksem *ks);
+ static void ksem_insert(char *path, Fnv32_t fnv, struct ksem *ks);
+ static struct ksem *ksem_lookup(char *path, Fnv32_t fnv);
+@@ -587,7 +587,7 @@
+ }
+
+ static int
+-ksem_get(struct thread *td, semid_t id, cap_rights_t *rightsp,
++ksem_get(struct thread *td, semid_t id, const cap_rights_t *rightsp,
+ struct file **fpp)
+ {
+ struct ksem *ks;
+--- sys/kern/uipc_syscalls.c.orig
++++ sys/kern/uipc_syscalls.c
+@@ -87,13 +87,13 @@
+ * A reference on the file entry is held upon returning.
+ */
+ int
+-getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
++getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp, struct filecaps *havecapsp)
+ {
+ struct file *fp;
+ int error;
+
+- error = fget_cap(td, fd, rightsp, &fp, havecapsp);
++ error = fget_cap(td, fd, rightsp, NULL, &fp, havecapsp);
+ if (__predict_false(error != 0))
+ return (error);
+ if (__predict_false(fp->f_type != DTYPE_SOCKET)) {
+@@ -107,7 +107,8 @@
+ }
+
+ int
+-getsock(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++getsock(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+ struct file *fp;
+ int error;
+@@ -737,7 +738,7 @@
+ struct uio auio;
+ struct iovec *iov;
+ struct socket *so;
+- cap_rights_t *rights;
++ const cap_rights_t *rights;
+ #ifdef KTRACE
+ struct uio *ktruio = NULL;
+ #endif
+--- sys/kern/uipc_usrreq.c.orig
++++ sys/kern/uipc_usrreq.c
+@@ -58,7 +58,6 @@
+ * need a proper out-of-band
+ */
+
+-#include
+ #include "opt_ddb.h"
+
+ #include
+@@ -68,6 +67,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -2433,22 +2433,34 @@
+ free(fdep[0], M_FILECAPS);
+ }
+
++static bool
++restrict_rights(struct file *fp, struct thread *td)
++{
++ struct prison *prison1, *prison2;
++
++ prison1 = fp->f_cred->cr_prison;
++ prison2 = td->td_ucred->cr_prison;
++ return (prison1 != prison2 && prison1->pr_root != prison2->pr_root &&
++ prison2 != &prison0);
++}
++
+ static int
+ unp_externalize(struct mbuf *control, struct mbuf **controlp, int flags)
+ {
+ struct thread *td = curthread; /* XXX */
+ struct cmsghdr *cm = mtod(control, struct cmsghdr *);
+- int i;
+ int *fdp;
+ struct filedesc *fdesc = td->td_proc->p_fd;
+ struct filedescent **fdep;
+ void *data;
+ socklen_t clen = control->m_len, datalen;
+- int error, newfds;
++ int error, fdflags, newfds;
+ u_int newlen;
+
+ UNP_LINK_UNLOCK_ASSERT();
+
++ fdflags = (flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
++
+ error = 0;
+ if (controlp != NULL) /* controlp == NULL => free control messages */
+ *controlp = NULL;
+@@ -2490,11 +2502,14 @@
+ *controlp = NULL;
+ goto next;
+ }
+- for (i = 0; i < newfds; i++, fdp++) {
+- _finstall(fdesc, fdep[i]->fde_file, *fdp,
+- (flags & MSG_CMSG_CLOEXEC) != 0 ? O_CLOEXEC : 0,
+- &fdep[i]->fde_caps);
+- unp_externalize_fp(fdep[i]->fde_file);
++ for (int i = 0; i < newfds; i++, fdp++) {
++ struct file *fp;
++
++ fp = fdep[i]->fde_file;
++ _finstall(fdesc, fp, *fdp, fdflags |
++ (restrict_rights(fp, td) ?
