diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 2a35d25d09..6623b3623e 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2819 +1,2827 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:02.jail"
+date = "2026-01-27"
+
+[[advisories]]
+name = "FreeBSD-SA-26:01.openssl"
+date = "2026-01-27"
+
[[advisories]]
name = "FreeBSD-SA-25:12.rtsold"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:11.ipfw"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:10.unbound"
date = "2025-11-26"
[[advisories]]
name = "FreeBSD-SA-25:09.netinet"
date = "2025-10-22"
[[advisories]]
name = "FreeBSD-SA-25:08.openssl"
date = "2025-09-30"
[[advisories]]
name = "FreeBSD-SA-25:07.libarchive"
date = "2025-08-08"
[[advisories]]
name = "FreeBSD-SA-25:06.xz"
date = "2025-07-02"
[[advisories]]
name = "FreeBSD-SA-25:05.openssh"
date = "2025-02-21"
[[advisories]]
name = "FreeBSD-SA-25:04.ktrace"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:03.etcupdate"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:02.fs"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:01.openssh"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-24:19.fetch"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:18.ctl"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:17.bhyve"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:16.libnv"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:15.bhyve"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:14.umtx"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:13.openssl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:12.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:11.ctl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:10.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:09.libnv"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:08.openssh"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:07.nfsclient"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:06.ktrace"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:05.pf"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index d726df571c..24f08a7faf 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,1067 +1,1079 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-26:03.vm"
+date = "2026-01-27"
+
+[[notices]]
+name = "FreeBSD-EN-26:02.arm64"
+date = "2026-01-27"
+
+[[notices]]
+name = "FreeBSD-EN-26:01.devinfo"
+date = "2026-01-27"
+
[[notices]]
name = "FreeBSD-EN-25:20.vmm"
date = "2025-12-16"
[[notices]]
name = "FreeBSD-EN-25:19.zfs"
date = "2025-12-16"
[[notices]]
name = "FreeBSD-EN-25:18.freebsd-update"
date = "2025-09-30"
[[notices]]
name = "FreeBSD-EN-25:17.bnxt"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:16.vfs"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:15.arm64"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:14.route"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:13.wlan_tkip"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:12.efi"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:11.ena"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:10.zfs"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:09.libc"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:08.caroot"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:07.openssl"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:06.daemon"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:05.expat"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:04.tzdata"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:03.tzdata"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-25:02.audit"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-25:01.rpc"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-24:17.pam_xdg"
date = "2024-10-29"
[[notices]]
name = "FreeBSD-EN-24:16.pf"
date = "2024-09-19"
[[notices]]
name = "FreeBSD-EN-24:15.calendar"
date = "2024-09-04"
[[notices]]
name = "FreeBSD-EN-24:14.ifconfig"
date = "2024-08-07"
[[notices]]
name = "FreeBSD-EN-24:13.libc++"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:12.killpg"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:11.ldns"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:10.zfs"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:09.zfs"
date = "2024-04-24"
[[notices]]
name = "FreeBSD-EN-24:08.kerberos"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:07.clang"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:06.wireguard"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:05.tty"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:04.ip"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:03.kqueue"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:02.libutil"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:01.tzdata"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-23:22.vfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:21.tty"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:20.vm"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:19.pkgbase"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:18.openzfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:17.ossl"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc b/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc
new file mode 100644
index 0000000000..fffa00bdf3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:01.devinfo.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:01.devinfo Errata Notice
+ The FreeBSD Project
+
+Topic: devinfo output formatting regression
+
+Category: core
+Module: devinfo
+Announced: 2026-01-27
+Affects: FreeBSD 15.0
+Corrected: 2025-12-19 18:16:12 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:45 UTC (releng/15.0, 15.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+devinfo(8) is a tool to report information about devices present in a system
+including resources used by devices such as MMIO regions and interrupts.
+
+libxo is a library that provides both "human-readable" and structured text
+output (e.g. JSON and XML).
+
+II. Problem Description
+
+Changes made during the development cycle of 15.0 to adapt devinfo(8) to use
+libxo unintentionally altered the human-readable output breaking existing tools
+that parsed the output.
+
+III. Impact
+
+This bug broke the Intel nvmupdate tool available in the
+sysutils/intel-nvmupdate port. There may be other utilities that are also
+broken.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:01/devinfo.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:01/devinfo.patch.asc
+# gpg --verify devinfo.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ ed6612dea24f stable/15-n281586
+releng/15.0/ 6a192c14d244 releng/15.0-n281000
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NCkACgkQbljekB8A
+Gu+8tA//fEWpN3LE3MMstQzJM9EaQqO0Yt2PBGWhg+pR99i/Bx1Xcsmm+8zMhbx9
+2HB99/x91xVmkhaLISgLsK+tAB2vPCln1dpAt8K/nQxo/+AgF5oNdRI5sytzjhsZ
+MxfAECJ81MtT83isA2sJpRbp6pYA3yPj9ab2C7V2I9GQLRK6/Fy8MhvuwHlc3Y0S
+LgMSn8wOH4vRZ+dXn8JgPA38hbSnEpoWPMWaREQJYwTO5zKJw/TW4/tWaeyZOZd7
+fMxv22xuB6Bta3mTL9sWwYnGN4Ig0miBQstBto6UQnXkm7qZ1Av7MLM2UvZG44Ol
+cGDtLyngyxhlEdVGu0AcO3AP2F4s1ot2g9DjC39/dIfRqlSrqjg0elm9N4pXeT0Z
+5u9pBkea8z9aAkkxMyCBqROLpnWzdSKAW7MEAmRuZBrdczkfAGulvWJBEsPEu9ZW
+wldCugRHxVO+5r9Mq11InRVcM1Jfkv7ZqH/5p1GHdDbUUlqdMC/H1P0oXDfowx9h
+m/LJTP1FQyCDJr2rtR4JHRo7ifQJwpMVaKWDfbBKtIHlsq27woEy8dZIad9WyAAN
+pvC4wq7PPg4WZ1HB54CUmAD5y49HuHeaS3KLA8ir4BwmdFmSC0KWQGpHQDgmh+Gt
+xU7Sl+e4gJpu+zlD6I5pn7JTaz0DqIFdyzckBxEUBlmPkIETM+s=
+=mQty
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc b/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc
new file mode 100644
index 0000000000..ceb386017f
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:02.arm64.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:02.arm64 Errata Notice
+ The FreeBSD Project
+
+Topic: arm64 SVE signal context misalignment
+
+Category: core
+Module: arm64
+Announced: 2026-01-27
+Affects: FreeBSD 15.0 and 14.3
+Corrected: 2026-01-13 16:27:47 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:46 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2026-01-26 14:47:24 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:11 UTC (releng/14.3, 14.3-RELEASE-p8)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Scalable Vector Extension (SVE) is an extension of the arm64 instruction set
+providing SIMD functionality.
+
+II. Problem Description
+
+When a signal is delivered to a thread, the kernel saves the thread's usermode
+register values and stores them on the interrupted thread's stack prior to
+invoking the signal handler.
+
+When SVE is present, SVE registers must be saved as well. This register context
+was not properly aligned when written out to userspace, and a subsequent request
+to restore that context could fail as a result.
+
+III. Impact
+
+Processes could crash unexpectedly after handling a signal.
+
+IV. Workaround
+
+No workaround is available. Non-arm64 systems are not affected, and arm64
+systems without SVE are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-15.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-15.patch.asc
+# gpg --verify arm64-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-14.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:02/arm64-14.patch.asc
+# gpg --verify arm64-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 683decf362ce stable/15-n281851
+releng/15.0/ 679b1a810e0e releng/15.0-n281001
+stable/14/ bcd6bb8067d1 stable/14-n273416
+releng/14.3/ 3ba856f715ca releng/14.3-n271456
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NCwACgkQbljekB8A
+Gu/mSxAAwNJzUNx/bCFoGEoV1vkM5aUOd4lBnFyH/aeRUP/R8bKWQ4ydxiZTfd8m
+m+ltioN//WUsP88h6OaAw4JeZBt4HCNi3Pj0fGyu0z4zCjFuKL/1k78Vl51Zt3pJ
+bWJBr6WJ5JVmTzf3edbTpa6KA8uKH9JYdpwBsW6ACklBExFyjlYBBblxjWxNP4zo
+WPzaYBqGQ/ZQqcQMF06n1M//ufvkHI++R3sOhGzuXz/PJlaUWhn5hblfw0iFt1Py
+G3il68l+ONnPiXIkKRzEUCFoYO8feYsj4xK52hAik904JVqJLqUpkPeWgT7bRhzi
+YUruypFE5Nt6RCPQ74dKZrshfdGcKeA1pVMAt8QC2e3DzWPYWjVCJiDlYD/kIvls
+d/YiGieYs4cbVlX3FS1xWAs3MgN4osyfj/a5fTeSjuTcqjACW0g6xQRLW4LwMZ4V
+rH6vm/gRf5/gheFOKokZh/ES3CKQFEXunGdn1ObWd1VKZU77LvVQLsI4J2pXhVYf
+CqdU1qs80Qk13K7QmGMt6oRVp0IkM7NRIRivznOLUD0/SAtEdTb3G7gwJAR+AE0U
+y61Bsmo4ujOTAGHH5gNAPX9xSWUlItYNTm5shKy6Xv5bQCY04Zi3S2ztXi0NkmX3
+4xWdz9v7/d1CPLCndgWHHDgnZuG3rUH6ueJCDQhtITcnD81w/5U=
+=utLQ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc b/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc
new file mode 100644
index 0000000000..dd79584d27
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:03.vm.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:03.vm Errata Notice
+ The FreeBSD Project
+
+Topic: The page fault handler fails to zero memory
+
+Category: core
+Module: vm
+Announced: 2026-01-27
+Affects: All supported versions of FreeBSD.
+Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The mmap(2) system call allows applications and system libraries to allocate
+heap memory using the MAP_ANON flag. The system call allocates virtual memory
+in the calling thread's address space and physical memory is allocated on
+demand as page faults occur. Memory allocated this way is guaranteed to be
+zero-filled.
+
+II. Problem Description
+
+Under some conditions, the physical pages allocated and mapped by the kernel
+may not be zero-filled.
+
+III. Impact
+
+This bug has been observed to cause process crashes.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc
+# gpg --verify vm-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc
+# gpg --verify vm-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc
+# gpg --verify vm-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 3c0942f99209 stable/15-n281508
+releng/15.0/ 6e279feb40be releng/15.0-n281002
+stable/14/ 99f641267d44 stable/14-n272998
+releng/14.3/ de311ee39b3f releng/14.3-n271457
+stable/13/ babac9d7bc05 stable/13-n259725
+releng/13.5/ 4967e14ba25b releng/13.5-n259188
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NC8ACgkQbljekB8A
+Gu/4KhAAgF/05mLRDs9wlSC1BrN5xZf6zoFdrsj0BC72miZD1qQXe9VtxzJINMLu
+b/jbKYT1ILPEXGhHX7epjc4GEM1Eq/kUJnTb35jnkFN63stMn1MX1nqtSNxLzj5f
+tJcsb2Atp/3EkNMhcFwFmolQ2qSdQG+s7xDZhHI/hNi5CS/8B7W59LZI3tWXJujM
+AbTiHZZSS68RA/co0lmbDYtLMkFEuQBLdcDAdfOHL5+rV2/QIAVYBdqiynVx+cia
+iJBbwBuOjiMWSdqP9JiSRnd1HhW3dMUMJTlZFmyGiQNmS+lYE1AgLgPdMPwSReO8
++79yUfIrFUqWpG6lM33a9T/t3jN8ejZsYRO8OFghvtaePJvUm/P6D0n0werR8PaE
+lI9u7BlBqpX9PJ4FUJmUCHAojqXH6msT2RXLg5GcLhjlApMUi2hAcNuT9tp7/+4A
+ekc0/sZqJdrcWTmu00w6Tpk9zohW/MX/DHxNEj4SPn5dpjvz9QttaCpNJNyNARuU
+GdzZc8poPk3mpTcawABAD0LItpW6d2XLUehtgaWRc5mDoKZj5GIfLjDmqIqqxe9k
+C9e6bhL+1QSZQ2HTTNl8e/xoUX+D2pAiE4GkpRSc6u6ZZ3BOQ+fRwbZlnFSz6diT
+IIkUddz63TCmxPiiZiJs7XZFZMpx2wJTvuu51hjLs5t6Eswdk20=
+=ecKh
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc b/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc
new file mode 100644
index 0000000000..135e849c56
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:01.openssl.asc
@@ -0,0 +1,203 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:01.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in OpenSSL
+
+Category: contrib
+Module: openssl
+Announced: 2026-01-27
+Credits: Aisle Research
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-01-27 19:14:58 UTC (stable/15, 15.0-STABLE)
+ 2026-01-27 19:15:49 UTC (releng/15.0, 15.0-RELEASE-p2)
+ 2026-01-27 19:15:10 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:22 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-27 19:15:19 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:45 UTC (releng/13.5, 13.5-RELEASE-p9)
+CVE Name: CVE-2025-11187, CVE-2025-15467, CVE-2025-15468,
+ CVE-2025-15469, CVE-2025-66199, CVE-2025-68160,
+ CVE-2025-69418, CVE-2025-69419, CVE-2025-69420,
+ CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+Multiple issues have been reported as part of this advisory with different
+issues affecting different OpenSSL versions and therefore different FreeBSD
+versions. Instead of exhaustively listing detailed writeups for each issue,
+please see the referenced advisory from OpenSSL.
+
+Issues affecting FreeBSD 15.0 (OpenSSL 3.5):
+ CVE-2025-11187 - Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
+ CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing
+ CVE-2025-15468 - NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
+ CVE-2025-15469 - "openssl dgst" one-shot codepath silently truncates inputs >16MB
+ CVE-2025-66199 - TLS 1.3 CompressedCertificate excessive memory allocation
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+Issues affecting FreeBSD 14.3 (OpenSSL 3.0):
+ CVE-2025-15467 - Stack buffer overflow in CMS AuthEnvelopedData parsing
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+Issues affecting FreeBSD 13.5 (OpenSSL 1.1.1):
+ CVE-2025-68160 - Heap out-of-bounds write in BIO_f_linebuffer on short writes
+ CVE-2025-69418 - Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
+ CVE-2025-69419 - Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
+ CVE-2025-69420 - Missing ASN1_TYPE validation in TS_RESP_verify_response() function
+ CVE-2025-69421 - NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
+ CVE-2026-22795 - Missing ASN1_TYPE validation in PKCS#12 parsing
+ CVE-2026-22796 - ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
+
+III. Impact
+
+The issues include improper/missing validation, NULL pointer dereferences,
+out-of-bounds writes, incorrect data exposure, input truncation, excessive
+memory allocation, and a stack buffer overflow.
+
+Security impact can be a minimal information disclosure to a potential remote
+code execution. See the OpenSSL advisory for specific details.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-15.patch.asc
+# gpg --verify openssl-15.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-14.patch.asc
+# gpg --verify openssl-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:01/openssl-13.patch.asc
+# gpg --verify openssl-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 5626e81f1a43 stable/15-n282001
+releng/15.0/ 02f448fe5cc2 releng/15.0-n281004
+stable/14/ ee8d50bfd59e stable/14-n273467
+releng/14.3/ 65c1295c6bb0 releng/14.3-n271466
+stable/13/ 1741502f8d93 stable/13-n259728
+releng/13.5/ 9afc16c4e8a2 releng/13.5-n259198
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDQACgkQbljekB8A
+Gu/F1g/+LJ7/7CqPRxwRZ3/PCX6aDCnCOtau49/5EsYYRzplz9YdFIOrfXKd9krg
+OQy4gRufTAImG+vbVXjNfWD10r7pLVgbrqYjT9uGMPWEHlaMBlZz/d2sM86B8nLa
+KfEuiQYYLFCvU8N8JsdF2krZ8RI1wCs+cMSddOgCmDTsPykDIW37wRYYkxwZakG4
+yQ8tJ1yTn07ayuNXvPdYUeyH67HCDXHOedZUBAQXvjYTpYna1XEOIOEptm73TEMp
+/+UN4YPSmpAEBqo4sStEcZ4hTesMiP90hUXFH97QN5Hj4rYZQqHuPNgPJL3XLnZD
+n/exm89riGa+Pag8Ok4y5uknAN0FtiKN5pIsTiFhmDzyl8maTD+nraQe3yyDai0Y
+F8kR/z+ceQv7HtNl9ACSW57a0YSngURzdNH6jK1LyroXg15U55D4M/5oGKZPC0B1
+yg3qjvyHL/RTd1mx+UHNP6FXpZzTGwav1Y859jnD7UVHDJPKvGC1bol0QklgQ2jf
+zR4reh7kITU59CB1iMp1qB5N9oIBi1XVEIRYP59p/fqSb4H4WfGMDdpv4GwI4KGB
+KsNylKJ+lBIqRy5NyIUaTEScog4RCPbghUdg9hpX9eitB5XIaLDg9qtBhPeYj2/v
+mSk9hEDZT/BvxXWrYskBs6vyoT+gNtbHByLBRTdJp/GsDxfntPo=
+=G/dg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc b/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc
new file mode 100644
index 0000000000..1f36df3553
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:02.jail.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:02.jail Security Advisory
+ The FreeBSD Project
+
+Topic: Jail escape by a privileged user via nullfs
+
+Category: core
+Module: jail
+Announced: 2026-01-27
+Affects: FreeBSD 14.3 and 13.5
+Corrected: 2025-06-30 14:21:28 UTC (stable/14, 14.3-STABLE)
+ 2026-01-27 19:16:15 UTC (releng/14.3, 14.3-RELEASE-p8)
+ 2026-01-26 15:51:19 UTC (stable/13, 13.4-STABLE)
+ 2026-01-27 19:16:37 UTC (releng/13.5, 13.5-RELEASE-p9)
+CVE Name: CVE-2025-15547
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+Jails are an operating system virtualization technology which allow
+administrators to confine processes within an environment with limited ability
+to affect the system outside of that environment. In particular, jailed
+processes typically have their filesystem access confined by a chroot-like
+mechanism.
