diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 3c30ea9bd5..1a44fe400f 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2887 +1,2915 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:24.cap_net"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:23.bsdinstall"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:22.libcasper"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:21.ptrace"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:20.fusefs"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:19.file"
+date = "2026-05-20"
+
+[[advisories]]
+name = "FreeBSD-SA-26:18.setcred"
+date = "2026-05-20"
+
[[advisories]]
name = "FreeBSD-SA-26:17.libnv"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:16.libnv"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:15.dhclient"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:14.pf"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:13.exec"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:12.dhclient"
date = "2026-04-29"
[[advisories]]
name = "FreeBSD-SA-26:11.amd64"
date = "2026-04-21"
[[advisories]]
name = "FreeBSD-SA-26:10.tty"
date = "2026-04-21"
[[advisories]]
name = "FreeBSD-SA-26:09.pf"
date = "2026-03-26"
[[advisories]]
name = "FreeBSD-SA-26:08.rpcsec_gss"
date = "2026-03-26"
[[advisories]]
name = "FreeBSD-SA-26:07.nvmf"
date = "2026-03-26"
[[advisories]]
name = "FreeBSD-SA-26:06.tcp"
date = "2026-03-26"
[[advisories]]
name = "FreeBSD-SA-26:05.route"
date = "2026-02-24"
[[advisories]]
name = "FreeBSD-SA-26:04.jail"
date = "2026-02-24"
[[advisories]]
name = "FreeBSD-SA-26:03.blocklistd"
date = "2026-02-10"
[[advisories]]
name = "FreeBSD-SA-26:02.jail"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-26:01.openssl"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-25:12.rtsold"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:11.ipfw"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:10.unbound"
date = "2025-11-26"
[[advisories]]
name = "FreeBSD-SA-25:09.netinet"
date = "2025-10-22"
[[advisories]]
name = "FreeBSD-SA-25:08.openssl"
date = "2025-09-30"
[[advisories]]
name = "FreeBSD-SA-25:07.libarchive"
date = "2025-08-08"
[[advisories]]
name = "FreeBSD-SA-25:06.xz"
date = "2025-07-02"
[[advisories]]
name = "FreeBSD-SA-25:05.openssh"
date = "2025-02-21"
[[advisories]]
name = "FreeBSD-SA-25:04.ktrace"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:03.etcupdate"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:02.fs"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:01.openssh"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-24:19.fetch"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:18.ctl"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:17.bhyve"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:16.libnv"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:15.bhyve"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:14.umtx"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:13.openssl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:12.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:11.ctl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:10.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:09.libnv"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:08.openssh"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:07.nfsclient"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:06.ktrace"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:05.pf"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 494f54d35d..6cb37b7b15 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,1115 +1,1119 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-26:13.freebsd-update"
+date = "2026-05-20"
+
[[notices]]
name = "FreeBSD-EN-26:12.freebsd-update"
date = "2026-05-01"
[[notices]]
name = "FreeBSD-EN-26:11.dhclient"
date = "2026-05-01"
[[notices]]
name = "FreeBSD-EN-26:10.amd64"
date = "2026-04-29"
[[notices]]
name = "FreeBSD-EN-26:09.tzdata"
date = "2026-04-29"
[[notices]]
name = "FreeBSD-EN-26:08.pf"
date = "2026-04-29"
[[notices]]
name = "FreeBSD-EN-26:07.pkgbase"
date = "2026-04-21"
[[notices]]
name = "FreeBSD-EN-26:06.timerfd"
date = "2026-04-21"
[[notices]]
name = "FreeBSD-EN-26:05.vm"
date = "2026-04-21"
[[notices]]
name = "FreeBSD-EN-26:04.arm64"
date = "2026-02-10"
[[notices]]
name = "FreeBSD-EN-26:03.vm"
date = "2026-01-27"
[[notices]]
name = "FreeBSD-EN-26:02.arm64"
date = "2026-01-27"
[[notices]]
name = "FreeBSD-EN-26:01.devinfo"
date = "2026-01-27"
[[notices]]
name = "FreeBSD-EN-25:20.vmm"
date = "2025-12-16"
[[notices]]
name = "FreeBSD-EN-25:19.zfs"
date = "2025-12-16"
[[notices]]
name = "FreeBSD-EN-25:18.freebsd-update"
date = "2025-09-30"
[[notices]]
name = "FreeBSD-EN-25:17.bnxt"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:16.vfs"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:15.arm64"
date = "2025-09-16"
[[notices]]
name = "FreeBSD-EN-25:14.route"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:13.wlan_tkip"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:12.efi"
date = "2025-08-08"
[[notices]]
name = "FreeBSD-EN-25:11.ena"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:10.zfs"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:09.libc"
date = "2025-07-02"
[[notices]]
name = "FreeBSD-EN-25:08.caroot"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:07.openssl"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:06.daemon"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:05.expat"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:04.tzdata"
date = "2025-04-10"
[[notices]]
name = "FreeBSD-EN-25:03.tzdata"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-25:02.audit"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-25:01.rpc"