++ O_RESOLVE_BENEATH : 0), &fdep[i]->fde_caps);
++ unp_externalize_fp(fp);
+ }
+
+ /*
+--- sys/kern/vfs_acl.c.orig
++++ sys/kern/vfs_acl.c
+@@ -435,7 +435,7 @@
+
+ AUDIT_ARG_FD(uap->filedes);
+ error = getvnode_path(td, uap->filedes,
+- cap_rights_init_one(&rights, CAP_ACL_GET), &fp);
++ cap_rights_init_one(&rights, CAP_ACL_GET), NULL, &fp);
+ if (error == 0) {
+ error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
+ fdrop(fp, td);
+@@ -570,7 +570,7 @@
+
+ AUDIT_ARG_FD(uap->filedes);
+ error = getvnode_path(td, uap->filedes,
+- cap_rights_init_one(&rights, CAP_ACL_CHECK), &fp);
++ cap_rights_init_one(&rights, CAP_ACL_CHECK), NULL, &fp);
+ if (error == 0) {
+ error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
+ fdrop(fp, td);
+--- sys/kern/vfs_cache.c.orig
++++ sys/kern/vfs_cache.c
+@@ -4445,17 +4445,23 @@
+ {
+ struct nameidata *ndp;
+ struct componentname *cnp;
+- int error;
+- bool fsearch;
++ int error, flags;
+
+ ndp = fpl->ndp;
+ cnp = fpl->cnp;
+
+- error = fgetvp_lookup_smr(ndp, vpp, &fsearch);
++ error = fgetvp_lookup_smr(ndp, vpp, &flags);
+ if (__predict_false(error != 0)) {
+ return (cache_fpl_aborted(fpl));
+ }
+- fpl->fsearch = fsearch;
++ if (__predict_false((flags & O_RESOLVE_BENEATH) != 0)) {
++ _Static_assert((CACHE_FPL_SUPPORTED_CN_FLAGS & RBENEATH) == 0,
++ "RBENEATH supported by fplookup");
++ cache_fpl_smr_exit(fpl);
++ cache_fpl_aborted(fpl);
++ return (EOPNOTSUPP);
++ }
++ fpl->fsearch = (flags & FSEARCH) != 0;
+ if ((*vpp)->v_type != VDIR) {
+ if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
+ cache_fpl_smr_exit(fpl);
+--- sys/kern/vfs_extattr.c.orig
++++ sys/kern/vfs_extattr.c
+@@ -254,7 +254,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_SET), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -442,7 +442,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_GET), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -598,7 +598,7 @@
+ AUDIT_ARG_TEXT(attrname);
+
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), NULL, &fp);
+ if (error)
+ return (error);
+
+@@ -765,7 +765,7 @@
+ AUDIT_ARG_FD(fd);
+ AUDIT_ARG_VALUE(attrnamespace);
+ error = getvnode_path(td, fd,
+- cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
++ cap_rights_init_one(&rights, CAP_EXTATTR_LIST), NULL, &fp);
+ if (error)
+ return (error);
+
+--- sys/kern/vfs_syscalls.c.orig
++++ sys/kern/vfs_syscalls.c
+@@ -375,7 +375,7 @@
+ int error;
+
+ AUDIT_ARG_FD(fd);
+- error = getvnode_path(td, fd, &cap_fstatfs_rights, &fp);
++ error = getvnode_path(td, fd, &cap_fstatfs_rights, NULL, &fp);
+ if (error != 0)
+ return (error);
+ vp = fp->f_vnode;
+@@ -898,12 +898,17 @@
+ struct mount *mp;
+ struct file *fp;
+ int error;
++ uint8_t fdflags;
+
+ AUDIT_ARG_FD(uap->fd);
+- error = getvnode_path(td, uap->fd, &cap_fchdir_rights,
++ error = getvnode_path(td, uap->fd, &cap_fchdir_rights, &fdflags,
+ &fp);
+ if (error != 0)
+ return (error);
++ if ((fdflags & UF_RESOLVE_BENEATH) != 0) {
++ fdrop(fp, td);
++ return (ENOTCAPABLE);
++ }
+ vp = fp->f_vnode;
+ vrefact(vp);
+ fdrop(fp, td);
+@@ -1252,6 +1257,10 @@
+ else
+ #endif
+ fcaps = NULL;
++ if ((nd.ni_resflags & NIRES_BENEATH) != 0)
++ flags |= O_RESOLVE_BENEATH;
++ else
++ flags &= ~O_RESOLVE_BENEATH;
+ error = finstall_refed(td, fp, &indx, flags, fcaps);
+ /* On success finstall_refed() consumes fcaps. */
+ if (error != 0) {
+@@ -1939,7 +1948,7 @@
+
+ fp = NULL;
+ if (fd != FD_NONE) {
+- error = getvnode_path(td, fd, &cap_no_rights, &fp);
++ error = getvnode_path(td, fd, &cap_no_rights, NULL, &fp);
+ if (error != 0)
+ return (error);
+ }
+@@ -4325,13 +4334,13 @@
+ * semantics.