+
+nullfs(4) is a pseudo-filesystem which allows a directory to be mounted at
+another point in the filesystem hierarchy.
+
+II. Problem Description
+
+By default, jailed processes cannot mount filesystems, including nullfs(4).
+However, the allow.mount.nullfs option enables mounting nullfs filesystems,
+subject to privilege checks.
+
+If a privileged user within a jail is able to nullfs-mount directories, a
+limitation of the kernel's path lookup logic allows that user to escape the
+jail's chroot, yielding access to the full filesystem of the host or parent
+jail.
+
+III. Impact
+
+In a jail configured to allow nullfs(4) mounts from within the jail, the jailed
+root user can escape the jail's filesystem root.
+
+IV. Workaround
+
+No workaround is available. Jails not created with the allow.mount.nullfs option
+are unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-14.patch.asc
+# gpg --verify jail-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:02/jail-13.patch.asc
+# gpg --verify jail-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 53963866f708 stable/14-n271804
+releng/14.3/ 193ae464aa36 releng/14.3-n271460
+stable/13/ f0fbaa71a5a2 stable/13-n259726
+releng/13.5/ e87a5dd8054a releng/13.5-n259191
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NVcACgkQbljekB8A
+Gu/70A//VWtonOhQP9CeZPUOL41yHUYKOOm9Wf6DkbWqq7aqxcpM5FiGn3Wq84ql
+Qy0qpLIXg4KpHD8qjARqQDg2A3J60O1yW2X7WWLRCCDVMsPRe5sNCuwPH88Mzu+x
+1VsE9qne25CKJrLcvFsMoO6XfCx6yQ4Qw6uZjyk1DPPIjZfaZYaM9ysAswAo8tsi
+7/s+NsFImjN9S6S7q7Z3E+222pOmEkhUKPNaCXoCXTeutiMd+18oxL290xzXs/49
+0NpdOQcX9R+AiA3hJYkrg6YwoxJASc4aXUv7/SKNRdyL9eRiRkt0ta5jsCup3CXw
+SIovbhzauXTbv+AliUoAVSXnEK7S0MyUoMM6RG6OPH7JoKf83Sx61P+D8Y1fMYs1
+Gd+g5Nw00Xk3/8hQUSo91K3+A0Lb88QLt+Wc8pzaj7QYfaaYb9DSfyx3U/cjbYiv
+sovFZ7D3r0EH5P3n1jkWHQWrV1/u4I7nd/URC0Lz4WUhEfM3X0abaq5q939fpvJU
+y37vBlbfw5d139S3C2frPR2sPX6e6K+jXZzjnpLtYF6CsIjfcfWRCRu3pBvWJ24X
+/KCJ2AlhGRDcTbYjafzUQMcni4lw5uZ/gpl5SGfbcOTaM1yC0HWmG8W9NaYR79Gn
+QtZ+RgQm5wJJAzHX9wQbVTaMoWW5/AbQy2dhDZBjx2rbZmOGBNc=
+=SqAm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:01/devinfo.patch b/website/static/security/patches/EN-26:01/devinfo.patch
new file mode 100644
index 0000000000..282c8124de
--- /dev/null
+++ b/website/static/security/patches/EN-26:01/devinfo.patch
@@ -0,0 +1,477 @@
+--- usr.sbin/devinfo/Makefile.orig
++++ usr.sbin/devinfo/Makefile
+@@ -2,6 +2,6 @@
+ PROG= devinfo
+ MAN= devinfo.8
+
+-LIBADD= xo devinfo
++LIBADD= devinfo
+
+ .include
+--- usr.sbin/devinfo/devinfo.8.orig
++++ usr.sbin/devinfo/devinfo.8
+@@ -34,13 +34,10 @@
+ .Nd print information about system device configuration
+ .Sh SYNOPSIS
+ .Nm
+-.Op Fl -libxo
+ .Op Fl rv
+ .Nm
+-.Op Fl -libxo
+ .Fl p Ar dev Op Fl v
+ .Nm
+-.Op Fl -libxo
+ .Fl u Op Fl v
+ .Sh DESCRIPTION
+ The
+@@ -51,14 +48,7 @@
+ device.
+ .Pp
+ The following options are accepted:
+-.Bl -tag -width "--libxo"
+-.It Fl -libxo
+-Generate output via
+-.Xr libxo 3
+-in a selection of different human and machine readable formats.
+-See
+-.Xr xo_options 7
+-for details on command line arguments.
++.Bl -tag -width indent
+ .It Fl p Ar dev
+ Display the path of
+ .Ar dev
+@@ -83,8 +73,6 @@
+ .Sh SEE ALSO
+ .Xr systat 1 ,
+ .Xr devinfo 3 ,
+-.Xr libxo 3 ,
+-.Xr xo_options 7 ,
+ .Xr devctl 8 ,
+ .Xr iostat 8 ,
+ .Xr pciconf 8 ,
+--- usr.sbin/devinfo/devinfo.c.orig
++++ usr.sbin/devinfo/devinfo.c
+@@ -4,7 +4,6 @@
+ * Copyright (c) 2000, 2001 Michael Smith
+ * Copyright (c) 2000 BSDi
+ * All rights reserved.
+- * Copyright (c) 2024 KT Ullavik
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -41,18 +40,12 @@
+ #include
+ #include
+ #include
+-
+-#include
+ #include "devinfo.h"
+
+ static bool rflag;
+ static bool vflag;
+-static int open_tag_count;
+-static char *last_res;
+
+ static void print_indent(int);
+-static void print_kvlist(char *);
+-static char* xml_safe_string(char *);
+ static void print_resource(struct devinfo_res *);
+ static int print_device_matching_resource(struct devinfo_res *, void *);
+ static int print_device_rman_resources(struct devinfo_rman *, void *);
+@@ -81,46 +74,7 @@
+ n = MIN((size_t)n, sizeof(buffer) - 1);
+ memset(buffer, ' ', n);
+ buffer[n] = '\0';
+- xo_emit("{Pa:%s}", buffer);
+-}
+-
+-/*
+- * Takes a list of key-value pairs in the form
+- * "key1=val1 key2=val2 ..." and prints them according
+- * to xo formatting.
+- */
+-static void
+-print_kvlist(char *s)
+-{
+- char *kv;
+- char *copy;
+-
+- if ((copy = strdup(s)) == NULL)
+- xo_err(1, "No memory!");
+-
+- while ((kv = strsep(©, " ")) != NULL) {
+- char* k = strsep(&kv, "=");
+- xo_emit("{ea:%s/%s} {d:key/%s}={d:value/%s}", k, kv, k, kv);
+- }
+- free(copy);
+-}
+-
+-static char
+-*xml_safe_string(char *desc)
+-{
+- int i;
+- char *s;
+-
+- if ((s = strdup(desc)) == NULL) {
+- xo_err(1, "No memory!");
+- }
+-
+- for (i=0; s[i] != '\0'; i++) {
+- if (s[i] == ' ' || s[i] == '/') {
+- s[i] = '-';
+- }
+- }
+- return s;
++ printf("%s", buffer);
+ }
+
+ /*
+@@ -132,28 +86,20 @@
+ struct devinfo_rman *rman;
+ bool hexmode;
+ rman_res_t end;
+- char *safe_desc;
+
+ rman = devinfo_handle_to_rman(res->dr_rman);
+ hexmode = (rman->dm_size > 1000) || (rman->dm_size == 0);
+ end = res->dr_start + res->dr_size - 1;
+
+- safe_desc = xml_safe_string(rman->dm_desc);
+- xo_open_instance(safe_desc);
+-
+ if (hexmode) {
+- xo_emit("{:start/0x%jx}", res->dr_start);
++ printf("0x%jx", res->dr_start);
+ if (res->dr_size > 1)
+- xo_emit("{D:-}{d:end/0x%jx}", end);
+- xo_emit("{e:end/0x%jx}", end);
++ printf("-0x%jx", end);
+ } else {
+- xo_emit("{:start/%ju}", res->dr_start);
++ printf("%ju", res->dr_start);
+ if (res->dr_size > 1)
+- xo_emit("{D:-}{d:end/%ju}", end);
+- xo_emit("{e:end/%ju}", end);
++ printf("-%ju", end);
+ }
+- xo_close_instance(safe_desc);
+- free(safe_desc);
+ }
+
+ /*
+@@ -175,7 +121,7 @@
+ return(1);
+ print_indent(ia->indent);
+ print_resource(res);
+- xo_emit("\n");
++ printf("\n");
+ }
+ return(0);
+ }
+@@ -188,7 +134,6 @@
+ {
+ struct indent_arg *ia = (struct indent_arg *)arg;
+ int indent;
+- char *safe_desc;
+
+ indent = ia->indent;
+
+@@ -198,18 +143,13 @@
+ print_device_matching_resource, ia) != 0) {
+
+ /* there are, print header */
+- safe_desc = xml_safe_string(rman->dm_desc);
+ print_indent(indent);
+- xo_emit("<{:description/%s}>\n", rman->dm_desc);
+- xo_open_list(safe_desc);
++ printf("%s:\n", rman->dm_desc);
+
+ /* print resources */
+ ia->indent = indent + 4;
+ devinfo_foreach_rman_resource(rman,
+ print_device_matching_resource, ia);
+-
+- xo_close_list(safe_desc);
+- free(safe_desc);
+ }
+ ia->indent = indent;
+ return(0);
+@@ -220,39 +160,20 @@
+ {
+ if (vflag) {
+ if (*dev->dd_desc) {
+- xo_emit("<{:description/%s}>", dev->dd_desc);
++ printf(" <%s>", dev->dd_desc);
+ }
+ if (*dev->dd_pnpinfo) {
+- xo_open_container("pnpinfo");
+- xo_emit("{D: pnpinfo}");
+-
+- if ((strcmp(dev->dd_pnpinfo, "unknown") == 0))
+- xo_emit("{D: unknown}");
+- else
+- print_kvlist(dev->dd_pnpinfo);
+-
+- xo_close_container("pnpinfo");
++ printf(" pnpinfo %s", dev->dd_pnpinfo);
+ }
+ if (*dev->dd_location) {
+- xo_open_container("location");
+- xo_emit("{D: at}");
+- print_kvlist(dev->dd_location);
+- xo_close_container("location");
++ printf(" at %s", dev->dd_location);
+ }
+-
+- // If verbose, then always print state for json/xml.
+- if (!(dev->dd_flags & DF_ENABLED))
+- xo_emit("{e:state/disabled}");
+- else if (dev->dd_flags & DF_SUSPENDED)
+- xo_emit("{e:state/suspended}");
+- else
+- xo_emit("{e:state/enabled}");
+ }
+
+ if (!(dev->dd_flags & DF_ENABLED))
+- xo_emit("{D: (disabled)}");
++ printf(" (disabled)");
+ else if (dev->dd_flags & DF_SUSPENDED)
+- xo_emit("{D: (suspended)}");
++ printf(" (suspended)");
+ }
+
+ /*
+@@ -262,20 +183,16 @@
+ print_device(struct devinfo_dev *dev, void *arg)
+ {
+ struct indent_arg ia;
+- int indent, ret;
+- const char* devname = dev->dd_name[0] ? dev->dd_name : "unknown";
++ int indent;
+ bool printit = vflag || (dev->dd_name[0] != 0 &&
+ dev->dd_state >= DS_ATTACHED);
+
+ if (printit) {
+ indent = (int)(intptr_t)arg;
+ print_indent(indent);
+-
+- xo_open_container(devname);
+- xo_emit("{d:devicename/%s}", devname);
+-
++ printf("%s", dev->dd_name[0] ? dev->dd_name : "unknown");
+ print_device_props(dev);
+- xo_emit("\n");
++ printf("\n");
+ if (rflag) {
+ ia.indent = indent + 4;
+ ia.arg = dev;
+@@ -284,13 +201,8 @@
+ }
+ }
+
+- ret = (devinfo_foreach_device_child(dev, print_device,
++ return(devinfo_foreach_device_child(dev, print_device,
+ (void *)((char *)arg + 2)));
+-
+- if (printit) {
+- xo_close_container(devname);
+- }
+- return(ret);
+ }
+
+ /*
+@@ -302,7 +214,6 @@
+ struct devinfo_dev *dev;
+ struct devinfo_rman *rman;
+ rman_res_t end;
+- char *res_str, *entry = NULL;
+ bool hexmode;
+
+ dev = devinfo_handle_to_device(res->dr_device);
+@@ -310,38 +221,24 @@
+ hexmode = (rman->dm_size > 1000) || (rman->dm_size == 0);
+ end = res->dr_start + res->dr_size - 1;
+
++ printf(" ");
++
+ if (hexmode) {
+ if (res->dr_size > 1)
+- asprintf(&res_str, "0x%jx-0x%jx", res->dr_start, end);
++ printf("0x%jx-0x%jx", res->dr_start, end);
+ else
+- asprintf(&res_str, "0x%jx", res->dr_start);
++ printf("0x%jx", res->dr_start);
+ } else {
+ if (res->dr_size > 1)
+- asprintf(&res_str, "%ju-%ju", res->dr_start, end);
++ printf("%ju-%ju", res->dr_start, end);
+ else
+- asprintf(&res_str, "%ju", res->dr_start);
+- }
+-
+- xo_emit("{P: }");
+-
+- if (last_res == NULL) {
+- // First resource
+- xo_open_list(res_str);
+- } else if (strcmp(res_str, last_res) != 0) {
+- // We can't repeat json keys. So we keep an
+- // open list from the last iteration and only
+- // create a new list when see a new resource.
+- xo_close_list(last_res);
+- xo_open_list(res_str);
++ printf("%ju", res->dr_start);
+ }
+
+ dev = devinfo_handle_to_device(res->dr_device);
+ if (dev != NULL) {
+ if (dev->dd_name[0] != 0) {
+ printf(" (%s)", dev->dd_name);
+- asprintf(&entry, "{el:%s}{D:%s} {D:(%s)}\n",
+- res_str, res_str, dev->dd_name);
+- xo_emit(entry, dev->dd_name);
+ } else {
+ printf(" (unknown)");
+ if (vflag && *dev->dd_pnpinfo)
+@@ -350,11 +247,9 @@
+ printf(" at %s", dev->dd_location);
+ }
+ } else {
+- asprintf(&entry, "{el:%s}{D:%s} {D:----}\n", res_str, res_str);
+- xo_emit(entry, "----");
++ printf(" ----");
+ }
+- free(entry);
+- last_res = res_str;
++ printf("\n");
+ return(0);
+ }
+
+@@ -364,16 +259,8 @@
+ int
+ print_rman(struct devinfo_rman *rman, void *arg __unused)
+ {
+- char* safe_desc = xml_safe_string(rman->dm_desc);
+-
+- xo_emit("<{:description/%s}\n>", rman->dm_desc);
+- xo_open_container(safe_desc);
+-
++ printf("%s:\n", rman->dm_desc);
+ devinfo_foreach_rman_resource(rman, print_rman_resource, 0);
+-
+- xo_close_list(last_res);
+- xo_close_container(safe_desc);
+- free(safe_desc);
+ return(0);
+ }
+
+@@ -382,17 +269,12 @@
+ {
+ const char *devname = dev->dd_name[0] ? dev->dd_name : "unknown";
+
+- xo_open_container(devname);
+- open_tag_count++;
+- xo_emit("{:devicename/%s} ", devname);
++ printf("%s", devname);
+ print_device_props(dev);
+ if (vflag)
+- xo_emit("\n");
++ printf("\n");
+ }
+
+-/*
+- * Recurse until we find the right dev. On the way up we print path.