date = "2025-01-29"
[[notices]]
name = "FreeBSD-EN-24:17.pam_xdg"
date = "2024-10-29"
[[notices]]
name = "FreeBSD-EN-24:16.pf"
date = "2024-09-19"
[[notices]]
name = "FreeBSD-EN-24:15.calendar"
date = "2024-09-04"
[[notices]]
name = "FreeBSD-EN-24:14.ifconfig"
date = "2024-08-07"
[[notices]]
name = "FreeBSD-EN-24:13.libc++"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:12.killpg"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:11.ldns"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:10.zfs"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:09.zfs"
date = "2024-04-24"
[[notices]]
name = "FreeBSD-EN-24:08.kerberos"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:07.clang"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:06.wireguard"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:05.tty"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:04.ip"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:03.kqueue"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:02.libutil"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:01.tzdata"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-23:22.vfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:21.tty"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:20.vm"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:19.pkgbase"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:18.openzfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:17.ossl"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-26:13.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-26:13.freebsd-update.asc
new file mode 100644
index 0000000000..6369b75b23
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-26:13.freebsd-update.asc
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-26:13.freebsd-update Errata Notice
+ The FreeBSD Project
+
+Topic: freebsd-update attempts to merge a generated file
+
+Category: core
+Module: freebsd-update
+Announced: 2026-05-20
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-19 13:59:37 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:27 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-19 13:59:57 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:39:53 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:31 UTC (releng/14.3, 14.3-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The freebsd-update utility is used both to apply binary updates for security
+advisories and errata notices, and to upgrade from one FreeBSD release to
+another.
+
+In the latter scenario, when it detects local changes to a configuration file
+which is affected by the upgrade, freebsd-update will perform a three-way
+merge and prompt the user to manually resolve any conflicts between local and
+incoming changes.
+
+The certctl utility has been used since FreeBSD 12.0 to manage a hashed
+directory of root certificates for use when validating TLS server
+certificates. Since FreeBSD 15.0, certctl also maintains a bundle for the
+benefit of applications which either do not support the hashed directory
+format or need to preload the trust store prior to entering capability mode,
+a chroot, or similar.
+
+II. Problem Description
+
+When upgrading from FreeBSD 15.0 to FreeBSD 15.1, freebsd-update incorrectly
+treats the certificate bundle /etc/ssl/cert.pem as a configuration file. In
+most cases, the three-way merge results in conflicts which the user is then
+asked to resolve. The bundle is not human-readable, and merging it serves no
+purpose since freebsd-update regenerates the entire certificate store at the
+end of the upgrade.
+
+When upgrading from an older FreeBSD release to FreeBSD 15.0 or 15.1, if
+/etc/ssl/cert.pem is present (e.g. as provided by the ETCSYMLINK option of
+the security/ca_root_nss port, or manually created by an administrator),
+freebsd-update will emit a non-fatal error message and pause until the user
+acknowledges the message.
+
+III. Impact
+
+Users upgrading from 15.0 to 15.1 may be presented with one or more merge
+conflicts in thousands of lines of Base64-encoded ASN.1 data.
+
+Users upgrading from older releases to 15.0 or 15.1 may encounter a non-fatal
+error message with no clear resolution, reducing user confidence in the
+upgrade process.
+
+IV. Workaround
+
+If prompted to resolve conflicts, exit the editor and force freebsd-update
+to accept the unmerged file by typing "ACCEPT" (all upper-case, without the
+quotes). The bundle will be regenerated at the end of the upgrade process
+and the system will be fully functional.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+
+2) To update your system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-26:13/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-26:13/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ b97f143b6ca9 stable/15-n283610
+releng/15.0/ 2709755d39f5 releng/15.0-n281037
+stable/14/ 7d9c1d3895b3 stable/14-n274144
+releng/14.4/ 081a9e933033 releng/14.4-n273701
+releng/14.3/ a1b3818746e3 releng/14.3-n271501
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKGEbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvgJQP/RY20Qr2cM3gsEsVSt5+
+xXS/yCXu+IZq/ALOzw4RvqzdqvVzlA3U2VgSXpucnkrV0rABc7yxLbmvTVj6GOG7
+yvKXSmV58akQoUbnOtwHZF4x+4A9+Y3BzGIWUrzh014ll4MyhGw/4ekFiu36J0Mg
+QBDPkAy+3jrCTE3i2aAF1w1gLYdyIfDwGYQHqpPCsMmGhHuleogGqmhc5pH2J30g
+fPRLe8a4njizX5aT15TZvo6U5sQC6tll4DBUqTWh6k49XxSELKQwYgXhqhespI++
+yZ327VPwkVgaYI0C96LCV5SVB811BvFAKXKzjItKOWpJyg6HpB8hiSEubqlWW7zX
+vltqLyf8qe15wZPvrs1kgX2kH9ZJXYwJ9W5z5kY8sk/DCYos+bxtEQ47CU5u6/nF
+h01i3mAwOdh0/br7Y7hRS4eekNg9XUpu9dakJdhpJjbRylS6I6wK/C/f89L+qmgP