+ */
+ int
+-getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
+- struct file **fpp)
++getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
++ uint8_t *flagsp, struct file **fpp)
+ {
+ struct file *fp;
+ int error;
+
+- error = fget_unlocked(td, fd, rightsp, &fp);
++ error = fget_unlocked_flags(td, fd, rightsp, flagsp, &fp);
+ if (error != 0)
+ return (error);
+
+@@ -4363,11 +4372,12 @@
+ * A reference on the file entry is held upon returning.
+ */
+ int
+-getvnode(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp)
++getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp)
+ {
+ int error;
+
+- error = getvnode_path(td, fd, rightsp, fpp);
++ error = getvnode_path(td, fd, rightsp, NULL, fpp);
+ if (__predict_false(error != 0))
+ return (error);
+
+--- sys/sys/file.h.orig
++++ sys/sys/file.h
+@@ -257,14 +257,15 @@
+ extern int maxfiles; /* kernel limit on number of open files */
+ extern int maxfilesperproc; /* per process limit on number of open files */
+
+-int fget(struct thread *td, int fd, cap_rights_t *rightsp, struct file **fpp);
+-int fget_mmap(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget(struct thread *td, int fd, const cap_rights_t *rightsp,
++ struct file **fpp);
++int fget_mmap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ vm_prot_t *maxprotp, struct file **fpp);
+-int fget_read(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+-int fget_write(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+-int fget_fcntl(struct thread *td, int fd, cap_rights_t *rightsp,
++int fget_fcntl(struct thread *td, int fd, const cap_rights_t *rightsp,
+ int needfcntl, struct file **fpp);
+ int _fdrop(struct file *fp, struct thread *td);
+ int fget_remote(struct thread *td, struct proc *p, int fd, struct file **fpp);
+@@ -289,17 +290,17 @@
+
+ void finit(struct file *, u_int, short, void *, const struct fileops *);
+ void finit_vnode(struct file *, u_int, void *, const struct fileops *);
+-int fgetvp(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_exec(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_exec(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_rights(struct thread *td, int fd, cap_rights_t *needrightsp,
++int fgetvp_rights(struct thread *td, int fd, const cap_rights_t *needrightsp,
+ struct filecaps *havecaps, struct vnode **vpp);
+-int fgetvp_read(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_read(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_write(struct thread *td, int fd, cap_rights_t *rightsp,
++int fgetvp_write(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct vnode **vpp);
+-int fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, bool *fsearch);
++int fgetvp_lookup_smr(struct nameidata *ndp, struct vnode **vpp, int *flagsp);
+ int fgetvp_lookup(struct nameidata *ndp, struct vnode **vpp);
+
+ static __inline __result_use_check bool
+--- sys/sys/filedesc.h.orig
++++ sys/sys/filedesc.h
+@@ -150,6 +150,7 @@
+ * Per-process open flags.