+- */
+ static int
+ print_device_path(struct devinfo_dev *dev, void *xname)
+ {
+@@ -406,7 +288,7 @@
+
+ rv = devinfo_foreach_device_child(dev, print_device_path, xname);
+ if (rv == 1) {
+- xo_emit("{P: }");
++ printf(" ");
+ print_device_path_entry(dev);
+ }
+ return (rv);
+@@ -415,26 +297,19 @@
+ static void
+ print_path(struct devinfo_dev *root, char *path)
+ {
+- open_tag_count = 0;
+- if (devinfo_foreach_device_child(root, print_device_path,
+- (void *)path) == 0)
+- xo_errx(1, "%s: Not found", path);
++ if (devinfo_foreach_device_child(root, print_device_path, (void *)path) == 0)
++ errx(1, "%s: Not found", path);
+ if (!vflag)
+- xo_emit("\n");
+-
+- while (open_tag_count > 0) {
+- xo_close_container_d();
+- open_tag_count--;
+- }
++ printf("\n");
+ }
+
+ static void __dead2
+ usage(void)
+ {
+- xo_error(
+- "usage: devinfo [-rv]\n",
+- " devinfo -u [-v]\n",
+- " devinfo -p dev [-v]\n");
++ fprintf(stderr, "%s\n%s\n%s\n",
++ "usage: devinfo [-rv]",
++ " devinfo -u [-v]",
++ " devinfo -p dev [-v]");
+ exit(1);
+ }
+
+@@ -446,11 +321,6 @@
+ bool uflag;
+ char *path = NULL;
+
+- argc = xo_parse_args(argc, argv);
+- if (argc < 0) {
+- exit(1);
+- }
+-
+ uflag = false;
+ while ((c = getopt(argc, argv, "p:ruv")) != -1) {
+ switch(c) {
+@@ -476,32 +346,20 @@
+
+ if ((rv = devinfo_init()) != 0) {
+ errno = rv;
+- xo_err(1, "devinfo_init");
++ err(1, "devinfo_init");
+ }
+
+ if ((root = devinfo_handle_to_device(DEVINFO_ROOT_DEVICE)) == NULL)
+- xo_errx(1, "can't find root device");
++ errx(1, "can't find root device");
+
+ if (path) {
+- xo_set_flags(NULL, XOF_DTRT);
+- xo_open_container("device-path");
+ print_path(root, path);
+- xo_close_container("device-path");
+ } else if (uflag) {
+ /* print resource usage? */
+- xo_set_flags(NULL, XOF_DTRT);
+- xo_open_container("device-resources");
+ devinfo_foreach_rman(print_rman, NULL);
+- xo_close_container("device-resources");
+ } else {
+ /* print device hierarchy */
+- xo_open_container("device-information");
+ devinfo_foreach_device_child(root, print_device, (void *)0);
+- xo_close_container("device-information");
+- }
+-
+- if (xo_finish() < 0) {
+- exit(1);
+ }
+ return(0);
+ }
diff --git a/website/static/security/patches/EN-26:01/devinfo.patch.asc b/website/static/security/patches/EN-26:01/devinfo.patch.asc
new file mode 100644
index 0000000000..a9497138a4
--- /dev/null
+++ b/website/static/security/patches/EN-26:01/devinfo.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NCoACgkQbljekB8A
+Gu9+LQ//bOMvcSgqCImoF30CMJjMBqs30TbfTMcuF8gfB4g4YilvtmzbPXnYgNm9
+RDt2faB+Mo3avyIZqFjgzvQYBS0OB9tQkPRxoafRBttp6gsnAE8q7iUJ2RY6S9qp
+qql78FzsxlQpBcsONMAjmFeo6UarBBi4pcDQXFAWQO4CrXsgtjhXxdZ+e4xw2fCP
+N1BfJ2hqz3kg3nztihxRHbskOK0pjaxf4eqpTDOozQvPEfG74BrUhX5meItmzVSC
+FlUHI6c3fazhsUwbEMWdwp1/GOEM8Lxie7BcZG8VksRmPnojJfNKs36939yDrgX7
+GExUNMyT0aoqs4BdiFo3ruFI4o42EplnAB8wk8XhOSJUGRR8rZweN/Eh1ZstN+sf
+gBDfYv03t2Apr+Ys3FHrTHIQpR6K4nFnXA2Dw1fcxy+nNx2jNKgTeB91ppMNlmce
+POLoI56dLK4K6KZ71Uxj8Ty3E38AJI7n62rw6w4LjoemZim7dlrSGck1W83CqZ+0
+SiF/aghVzszU7IcZL48NNyPQQSxIrj8/TQkX5pKULlKC2gbvwY1YnRmJ+izkjvt/
+QREKhR627zgWs33ncQTjmTeO+Grz8ww1uY1dok5O/VHIwR+9zmtW0hEJ3gHryqH0
+wbUVE5nvyOaFArovizTDm0dO8vqZLbDBdYP54yuiwTIvv6yrgFc=
+=XYvu
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:02/arm64-14.patch b/website/static/security/patches/EN-26:02/arm64-14.patch
new file mode 100644
index 0000000000..6e332d39df
--- /dev/null
+++ b/website/static/security/patches/EN-26:02/arm64-14.patch
@@ -0,0 +1,66 @@
+ arm64: Correctly align the SVE signal context
+
+ The SVE signal context needs to be correctly aligned. Fix this by
+ creating a new macro to calculate the needed size to provide this
+ alignment, and use it when setting and checking the saved SVE signal
+ context.
+
+ Approved by: so
+ Security: FreeBSD-EN-26:02.arm64
+ Reported by: cperciva
+ Reviewed by: cperciva, markj
+ Sponsored by: Arm Ltd
+ Differential Revision: https://reviews.freebsd.org/D54396
+
+ (cherry picked from commit a9e77eb7016df70723c208fc09fbd01ec23a732d)
+ (cherry picked from commit bcd6bb8067d13d28d13a309e32818cda9e0d29ff)
+--- sys/arm64/arm64/exec_machdep.c.orig
++++ sys/arm64/arm64/exec_machdep.c
+@@ -60,6 +60,10 @@
+ #include
+ #endif
+
++#define CTX_SIZE_SVE(buf_size) \
++ roundup2(sizeof(struct sve_context) + (buf_size), \
++ _Alignof(struct sve_context))
++
+ _Static_assert(sizeof(mcontext_t) == 880, "mcontext_t size incorrect");
+ _Static_assert(sizeof(ucontext_t) == 960, "ucontext_t size incorrect");
+ _Static_assert(sizeof(siginfo_t) == 80, "siginfo_t size incorrect");
+@@ -545,8 +549,7 @@
+
+ buf_size = sve_buf_size(td);
+ /* Check the size is valid */
+- if (ctx.ctx_size !=
+- (sizeof(sve_ctx) + buf_size))
++ if (ctx.ctx_size != CTX_SIZE_SVE(buf_size))
+ return (EINVAL);
+
+ memset(pcb->pcb_svesaved, 0,
+@@ -689,7 +692,7 @@
+ {
+ struct sve_context ctx;
+ struct pcb *pcb;
+- size_t buf_size;
++ size_t buf_size, ctx_size;
+ vm_offset_t ctx_addr;
+
+ pcb = td->td_pcb;
+@@ -700,14 +703,15 @@
+ MPASS(pcb->pcb_svesaved != NULL);
+
+ buf_size = sve_buf_size(td);
++ ctx_size = CTX_SIZE_SVE(buf_size);
+
+ /* Address for the full context */
+- *addrp -= sizeof(ctx) + buf_size;
++ *addrp -= ctx_size;
+ ctx_addr = *addrp;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.sve_ctx.ctx_id = ARM64_CTX_SVE;
+- ctx.sve_ctx.ctx_size = sizeof(ctx) + buf_size;
++ ctx.sve_ctx.ctx_size = ctx_size;
+ ctx.sve_vector_len = pcb->pcb_sve_len;
+ ctx.sve_flags = 0;
+
diff --git a/website/static/security/patches/EN-26:02/arm64-14.patch.asc b/website/static/security/patches/EN-26:02/arm64-14.patch.asc
new file mode 100644
index 0000000000..bdb50b1ce1
--- /dev/null
+++ b/website/static/security/patches/EN-26:02/arm64-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NC0ACgkQbljekB8A
+Gu9schAAsCCVFg8KhVms97fb/78k2BWl7YkdPAU18BhNEHKPGUdeUD7Jml6UpH+h
+2563WXGeemD67c9tQyb5zufffgsuWjNDYveF24AIo/Z6Eg7ulXtE0Bup2q5p8sNo
+joqlyfcGpM1hr/lKad2cz4xVDvx4UwPRjo+b3j0BxUVXrln+Doqo39lUf9+F+d7U
+Qdkm5u9mkftIQSbxTrwjvD+/nLQkvrfpZ/fECgr0T6Fu29zHHgf6jJIYhPUvydpL
+0p7Y6n/7X80NorojvoxV2qQbA6mjPUJBCz7pauqzyQKp04WD+iFg9lbIx0K4VEb7
+eopsg3WgReBaQnX/jFRzpAMN3dtNsbU4DmbAGGheO84nn+VajD5AJK/lgJCFAY8b
+Tb7TtYpPOcdQqWVXK+jjWaaeZvqoP8vwDk7e4ZLt2TrpvnrUDdv2xbmTlyY4Ko5E
+uyqVOmox4zx1S5MkZ5d0ugDYFfhjJMr2U6/wZAxfS5m1LpsCqAAdtJzHcMJI5wcF
+hGIgsJIn6+J8VcfTGIwur42RV7O9CXpjlEnVkkg2co5uG5l5hhhkBDYnnVbJeHKs
+hUtN0FUYnJRa0rxciMpM9HM5sSpPkrhGXyC2kiqFNpP+c7eQXOQFs4kbgl15wttJ
+fe+La9ZN1GYDyD8xAUXbnR8DxNUtSJoAwmLUZ1TLSD5VXReGiI0=
+=FODI
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:02/arm64-15.patch b/website/static/security/patches/EN-26:02/arm64-15.patch
new file mode 100644
index 0000000000..ceda6b666e
--- /dev/null
+++ b/website/static/security/patches/EN-26:02/arm64-15.patch
@@ -0,0 +1,66 @@
+ arm64: Correctly align the SVE signal context
+
+ The SVE signal context needs to be correctly aligned. Fix this by
+ creating a new macro to calculate the needed size to provide this
+ alignment, and use it when setting and checking the saved SVE signal
+ context.
+
+ Approved by: so
+ Security: FreeBSD-EN-26:02.arm64
+ Reported by: cperciva
+ Reviewed by: cperciva, markj
+ Sponsored by: Arm Ltd
+ Differential Revision: https://reviews.freebsd.org/D54396
+
+ (cherry picked from commit a9e77eb7016df70723c208fc09fbd01ec23a732d)
+ (cherry picked from commit 683decf362ce0bbfd9ff917618f3e181bc8f1cd0)
+--- sys/arm64/arm64/exec_machdep.c.orig
++++ sys/arm64/arm64/exec_machdep.c
+@@ -60,6 +60,10 @@
+ #include
+ #endif
+
++#define CTX_SIZE_SVE(buf_size) \
++ roundup2(sizeof(struct sve_context) + (buf_size), \
++ _Alignof(struct sve_context))
++
+ _Static_assert(sizeof(mcontext_t) == 880, "mcontext_t size incorrect");
+ _Static_assert(sizeof(ucontext_t) == 960, "ucontext_t size incorrect");
+ _Static_assert(sizeof(siginfo_t) == 80, "siginfo_t size incorrect");
+@@ -585,8 +589,7 @@
+
+ buf_size = sve_buf_size(td);
+ /* Check the size is valid */
+- if (ctx.ctx_size !=
+- (sizeof(sve_ctx) + buf_size))
++ if (ctx.ctx_size != CTX_SIZE_SVE(buf_size))
+ return (EINVAL);
+
+ memset(pcb->pcb_svesaved, 0,
+@@ -729,7 +732,7 @@
+ {
+ struct sve_context ctx;
+ struct pcb *pcb;
+- size_t buf_size;
++ size_t buf_size, ctx_size;
+ vm_offset_t ctx_addr;
+
+ pcb = td->td_pcb;
+@@ -740,14 +743,15 @@
+ MPASS(pcb->pcb_svesaved != NULL);
+
+ buf_size = sve_buf_size(td);
++ ctx_size = CTX_SIZE_SVE(buf_size);
+
+ /* Address for the full context */
+- *addrp -= sizeof(ctx) + buf_size;
++ *addrp -= ctx_size;
+ ctx_addr = *addrp;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.sve_ctx.ctx_id = ARM64_CTX_SVE;
+- ctx.sve_ctx.ctx_size = sizeof(ctx) + buf_size;
++ ctx.sve_ctx.ctx_size = ctx_size;
+ ctx.sve_vector_len = pcb->pcb_sve_len;
+ ctx.sve_flags = 0;
+
diff --git a/website/static/security/patches/EN-26:02/arm64-15.patch.asc b/website/static/security/patches/EN-26:02/arm64-15.patch.asc
new file mode 100644
index 0000000000..5d282250e4
--- /dev/null
+++ b/website/static/security/patches/EN-26:02/arm64-15.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NC4ACgkQbljekB8A
+Gu8ifg//duOg4dSF2xAJp6zziv5AC8SSZ1lUnVL5gTICnif5CKfbe4lUgGDBvqdC
+dT6elKqo6alRfoSNfLXHzp8nBLqcdA2P/twt/KrqTSojKERlaXsvMr0XZxegIOuK
+kBKsxYJpcNJtIuWU9GiTQ33wyUMRIa8nfulLYDzSS/Wovtec6JuF0F61qkVao0pU
+AZ7OT+5G9x9cWc3SHrSSuXD3lk1Xn7hGTq/uNGlFuAJ6QgRthIMiYKz2ujJAjPD0
+x8PjLOdCwJG4btgL7ra0YC3N/3rYq5hKtuEUPrXNVxXfP/Xh4KO7/lfI7mRryNRx
+s3H0TDoS3CQ0rAkBg/XyaIIv4RgdCBGDU7sB81DA0PluiFjXHbrgsN2uQyQhMf/t
+dqsSUuJplithh/eZqCPBezOnMusDm3h39evThNoKtTck/bZFMQSwIBU/baTXp6JL
+mE7IIH9zcoTpDKCTIMboEGmAT1bxJbfaMQp3f4IYnwSDe0BsASRk5iQn9YKIxHZ9
+SGlTPJiTbQMbnRzi3mM6DBMQKkNKD2oyJGAh3k++I0BzBa9AVNr7VC/Ah6erOtiO
+QqCjo1453pq1CLujHj4EMau/X9YtTAAZUVgv4vncYWQ2srt3bu8uqNayrVmZXIwc
+pZnVU6lsVLcydzLX3GOlJK9ylxnVyKvIb0r3eUpU1N/mBVuQGOc=
+=n+lg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:03/vm-13.patch b/website/static/security/patches/EN-26:03/vm-13.patch
new file mode 100644
index 0000000000..501a6edf98
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-13.patch
@@ -0,0 +1,62 @@
+--- sys/vm/vm_fault.c.orig
++++ sys/vm/vm_fault.c
+@@ -137,6 +137,7 @@
+ vm_object_t object;
+ vm_pindex_t pindex;
+ vm_page_t m;
++ bool m_needs_zeroing;
+
+ /* Top-level map object. */
+ vm_object_t first_object;
+@@ -242,6 +243,7 @@
+ fault_deallocate(struct faultstate *fs)
+ {
+
++ fs->m_needs_zeroing = true;
+ fault_page_release(&fs->m_cow);
+ fault_page_release(&fs->m);
+ vm_object_pip_wakeup(fs->object);
+@@ -1086,7 +1088,7 @@
+ /*
+ * Zero the page if necessary and mark it valid.
+ */
+- if ((fs->m->flags & PG_ZERO) == 0) {
++ if (fs->m_needs_zeroing) {
+ pmap_zero_page(fs->m);
+ } else {
+ VM_CNT_INC(v_ozfod);
+@@ -1200,6 +1202,7 @@
+ vm_waitpfault(dset, vm_pfault_oom_wait * hz);
+ return (FAULT_RESTART);
+ }
++ fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
+ fs->oom_started = false;
+
+ return (FAULT_CONTINUE);
+@@ -1459,6 +1462,7 @@
+ fs.fault_flags = fault_flags;
+ fs.map = map;
+ fs.lookup_still_valid = false;
++ fs.m_needs_zeroing = true;
+ fs.oom_started = false;
+ fs.nera = -1;
+ faultcount = 0;
+--- sys/vm/vm_object.c.orig
++++ sys/vm/vm_object.c
+@@ -2123,7 +2123,7 @@
+ (options & (OBJPR_CLEANONLY | OBJPR_NOTMAPPED)) == OBJPR_NOTMAPPED,
+ ("vm_object_page_remove: illegal options for object %p", object));
+ if (object->resident_page_count == 0)
+- return;
++ goto remove_pager;
+ vm_object_pip_add(object, 1);
+ again:
+ p = vm_page_find_least(object, start);
+@@ -2199,6 +2199,7 @@
+ }
+ vm_object_pip_wakeup(object);
+
++remove_pager:
+ vm_pager_freespace(object, start, (end == 0 ? object->size : end) -
+ start);
+ }
diff --git a/website/static/security/patches/EN-26:03/vm-13.patch.asc b/website/static/security/patches/EN-26:03/vm-13.patch.asc
new file mode 100644
index 0000000000..ae3faa694e
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDAACgkQbljekB8A
+Gu8Dow//b9q09OnhR/Upz9IEMGQ7w9vHjgDs4Nulcd6BbbkKl4lttspofZKV4xLp
+BT53QWDVDQ/jxy5srNdg4mXEQ0PbX9jGDc83yAu8kSDs50u1o4+TzZblxetHSAYs
+Z4S1f+nj4k1lBHBGnsOxWXr/ITdHH4iaNhKKDPkzddKKQSw2dT4zOD2YY6M0Qw8w
+xfzYILZK2HFclnw4ly6Q8clvGwsmmsFaQ1QvL230wmmQI3BzO393aa4Wh39pc0v+
+gKU1/JHNbRv3SX06ehkJCs7zMtpVV4GFoodCwftCCvpmJKQFpd+3/wH2jDNSYQl+
+ilYllpFSzaf0uElJpSiHNxCiHqHjXo/m09fw24j+Xd9DnQ/8qMyJDnUDQh68TeOW
+gBqH8/w8t7PmYj+rANa4vKoCbAbxygzSdFGFcG1Ii737j5z9aJVt8GfIxhZ/+nqt
+so9riRbaMkkTs9FzjQm/uAh0OFxpzAMcY8xW8fPn4L/Fz5g96f8/IdtD8PDyAj1R
+cCd+/BHr1kaFOwbXxnQYvAAv32lop7Y+TkrzEOEn2WKgyUTNBXa0UGcR6pBG9feN
++3wnDzaurzX77duEugJKZIU2d7nJhRQcZk1vVbvQ/1NUdXjUkFQWlU1aTxgzdcGc
+owp/eJtpbREYOVosh/lV1LrrVjweR15N/ZLsle/bvA2l2zU8W84=
+=fIgL
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:03/vm-14.patch b/website/static/security/patches/EN-26:03/vm-14.patch
new file mode 100644
index 0000000000..b899a0db84
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-14.patch
@@ -0,0 +1,62 @@
+--- sys/vm/vm_fault.c.orig
++++ sys/vm/vm_fault.c
+@@ -139,6 +139,7 @@
+ vm_object_t object;
+ vm_pindex_t pindex;
+ vm_page_t m;
++ bool m_needs_zeroing;
+
+ /* Top-level map object. */
+ vm_object_t first_object;
+@@ -265,6 +266,7 @@
+ vm_fault_deallocate(struct faultstate *fs)
+ {
+
++ fs->m_needs_zeroing = true;
+ vm_fault_page_release(&fs->m_cow);
+ vm_fault_page_release(&fs->m);
+ vm_object_pip_wakeup(fs->object);
+@@ -1172,7 +1174,7 @@
+ /*
+ * Zero the page if necessary and mark it valid.