+4jq20TCFHQ2riVHxhOG3nSGkP+5CsIUnjg94x/EKK9xA9DZb0D5/Vy+hQYhJ5qza
+q5TKkv72vb32LKFKvzXXJbCrRlJr6bmCOMXYRGZwDzKzfd5jrVwzlIfooiaQ28bj
+g2egNBCe69H0SboydGi6J4yciBn3TeBHilfPuDLxs2eRZmYFd4wVD4wnigsysL2J
+JETeDqmCxDDqbzhIYf3XL7Pt
+=zyAg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:18.setcred.asc b/website/static/security/advisories/FreeBSD-SA-26:18.setcred.asc
new file mode 100644
index 0000000000..2b0e4d6640
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:18.setcred.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:18.setcred Security Advisory
+ The FreeBSD Project
+
+Topic: Stack buffer overflow via setcred(2)
+
+Category: core
+Module: setcred
+Announced: 2026-05-20
+Credits: Ryan of Calif.io
+Credits: Przemyslaw Frasunek
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-01-06 13:34:30 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:28 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:37:54 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:39:54 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:32 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45250
+
+This vulnerability was independently reported by multiple parties prior to
+publication.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+System calls are the programmatic interface through which user-space
+processes request services from the operating system kernel, providing a
+controlled boundary between unprivileged application code and privileged
+kernel operations.
+
+setcred(2) is a system call which enables a privileged process to atomically
+set its full credential set, including the real, effective, and saved user
+and group identifiers, as well as the list of supplementary groups. It is
+intended for use by programs such as login(1) and PAM(3)-aware authentication
+frameworks that must transition a process into a target user context in a
+single, race-free operation, replacing the need for multiple discrete calls
+to setuid(2), setgid(2), and setgroups(2).
+
+II. Problem Description
+
+The setcred(2) system call is only available to privileged users. However,
+before the privilege level of the caller is checked, the user-supplied list
+of supplementary groups is copied into a fixed-size kernel stack buffer
+without first validating its length. If the supplied list exceeds the
+capacity of that buffer, a stack buffer overflow occurs.
+
+III. Impact
+
+Because the bounds check on the supplementary groups list occurs after the
+kernel stack buffer has already been written, an unprivileged local user may
+trigger the overflow without holding any special privilege. Successful
+exploitation may allow an attacker to execute arbitrary code in the context
+of the kernel, allowing an unprivileged local user to gain elevated
+privileges on the affected system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date,
+and reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-15.patch.asc
+# gpg --verify setcred-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:18/setcred-14.patch.asc
+# gpg --verify setcred-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ b6cba9028457 stable/15-n281743
+releng/15.0/ d98c0a494a42 releng/15.0-n281038
+stable/14/ 8eb0bbbd2e46 stable/14-n274162
+releng/14.4/ 34da5845b8d4 releng/14.4-n273702
+releng/14.3/ bfff5c180193 releng/14.3-n271502
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKGobFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvSpsP/38o7yHdNEMNMPPOBtKZ
+2dn/vmcOo1srkhUx0kl2EVBzirSDsTVkWfUq1Txg5JA7/pG3On/YiaAmUMi9jHqy
+q0tgkyO/scKGWNDYmFIA9QAXAwwSUZnT+eEwt3IawOzquezD/qr++CCimntSUzsu
+IP3oMFYaw9JvMF6Z6tTfcYYA02CF7nRrtIJtrxfWkgyDoMoikHsNW4o2LXJTz4bV
+2uk7BuQKbDc3gxoEBYd0bulXBa9DHsrfS59eEnbb8txrBjt21aQGjBY8SJSoFyYh
+yZixmadpZ9J4oTBc03hOO2Z2BN5f/QficGIU4t0wj0A8EcsrspFMDRj2xd/5zi86
+VLqiQf6WJbgVyytUe5aYbBPC6eH2TRnMWaOERbocNS6xQKcYpZYqwnVZ77n6tPb4
+wKQd+qKYM74lf0BPCBc60h7yo9e6Qd8puGolyL05qdZVB+c3m0qB000gsyNFytFs
+kQSovaXFf4r0DCEuBixE/Ic5ADwl7A4pCIxqwWwJlnrj77XCobNEQJtajkrapXsU
+MSLQ20RuRiVNesgyjP9dZCk8enuOl96TwrvdkyqvSJgb0Gw3XEeyCWT4dAE+Fh3A
+n8RhQeY6YWWk+DOiuw5Q5v2PyoBNoV8jV2AjeXzhIOQsyWGeSYQ2GeFu6PW3UyzQ
+olNjUPjprNwteRkUuGHmE3zQ
+=6aG+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:19.file.asc b/website/static/security/advisories/FreeBSD-SA-26:19.file.asc
new file mode 100644
index 0000000000..ccac947f7d
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:19.file.asc
@@ -0,0 +1,173 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:19.file Security Advisory
+ The FreeBSD Project
+
+Topic: Kernel use-after-free via file descriptor syscalls
+
+Category: core
+Module: file
+Announced: 2026-05-20
+Credits: 75Acol, Lexpl0it, fcgboy, and robinzeng2015
+Credits: Ryan at Calif.io
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-20 19:36:37 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:31 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:37:57 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:39:57 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:34 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45251
+
+This vulnerability was independently reported by multiple parties prior to
+publication. The reporters' findings prompted a broader review by the
+FreeBSD Security Team, which identified additional occurrences of the same
+issue in related code. All known exploitable instances are corrected by this
+update.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+FreeBSD implements a number of file descriptor types. Traditionally file
+descriptors are used to perform file or network I/O, but other variants
+exist such as process descriptors, which enable operations on a particular
+process.