+ */
+ #define UF_EXCLOSE 0x01 /* auto-close on exec */
++#define UF_RESOLVE_BENEATH 0x02 /* lookups must be beneath this dir */
+
+ #ifdef _KERNEL
+
+@@ -277,22 +278,26 @@
+ struct filedesc_to_leader *
+ filedesc_to_leader_share(struct filedesc_to_leader *fdtol,
+ struct filedesc *fdp);
+-int getvnode(struct thread *td, int fd, cap_rights_t *rightsp,
+- struct file **fpp);
+-int getvnode_path(struct thread *td, int fd, cap_rights_t *rightsp,
++int getvnode(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
++int getvnode_path(struct thread *td, int fd, const cap_rights_t *rightsp,
++ uint8_t *flagsp, struct file **fpp);
+ void mountcheckdirs(struct vnode *olddp, struct vnode *newdp);
+
+-int fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp);
+-int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp,
+- struct file **fpp, struct filecaps *havecapsp);
++int fget_cap_noref(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp,
++ struct filecaps *havecapsp);
++int fget_cap(struct thread *td, int fd, const cap_rights_t *needrightsp,
++ uint8_t *flagsp, struct file **fpp, struct filecaps *havecapsp);
+ /* Return a referenced file from an unlocked descriptor. */
+-int fget_unlocked(struct thread *td, int fd, cap_rights_t *needrightsp,
++int fget_unlocked(struct thread *td, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp);
++int fget_unlocked_flags(struct thread *td, int fd,
++ const cap_rights_t *needrightsp, uint8_t *flagsp,
+ struct file **fpp);
+ /* Return a file pointer without a ref. FILEDESC_IS_ONLY_USER must be true. */
+-int fget_only_user(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
+- struct file **fpp);
++int fget_only_user(struct filedesc *fdp, int fd,
++ const cap_rights_t *needrightsp, struct file **fpp);
+ #define fput_only_user(fdp, fp) ({ \
+ MPASS(FILEDESC_IS_ONLY_USER(fdp)); \
+ MPASS(refcount_load(&fp->f_count) > 0); \
+--- sys/sys/namei.h.orig
++++ sys/sys/namei.h
+@@ -70,7 +70,7 @@
+ */
+ const char *ni_dirp; /* pathname pointer */
+ enum uio_seg ni_segflg; /* location of pathname */
+- cap_rights_t *ni_rightsneeded; /* rights required to look up vnode */
++ const cap_rights_t *ni_rightsneeded; /* rights needed to look up vnode */
+ /*
+ * Arguments to lookup.
+ */
+@@ -195,6 +195,7 @@
+ #define NIRES_ABS 0x00000001 /* Path was absolute */
+ #define NIRES_STRICTREL 0x00000002 /* Restricted lookup result */
+ #define NIRES_EMPTYPATH 0x00000004 /* EMPTYPATH used */
++#define NIRES_BENEATH 0x00000008 /* O_RESOLVE_BENEATH is to be inherited */
+
+ /*
+ * Flags in ni_lcf, valid for the duration of the namei call.
+@@ -244,7 +245,7 @@
+ #define NDINIT_ALL(ndp, op, flags, segflg, namep, dirfd, startdir, rightsp) \
+ do { \
+ struct nameidata *_ndp = (ndp); \
+- cap_rights_t *_rightsp = (rightsp); \
++ const cap_rights_t *_rightsp = (rightsp); \
+ MPASS(_rightsp != NULL); \
+ NDINIT_PREFILL(_ndp); \
+ NDINIT_DBG(_ndp); \
+--- sys/sys/procdesc.h.orig
++++ sys/sys/procdesc.h
+@@ -94,8 +94,10 @@
+ * In-kernel interfaces to process descriptors.