+ */
+- if ((fs->m->flags & PG_ZERO) == 0) {
++ if (fs->m_needs_zeroing) {
+ pmap_zero_page(fs->m);
+ } else {
+ VM_CNT_INC(v_ozfod);
+@@ -1286,6 +1288,7 @@
+ vm_waitpfault(dset, vm_pfault_oom_wait * hz);
+ return (FAULT_RESTART);
+ }
++ fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
+ fs->oom_started = false;
+
+ return (FAULT_CONTINUE);
+@@ -1553,6 +1556,7 @@
+ fs.fault_flags = fault_flags;
+ fs.map = map;
+ fs.lookup_still_valid = false;
++ fs.m_needs_zeroing = true;
+ fs.oom_started = false;
+ fs.nera = -1;
+ fs.can_read_lock = true;
+--- sys/vm/vm_object.c.orig
++++ sys/vm/vm_object.c
+@@ -2088,7 +2088,7 @@
+ (options & (OBJPR_CLEANONLY | OBJPR_NOTMAPPED)) == OBJPR_NOTMAPPED,
+ ("vm_object_page_remove: illegal options for object %p", object));
+ if (object->resident_page_count == 0)
+- return;
++ goto remove_pager;
+ vm_object_pip_add(object, 1);
+ again:
+ p = vm_page_find_least(object, start);
+@@ -2164,6 +2164,7 @@
+ }
+ vm_object_pip_wakeup(object);
+
++remove_pager:
+ vm_pager_freespace(object, start, (end == 0 ? object->size : end) -
+ start);
+ }
diff --git a/website/static/security/patches/EN-26:03/vm-14.patch.asc b/website/static/security/patches/EN-26:03/vm-14.patch.asc
new file mode 100644
index 0000000000..32bf20325b
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDEACgkQbljekB8A
+Gu+ldBAAgne5Rzok3ZXMDhJWyi0QaDvuyWAmjyiQXJMNIdf5yT/NjDaRXERolncI
+0eG1YKiMW0iDrTEjuuTA3mzQ8vUcsgE5FC/dDwyHEyXDwYS+eM8A0bkl1Iz/JpmT
+s+f48TrL6Ln6CxN+ZcOES9IDb3tXHfWqjwm4BcWwsyItTV13fbHkT8+NyCYyOjXo
+idEadNTbKKweotKar5Mjiqfsh75i26Kfjwa7ejx1RRIBOn6mZ/rKjfhjXdnn9NTH
+phGAPuEk3NU9qkaFoSxliPsL1nlHMh8vyN5LBkmcv0enaCbBf3iJUgW9+sb+UmqP
+2SfbswHENGsLLx2Thp+JpgM5XNghM8HV+fMj4zCKETiXmA8QTHqT7XH6s+gSCfBz
+mddktQHTorjTHtkNgMudwH1Z/c/x9bDEfg4xfT+0ZLkm5hCaikwz256NxrH0j16C
+EcvPdSPv89m7pF50/VyO1p6RXykOLSw8OKp7mV7z/jdnI9yXKOY/YwEBjL8iaeQO
+7XER1w9o0btvbvNvhfXlWqpshK96i1dTt3rAyjp74h4U3KkDP4FfhrDdhFlgFJ2E
+15dog3fHdrIDa9/vzHBG3h/MAzsGrA4gAzIqw2zb+s9q0Tfv0CYzkwd4RXpwmnkX
+fIrHoanV/cD+mjuouXVfXCZKRH30g8m6PmCxtonaZj3nv1AvsiE=
+=rFz7
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:03/vm-15.patch b/website/static/security/patches/EN-26:03/vm-15.patch
new file mode 100644
index 0000000000..6acd7d3766
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-15.patch
@@ -0,0 +1,62 @@
+--- sys/vm/vm_fault.c.orig
++++ sys/vm/vm_fault.c
+@@ -138,6 +138,7 @@
+ vm_object_t object;
+ vm_pindex_t pindex;
+ vm_page_t m;
++ bool m_needs_zeroing;
+
+ /* Top-level map object. */
+ vm_object_t first_object;
+@@ -264,6 +265,7 @@
+ vm_fault_deallocate(struct faultstate *fs)
+ {
+
++ fs->m_needs_zeroing = true;
+ vm_fault_page_release(&fs->m_cow);
+ vm_fault_page_release(&fs->m);
+ vm_object_pip_wakeup(fs->object);
+@@ -1181,7 +1183,7 @@
+ /*
+ * Zero the page if necessary and mark it valid.
+ */
+- if ((fs->m->flags & PG_ZERO) == 0) {
++ if (fs->m_needs_zeroing) {
+ pmap_zero_page(fs->m);
+ } else {
+ VM_CNT_INC(v_ozfod);
+@@ -1296,6 +1298,7 @@
+ vm_waitpfault(dset, vm_pfault_oom_wait * hz);
+ return (FAULT_RESTART);
+ }
++ fs->m_needs_zeroing = (fs->m->flags & PG_ZERO) == 0;
+ fs->oom_started = false;
+
+ return (FAULT_CONTINUE);
+@@ -1586,6 +1589,7 @@
+ fs.fault_flags = fault_flags;
+ fs.map = map;
+ fs.lookup_still_valid = false;
++ fs.m_needs_zeroing = true;
+ fs.oom_started = false;
+ fs.nera = -1;
+ fs.can_read_lock = true;
+--- sys/vm/vm_object.c.orig
++++ sys/vm/vm_object.c
+@@ -1988,7 +1988,7 @@
+ (options & (OBJPR_CLEANONLY | OBJPR_NOTMAPPED)) == OBJPR_NOTMAPPED,
+ ("vm_object_page_remove: illegal options for object %p", object));
+ if (object->resident_page_count == 0)
+- return;
++ goto remove_pager;
+ vm_object_pip_add(object, 1);
+ vm_page_iter_limit_init(&pages, object, end);
+ again:
+@@ -2061,6 +2061,7 @@
+ }
+ vm_object_pip_wakeup(object);
+
++remove_pager:
+ vm_pager_freespace(object, start, (end == 0 ? object->size : end) -
+ start);
+ }
diff --git a/website/static/security/patches/EN-26:03/vm-15.patch.asc b/website/static/security/patches/EN-26:03/vm-15.patch.asc
new file mode 100644
index 0000000000..be36220124
--- /dev/null
+++ b/website/static/security/patches/EN-26:03/vm-15.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDMACgkQbljekB8A
+Gu+6BA/9FHXJvmYBzQOU8GWQSVOnrJFkJDtFCr0u2LXumX1lDJQxAzCJL9qqe1M4
+EM3B4nCGEfsD3gtjBlemrwCDNa/V7sdB4I3FSoFBIQvG9oQaLQPmqLTckI6mC5uH
+zAgFI9Q9gRUzWe47Qfx+HfXbMRQTldDxBb8koi3Z92TMOKirs3xfRULH7xjlVXdu
+ZzXMJLKRTmAOkaU2vHZ9ERg4vLdTarKyIhvYwH4jP+pY7+9V/x+Eqw5Oua7OpQhw
+i/qp9BRLWpSpG8M6QiDesHDBR2XUvVb80Glk7PIOV4BBhSxR2SG0UxJbxh/hp/ZB
+m48CRjjGoGKY2sTBhg9qKKJ/OxpQANa22cdai9zAcHXp8M+l0ceQnuBqAQh9DpEr
+PEXj2N/Ze8D7sVG26+j3CqGAHHHpJXdGndVqOUGTWvp4fdCdgGHc1j/wAThssk3V
+Wdj2BFM7CmeKGqLGIMajvQPxHImB1j2LazsIzSvIw9aQNYo4JX6COMbz2HIFkRji
+bPfqXpscMK8fXYgAznz6W8soBAp1Pxbi1o2M8M49ldNZNK3TwrgP4Kolpg6zJKh8
+jOvFbjSa5JsI9u5XJvxc+Vge/lY+IWcb0kQFf8qp/CZ0+CQn/Q4vOf7RVMV/Aojc
+84Jsz/at2yJa6r3YL+NfwbGSeG95+0OECK1z360jWFk9uW9PlFw=
+=EnUH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:01/openssl-13.patch b/website/static/security/patches/SA-26:01/openssl-13.patch
new file mode 100644
index 0000000000..f0e9fb0194
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-13.patch
@@ -0,0 +1,194 @@
+--- crypto/openssl/apps/s_client.c.orig
++++ crypto/openssl/apps/s_client.c
+@@ -2698,8 +2698,9 @@
+ goto end;
+ }
+ atyp = ASN1_generate_nconf(genstr, cnf);
+- if (atyp == NULL) {
++ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
+ NCONF_free(cnf);
++ ASN1_TYPE_free(atyp);
+ BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+ goto end;
+ }
+--- crypto/openssl/crypto/asn1/a_strex.c.orig
++++ crypto/openssl/crypto/asn1/a_strex.c
+@@ -203,8 +203,10 @@
+ orflags = CHARTYPE_LAST_ESC_2253;
+ if (type & BUF_TYPE_CONVUTF8) {
+ unsigned char utfbuf[6];
+- int utflen;
+- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++
++ if (utflen < 0)
++ return -1; /* error happened with UTF8 */
+ for (i = 0; i < utflen; i++) {
+ /*
+ * We don't need to worry about setting orflags correctly
+--- crypto/openssl/crypto/bio/bf_lbuf.c.orig
++++ crypto/openssl/crypto/bio/bf_lbuf.c
+@@ -191,14 +191,34 @@
+ while (foundnl && inl > 0);
+ /*
+ * We've written as much as we can. The rest of the input buffer, if
+- * any, is text that doesn't and with a NL and therefore needs to be
+- * saved for the next trip.
++ * any, is text that doesn't end with a NL and therefore we need to try
++ * free up some space in our obuf so we can make forward progress.
+ */
+- if (inl > 0) {
+- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+- ctx->obuf_len += inl;
+- num += inl;
++ while (inl > 0) {
++ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
++ size_t to_copy;
++
++ if (avail == 0) {
++ /* Flush buffered data to make room */
++ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
++ if (i <= 0) {
++ BIO_copy_next_retry(b);
++ return num > 0 ? num : i;
++ }
++ if (i < ctx->obuf_len)
++ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
++ ctx->obuf_len -= i;
++ continue;
++ }
++
++ to_copy = inl > (int)avail ? avail : (size_t)inl;
++ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
++ ctx->obuf_len += (int)to_copy;
++ in += to_copy;
++ inl -= (int)to_copy;
++ num += (int)to_copy;
+ }
++
+ return num;
+ }
+
+--- crypto/openssl/crypto/modes/ocb128.c.orig
++++ crypto/openssl/crypto/modes/ocb128.c
+@@ -342,7 +342,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -356,6 +356,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keyenc,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ /* Loop through all full blocks to be encrypted */
+ for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+@@ -434,7 +437,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -448,6 +451,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keydec,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ OCB_BLOCK tmp;
+
+--- crypto/openssl/crypto/pkcs12/p12_decr.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_decr.c
+@@ -88,6 +88,12 @@
+ void *ret;
+ int outlen;
+
++ if (oct == NULL) {
++ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
++ PKCS12_R_INVALID_NULL_ARGUMENT);
++ return NULL;
++ }
++
+ if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+ &out, &outlen, 0)) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+--- crypto/openssl/crypto/pkcs12/p12_kiss.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_kiss.c
+@@ -183,11 +183,17 @@
+ ASN1_BMPSTRING *fname = NULL;
+ ASN1_OCTET_STRING *lkid = NULL;
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
++ if (attrib->type != V_ASN1_BMPSTRING)
++ return 0;
+ fname = attrib->value.bmpstring;
++ }
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
++ if (attrib->type != V_ASN1_OCTET_STRING)
++ return 0;
+ lkid = attrib->value.octet_string;
++ }
+
+ switch (PKCS12_SAFEBAG_get_nid(bag)) {
+ case NID_keyBag:
+--- crypto/openssl/crypto/pkcs12/p12_utl.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_utl.c
+@@ -207,6 +207,11 @@
+ /* re-run the loop emitting UTF-8 string */
+ for (asclen = 0, i = 0; i < unilen; ) {
+ j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
++ /* when UTF8_putc fails */
++ if (j < 0) {
++ OPENSSL_free(asctmp);
++ return NULL;
++ }
+ if (j == 4) i += 4;
+ else i += 2;
+ asclen += j;
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c.orig
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c
+@@ -1092,6 +1092,8 @@
+ ASN1_TYPE *astype;
+ if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+ return NULL;
++ if (astype->type != V_ASN1_OCTET_STRING)
++ return NULL;
+ return astype->value.octet_string;
+ }
+
+--- crypto/openssl/crypto/ts/ts_rsp_verify.c.orig
++++ crypto/openssl/crypto/ts/ts_rsp_verify.c
+@@ -262,7 +262,7 @@
+ ASN1_TYPE *attr;
+ const unsigned char *p;
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+- if (!attr)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+@@ -274,7 +274,7 @@
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+- if (attr == NULL)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+--
diff --git a/website/static/security/patches/SA-26:01/openssl-13.patch.asc b/website/static/security/patches/SA-26:01/openssl-13.patch.asc
new file mode 100644
index 0000000000..306b97c814
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDUACgkQbljekB8A
+Gu/wRRAAsRtcHehErSu5h3CJGuNI0jergHNiu3CxKvBZAeBzLm0Me7SPifv/zgjd
+WnyorGyaohhaCGXubANH/64qSge7gDFQBm9v99uI/rkRUsQvsSQf78GeGnf3ssBA
+GgLrWkO4Hp0QoA7H0n0lvi4IX97c6qXKm4hR7YyhBHkxHIrq9Qk8pjibQSjbfGkD
+0y7Y4OQ+sXUtAazfTBzXJNdWnAWgWqQZcJCEEilc8DnG0/VW16sMMh/vAUF8aYuG
+0V6V0Ml1/n24klbnOC062AFX2oDuUodwxUiYEnwGz9VhLjeCxXUXWghhkQ9BLr9H
+lld805CT/fDqkPOXkxyt/UJ95p0JuCV4RPyrRupGIg/OZDrOQ2iJ55Xi+NaJHPYM
+S+cIPIsfHEVY7t2BNdb2ZCXwtd0CFyKdCwwu7tP7+yD6B3Ju09UvmsrfBFMSQw1c
+hOZpww6/vXrQXzUaIdyBF/VV+8gFNsAIh6baYEjiLXHn7pmGGac4fCQM7OsOMbhc
+WpZ7vkqPFFQYGsKbnTCZ82AjjsYPotdIWn8hlLqkHD0ZlbUptl65CpS+hPYaDSnV
+4S94M6Aof0UhGPeLrSdq+IApkTAXmihWu4HSG7oG+n1f48ZkfgmQiMd1PmQAZYey
+zSb+r3p8Dc1cbFz+a5saH/GuNdnZEkrXJQgWx5PiwMIShKEBCLs=
+=7Bwk
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:01/openssl-14.patch b/website/static/security/patches/SA-26:01/openssl-14.patch
new file mode 100644
index 0000000000..cd1b9214d3
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-14.patch
@@ -0,0 +1,251 @@
+--- crypto/openssl/apps/s_client.c.orig
++++ crypto/openssl/apps/s_client.c
+@@ -2650,8 +2650,9 @@
+ goto end;
+ }
+ atyp = ASN1_generate_nconf(genstr, cnf);
+- if (atyp == NULL) {
++ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
+ NCONF_free(cnf);
++ ASN1_TYPE_free(atyp);
+ BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+ goto end;
+ }
+--- crypto/openssl/crypto/asn1/a_strex.c.orig
++++ crypto/openssl/crypto/asn1/a_strex.c
+@@ -204,8 +204,10 @@
+ orflags = CHARTYPE_LAST_ESC_2253;
+ if (type & BUF_TYPE_CONVUTF8) {
+ unsigned char utfbuf[6];
+- int utflen;
+- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++
++ if (utflen < 0)
++ return -1; /* error happened with UTF8 */
+ for (i = 0; i < utflen; i++) {
+ /*
+ * We don't need to worry about setting orflags correctly
+--- crypto/openssl/crypto/asn1/evp_asn1.c.orig
++++ crypto/openssl/crypto/asn1/evp_asn1.c
+@@ -60,6 +60,12 @@
+ oct->flags = 0;
+ }
+
++/*
++ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
+ long *num, unsigned char *data, int max_len)
+ {
+@@ -106,6 +112,13 @@
+ return 0;
+ }
+
++/*
++ * This function decodes an int-octet sequence and copies the integer to 'num'
++ * and the data of octet to 'data'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+ {
+@@ -162,6 +175,13 @@
+ return 0;
+ }
+
++/*
++ * This function decodes an octet-int sequence and copies the data of octet
++ * to 'data' and the integer to 'num'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+ {
+--- crypto/openssl/crypto/bio/bf_lbuf.c.orig
++++ crypto/openssl/crypto/bio/bf_lbuf.c
+@@ -189,14 +189,34 @@
+ while (foundnl && inl > 0);
+ /*
+ * We've written as much as we can. The rest of the input buffer, if
+- * any, is text that doesn't and with a NL and therefore needs to be
+- * saved for the next trip.