+
+The select(2) and poll(2) system calls allow applications to wait for events
+related to the object to which a file descriptor refers. These system calls
+are implemented for many different file descriptor types. For instance, a
+process descriptor may be used with either system call to wait for the target
+process to exit.
+
+II. Problem Description
+
+A file descriptor can be closed while a thread is blocked in a poll(2) or
+select(2) call waiting for that descriptor. Because the blocked thread does
+not hold a reference to the underlying object, this closure may result in the
+object being freed while the thread remains blocked. In this situation, the
+kernel must remove the blocked thread from the per-object wait queue prior to
+freeing the object.
+
+In the case of some file descriptor types, the kernel failed to unlink
+blocked threads from the object before freeing it. When the blocked thread
+is subsequently woken, it accesses memory that has already been freed
+resulting in a use-after-free vulnerability.
+
+III. Impact
+
+The use-after-free vulnerability may be triggered by an unprivileged local
+user and can be exploited to obtain superuser privileges.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:19/file-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:19/file-15.patch.asc
+# gpg --verify file-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:19/file-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:19/file-14.patch.asc
+# gpg --verify file-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 53a78e582a6f stable/15-n283641
+releng/15.0/ af79f4148450 releng/15.0-n281041
+stable/14/ b90b25c3779e stable/14-n274164
+releng/14.4/ 8d8694c224e2 releng/14.4-n273704
+releng/14.3/ 659818009d15 releng/14.3-n271504
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKG4bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvA78P/iRlQXxVUpth5tRn2FiC
+lseIWOmh3DVI1OjwFQ30VydwnA5rlOqPPTpF2hsT0ee3ExS6pUKITi3735BmkPvT
+KvnOKkY9A2DdzXJQ9eZvrVJRN1/VlKx8Us1VmWWRxPHghmcqqTY0wN2lFcsyqcpN
+6Wdi51z+X5sLWZZsLsvqAskWiCNqUzBSSWqCTLEW0tBD9AoW2BPQcpAeEmx4MDch
+Hk2/pecoUL2T/hu3bjo60CTp3R7E4gPt9wM5Ejf32vwsW0sTNkTmy7HbZCNmYHZw
+R764O4i4poDzccTiXxuhXdrIDXmRQwTyB9d6S12OmP8ec8dAQzm9p5xl4HoHhOho
+9zTMCiLoU+ApN1H+bXqN9JvmZ9hfxGqdPaJgZRkQ11xRHg8tz48SigON/vxlbYff
+ln9EJ+NGEcskrbUAG8cUCJ3/a8A7xLQo07TpvyddeUc6ufk+nFEBzNS3rpaFNy5y
+GqFIOzqISRSsE1tf6rrItULQEKWtOMUYvAbrcLRwPAQ1cav+sOv9YlfpW36s1+mc
+CyuXDh3pbN5biajjImGO1CYN92mq/Jfz/cRnvQub+78T+4w6yAxj53fBNg97tIOI
+b7EISAnbgGj5akQRGJXJ84iuYij9xTPEOCSbfgAqsWXKz6l/bgSoVUhq/e0/dXKA
+sr+3pjhi5P7N66SvO+7iEpYI
+=iM1b
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:20.fusefs.asc b/website/static/security/advisories/FreeBSD-SA-26:20.fusefs.asc
new file mode 100644
index 0000000000..d6516c54e6
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:20.fusefs.asc
@@ -0,0 +1,164 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:20.fusefs Security Advisory
+ The FreeBSD Project
+
+Topic: Heap overflow in FUSE_LISTXATTR
+
+Category: core
+Module: fusefs
+Announced: 2026-05-20
+Credits: Joshua Rogers of AISLE Research Team
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-20 19:36:38 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:32 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:37:58 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:39:58 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:36 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45252
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The fusefs file system delegates file system operations to a userspace
+daemon. This daemon ordinarily requires root privileges to operate. When
+the "vfs.usermount" sysctl is set to 1 (not the default), unprivileged users
+are permitted to run such daemons and mount fusefs file systems.