+ */
+ int procdesc_exit(struct proc *);
+-int procdesc_find(struct thread *, int fd, cap_rights_t *, struct proc **);
+-int kern_pdgetpid(struct thread *, int fd, cap_rights_t *, pid_t *pidp);
++int procdesc_find(struct thread *, int fd, const cap_rights_t *,
++ struct proc **);
++int kern_pdgetpid(struct thread *, int fd, const cap_rights_t *,
++ pid_t *pidp);
+ void procdesc_new(struct proc *, int);
+ void procdesc_finit(struct procdesc *, struct file *);
+ pid_t procdesc_pid(struct file *);
+--- sys/sys/socketvar.h.orig
++++ sys/sys/socketvar.h
+@@ -490,9 +490,9 @@
+ */
+ int getsockaddr(struct sockaddr **namp, const struct sockaddr *uaddr,
+ size_t len);
+-int getsock_cap(struct thread *td, int fd, cap_rights_t *rightsp,
++int getsock_cap(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp, struct filecaps *havecaps);
+-int getsock(struct thread *td, int fd, cap_rights_t *rightsp,
++int getsock(struct thread *td, int fd, const cap_rights_t *rightsp,
+ struct file **fpp);
+ void soabort(struct socket *so);
+ int soaccept(struct socket *so, struct sockaddr **nam);
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -86,6 +86,8 @@
+ LIBADD.fdgrowtable_test+= util pthread kvm procstat
+ LIBADD.sigwait+= rt
+ LIBADD.ktrace_test+= sysdecode
++LIBADD.unix_passfd_dgram+= jail
++LIBADD.unix_passfd_stream+= jail
+
+ NETBSD_ATF_TESTS_C+= lockf_test
+ NETBSD_ATF_TESTS_C+= mqueue_test
+--- tests/sys/kern/unix_passfd_test.c.orig
++++ tests/sys/kern/unix_passfd_test.c
+@@ -28,15 +28,19 @@
+
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
++#include
+
++#include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -946,6 +950,132 @@
+ (void)close(putfd);
+ }
+
++ATF_TC_WITH_CLEANUP(cross_jail_dirfd);
++ATF_TC_HEAD(cross_jail_dirfd, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(cross_jail_dirfd, tc)
++{
++ int error, sock[2], jid1, jid2, status;
++ pid_t pid1, pid2;
++
++ domainsocketpair(sock);
++
++ error = mkdir("./a", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./b", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./c", 0755);
++ ATF_REQUIRE(error == 0);
++ error = mkdir("./a/c", 0755);
++ ATF_REQUIRE(error == 0);
++
++ jid1 = jail_setv(JAIL_CREATE,
++ "name", "passfd_test_cross_jail_dirfd1",
++ "path", "./a",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid1 >= 0, "jail_setv: %s", jail_errmsg);
++
++ jid2 = jail_setv(JAIL_CREATE,
++ "name", "passfd_test_cross_jail_dirfd2",
++ "path", "./b",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid2 >= 0, "jail_setv: %s", jail_errmsg);
++
++ pid1 = fork();
++ ATF_REQUIRE(pid1 >= 0);