++ * any, is text that doesn't end with a NL and therefore we need to try
++ * free up some space in our obuf so we can make forward progress.
+ */
+- if (inl > 0) {
+- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+- ctx->obuf_len += inl;
+- num += inl;
++ while (inl > 0) {
++ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
++ size_t to_copy;
++
++ if (avail == 0) {
++ /* Flush buffered data to make room */
++ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
++ if (i <= 0) {
++ BIO_copy_next_retry(b);
++ return num > 0 ? num : i;
++ }
++ if (i < ctx->obuf_len)
++ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
++ ctx->obuf_len -= i;
++ continue;
++ }
++
++ to_copy = inl > (int)avail ? avail : (size_t)inl;
++ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
++ ctx->obuf_len += (int)to_copy;
++ in += to_copy;
++ inl -= (int)to_copy;
++ num += (int)to_copy;
+ }
++
+ return num;
+ }
+
+--- crypto/openssl/crypto/evp/evp_lib.c.orig
++++ crypto/openssl/crypto/evp/evp_lib.c
+@@ -249,10 +249,9 @@
+ if (type == NULL || asn1_params == NULL)
+ return 0;
+
+- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
+- if (i <= 0)
++ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
++ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
+ return -1;
+- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
+
+ memcpy(asn1_params->iv, iv, i);
+ asn1_params->iv_len = i;
+--- crypto/openssl/crypto/modes/ocb128.c.orig
++++ crypto/openssl/crypto/modes/ocb128.c
+@@ -342,7 +342,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -356,6 +356,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keyenc,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ /* Loop through all full blocks to be encrypted */
+ for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+@@ -434,7 +437,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -448,6 +451,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keydec,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ OCB_BLOCK tmp;
+
+--- crypto/openssl/crypto/pkcs12/p12_decr.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_decr.c
+@@ -137,6 +137,11 @@
+ void *ret;
+ int outlen = 0;
+
++ if (oct == NULL) {
++ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
+ if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
+ &out, &outlen, 0, libctx, propq))
+ return NULL;
+--- crypto/openssl/crypto/pkcs12/p12_kiss.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_kiss.c
+@@ -190,11 +190,17 @@
+ ASN1_BMPSTRING *fname = NULL;
+ ASN1_OCTET_STRING *lkid = NULL;
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
++ if (attrib->type != V_ASN1_BMPSTRING)
++ return 0;
+ fname = attrib->value.bmpstring;
++ }
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
++ if (attrib->type != V_ASN1_OCTET_STRING)
++ return 0;
+ lkid = attrib->value.octet_string;
++ }
+
+ switch (PKCS12_SAFEBAG_get_nid(bag)) {
+ case NID_keyBag:
+--- crypto/openssl/crypto/pkcs12/p12_utl.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_utl.c
+@@ -212,6 +212,11 @@
+ /* re-run the loop emitting UTF-8 string */
+ for (asclen = 0, i = 0; i < unilen; ) {
+ j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
++ /* when UTF8_putc fails */
++ if (j < 0) {
++ OPENSSL_free(asctmp);
++ return NULL;
++ }
+ if (j == 4) i += 4;
+ else i += 2;
+ asclen += j;
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c.orig
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c
+@@ -1182,6 +1182,8 @@
+ ASN1_TYPE *astype;
+ if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+ return NULL;
++ if (astype->type != V_ASN1_OCTET_STRING)
++ return NULL;
+ return astype->value.octet_string;
+ }
+
+--- crypto/openssl/crypto/ts/ts_rsp_verify.c.orig
++++ crypto/openssl/crypto/ts/ts_rsp_verify.c
+@@ -209,7 +209,7 @@
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+- if (attr == NULL)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+@@ -222,7 +222,7 @@
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+- if (attr == NULL)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+--
diff --git a/website/static/security/patches/SA-26:01/openssl-14.patch.asc b/website/static/security/patches/SA-26:01/openssl-14.patch.asc
new file mode 100644
index 0000000000..a4f54c7dc5
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDYACgkQbljekB8A
+Gu+XhQ//VlCelzAFBR9vtJqVyKb0vfoT3grP2HnboOEcZaQY4Uekddk0JiNqUOwp
+p2f1fcLnsSqoEcMmzQXK5qD/ExN2dhhKFO+psrIv3StDXrbcfYVVOjhpn72GjrjU
+UxjjA7FF4MzmF3VERZqMauThDkT9699YwpSJI2HO9FO7NEj3ZQcB/+T0mH0dU8Nv
+/OwVghhXYrEzggjg9f7/TIfW5KgCdh2LtpXZkTmsyK1d39mHxhvobhQD6Jy9hTMc
+AELr8dmD4slAyw+PLUc9zZX12DlARVAE0UXkJgTknPYN6zfTeCqBqSQe37U6yk4O
+ec1jguNEmRvy8B594O/dZnyqa2BgA4k3qBRdCt+YfOMPk3Dq0cdLt6zWhy6aK937
+l4qD7890uWQo+y3H+gcPm6zm+ivYhSuFePKpZ8iVmA1+8bJD7+8AveiBOIXcEYL8
+ctfcqdLj4uOjL+Fipa7TeLS0y5lA8FcjntT8tLrd2ax0UODvnNXGzGawk3Oot7y2
+W5+vChdA83GyaoaPCNXN7Qh7IJxfWBEq5byQk1vTMZ8Tp4dBmr3qc6MQG74QX6Wb
+FZXOxFwKVor8S90LbuOcGSdJIividxBp0N/koazNR5SXtNGI6a7THBgnx2ownPOt
+QCh5gOji+ue8nLLSJIfSYHUKupP9ZBSY6Okwzmr4suavdMr282I=
+=PsKm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:01/openssl-15.patch b/website/static/security/patches/SA-26:01/openssl-15.patch
new file mode 100644
index 0000000000..b8c4378a0b
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-15.patch
@@ -0,0 +1,550 @@
+--- crypto/openssl/apps/dgst.c.orig
++++ crypto/openssl/apps/dgst.c
+@@ -704,12 +704,11 @@
+ {
+ int res, ret = EXIT_FAILURE;
+ size_t len = 0;
+- int buflen = 0;
+- int maxlen = 16 * 1024 * 1024;
++ size_t buflen = 0;
++ size_t maxlen = 16 * 1024 * 1024;
+ uint8_t *buf = NULL, *sig = NULL;
+
+- buflen = bio_to_mem(&buf, maxlen, in);
+- if (buflen <= 0) {
++ if (!bio_to_mem(&buf, &buflen, maxlen, in)) {
+ BIO_printf(bio_err, "Read error in %s\n", file);
+ return ret;
+ }
+--- crypto/openssl/apps/include/apps.h.orig
++++ crypto/openssl/apps/include/apps.h
+@@ -253,7 +253,7 @@
+ X509_NAME *parse_name(const char *str, int chtype, int multirdn,
+ const char *desc);
+ void policies_print(X509_STORE_CTX *ctx);
+-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
++int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in);
+ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
+ int x509_ctrl_string(X509 *x, const char *value);
+ int x509_req_ctrl_string(X509_REQ *x, const char *value);
+--- crypto/openssl/apps/lib/apps.c.orig
++++ crypto/openssl/apps/lib/apps.c
+@@ -49,6 +49,7 @@
+ #include "apps.h"
+
+ #include "internal/sockets.h" /* for openssl_fdset() */
++#include "internal/numbers.h" /* for LONG_MAX */
+ #include "internal/e_os.h"
+
+ #ifdef _WIN32
+@@ -2010,45 +2011,45 @@
+ }
+
+ /*
+- * Read whole contents of a BIO into an allocated memory buffer and return
+- * it.
++ * Read whole contents of a BIO into an allocated memory buffer.
++ * The return value is one on success, zero on error.
++ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if
++ * the input is longer than `maxlen`, an error is returned.
++ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`.
+ */
+-
+-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
++int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in)
+ {
++ unsigned char tbuf[4096];
+ BIO *mem;
+- int len, ret;
+- unsigned char tbuf[1024];
++ BUF_MEM *bufm;
++ size_t sz = 0;
++ int len;
+
+ mem = BIO_new(BIO_s_mem());
+ if (mem == NULL)
+- return -1;
++ return 0;
+ for (;;) {
+- if ((maxlen != -1) && maxlen < 1024)
+- len = maxlen;
+- else
+- len = 1024;
+- len = BIO_read(in, tbuf, len);
+- if (len < 0) {
+- BIO_free(mem);
+- return -1;
+- }
+- if (len == 0)
++ if ((len = BIO_read(in, tbuf, 4096)) == 0)
+ break;
+- if (BIO_write(mem, tbuf, len) != len) {
++ if (len < 0
++ || BIO_write(mem, tbuf, len) != len
++ || sz > SIZE_MAX - len
++ || ((sz += len) > maxlen && maxlen != 0)) {
+ BIO_free(mem);
+- return -1;
++ return 0;
+ }
+- if (maxlen != -1)
+- maxlen -= len;
+-
+- if (maxlen == 0)
+- break;
+ }
+- ret = BIO_get_mem_data(mem, (char **)out);
+- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
++
++ /* So BIO_free orphans BUF_MEM */
++ (void)BIO_set_close(mem, BIO_NOCLOSE);
++ BIO_get_mem_ptr(mem, &bufm);
+ BIO_free(mem);
+- return ret;
++ *out = (unsigned char *)bufm->data;
++ *outlen = bufm->length;
++ /* Tell BUF_MEM to orphan data */
++ bufm->data = NULL;
++ BUF_MEM_free(bufm);
++ return 1;
+ }
+
+ int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+--- crypto/openssl/apps/pkeyutl.c.orig
++++ crypto/openssl/apps/pkeyutl.c
+@@ -40,7 +40,7 @@
+
+ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
+ EVP_PKEY *pkey, BIO *in,
+- int filesize, unsigned char *sig, int siglen,
++ int filesize, unsigned char *sig, size_t siglen,
+ unsigned char **out, size_t *poutlen);
+
+ static int only_nomd(EVP_PKEY *pkey)
+@@ -133,7 +133,7 @@
+ char hexdump = 0, asn1parse = 0, rev = 0, *prog;
+ unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
+ OPTION_CHOICE o;
+- int buf_inlen = 0, siglen = -1;
++ size_t buf_inlen = 0, siglen = 0;
+ int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
+ int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+ int engine_impl = 0;
+@@ -486,31 +486,31 @@
+
+ if (sigfile != NULL) {
+ BIO *sigbio = BIO_new_file(sigfile, "rb");
++ size_t maxsiglen = 16 * 1024 * 1024;
+
+ if (sigbio == NULL) {
+ BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+ goto end;
+ }
+- siglen = bio_to_mem(&sig, keysize * 10, sigbio);
+- BIO_free(sigbio);
+- if (siglen < 0) {
++ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) {
++ BIO_free(sigbio);
+ BIO_printf(bio_err, "Error reading signature data\n");
+ goto end;
+ }
++ BIO_free(sigbio);
+ }
+
+ /* Raw input data is handled elsewhere */
+ if (in != NULL && !rawin) {
+ /* Read the input data */
+- buf_inlen = bio_to_mem(&buf_in, -1, in);
+- if (buf_inlen < 0) {
++ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) {
+ BIO_printf(bio_err, "Error reading input Data\n");
+ goto end;
+ }
+ if (rev) {
+ size_t i;
+ unsigned char ctmp;
+- size_t l = (size_t)buf_inlen;
++ size_t l = buf_inlen;
+
+ for (i = 0; i < l / 2; i++) {
+ ctmp = buf_in[i];
+@@ -525,7 +525,8 @@
+ && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
+ if (buf_inlen > EVP_MAX_MD_SIZE) {
+ BIO_printf(bio_err,
+- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
++ "Error: The non-raw input data length %zd is too long - "
++ "max supported hashed size is %d\n",
+ buf_inlen, EVP_MAX_MD_SIZE);
+ goto end;
+ }
+@@ -536,8 +537,7 @@
+ rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
+ NULL, 0);
+ } else {
+- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+- buf_in, (size_t)buf_inlen);
++ rv = EVP_PKEY_verify(ctx, sig, siglen, buf_in, buf_inlen);
+ }
+ if (rv == 1) {
+ BIO_puts(out, "Signature Verified Successfully\n");
+@@ -556,8 +556,8 @@
+ buf_outlen = kdflen;
+ rv = 1;
+ } else {
+- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
++ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen,
++ buf_in, buf_inlen, NULL, &secretlen);
+ }
+ if (rv > 0
+ && (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE
+@@ -568,8 +568,8 @@
+ if (secretlen > 0)
+ secret = app_malloc(secretlen, "secret output");
+ rv = do_keyop(ctx, pkey_op,
+- buf_out, (size_t *)&buf_outlen,
+- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
++ buf_out, &buf_outlen,
++ buf_in, buf_inlen, secret, &secretlen);
+ }
+ }
+ if (rv <= 0) {
+@@ -838,7 +838,7 @@
+
+ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
+ EVP_PKEY *pkey, BIO *in,
+- int filesize, unsigned char *sig, int siglen,
++ int filesize, unsigned char *sig, size_t siglen,
+ unsigned char **out, size_t *poutlen)
+ {
+ int rv = 0;
+@@ -861,7 +861,7 @@
+ BIO_printf(bio_err, "Error reading raw input data\n");
+ goto end;
+ }
+- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len);
++ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len);
+ break;
+ case EVP_PKEY_OP_SIGN:
+ buf_len = BIO_read(in, mbuf, filesize);
+@@ -895,7 +895,7 @@
+ goto end;
+ }
+ }
+- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen);
++ rv = EVP_DigestVerifyFinal(mctx, sig, siglen);
+ break;
+ case EVP_PKEY_OP_SIGN:
+ for (;;) {
+--- crypto/openssl/apps/s_client.c.orig
++++ crypto/openssl/apps/s_client.c
+@@ -2834,8 +2834,9 @@
+ goto end;
+ }
+ atyp = ASN1_generate_nconf(genstr, cnf);
+- if (atyp == NULL) {
++ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
+ NCONF_free(cnf);
++ ASN1_TYPE_free(atyp);
+ BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+ goto end;
+ }
+--- crypto/openssl/crypto/asn1/a_strex.c.orig
++++ crypto/openssl/crypto/asn1/a_strex.c
+@@ -204,8 +204,10 @@
+ orflags = CHARTYPE_LAST_ESC_2253;
+ if (type & BUF_TYPE_CONVUTF8) {
+ unsigned char utfbuf[6];
+- int utflen;
+- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
++
++ if (utflen < 0)
++ return -1; /* error happened with UTF8 */
+ for (i = 0; i < utflen; i++) {
+ /*
+ * We don't need to worry about setting orflags correctly
+--- crypto/openssl/crypto/asn1/evp_asn1.c.orig
++++ crypto/openssl/crypto/asn1/evp_asn1.c
+@@ -60,6 +60,12 @@
+ oct->flags = 0;
+ }
+
++/*
++ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
+ long *num, unsigned char *data, int max_len)
+ {
+@@ -106,6 +112,13 @@
+ return 0;
+ }
+
++/*
++ * This function decodes an int-octet sequence and copies the integer to 'num'
++ * and the data of octet to 'data'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+ {
+@@ -162,6 +175,13 @@
+ return 0;
+ }
+
++/*
++ * This function decodes an octet-int sequence and copies the data of octet
++ * to 'data' and the integer to 'num'.
++ * If the length of 'data' > 'max_len', copies only the first 'max_len'
++ * bytes, but returns the full length of 'oct'; this allows distinguishing
++ * whether all the data was copied.
++ */
+ int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+ {
+--- crypto/openssl/crypto/bio/bf_lbuf.c.orig
++++ crypto/openssl/crypto/bio/bf_lbuf.c
+@@ -186,14 +186,34 @@
+ while (foundnl && inl > 0);
+ /*
+ * We've written as much as we can. The rest of the input buffer, if
+- * any, is text that doesn't and with a NL and therefore needs to be
+- * saved for the next trip.
++ * any, is text that doesn't end with a NL and therefore we need to try
++ * free up some space in our obuf so we can make forward progress.