+
+II. Problem Description
+
+When a fusefs file system implements extended attributes, the kernel may send
+a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended
+attributes for a given file. The FUSE protocol requires the daemon to return
+a packed list of NUL-terminated strings. The fusefs kernel module calls
+strlen() on this daemon-supplied buffer without first verifying that the
+entire list is NUL-terminated.
+
+III. Impact
+
+If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel
+module may read beyond the end of one heap-allocated buffer and potentially
+write beyond the end of a second buffer. A malicious daemon could disclose
+up to 253 bytes of kernel heap memory, or it could inject up to 250
+attacker-controlled bytes into unallocated kernel heap space.
+
+IV. Workaround
+
+No workaround is available, but systems that do not load the fusefs kernel
+module or set vfs.usermount=1 are unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-15.patch.asc
+# gpg --verify fusefs-15.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.4.patch.asc
+# gpg --verify fusefs-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:20/fusefs-14.3.patch.asc
+# gpg --verify fusefs-14.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ df3f3fa82775 stable/15-n283642
+releng/15.0/ 0dd8b983db3c releng/15.0-n281042
+stable/14/ 25148c51c8c6 stable/14-n274165
+releng/14.4/ 6a299460f159 releng/14.4-n273705
+releng/14.3/ 53f3bf4ee1ce releng/14.3-n271505
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHIbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvobkP/R3O3bwsnJkhG1NQ6pKh
+UFcwpZ8TSAqtccHZRQz2zoKTqu/EeClT7Bdgw/Qa8gbZ7IfZgS8AJaR7e4fgpE96
+AhHU6cbyZrpwvWUatIKgX57032+M1ioMiz9g0KbGg4W4WKe/QHj4yt45F7qRfLNb
+BD7Qp7E0XtV+UrNXkhOQQmHyVTpB85tK/e5Yc+vcSgAQ3LWrzwO4zED4f78e3faw
+oiLm1oE/Vx0jfrRKsnCECdJS532xlfH6iJ2/2ZXfUthGQmZQe34wOMwYS0EcaGZV
+TQoLwsg5qLj4hJOGMCZk4X4TjrkoQquWdsAQetB8tqXIyw7QEgbMIIbhS3mQZ5CW
+aEq3wbYMowxCMb/6Dd/R56wDqyGI2Z6GHmUT58M0OSIIISfsD+UHOCW2lrQQ5zrI
+o1O/IFAvqsmCN6JQzFgC3KC8BLLZWzxf5Bun6yOls/YA31zOXAen0isnbOvVnGot
+42Dy65fENCUQMt+p3eDDLQzxDhlqGAGbiqysBmxwTA5Wqc4furv7O0wmBPwOOGeH
+NqlKYsqO9u4kEW2lTCPs7R5+wsc+EACc07kikDQgp1m59JlkMfmXU4Kbcgw9r4GR
+9OWtidfTCDGmt9mXzJVKaBurgJ1iqsBfzzLamWo0iDpUMgUP7VA9jVjVbUmtjH1V
+qAWdXCXwrbOr+eA50IIPxkal
+=HzW3
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:21.ptrace.asc b/website/static/security/advisories/FreeBSD-SA-26:21.ptrace.asc
new file mode 100644
index 0000000000..187aabe5cb
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:21.ptrace.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:21.ptrace Security Advisory
+ The FreeBSD Project
+
+Topic: Missing validation in ptrace(PT_SC_REMOTE)
+
+Category: core
+Module: ptrace
+Announced: 2026-05-20
+Credits: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
+ and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
+Credits: Ryan at Calif.io
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-20 19:36:40 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:34 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:37:59 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:39:59 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:37 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45253
+
+This vulnerability was independently reported by multiple parties prior to
+publication.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The ptrace(2) system call provides facilities for a debugger to control the
+execution of a target process and to obtain status information about it.
+Among other capabilities, it permits a debugger to execute arbitrary system
+calls in the target process via the PT_SC_REMOTE operation.
+
+II. Problem Description
+
+ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2)
+and __syscall(2) meta-system calls. As a result, a user with the ability to
+debug a process may trigger arbitrary code execution in the kernel, even if
+the target process has no special privileges.