++ if (pid1 == 0) {
++ ssize_t len;
++ int dfd, error;
++ char ch;
++
++ error = jail_attach(jid1);
++ if (error != 0)
++ err(1, "jail_attach");
++
++ dfd = open(".", O_RDONLY | O_DIRECTORY);
++ if (dfd < 0)
++ err(1, "open(\".\") in jail %d", jid1);
++
++ ch = 0;
++ len = sendfd_payload(sock[0], dfd, &ch, sizeof(ch));
++ if (len == -1)
++ err(1, "sendmsg");
++
++ _exit(0);
++ }
++
++ pid2 = fork();
++ ATF_REQUIRE(pid2 >= 0);
++ if (pid2 == 0) {
++ int dfd, dfd2, error, fd;
++ char ch;
++
++ error = jail_attach(jid2);
++ if (error != 0)
++ err(1, "jail_attach");
++
++ /* Get a directory from outside the jail root. */
++ recvfd_payload(sock[1], &dfd, &ch, sizeof(ch),
++ CMSG_SPACE(sizeof(int)), 0);
++
++ if ((fcntl(dfd, F_GETFD) & 2) == 0)
++ errx(1, "dfd does not have FD_RESOLVE_BENEATH set");
++
++ /* Make sure we can't chdir. */
++ error = fchdir(dfd);
++ if (error == 0)
++ errx(1, "fchdir succeeded");
++ if (errno != ENOTCAPABLE)
++ err(1, "fchdir");
++
++ /* Make sure a dotdot access fails. */
++ fd = openat(dfd, "../c", O_RDONLY | O_DIRECTORY);
++ if (fd >= 0)
++ errx(1, "openat(\"../c\") succeeded");
++ if (errno != ENOTCAPABLE)
++ err(1, "openat");
++
++ /* Accesses within the sender's jail root are ok. */
++ fd = openat(dfd, "c", O_RDONLY | O_DIRECTORY);
++ if (fd < 0)
++ err(1, "openat(\"c\")");
++
++ dfd2 = openat(dfd, "", O_EMPTY_PATH | O_RDONLY | O_DIRECTORY);
++ if (dfd2 < 0)
++ err(1, "openat(\"\")");
++ if ((fcntl(dfd2, F_GETFD) & 2) == 0)
++ errx(1, "dfd2 does not have FD_RESOLVE_BENEATH set");
++
++ _exit(0);
++ }
++
++ error = waitpid(pid1, &status, 0);
++ ATF_REQUIRE(error != -1);
++ ATF_REQUIRE(WIFEXITED(status));
++ ATF_REQUIRE(WEXITSTATUS(status) == 0);
++ error = waitpid(pid2, &status, 0);
++ ATF_REQUIRE(error != -1);
++ ATF_REQUIRE(WIFEXITED(status));
++ ATF_REQUIRE(WEXITSTATUS(status) == 0);
++
++ closesocketpair(sock);
++}
++ATF_TC_CLEANUP(cross_jail_dirfd, tc)
++{
++ int jid;
++
++ jid = jail_getid("passfd_test_cross_jail_dirfd1");
++ if (jid >= 0 && jail_remove(jid) != 0)
++ err(1, "jail_remove");
++ jid = jail_getid("passfd_test_cross_jail_dirfd2");
++ if (jid >= 0 && jail_remove(jid) != 0)
++ err(1, "jail_remove");
++}
++
+ ATF_TP_ADD_TCS(tp)
+ {
+
+@@ -964,6 +1094,7 @@
+ ATF_TP_ADD_TC(tp, truncated_rights);
+ ATF_TP_ADD_TC(tp, copyout_rights_error);
+ ATF_TP_ADD_TC(tp, empty_rights_message);
++ ATF_TP_ADD_TC(tp, cross_jail_dirfd);
+
+ return (atf_no_error());
+ }
diff --git a/website/static/security/patches/SA-26:04/jail-14.patch.asc b/website/static/security/patches/SA-26:04/jail-14.patch.asc