+ */
+- if (inl > 0) {
+- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+- ctx->obuf_len += inl;
+- num += inl;
++ while (inl > 0) {
++ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
++ size_t to_copy;
++
++ if (avail == 0) {
++ /* Flush buffered data to make room */
++ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
++ if (i <= 0) {
++ BIO_copy_next_retry(b);
++ return num > 0 ? num : i;
++ }
++ if (i < ctx->obuf_len)
++ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
++ ctx->obuf_len -= i;
++ continue;
++ }
++
++ to_copy = inl > (int)avail ? avail : (size_t)inl;
++ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
++ ctx->obuf_len += (int)to_copy;
++ in += to_copy;
++ inl -= (int)to_copy;
++ num += (int)to_copy;
+ }
++
+ return num;
+ }
+
+--- crypto/openssl/crypto/evp/evp_lib.c.orig
++++ crypto/openssl/crypto/evp/evp_lib.c
+@@ -228,10 +228,9 @@
+ if (type == NULL || asn1_params == NULL)
+ return 0;
+
+- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
+- if (i <= 0)
++ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
++ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
+ return -1;
+- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
+
+ memcpy(asn1_params->iv, iv, i);
+ asn1_params->iv_len = i;
+--- crypto/openssl/crypto/modes/ocb128.c.orig
++++ crypto/openssl/crypto/modes/ocb128.c
+@@ -338,7 +338,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -352,6 +352,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keyenc,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ /* Loop through all full blocks to be encrypted */
+ for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+@@ -430,7 +433,7 @@
+
+ if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+ && ctx->stream != NULL) {
+- size_t max_idx = 0, top = (size_t)all_num_blocks;
++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
+
+ /*
+ * See how many L_{i} entries we need to process data at hand
+@@ -444,6 +447,9 @@
+ ctx->stream(in, out, num_blocks, ctx->keydec,
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
++ processed_bytes = num_blocks * 16;
++ in += processed_bytes;
++ out += processed_bytes;
+ } else {
+ OCB_BLOCK tmp;
+
+--- crypto/openssl/crypto/pkcs12/p12_decr.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_decr.c
+@@ -143,6 +143,11 @@
+ void *ret;
+ int outlen = 0;
+
++ if (oct == NULL) {
++ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
++ return NULL;
++ }
++
+ if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
+ &out, &outlen, 0, libctx, propq))
+ return NULL;
+--- crypto/openssl/crypto/pkcs12/p12_kiss.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_kiss.c
+@@ -197,11 +197,17 @@
+ ASN1_BMPSTRING *fname = NULL;
+ ASN1_OCTET_STRING *lkid = NULL;
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
++ if (attrib->type != V_ASN1_BMPSTRING)
++ return 0;
+ fname = attrib->value.bmpstring;
++ }
+
+- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
++ if (attrib->type != V_ASN1_OCTET_STRING)
++ return 0;
+ lkid = attrib->value.octet_string;
++ }
+
+ switch (PKCS12_SAFEBAG_get_nid(bag)) {
+ case NID_keyBag:
+--- crypto/openssl/crypto/pkcs12/p12_mutl.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_mutl.c
+@@ -122,8 +122,6 @@
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
+ goto err;
+ }
+- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
+- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
+
+ if (pbkdf2_param->prf == NULL) {
+ kdf_hmac_nid = NID_hmacWithSHA1;
+@@ -138,6 +136,22 @@
+ goto err;
+ }
+
++ /* Validate salt is an OCTET STRING choice */
++ if (pbkdf2_param->salt == NULL
++ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
++ goto err;
++ }
++ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
++
++ /* RFC 9579 specifies missing key length as invalid */
++ if (pbkdf2_param->keylength != NULL)
++ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
++ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
++ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
++ goto err;
++ }
++
+ if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
+ ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
+--- crypto/openssl/crypto/pkcs12/p12_utl.c.orig
++++ crypto/openssl/crypto/pkcs12/p12_utl.c
+@@ -206,6 +206,11 @@
+ /* re-run the loop emitting UTF-8 string */
+ for (asclen = 0, i = 0; i < unilen; ) {
+ j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
++ /* when UTF8_putc fails */
++ if (j < 0) {
++ OPENSSL_free(asctmp);
++ return NULL;
++ }
+ if (j == 4) i += 4;
+ else i += 2;
+ asclen += j;
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c.orig
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c
+@@ -1231,6 +1231,8 @@
+ ASN1_TYPE *astype;
+ if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+ return NULL;
++ if (astype->type != V_ASN1_OCTET_STRING)
++ return NULL;
+ return astype->value.octet_string;
+ }
+
+--- crypto/openssl/crypto/ts/ts_rsp_verify.c.orig
++++ crypto/openssl/crypto/ts/ts_rsp_verify.c
+@@ -211,7 +211,7 @@
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+- if (attr == NULL)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+@@ -224,7 +224,7 @@
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+- if (attr == NULL)
++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+--- crypto/openssl/ssl/quic/quic_impl.c.orig
++++ crypto/openssl/ssl/quic/quic_impl.c
+@@ -5065,6 +5065,8 @@
+ {
+ const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+
++ if (ciph == NULL)
++ return NULL;
+ if ((ciph->algorithm2 & SSL_QUIC) == 0)
+ return NULL;
+
+--- crypto/openssl/ssl/statem/statem_lib.c.orig
++++ crypto/openssl/ssl/statem/statem_lib.c
+@@ -2912,6 +2912,12 @@
+ goto err;
+ }
+
++ /* Prevent excessive pre-decompression allocation */
++ if (expected_length > sc->max_cert_list) {
++ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
++ goto err;
++ }
++
+ if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
+ SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
+ goto err;
+--
diff --git a/website/static/security/patches/SA-26:01/openssl-15.patch.asc b/website/static/security/patches/SA-26:01/openssl-15.patch.asc
new file mode 100644
index 0000000000..ed49341c69
--- /dev/null
+++ b/website/static/security/patches/SA-26:01/openssl-15.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NDcACgkQbljekB8A
+Gu+GLw/+M8A7WK1OFMauAqR7bPrcuztHRMZhAvKunM2jnjtiMRqLtQBeQYg6aeTR
+sMUqm1R2NfD3ic5zt7kKTbPmHfG3TSCDglDfTiYiCAwzTEg9jsejg8Mqm64zDWf7
+/T+TXjzipdKYpasNAIZYmmvoeOtLNp5tzTOAOxPxwOunHiMxdezTV3Kb1JSH45A0
+QpbHYMYfPWREOChpJwzxDDjYdbtx+WDKH+V6ZEbAd495B8IlF7QajST6gfh2xZVo
+/J5Iz1wqlQbasy2G2eaoBU2zBMzvZUpNpiodw2S3qV95aZ2gSKO7swTkV7Qg/3/t
+lBdljQNrMPWxwTP85s1E+iK74wS2VOej1iQsuBiX024ErDUo4u8hB9be9sYwGhkH
+1RS5f0P3SvH1QGwBQ0nwaoxGz0RHIpb4kS7I//PWz8mD74e8g6xXm8/0r/mEoptm
+Rp18d7VuAYMhSbK39jJEax+Ud6f/PyRR+lMSvi+EZ9BeurxFR5hXAVOu35OYwgzH
+44j09SqHPq+m0zv7DDb2/fkh/+j3D5GwqVA3ykEiZX6Wgf+e36IFgJOxzz6BiKq1
+dCmJxXwSKPN1pFc7uqupUpDyGFOoXMCkcflOA4ZOhxcfYoF14oKnaGdqmQXrYGGv
+zFPjHG7YOd+W0DN2GSTJfiaAtYtBaTFNHBxeoKIAyFc0SVvVYQ8=
+=rFjZ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:02/jail-13.patch b/website/static/security/patches/SA-26:02/jail-13.patch
new file mode 100644
index 0000000000..43bac1e9a4
--- /dev/null
+++ b/website/static/security/patches/SA-26:02/jail-13.patch
@@ -0,0 +1,550 @@
+--- sys/fs/cd9660/cd9660_lookup.c.orig
++++ sys/fs/cd9660/cd9660_lookup.c
+@@ -134,7 +134,7 @@
+ char *name;
+ struct vnode **vpp = ap->a_vpp;
+ struct componentname *cnp = ap->a_cnp;
+- int flags = cnp->cn_flags;
++ uint64_t flags = cnp->cn_flags;
+ int nameiop = cnp->cn_nameiop;
+
+ ep2 = ep = NULL;
+--- sys/fs/fuse/fuse_vnops.c.orig
++++ sys/fs/fuse/fuse_vnops.c
+@@ -1433,9 +1433,9 @@
+ struct timespec now;
+
+ int nameiop = cnp->cn_nameiop;
+- int flags = cnp->cn_flags;
+- int wantparent = flags & (LOCKPARENT | WANTPARENT);
+- int islastcn = flags & ISLASTCN;
++ bool wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT);
++ bool isdotdot = cnp->cn_flags & ISDOTDOT;
++ bool islastcn = cnp->cn_flags & ISLASTCN;
+ struct mount *mp = vnode_mount(dvp);
+ struct fuse_data *data = fuse_get_mpdata(mp);
+ int default_permissions = data->dataflags & FSESS_DEFAULT_PERMISSIONS;
+@@ -1468,8 +1468,7 @@
+ return err;
+
+ is_dot = cnp->cn_namelen == 1 && *(cnp->cn_nameptr) == '.';
+- if ((flags & ISDOTDOT) && !(data->dataflags & FSESS_EXPORT_SUPPORT))
+- {
++ if (isdotdot && !(data->dataflags & FSESS_EXPORT_SUPPORT)) {
+ if (!(VTOFUD(dvp)->flag & FN_PARENT_NID)) {
+ /*
+ * Since the file system doesn't support ".." lookups,
+@@ -1590,7 +1589,7 @@
+ }
+ } else {
+ /* Entry was found */
+- if (flags & ISDOTDOT) {
++ if (isdotdot) {
+ struct fuse_lookup_alloc_arg flaa;
+
+ flaa.nid = nid;
+--- sys/fs/nullfs/null_vnops.c.orig
++++ sys/fs/nullfs/null_vnops.c
+@@ -389,7 +389,7 @@
+ {
+ struct componentname *cnp = ap->a_cnp;
+ struct vnode *dvp = ap->a_dvp;
+- int flags = cnp->cn_flags;
++ uint64_t flags = cnp->cn_flags;
+ struct vnode *vp, *ldvp, *lvp;
+ struct mount *mp;
+ int error;
+@@ -407,17 +407,25 @@
+
+ /*
+ * Renames in the lower mounts might create an inconsistent
+- * configuration where lower vnode is moved out of the
+- * directory tree remounted by our null mount. Do not try to
+- * handle it fancy, just avoid VOP_LOOKUP() with DOTDOT name
+- * which cannot be handled by VOP, at least passing over lower
+- * root.
++ * configuration where lower vnode is moved out of the directory tree
++ * remounted by our null mount.
++ *
++ * Do not try to handle it fancy, just avoid VOP_LOOKUP() with DOTDOT
++ * name which cannot be handled by the VOP.
+ */
+- if ((ldvp->v_vflag & VV_ROOT) != 0 && (flags & ISDOTDOT) != 0) {
+- KASSERT((dvp->v_vflag & VV_ROOT) == 0,
+- ("ldvp %p fl %#x dvp %p fl %#x flags %#x",
+- ldvp, ldvp->v_vflag, dvp, dvp->v_vflag, flags));
+- return (ENOENT);
++ if ((flags & ISDOTDOT) != 0) {
++ struct nameidata *ndp;
++
++ if ((ldvp->v_vflag & VV_ROOT) != 0) {
++ KASSERT((dvp->v_vflag & VV_ROOT) == 0,
++ ("ldvp %p fl %#x dvp %p fl %#x flags %#jx",
++ ldvp, ldvp->v_vflag, dvp, dvp->v_vflag,
++ (uintmax_t)flags));
++ return (ENOENT);
++ }
++ ndp = lookup_nameidata(cnp);
++ if (ndp != NULL && lookup_isroot(ndp, ldvp))
++ return (ENOENT);
+ }
+
+ /*
+--- sys/fs/smbfs/smbfs_vnops.c.orig
++++ sys/fs/smbfs/smbfs_vnops.c
+@@ -1044,7 +1044,7 @@
+ struct smbfattr fattr, *fap;
+ struct smb_cred *scred;
+ char *name = cnp->cn_nameptr;
+- int flags = cnp->cn_flags;
++ uint64_t flags = cnp->cn_flags;
+ int nameiop = cnp->cn_nameiop;
+ int nmlen = cnp->cn_namelen;
+ int error, islastcn, isdot;
+--- sys/fs/unionfs/union_vnops.c.orig
++++ sys/fs/unionfs/union_vnops.c
+@@ -76,14 +76,30 @@
+ KASSERT(((vp)->v_op == &unionfs_vnodeops), \
+ ("unionfs: it is not unionfs-vnode"))
+
++static bool
++unionfs_lookup_isroot(struct componentname *cnp, struct vnode *dvp)
++{
++ struct nameidata *ndp;
++
++ if (dvp == NULL)
++ return (false);
++ if ((dvp->v_vflag & VV_ROOT) != 0)
++ return (true);
++ ndp = lookup_nameidata(cnp);
++ if (ndp == NULL)
++ return (false);
++ return (lookup_isroot(ndp, dvp));
++}
++
+ static int
+ unionfs_lookup(struct vop_cachedlookup_args *ap)
+ {
+ int iswhiteout;
+ int lockflag;
+ int error , uerror, lerror;
++ uint64_t cnflags;
+ u_long nameiop;
+- u_long cnflags, cnflagsbk;
++ u_long cnflagsbk;
+ struct unionfs_node *dunp;
+ struct vnode *dvp, *udvp, *ldvp, *vp, *uvp, *lvp, *dtmpvp;
+ struct vattr va;
+@@ -124,6 +140,10 @@
+ if (LOOKUP != nameiop && udvp == NULLVP)
+ return (EROFS);
+
++ if (unionfs_lookup_isroot(cnp, udvp) ||
++ unionfs_lookup_isroot(cnp, ldvp))
++ return (ENOENT);
++
+ if (udvp != NULLVP) {
+ dtmpvp = udvp;
+ if (ldvp != NULLVP)
+--- sys/kern/uipc_mqueue.c.orig
++++ sys/kern/uipc_mqueue.c
+@@ -846,7 +846,8 @@
+ struct mqfs_node *pd;
+ struct mqfs_node *pn;
+ struct mqfs_info *mqfs;
+- int nameiop, flags, error, namelen;
++ uint64_t flags;
++ int nameiop, error, namelen;
+ char *pname;
+ struct thread *td;
+
+--- sys/kern/vfs_cache.c.orig
++++ sys/kern/vfs_cache.c
+@@ -4006,7 +4006,7 @@
+ */
+ struct nameidata_outer {
+ size_t ni_pathlen;
+- int cn_flags;
++ uint64_t cn_flags;
+ };
+
+ struct nameidata_saved {
+@@ -4292,7 +4292,7 @@
+ (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \
+ FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | SAVENAME | SAVESTART | \
+ WILLBEDIR | ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | \
+- WANTIOCTLCAPS)
++ WANTIOCTLCAPS | NAMEILOOKUP)
+
+ #define CACHE_FPL_INTERNAL_CN_FLAGS \
+ (ISDOTDOT | MAKEENTRY | ISLASTCN)
+@@ -5126,30 +5126,19 @@
+ cache_fplookup_dotdot(struct cache_fpl *fpl)
+ {
+ struct nameidata *ndp;
+- struct componentname *cnp;
+ struct namecache *ncp;
+ struct vnode *dvp;
+- struct prison *pr;
+ u_char nc_flag;
+
+ ndp = fpl->ndp;
+- cnp = fpl->cnp;
+ dvp = fpl->dvp;
+
+- MPASS(cache_fpl_isdotdot(cnp));
++ MPASS(cache_fpl_isdotdot(fpl->cnp));
+
+ /*
+ * XXX this is racy the same way regular lookup is
+ */
+- for (pr = cnp->cn_cred->cr_prison; pr != NULL;
+- pr = pr->pr_parent)
+- if (dvp == pr->pr_root)
+- break;
+-
+- if (dvp == ndp->ni_rootdir ||
+- dvp == ndp->ni_topdir ||
+- dvp == rootvnode ||
+- pr != NULL) {
++ if (lookup_isroot(ndp, dvp)) {
+ fpl->tvp = dvp;
+ fpl->tvp_seqc = vn_seqc_read_any(dvp);
+ if (seqc_in_modify(fpl->tvp_seqc)) {
+--- sys/kern/vfs_lookup.c.orig
++++ sys/kern/vfs_lookup.c
+@@ -530,12 +530,12 @@
+ cnp->cn_origflags = cnp->cn_flags;
+ #endif
+ ndp->ni_cnd.cn_cred = ndp->ni_cnd.cn_thread->td_ucred;
+- KASSERT(ndp->ni_resflags == 0, ("%s: garbage in ni_resflags: %x\n",
++ KASSERT(ndp->ni_resflags == 0, ("%s: garbage in ni_resflags: %x",
+ __func__, ndp->ni_resflags));
+ KASSERT(cnp->cn_cred && td->td_proc, ("namei: bad cred/proc"));
+ KASSERT((cnp->cn_flags & NAMEI_INTERNAL_FLAGS) == 0,
+- ("namei: unexpected flags: %" PRIx64 "\n",
+- cnp->cn_flags & NAMEI_INTERNAL_FLAGS));
++ ("namei: unexpected flags: %#jx",
++ (uintmax_t)(cnp->cn_flags & NAMEI_INTERNAL_FLAGS)));
+ if (cnp->cn_flags & NOCACHE)
+ KASSERT(cnp->cn_nameiop != LOOKUP,
+ ("%s: NOCACHE passed with LOOKUP", __func__));
+@@ -761,6 +761,31 @@
+ _Static_assert(MAXNAMLEN == NAME_MAX,
+ "MAXNAMLEN and NAME_MAX have different values");
+
++
++struct nameidata *
++lookup_nameidata(struct componentname *cnp)
++{
++ if ((cnp->cn_flags & NAMEILOOKUP) == 0)
++ return (NULL);
++ return (__containerof(cnp, struct nameidata, ni_cnd));
++}
++
++/*
++ * Would a dotdot lookup relative to dvp cause this lookup to cross a jail or
++ * chroot boundary?