+
+III. Impact
+
+The missing validation allows an unprivileged local user to escalate
+privileges, potentially gaining full control of the affected system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-15.patch.asc
+# gpg --verify ptrace-15.patch.asc
+
+[FreeBSD 14.4]
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.4.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.4.patch.asc
+# gpg --verify ptrace-14.4.patch.asc
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:21/ptrace-14.3.patch.asc
+# gpg --verify ptrace-14.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 3b4afab9add2 stable/15-n283643
+releng/15.0/ fd24dd0b38a8 releng/15.0-n281043
+stable/14/ fac902a3e039 stable/14-n274166
+releng/14.4/ c21d23f0f8be releng/14.4-n273706
+releng/14.3/ 45bd421661c4 releng/14.3-n271506
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHcbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvLd0QAOQGyaTmlTQJTS+EIPMU
++poVU59Fe4L+/+H8LSibnCPBbycH1bv6m9e906s/za0IBLGVq7PhY0U1YtPO5++J
+A86nLzgqk4hEU5RWmA3+dnLYrIxOf3fVvSev/XAZe/1eWwcljYRCtqLV+IBmyxeZ
+amfYoXliUTuZHO+r+88HVAgDy6efZ3IlnHF9iMlpsF0IFezpgFh4E6tiJk9/pMlz
+wuXpHCm34rEjy6bvQaDP9G1zXGszrEatT25d9rKZnHscZCQuRgtpLaOVCuH8oDca
++1PFTfTNJnepH9Ir1nSaYLViZdHfuDK40CafZm54q4669AramrySoxNJlnNHOiMK
+DN4aqxMfW5xCEEK+fIJYqTyW2L3WzRJ8tm3bF/zzsMYTsNmclcklzmuMNqsGQls1
+TGIhb+J+e0vkdZOpuJaT65pmGaF2dJeBvwNsIMJgtY3yotUPbDFD1ALNVUwIkKYh
+m68XK0Ykw93ySLjbORUVFLP5nv5PvYtubAy37q5tskN6hXLlyX5a0QxIL5T5u0jx
+hwDnyl4UAHGmkBM8U0CnaQbixP/yV0p5q+3NtpBurHB74tov593/U1eroydDywRl
+Mw2R3k7AFIC5CszwMA6J0l3W2tLq/j7tcTQ/8CNgPpP/TPVntQxQShxB93F+/MdX
+n9D4phEb7cKk4Y9QIBKkdbYZ
+=egz5
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:22.libcasper.asc b/website/static/security/advisories/FreeBSD-SA-26:22.libcasper.asc
new file mode 100644
index 0000000000..996f09c663
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:22.libcasper.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:22.libcasper Security Advisory
+ The FreeBSD Project
+
+Topic: select(2) file descriptor set overflow causes stack overflow
+
+Category: core
+Module: libcasper
+Announced: 2026-05-20
+Credits: Joshua Rogers of AISLE Research Team
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-20 19:36:41 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:35 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:38:00 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:40:00 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:38 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-39461
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+libcasper(3) allows Capsicum-sandboxed applications to access system
+interfaces that are otherwise unavailable within the sandbox. It is
+used by numerous programs in the base system.
+
+II. Problem Description
+
+libcasper(3) communicates with helper processes via UNIX domain sockets, and
+uses the select(2) system call to wait for data to become available.
+However, it does not verify that its socket descriptor fits within
+select(2)'s descriptor set size limit of FD_SETSIZE (1024).
+
+III. Impact
+
+An attacker able to cause an application using libcasper(3) to allocate large
+file descriptors, e.g., by opening many descriptors and executing a program
+which is not careful to close them upon startup, may trigger stack
+corruption. If the target application runs with setuid root privileges, this
+could be used to escalate local privileges.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, which were not installed using base
+system packages, can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-15.patch.asc
+# gpg --verify libcasper-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:22/libcasper-14.patch.asc
+# gpg --verify libcasper-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 23929d729d1a stable/15-n283644
+releng/15.0/ e22f3f55c360 releng/15.0-n281044
+stable/14/ 9e74d5e2e5e4 stable/14-n274167
+releng/14.4/ ae34dd1a391f releng/14.4-n273707
+releng/14.3/ cbec31838173 releng/14.3-n271507
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHsbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrveQAP/iyv1O1XI6tSrRictadU
+9tBJFE5WlWGPrB8ID/12nLsKaTM5hzbA1G+v8c3So3FaSEl+m7D8BTri4X0XPibQ
+5Pp4v67MO+yqsNxOjwyqAizOnD5bk/sEUuBV5JijZuqsAiEWFw5l0dKDU83zt3vu
+hyk8/eeKuIxEwDiWQoeE32RM3BupY1ClWp46kiSjvOVzUK04miHQjgFFnVqkBuI7
+DeanTjzCw3g+RQNTRKVGE2LYRLFHka6m4Z5RYT7beFOLdlD58T7lvQLl3l3f2QSR
+hXcq5RxAhf4omPkm432fIdd4nev4gti3rxJC76NM2rIHGeSlRd4O7MHreNwNkU2O
+8Rv8IWMCM20zZCtbov7q8XbTqKp8JXSJ/8g15iZuZ4wk+THnpRy7dsRe5eYQvVbB
+J/zBKB9xMXGp69+88uZHDsSSoS841pkZ61+MlxeK4xC3MO6tlTO0Hannhmy8WCb4
+U5GimvX3EcvhGeBWRvPTdPJY9EcrDPDU2djaiFzPZZ7rrUjR8YJ685fyj161nnb+
+ibubcwiz7ygQu8b9T0rc1AV5ZTAC/QAlRarDpRNx2Ynh/FlZ89n+N5LnSHwGXc/v
+/P+ob/5AqdLfyofw5pcx/FVuAiK4bjqDGGYuZw1tplg/L7AV3k87zIMYdCgr3e95
+PyQCsFAG014gMVETPGHKm6/7
+=ypPx
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc b/website/static/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc
new file mode 100644
index 0000000000..4da2ce8d17
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:23.bsdinstall.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:23.bsdinstall Security Advisory
+ The FreeBSD Project
+
+Topic: Remote code execution via installer Wi-Fi access point scans
+
+Category: core
+Module: bsdinstall
+Announced: 2026-05-20
+Credits: Austin Ralls
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-20 19:36:43 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:37 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-20 19:38:03 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:40:02 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:40 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45255
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+bsdinstall and bsdconfig are utilities that provide an interactive
+configuration mechanism for FreeBSD. Among other functionality, they can be
+used to configure FreeBSD to automatically join a Wi-Fi network.