new file mode 100644
index 0000000000..8dd6572a76
--- /dev/null
+++ b/website/static/security/patches/SA-26:04/jail-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmmd0N4ACgkQbljekB8A
+Gu+hpQ/9GEN7r0tSCjrjNrKaChoHhMUun4PaWN+fs5HgNeEs8j8pYIHv70nYPxG2
+VhjWYGomFhka5dkHwTWGsHJJuz0BXP2BXachhTEfKu5cA1/SXpbzsF86KSuW4OUt
+oGjMWRtyRyI5zVWY5qTPSn4qj3Y5fE3rro8yTjFGzOceOi+/Rsmx2Nfm0llHXP0N
+3XtLtlSUHCS1LW3FoDYzJLUuO9l/C3Fv7i7qJmsFJocAS8e2wbkI9aASrawKfr1m
+Hil64sxyz7BPF6tDM/HhFKZW/L4qIg+beOCorU2EW/WAwLsKYkcsNEUUZhncT5b8
+9ZnAVt8KJmANR0IBcT5QfuKwTC7XqVg7t7AXpJ0OakAjpeVPLyqNvckh0JS/ebYU
+1HGZAjNdwrW4uuqK8pqBoHTQzjoyqZVW/J831+sUtJStqgSQjXKBxWQdc5fVwVPQ
+RvkNzKux+YjQ8TaVgj3MAZCWUyS41rky+9rVSkoUNNibyOmcSd71aAZAugMOmZtS
+Fm3cowegVobq3coESYnCfAbwz0/SITqGSclodT1MXCaZpJXjVUsNSaXfWnIagGL1
+H7BzydRf8xw1bS73iKjQ3b65HXWJngEXlxr2DVuH8jtAlz7T2VdnrCSPMEuKk2nV
+0v6tnVEJDfv7odBXkFTTwe4+Bm6RcT1hsFHsSRjXmqJEVtGQ2j0=
+=jLjT
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:05/route.patch b/website/static/security/patches/SA-26:05/route.patch
new file mode 100644
index 0000000000..58fca46942
--- /dev/null
+++ b/website/static/security/patches/SA-26:05/route.patch
@@ -0,0 +1,13 @@
+--- sys/net/rtsock.c.orig
++++ sys/net/rtsock.c
+@@ -1875,8 +1875,8 @@
+ #endif
+ dlen = SA_SIZE(sa);
+ if (cp != NULL && buflen >= dlen) {
+- KASSERT(dlen <= sizeof(ss),
+- ("%s: sockaddr size overflow", __func__));
++ if (sa->sa_len > sizeof(ss))
++ return (EINVAL);
+ bzero(&ss, sizeof(ss));
+ bcopy(sa, &ss, sa->sa_len);
+ sa = (struct sockaddr *)&ss;
diff --git a/website/static/security/patches/SA-26:05/route.patch.asc b/website/static/security/patches/SA-26:05/route.patch.asc
new file mode 100644
index 0000000000..ab3c7da7ff
--- /dev/null
+++ b/website/static/security/patches/SA-26:05/route.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmmdz7gACgkQbljekB8A
+Gu8LBhAAu9vpkKqH+V/BxPmPHxsocmeYUWY/TU8cl4QYKswXWVJCLLrdtP0T5cMg
+Mhy1XRxVOpKptv5qy7eU4n00e0xkWDR844lgP1rPRDFzf00zq8S59ZHU1eNv5s1a
+0cnrfNeFA3MQWNKf+Yz6roXXhpfaGygiSlCm8ioiNASgmniDvWlvAot3l0MUJwbL
+ms1puj6JlsCC4wcJLyV+NyFt8wqOFYqZooH4RqDQOYgJWy7vYFWAtlhNkucGYfuG
+K5qc10YKOaAhBJadrFUf7ptbdIUjmeqMxulRt+MeuJIaoanIufdfx9AY2fgCm0tP
+IhfjzpXA3Nzq89mXe+/bXb140vmtUQTu0vLrjLnb3ROcCNkUEeDjlH27fl0wu/QR
+lAVCONpm+eNBJrdVb82Tp6kBf1kg8l0yCX8XGHNtQ3ld5Pm0/bmpcHcFuQhhHw0M
+Fq/+PzTCTX6YGJwFGzV+co3sdVBFfA09evGoZIm/oU0R7uKgUas0IabOe7CIQ7e7
+GY4aMxkspYN8p6rpP/q2lJBKGVQxTqQ/ZBzIiO8JIKXDTAxc9RN2jor+ToDaxzar
+E8ekFbNSuHJg0x88CszM6i2DYJ0D0tWbZPlKHLJvszrxQsgvq4m/0uNs3lVLMGCv
+7sS761MraMKvB69/aGExIKyA5vrGlKukx7Q3jxoT3ouPc323g38=
+=b4I3
+-----END PGP SIGNATURE-----