++ */
++bool
++lookup_isroot(struct nameidata *ndp, struct vnode *dvp)
++{
++ for (struct prison *pr = ndp->ni_cnd.cn_cred->cr_prison; pr != NULL;
++ pr = pr->pr_parent) {
++ if (dvp == pr->pr_root)
++ return (true);
++ }
++ return (dvp == ndp->ni_rootdir || dvp == ndp->ni_topdir ||
++ dvp == rootvnode);
++}
++
+ /*
+ * Search a pathname.
+ * This is a very central and rather complicated routine.
+@@ -808,7 +833,6 @@
+ struct vnode *dp = NULL; /* the directory we are searching */
+ struct vnode *tdp; /* saved dp */
+ struct mount *mp; /* mount table entry */
+- struct prison *pr;
+ size_t prev_ni_pathlen; /* saved ndp->ni_pathlen */
+ int docache; /* == 0 do not cache last component */
+ int wantparent; /* 1 => wantparent or lockparent flag */
+@@ -1008,15 +1032,11 @@
+ goto bad;
+ }
+ for (;;) {
+- for (pr = cnp->cn_cred->cr_prison; pr != NULL;
+- pr = pr->pr_parent)
+- if (dp == pr->pr_root)
+- break;
+- bool isroot = dp == ndp->ni_rootdir ||
+- dp == ndp->ni_topdir || dp == rootvnode ||
+- pr != NULL;
+- if (isroot && (ndp->ni_lcf &
+- NI_LCF_STRICTRELATIVE) != 0) {
++ bool isroot;
++
++ isroot = lookup_isroot(ndp, dp);
++ if (__predict_false(isroot && (ndp->ni_lcf &
++ NI_LCF_STRICTRELATIVE) != 0)) {
+ error = ENOTCAPABLE;
+ goto capdotdot;
+ }
+--- sys/kern/vfs_vnops.c.orig
++++ sys/kern/vfs_vnops.c
+@@ -195,21 +195,26 @@
+ }
+
+ static uint64_t
+-open2nameif(int fmode, u_int vn_open_flags)
++open2nameif(int fmode, u_int vn_open_flags, uint64_t cn_flags)
+ {
+ uint64_t res;
+
+- res = ISOPEN | LOCKLEAF;
++ res = ISOPEN | LOCKLEAF | cn_flags;
+ if ((fmode & O_RESOLVE_BENEATH) != 0)
+ res |= RBENEATH;
+ if ((fmode & O_EMPTY_PATH) != 0)
+ res |= EMPTYPATH;
++ if ((fmode & O_NOFOLLOW) != 0)
++ res &= ~FOLLOW;
+ if ((vn_open_flags & VN_OPEN_NOAUDIT) == 0)
+ res |= AUDITVNODE1;
++ else
++ res &= ~AUDITVNODE1;
+ if ((vn_open_flags & VN_OPEN_NOCAPCHECK) != 0)
+ res |= NOCAPCHECK;
+ if ((vn_open_flags & VN_OPEN_WANTIOCTLCAPS) != 0)
+ res |= WANTIOCTLCAPS;
++
+ return (res);
+ }
+
+@@ -242,7 +247,9 @@
+ return (EINVAL);
+ else if ((fmode & (O_CREAT | O_DIRECTORY)) == O_CREAT) {
+ ndp->ni_cnd.cn_nameiop = CREATE;
+- ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags);
++ ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags,
++ ndp->ni_cnd.cn_flags);
++
+ /*
+ * Set NOCACHE to avoid flushing the cache when
+ * rolling in many files at once.
+@@ -251,8 +258,8 @@
+ * exist despite NOCACHE.
+ */
+ ndp->ni_cnd.cn_flags |= LOCKPARENT | NOCACHE | NC_KEEPPOSENTRY;
+- if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
+- ndp->ni_cnd.cn_flags |= FOLLOW;
++ if ((fmode & O_EXCL) != 0)
++ ndp->ni_cnd.cn_flags &= ~FOLLOW;
+ if ((vn_open_flags & VN_OPEN_INVFS) == 0)
+ bwillwrite();
+ if ((error = namei(ndp)) != 0)
+@@ -320,9 +327,8 @@
+ }
+ } else {
+ ndp->ni_cnd.cn_nameiop = LOOKUP;
+- ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags);
+- ndp->ni_cnd.cn_flags |= (fmode & O_NOFOLLOW) != 0 ? NOFOLLOW :
+- FOLLOW;
++ ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags,
++ ndp->ni_cnd.cn_flags);
+ if ((fmode & FWRITE) == 0)
+ ndp->ni_cnd.cn_flags |= LOCKSHARED;
+ if ((error = namei(ndp)) != 0)
+--- sys/sys/namei.h.orig
++++ sys/sys/namei.h
+@@ -154,6 +154,7 @@
+ #define LOCKSHARED 0x0100 /* Shared lock leaf */
+ #define NOFOLLOW 0x0000 /* do not follow symbolic links (pseudo) */
+ #define RBENEATH 0x100000000ULL /* No escape, even tmp, from start dir */
++#define NAMEILOOKUP 0x200000000ULL /* cnp is embedded in nameidata */
+ #define MODMASK 0xf000001ffULL /* mask of operational modifiers */
+
+ /*
+@@ -254,7 +255,7 @@
+ NDINIT_PREFILL(_ndp); \
+ NDINIT_DBG(_ndp); \
+ _ndp->ni_cnd.cn_nameiop = op; \
+- _ndp->ni_cnd.cn_flags = flags; \
++ _ndp->ni_cnd.cn_flags = (flags) | NAMEILOOKUP; \
+ _ndp->ni_segflg = segflg; \
+ _ndp->ni_dirp = namep; \
+ _ndp->ni_dirfd = dirfd; \
+@@ -271,6 +272,7 @@
+ filecaps_free(&_ndp->ni_filecaps); \
+ _ndp->ni_resflags = 0; \
+ _ndp->ni_startdir = NULL; \
++ _ndp->ni_cnd.cn_flags &= ~NAMEI_INTERNAL_FLAGS; \
+ } while (0)
+
+ #define NDPREINIT(ndp) do { \
+@@ -312,6 +314,8 @@
+
+ int namei(struct nameidata *ndp);
+ int lookup(struct nameidata *ndp);
++bool lookup_isroot(struct nameidata *ndp, struct vnode *dvp);
++struct nameidata *lookup_nameidata(struct componentname *cnp);
+ int relookup(struct vnode *dvp, struct vnode **vpp,
+ struct componentname *cnp);
+ #endif
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -13,6 +13,7 @@
+ ATF_TESTS_C+= kern_copyin
+ ATF_TESTS_C+= kern_descrip_test
+ ATF_TESTS_C+= fdgrowtable_test
++ATF_TESTS_C+= jail_lookup_root
+ ATF_TESTS_C+= kill_zombie
+ .if ${MK_OPENSSL} != "no"
+ ATF_TESTS_C+= ktls_test
+@@ -58,6 +59,10 @@
+ PROGS+= pdeathsig_helper
+ PROGS+= sendfile_helper
+
++.PATH: ${SRCTOP}/sbin/mount
++SRCS.jail_lookup_root+= jail_lookup_root.c getmntopts.c
++CFLAGS.jail_lookup_root+= -I${SRCTOP}/sbin/mount
++LIBADD.jail_lookup_root+= jail util
+ CFLAGS.sys_getrandom+= -I${SRCTOP}/sys/contrib/zstd/lib
+ LIBADD.sys_getrandom+= zstd
+ LIBADD.sys_getrandom+= c
+--- /dev/null
++++ tests/sys/kern/jail_lookup_root.c
+@@ -0,0 +1,133 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2025 Mark Johnston
++ */
++
++#include
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++
++#include
++
++static void
++mkdir_checked(const char *dir, mode_t mode)
++{
++ int error;
++
++ error = mkdir(dir, mode);
++ ATF_REQUIRE_MSG(error == 0 || errno == EEXIST,
++ "mkdir %s: %s", dir, strerror(errno));
++}
++
++static void __unused
++mount_nullfs(const char *dir, const char *target)
++{
++ struct iovec *iov;
++ char errmsg[1024];
++ int error, iovlen;
++
++ iov = NULL;
++ iovlen = 0;
++
++ build_iovec(&iov, &iovlen, __DECONST(char *, "fstype"),
++ __DECONST(char *, "nullfs"), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "fspath"),
++ __DECONST(char *, target), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "from"),
++ __DECONST(char *, dir), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "errmsg"),
++ errmsg, sizeof(errmsg));
++
++ errmsg[0] = '\0';
++ error = nmount(iov, iovlen, 0);
++ ATF_REQUIRE_MSG(error == 0, "nmount: %s",
++ errmsg[0] != '\0' ? errmsg : strerror(errno));
++
++ free_iovec(&iov, &iovlen);
++}
++
++ATF_TC_WITH_CLEANUP(jail_root);
++ATF_TC_HEAD(jail_root, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(jail_root, tc)
++{
++ int error, fd, jid;
++
++ mkdir_checked("./root", 0755);
++ mkdir_checked("./root/a", 0755);
++ mkdir_checked("./root/b", 0755);
++ mkdir_checked("./root/a/c", 0755);
++
++ jid = jail_setv(JAIL_CREATE | JAIL_ATTACH,
++ "name", "nullfs_jail_root_test",
++ "allow.mount", "true",
++ "allow.mount.nullfs", "true",
++ "enforce_statfs", "1",
++ "path", "./root",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid >= 0, "jail_setv: %s", jail_errmsg);
++
++ mount_nullfs("/a", "/b");
++
++ error = chdir("/b/c");
++ ATF_REQUIRE(error == 0);
++
++ error = rename("/a/c", "/c");
++ ATF_REQUIRE(error == 0);
++
++ /* Descending to the jail root should be ok. */
++ error = chdir("..");
++ ATF_REQUIRE(error == 0);
++
++ /* Going beyond the root will trigger an error. */
++ error = chdir("..");
++ ATF_REQUIRE_ERRNO(ENOENT, error != 0);
++ fd = open("..", O_RDONLY | O_DIRECTORY);
++ ATF_REQUIRE_ERRNO(ENOENT, fd < 0);
++}
++ATF_TC_CLEANUP(jail_root, tc)
++{
++ struct statfs fs;
++ fsid_t fsid;
++ int error, jid;
++
++ error = statfs("./root/b", &fs);
++ if (error != 0)
++ err(1, "statfs ./b");
++ fsid = fs.f_fsid;
++ error = statfs("./root", &fs);
++ if (error != 0)
++ err(1, "statfs ./root");
++ if (fsid.val[0] != fs.f_fsid.val[0] ||
++ fsid.val[1] != fs.f_fsid.val[1]) {
++ error = unmount("./root/b", 0);
++ if (error != 0)
++ err(1, "unmount ./root/b");
++ }
++
++ jid = jail_getid("nullfs_jail_root_test");
++ if (jid >= 0) {
++ error = jail_remove(jid);
++ if (error != 0)
++ err(1, "jail_remove");
++ }
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++ ATF_TP_ADD_TC(tp, jail_root);
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:02/jail-13.patch.asc b/website/static/security/patches/SA-26:02/jail-13.patch.asc
new file mode 100644
index 0000000000..a968ffbf0d
--- /dev/null
+++ b/website/static/security/patches/SA-26:02/jail-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NVgACgkQbljekB8A
+Gu8CDw/+JpjJVV0juv2j4rjtk0M4teqTSmKOfbRlHvAZNnmxV7bzfnF3yZZG3y25
+kLt0VPMkvJrZJezqGlgcQeGNoHxHAX7XMOqKCvHgK+8v6wUaHweiQbrKQl5E9byC
+eYPWlBvhqa09JJ8JDb1oC5hEW6uGFxqORnIpC2cqSQfZtamL17YVQhMOvHmQc62w
+gjPQFJUMuQ7mbRn5ZLI7r9IfRsHuWMysi5FGn8tMHCjppZbqCLOgSpAb7sFQFtkF
+7M19GRTZRyr/Lp6W2OEYGUZy34qhwV4mfQfaTfSS+5h3oLZlvWsDH2vXeI/+fvIw
+21/KmwJ+jY5e6mPSSp0hxss+pQF0bpkD3azlQtNmYjCglxuOF+euQMwvYIGfVpiM
+cICAMx79Z5suVbefq4yM3dq0KWD1Yet3QXswtxYpB7PtH1G9dA0Eqbdb5gfhg/2e
+OcLGzwS4/mjHHh0P92blzQtc5MTIY9fj1ncCkBXRMVelfAp5eQFkfpsdDDfXCwO+
+eOXMx13ZdGM7LtepfOeece82mVHJPJxFsTobKRSiw/O6iXw2cVwtRvhoyrqapi7Z
+0ih+IAex4P/2fUM6jS6tJ32TFyl9XmkY45Qb/FTHOH+x7O3wUXIOHNIPyjQO4uOP
+R4stALBCE0IBGTwpYdZzaDTOiT1ggBFalxIbFVxHATM4d+vjipA=
+=hFiD
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:02/jail-14.patch b/website/static/security/patches/SA-26:02/jail-14.patch
new file mode 100644
index 0000000000..d2f5b59000
--- /dev/null
+++ b/website/static/security/patches/SA-26:02/jail-14.patch
@@ -0,0 +1,498 @@
+--- sys/fs/nullfs/null_vnops.c.orig
++++ sys/fs/nullfs/null_vnops.c
+@@ -389,7 +389,7 @@
+ {
+ struct componentname *cnp = ap->a_cnp;
+ struct vnode *dvp = ap->a_dvp;
+- int flags = cnp->cn_flags;
++ uint64_t flags = cnp->cn_flags;
+ struct vnode *vp, *ldvp, *lvp;
+ struct mount *mp;
+ int error;
+@@ -407,17 +407,25 @@
+
+ /*
+ * Renames in the lower mounts might create an inconsistent
+- * configuration where lower vnode is moved out of the
+- * directory tree remounted by our null mount. Do not try to
+- * handle it fancy, just avoid VOP_LOOKUP() with DOTDOT name
+- * which cannot be handled by VOP, at least passing over lower
+- * root.
++ * configuration where lower vnode is moved out of the directory tree
++ * remounted by our null mount.
++ *
++ * Do not try to handle it fancy, just avoid VOP_LOOKUP() with DOTDOT
++ * name which cannot be handled by the VOP.