+
+II. Problem Description
+
+When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks,
+they build up a list of network names and use bsddialog(1) to prompt the user
+to select a network. This is implemented using a shell script, and the code
+which handled network names was not careful to prevent expansion by the
+shell. As a result, a suitably crafted network name can be used to execute
+commands via a subshell.
+
+III. Impact
+
+The problem can be exploited to execute code as root on the system running
+bsdinstall or bsdconfig. The attacker would need to create an access point
+with a specially crafted name and be within range of a Wi-Fi scan. Note that
+bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to
+scan for nearby networks; they do not need to actually select the malicious
+network.
+
+IV. Workaround
+
+Avoid using bsdinstall or bsdconfig to scan for Wi-Fi networks, and instead
+configure Wi-Fi manually.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:23/bsdinstall-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:23/bsdinstall-15.patch.asc
+# gpg --verify bsdinstall-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:23/bsdinstall-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:23/bsdinstall-14.patch.asc
+# gpg --verify bsdinstall-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 6f5674b97fd6 stable/15-n283646
+releng/15.0/ b89f48ade920 releng/15.0-n281046
+stable/14/ f15df0adbcd2 stable/14-n274170
+releng/14.4/ dd50cc216e4d releng/14.4-n273709
+releng/14.3/ 9cb0be8381f7 releng/14.3-n271509
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKH8bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvTloP/0369bPHpZf0yt9C2VEk
+NyOeFq+58zQGrz+RRrXA6Vg2xNdaD3fcjpVzAoqzscuE2T7VqZkpi6cS+cbzEE40
+NXX+d7qPgd5udqJR4gL8+90KWj7yQ9Wl0tnbV8wTLE6km/Dma+MXuDJrIqUl8Tsb
+q9hXGPfeymptS2vkR1Nj3VxEhDg0CCQz3bGD1sln7Oj63amX8HkHO9MwW8zHTyGj
+pcMqEF2sN3Zz0WyyaBf5XS9G0EP0BpicDIcF1NiwYbPi0rlA/nU/zjACfao7lEJk
+/XCq/iBKQsOiicvNGhoms/ku4YLNQv/L40FSJFNm8wmUsJD4fh6ll2+5Rm88666e
+gJUcBiLEzlKFogiel4JLqXMBaAZseV6Py8B+puAYh2eFCa/3aF6w2QppMj4jIHCL
+xEC/XUoBXN+34riiOCkPuSPqmgktvw7oZOBuk5DpV6qt7kdkInZ9i4HQnR13dhlF
+vLW88oyuO+2dUn+LiLaHi6f7gxkHcgyOOa/N60D95E9+d6Aop9otyMxNRFbSiQ7I
+x13B4j9ONtdAwL0uYJ+HPNHIfGTBHtpFzt62JfKdWqbSa5oVQrU5aq6wfMjMVupI
+sYCq+XNTN0MVr4iHowDPqwuEi0+RBoPOQPIXFZRfJr4uTdeim5dzX6fjfe95KIps
+3nJWEVEXVF/FiFWL3C+Lk3Cv
+=Y3q0
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:24.cap_net.asc b/website/static/security/advisories/FreeBSD-SA-26:24.cap_net.asc
new file mode 100644
index 0000000000..8d7866d034
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:24.cap_net.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:24.cap_net Security Advisory
+ The FreeBSD Project
+
+Topic: Incorrect libcap_net limitation list manipulation
+
+Category: core
+Module: libcap_net
+Announced: 2026-05-20
+Credits: Joshua Rogers of AISLE Research Team
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-05-19 23:03:59 UTC (stable/15, 15.0-STABLE)
+ 2026-05-20 19:39:38 UTC (releng/15.0, 15.0-RELEASE-p9)
+ 2026-05-19 23:04:13 UTC (stable/14, 14.4-STABLE)
+ 2026-05-20 19:40:03 UTC (releng/14.4, 14.4-RELEASE-p5)
+ 2026-05-20 19:40:41 UTC (releng/14.3, 14.3-RELEASE-p14)
+CVE Name: CVE-2026-45254
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+libcasper(3) allows Capsicum-sandboxed applications to define and use system
+interfaces which are otherwise not available in a capability sandbox, through
+implementing special services. One of these services, libcap_net, enables
+networking capabilities within the restricted environment.