+ */
+- if ((ldvp->v_vflag & VV_ROOT) != 0 && (flags & ISDOTDOT) != 0) {
+- KASSERT((dvp->v_vflag & VV_ROOT) == 0,
+- ("ldvp %p fl %#x dvp %p fl %#x flags %#x",
+- ldvp, ldvp->v_vflag, dvp, dvp->v_vflag, flags));
+- return (ENOENT);
++ if ((flags & ISDOTDOT) != 0) {
++ struct nameidata *ndp;
++
++ if ((ldvp->v_vflag & VV_ROOT) != 0) {
++ KASSERT((dvp->v_vflag & VV_ROOT) == 0,
++ ("ldvp %p fl %#x dvp %p fl %#x flags %#jx",
++ ldvp, ldvp->v_vflag, dvp, dvp->v_vflag,
++ (uintmax_t)flags));
++ return (ENOENT);
++ }
++ ndp = vfs_lookup_nameidata(cnp);
++ if (ndp != NULL && vfs_lookup_isroot(ndp, ldvp))
++ return (ENOENT);
+ }
+
+ /*
+--- sys/fs/unionfs/union_vnops.c.orig
++++ sys/fs/unionfs/union_vnops.c
+@@ -78,6 +78,21 @@
+ VNASSERT(((vp)->v_op == &unionfs_vnodeops), vp, \
+ ("%s: non-unionfs vnode", __func__))
+
++static bool
++unionfs_lookup_isroot(struct componentname *cnp, struct vnode *dvp)
++{
++ struct nameidata *ndp;
++
++ if (dvp == NULL)
++ return (false);
++ if ((dvp->v_vflag & VV_ROOT) != 0)
++ return (true);
++ ndp = vfs_lookup_nameidata(cnp);
++ if (ndp == NULL)
++ return (false);
++ return (vfs_lookup_isroot(ndp, dvp));
++}
++
+ static int
+ unionfs_lookup(struct vop_cachedlookup_args *ap)
+ {
+@@ -128,6 +143,12 @@
+ if (LOOKUP != nameiop && udvp == NULLVP)
+ return (EROFS);
+
++ if (unionfs_lookup_isroot(cnp, udvp) ||
++ unionfs_lookup_isroot(cnp, ldvp)) {
++ error = ENOENT;
++ goto unionfs_lookup_return;
++ }
++
+ if (udvp != NULLVP) {
+ dtmpvp = udvp;
+ if (ldvp != NULLVP)
+--- sys/kern/vfs_cache.c.orig
++++ sys/kern/vfs_cache.c
+@@ -4373,7 +4373,7 @@
+ (NC_NOMAKEENTRY | NC_KEEPPOSENTRY | LOCKLEAF | LOCKPARENT | WANTPARENT | \
+ FAILIFEXISTS | FOLLOW | EMPTYPATH | LOCKSHARED | ISRESTARTED | WILLBEDIR | \
+ ISOPEN | NOMACCHECK | AUDITVNODE1 | AUDITVNODE2 | NOCAPCHECK | OPENREAD | \
+- OPENWRITE | WANTIOCTLCAPS)
++ OPENWRITE | WANTIOCTLCAPS | NAMEILOOKUP)
+
+ #define CACHE_FPL_INTERNAL_CN_FLAGS \
+ (ISDOTDOT | MAKEENTRY | ISLASTCN)
+@@ -5186,30 +5186,19 @@
+ cache_fplookup_dotdot(struct cache_fpl *fpl)
+ {
+ struct nameidata *ndp;
+- struct componentname *cnp;
+ struct namecache *ncp;
+ struct vnode *dvp;
+- struct prison *pr;
+ u_char nc_flag;
+
+ ndp = fpl->ndp;
+- cnp = fpl->cnp;
+ dvp = fpl->dvp;
+
+- MPASS(cache_fpl_isdotdot(cnp));
++ MPASS(cache_fpl_isdotdot(fpl->cnp));
+
+ /*
+ * XXX this is racy the same way regular lookup is
+ */
+- for (pr = cnp->cn_cred->cr_prison; pr != NULL;
+- pr = pr->pr_parent)
+- if (dvp == pr->pr_root)
+- break;
+-
+- if (dvp == ndp->ni_rootdir ||
+- dvp == ndp->ni_topdir ||
+- dvp == rootvnode ||
+- pr != NULL) {
++ if (vfs_lookup_isroot(ndp, dvp)) {
+ fpl->tvp = dvp;
+ fpl->tvp_seqc = vn_seqc_read_any(dvp);
+ if (seqc_in_modify(fpl->tvp_seqc)) {
+--- sys/kern/vfs_lookup.c.orig
++++ sys/kern/vfs_lookup.c
+@@ -612,12 +612,12 @@
+ }
+ #endif
+ ndp->ni_cnd.cn_cred = td->td_ucred;
+- KASSERT(ndp->ni_resflags == 0, ("%s: garbage in ni_resflags: %x\n",
++ KASSERT(ndp->ni_resflags == 0, ("%s: garbage in ni_resflags: %x",
+ __func__, ndp->ni_resflags));
+ KASSERT(cnp->cn_cred && td->td_proc, ("namei: bad cred/proc"));
+ KASSERT((cnp->cn_flags & NAMEI_INTERNAL_FLAGS) == 0,
+- ("namei: unexpected flags: %" PRIx64 "\n",
+- cnp->cn_flags & NAMEI_INTERNAL_FLAGS));
++ ("namei: unexpected flags: %#jx",
++ (uintmax_t)(cnp->cn_flags & NAMEI_INTERNAL_FLAGS)));
+ if (cnp->cn_flags & NOCACHE)
+ KASSERT(cnp->cn_nameiop != LOOKUP,
+ ("%s: NOCACHE passed with LOOKUP", __func__));
+@@ -863,6 +863,30 @@
+ return (error);
+ }
+
++struct nameidata *
++vfs_lookup_nameidata(struct componentname *cnp)
++{
++ if ((cnp->cn_flags & NAMEILOOKUP) == 0)
++ return (NULL);
++ return (__containerof(cnp, struct nameidata, ni_cnd));
++}
++
++/*
++ * Would a dotdot lookup relative to dvp cause this lookup to cross a jail or
++ * chroot boundary?
++ */
++bool
++vfs_lookup_isroot(struct nameidata *ndp, struct vnode *dvp)
++{
++ for (struct prison *pr = ndp->ni_cnd.cn_cred->cr_prison; pr != NULL;
++ pr = pr->pr_parent) {
++ if (dvp == pr->pr_root)
++ return (true);
++ }
++ return (dvp == ndp->ni_rootdir || dvp == ndp->ni_topdir ||
++ dvp == rootvnode);
++}
++
+ /*
+ * FAILIFEXISTS handling.
+ *
+@@ -1021,7 +1045,6 @@
+ char *lastchar; /* location of the last character */
+ struct vnode *dp = NULL; /* the directory we are searching */
+ struct vnode *tdp; /* saved dp */
+- struct prison *pr;
+ size_t prev_ni_pathlen; /* saved ndp->ni_pathlen */
+ int docache; /* == 0 do not cache last component */
+ int wantparent; /* 1 => wantparent or lockparent flag */
+@@ -1207,13 +1230,9 @@
+ goto bad;
+ }
+ for (;;) {
+- for (pr = cnp->cn_cred->cr_prison; pr != NULL;
+- pr = pr->pr_parent)
+- if (dp == pr->pr_root)
+- break;
+- bool isroot = dp == ndp->ni_rootdir ||
+- dp == ndp->ni_topdir || dp == rootvnode ||
+- pr != NULL;
++ bool isroot;
++
++ isroot = vfs_lookup_isroot(ndp, dp);
+ if (__predict_false(isroot && (ndp->ni_lcf &
+ (NI_LCF_STRICTREL | NI_LCF_STRICTREL_KTR)) != 0)) {
+ if ((ndp->ni_lcf & NI_LCF_STRICTREL_KTR) != 0)
+--- sys/kern/vfs_vnops.c.orig
++++ sys/kern/vfs_vnops.c
+@@ -197,11 +197,11 @@
+ }
+
+ static uint64_t
+-open2nameif(int fmode, u_int vn_open_flags)
++open2nameif(int fmode, u_int vn_open_flags, uint64_t cn_flags)
+ {
+ uint64_t res;
+
+- res = ISOPEN | LOCKLEAF;
++ res = ISOPEN | LOCKLEAF | cn_flags;
+ if ((fmode & O_RESOLVE_BENEATH) != 0)
+ res |= RBENEATH;
+ if ((fmode & O_EMPTY_PATH) != 0)
+@@ -210,12 +210,17 @@
+ res |= OPENREAD;
+ if ((fmode & FWRITE) != 0)
+ res |= OPENWRITE;
++ if ((fmode & O_NOFOLLOW) != 0)
++ res &= ~FOLLOW;
+ if ((vn_open_flags & VN_OPEN_NOAUDIT) == 0)
+ res |= AUDITVNODE1;
++ else
++ res &= ~AUDITVNODE1;
+ if ((vn_open_flags & VN_OPEN_NOCAPCHECK) != 0)
+ res |= NOCAPCHECK;
+ if ((vn_open_flags & VN_OPEN_WANTIOCTLCAPS) != 0)
+ res |= WANTIOCTLCAPS;
++
+ return (res);
+ }
+
+@@ -247,7 +252,9 @@
+ return (EINVAL);
+ else if ((fmode & (O_CREAT | O_DIRECTORY)) == O_CREAT) {
+ ndp->ni_cnd.cn_nameiop = CREATE;
+- ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags);
++ ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags,
++ ndp->ni_cnd.cn_flags);
++
+ /*
+ * Set NOCACHE to avoid flushing the cache when
+ * rolling in many files at once.
+@@ -256,8 +263,8 @@
+ * exist despite NOCACHE.
+ */
+ ndp->ni_cnd.cn_flags |= LOCKPARENT | NOCACHE | NC_KEEPPOSENTRY;
+- if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
+- ndp->ni_cnd.cn_flags |= FOLLOW;
++ if ((fmode & O_EXCL) != 0)
++ ndp->ni_cnd.cn_flags &= ~FOLLOW;
+ if ((vn_open_flags & VN_OPEN_INVFS) == 0)
+ bwillwrite();
+ if ((error = namei(ndp)) != 0)
+@@ -325,9 +332,8 @@
+ }
+ } else {
+ ndp->ni_cnd.cn_nameiop = LOOKUP;
+- ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags);
+- ndp->ni_cnd.cn_flags |= (fmode & O_NOFOLLOW) != 0 ? NOFOLLOW :
+- FOLLOW;
++ ndp->ni_cnd.cn_flags = open2nameif(fmode, vn_open_flags,
++ ndp->ni_cnd.cn_flags);
+ if ((fmode & FWRITE) == 0)
+ ndp->ni_cnd.cn_flags |= LOCKSHARED;
+ if ((error = namei(ndp)) != 0)
+--- sys/sys/namei.h.orig
++++ sys/sys/namei.h
+@@ -152,6 +152,7 @@
+ #define LOCKSHARED 0x0100 /* Shared lock leaf */
+ #define NOFOLLOW 0x0000 /* do not follow symbolic links (pseudo) */
+ #define RBENEATH 0x100000000ULL /* No escape, even tmp, from start dir */
++#define NAMEILOOKUP 0x200000000ULL /* cnp is embedded in nameidata */
+ #define MODMASK 0xf000001ffULL /* mask of operational modifiers */
+
+ /*
+@@ -248,7 +249,7 @@
+ NDINIT_PREFILL(_ndp); \
+ NDINIT_DBG(_ndp); \
+ _ndp->ni_cnd.cn_nameiop = op; \
+- _ndp->ni_cnd.cn_flags = flags; \
++ _ndp->ni_cnd.cn_flags = (flags) | NAMEILOOKUP; \
+ _ndp->ni_segflg = segflg; \
+ _ndp->ni_dirp = namep; \
+ _ndp->ni_dirfd = dirfd; \
+@@ -264,6 +265,7 @@
+ filecaps_free(&_ndp->ni_filecaps); \
+ _ndp->ni_resflags = 0; \
+ _ndp->ni_startdir = NULL; \
++ _ndp->ni_cnd.cn_flags &= ~NAMEI_INTERNAL_FLAGS; \
+ } while (0)
+
+ #define NDPREINIT(ndp) do { \
+@@ -285,6 +287,8 @@
+
+ int namei(struct nameidata *ndp);
+ int vfs_lookup(struct nameidata *ndp);
++bool vfs_lookup_isroot(struct nameidata *ndp, struct vnode *dvp);
++struct nameidata *vfs_lookup_nameidata(struct componentname *cnp);
+ int vfs_relookup(struct vnode *dvp, struct vnode **vpp,
+ struct componentname *cnp, bool refstart);
+
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -17,6 +17,7 @@
+ ATF_TESTS_C+= kern_copyin
+ ATF_TESTS_C+= kern_descrip_test
+ ATF_TESTS_C+= fdgrowtable_test
++ATF_TESTS_C+= jail_lookup_root
+ ATF_TESTS_C+= kill_zombie
+ .if ${MK_OPENSSL} != "no"
+ ATF_TESTS_C+= ktls_test
+@@ -69,6 +70,7 @@
+ PROGS+= pdeathsig_helper
+ PROGS+= sendfile_helper
+
++LIBADD.jail_lookup_root+= jail util
+ CFLAGS.sys_getrandom+= -I${SRCTOP}/sys/contrib/zstd/lib
+ LIBADD.sys_getrandom+= zstd
+ LIBADD.sys_getrandom+= c
+--- /dev/null
++++ tests/sys/kern/jail_lookup_root.c
+@@ -0,0 +1,171 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2025 Mark Johnston
++ */
++
++#include
++#include
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++#include
++#include
++
++#include
++
++static void
++build_iovec(struct iovec **iov, int *iovlen, const char *name, void *val,
++ size_t len)
++{
++ int i;
++
++ if (*iovlen < 0)
++ return;
++ i = *iovlen;
++ *iov = realloc(*iov, sizeof **iov * (i + 2));
++ if (*iov == NULL) {
++ *iovlen = -1;
++ return;
++ }
++ (*iov)[i].iov_base = strdup(name);
++ (*iov)[i].iov_len = strlen(name) + 1;
++ i++;
++ (*iov)[i].iov_base = val;
++ if (len == (size_t)-1) {
++ if (val != NULL)
++ len = strlen(val) + 1;
++ else
++ len = 0;
++ }
++ (*iov)[i].iov_len = (int)len;
++ *iovlen = ++i;
++}
++
++static void
++free_iovec(struct iovec **iov, int *iovlen)
++{
++ int i;
++
++ for (i = 0; i < *iovlen; i += 2)
++ free((*iov)[i].iov_base);
++ free(*iov);
++}
++
++static void
++mkdir_checked(const char *dir, mode_t mode)
++{
++ int error;
++
++ error = mkdir(dir, mode);
++ ATF_REQUIRE_MSG(error == 0 || errno == EEXIST,
++ "mkdir %s: %s", dir, strerror(errno));
++}
++
++static void __unused
++mount_nullfs(const char *dir, const char *target)
++{
++ struct iovec *iov;
++ char errmsg[1024];
++ int error, iovlen;
++
++ iov = NULL;
++ iovlen = 0;
++
++ build_iovec(&iov, &iovlen, __DECONST(char *, "fstype"),
++ __DECONST(char *, "nullfs"), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "fspath"),
++ __DECONST(char *, target), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "from"),
++ __DECONST(char *, dir), (size_t)-1);
++ build_iovec(&iov, &iovlen, __DECONST(char *, "errmsg"),
++ errmsg, sizeof(errmsg));
++
++ errmsg[0] = '\0';
++ error = nmount(iov, iovlen, 0);
++ ATF_REQUIRE_MSG(error == 0, "nmount: %s",
++ errmsg[0] != '\0' ? errmsg : strerror(errno));
++
++ free_iovec(&iov, &iovlen);
++}
++
++ATF_TC_WITH_CLEANUP(jail_root);
++ATF_TC_HEAD(jail_root, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(jail_root, tc)
++{
++ int error, fd, jid;
++
++ mkdir_checked("./root", 0755);
++ mkdir_checked("./root/a", 0755);
++ mkdir_checked("./root/b", 0755);
++ mkdir_checked("./root/a/c", 0755);
++
++ jid = jail_setv(JAIL_CREATE | JAIL_ATTACH,
++ "name", "nullfs_jail_root_test",
++ "allow.mount", "true",
++ "allow.mount.nullfs", "true",
++ "enforce_statfs", "1",
++ "path", "./root",
++ "persist", NULL,
++ NULL);
++ ATF_REQUIRE_MSG(jid >= 0, "jail_setv: %s", jail_errmsg);
++
++ mount_nullfs("/a", "/b");
++
++ error = chdir("/b/c");
++ ATF_REQUIRE(error == 0);
++
++ error = rename("/a/c", "/c");
++ ATF_REQUIRE(error == 0);
++
++ /* Descending to the jail root should be ok. */
++ error = chdir("..");
++ ATF_REQUIRE(error == 0);
++
++ /* Going beyond the root will trigger an error. */
++ error = chdir("..");
++ ATF_REQUIRE_ERRNO(ENOENT, error != 0);
++ fd = open("..", O_RDONLY | O_DIRECTORY);
++ ATF_REQUIRE_ERRNO(ENOENT, fd < 0);
++}
++ATF_TC_CLEANUP(jail_root, tc)
++{
++ struct statfs fs;
++ fsid_t fsid;
++ int error, jid;
++
++ error = statfs("./root/b", &fs);
++ if (error != 0)
++ err(1, "statfs ./b");
++ fsid = fs.f_fsid;
++ error = statfs("./root", &fs);
++ if (error != 0)
++ err(1, "statfs ./root");
++ if (fsid.val[0] != fs.f_fsid.val[0] ||
++ fsid.val[1] != fs.f_fsid.val[1]) {
++ error = unmount("./root/b", 0);
++ if (error != 0)
++ err(1, "unmount ./root/b");
++ }
++
++ jid = jail_getid("nullfs_jail_root_test");
++ if (jid >= 0) {
++ error = jail_remove(jid);
++ if (error != 0)
++ err(1, "jail_remove");
++ }
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++ ATF_TP_ADD_TC(tp, jail_root);
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:02/jail-14.patch.asc b/website/static/security/patches/SA-26:02/jail-14.patch.asc
new file mode 100644
index 0000000000..8097e1daa9
--- /dev/null
+++ b/website/static/security/patches/SA-26:02/jail-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAml5NVkACgkQbljekB8A
+Gu8V0A//WSveX+D5Il4CNAKQuwaiPEudPSI709NvCkB3KMyQylh2R1Y2bCh/dviI
+GgffBznKFGkVPlgEt9jkgDsYbOYRMnCJcGcxHFhKJAYmj1EQv6JyMRUgL1o5NRx1
+40J/7pW2HdfYlUFWXUoM3EW1s8TiG7JeiZQbO58kh00HlactjaNaltteVqeIanxB
+iCX1vaGY8Ld/Spzwpp2O2VbegP7aaZVIrdVqeWOi1upCUGKpVmONo/WmIr6gBnVw
+iXutQ7PttvaoXH8e/amKizkRfNC3t3cJu56BCjWmXBkf/xwu/kIjLzTWaOqqyGTJ
+DZmSij5VMpNWWSYyipQUSV5NepgF/09exmpSWauZtwZvFjbi53bMTPvKzr1Sr0Nf
+XdFhP5IozGu5sXDbRbVlRZukLb3B1WqrW79ZF0rB8c/fv94JF+cCGEM8rrHQMaQD
+Jfn8B9Tbcl0NLF7dEcuo63z01of9fXG/N/PZnHtRwcHoHFRVSZl+cLVuDcUVhd+T
+FJ/0O6HmQ+js59qqDIEDpbgEpX8QBbuWObikVc4yMzRWwKE3NHgRykIpMey/HnQ5
+AyveEies/1zXzYJ/d43LvVgHRmnzAo3XvkrKv+Xvnmak0Msqn43UYLOb+OjajUOG
+Pk3rngu7uvcWHKR+53JRlt3YHnHhXMk3TA2MgWqX3Ot4cNJkrak=
+=n9LM
+-----END PGP SIGNATURE-----