+
+Casper services allow the application to define fine-grained limits on each
+operation handled by the service. Each service maintains a specific list of
+permitted operations. Certain operations can be further restricted by
+specifying an explicit list of allowed names. For example, libcap_net allows
+the application to limit the addresses to which the application may bind or
+connect. If it attempts to use libcap_net to bind or connect to addresses
+outside the allowed list, the operation will fail.
+
+In keeping with Capsicum's capability model, once a set of limits is applied,
+subsequent adjustments may only narrow the set of permitted operations to a
+subset of the current one.
+
+II. Problem Description
+
+In the case of the cap_net service, when a key present in the old limit was
+omitted from the new limit, the missing key was treated as "allow any"
+instead of being rejected.
+
+III. Impact
+
+In certain scenarios, an application that had previously restricted a subset
+of network operations could ask for a new limit that extended the permissions
+of the process.
+
+IV. Workaround
+
+No workaround is available. Note that no FreeBSD base system software is
+affected by this issue.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+which were not installed using base system packages can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:24/cap_net.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:24/cap_net.patch.asc
+# gpg --verify cap_net.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 7eb3fd691d64 stable/15-n283630
+releng/15.0/ f69df16fcc20 releng/15.0-n281047
+stable/14/ b79faca1c596 stable/14-n274156
+releng/14.4/ f977328c7277 releng/14.4-n273710
+releng/14.3/ b3baecf08405 releng/14.3-n271510
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKIMbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvCBgQANie9vi7Gg5seuAZqAjF
+JozB+Gs6qaHzHu1CcsDSjbm3Sx5l7p5vbdTR/qsdj9WJbORSI7l5CgB175s8Dbcn
+PrBYNHCa/+lQEMjRkxGrQF9+qr0W48jrARBgauqqzrYTXHAtLGG1e4S6s83w0IJP
+wZ/3zoEOb7dzcfvxOXSSa+BGcIirmzctg886IH1+EvQKluARzAMxFhNTMwbMMRe7
+k0duMSU7KIlh2C23aMLUPlj1Su52gbiSMz3fDgl4i1cbo3xnQPQNWZnnlu8u+ZCB
+2pXQoNag7AHTzaOMvOtIyYKXfR9OLdPa4Ii6D38s6WTUb5q0GmS6G7ISYOAnTM+3
+TEvH2uhOpq8bySWb6TEx1ppedyIwZ+awocQ9XUeDvarJGCCTlBQ3kV08TMKKZxPA
+/DOWHJ9KSgKku9sKaLpbTNacpDmkipIEgKZdicifA9KpvH7frBlvwVsTzERVm/qy
+SVySVCqSE5fpYo6FN3Mo0GfN3EnBU2aYpPRx3RHvzKHTbQSU7iaNOu+Iki6GJuiH
+HTQ6oaWHmNAkotNN5tAdmDXrm9wnMncCbMT1JHrtEDanJWgKWEovhK1mw6LhHlg1
+K+bvyTB6LyZYnOZXhb9540tXfyrmjdTzM/jNMZL1Z5AYjy1FfDdTxH460gIsy6PU
+f4TRsebl2L+EThYrx6pjoj5D
+=K5/f
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-26:13/freebsd-update.patch b/website/static/security/patches/EN-26:13/freebsd-update.patch
new file mode 100644
index 0000000000..317583071a
--- /dev/null
+++ b/website/static/security/patches/EN-26:13/freebsd-update.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -2576,7 +2576,7 @@
+
+ # Some files need special treatment.
+ case ${F} in
+- /etc/spwd.db | /etc/pwd.db | /etc/login.conf.db)
++ /etc/spwd.db | /etc/pwd.db | /etc/login.conf.db | /etc/ssl/cert.pem)
+ # Don't merge these -- we're rebuild them
+ # after updates are installed.
+ cp merge/old/${F} merge/new/${F}
diff --git a/website/static/security/patches/EN-26:13/freebsd-update.patch.asc b/website/static/security/patches/EN-26:13/freebsd-update.patch.asc
new file mode 100644
index 0000000000..af91392b93
--- /dev/null
+++ b/website/static/security/patches/EN-26:13/freebsd-update.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKGkbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvFPUP/RdMliKc4ZoFZcXJtLCH
+fUAAsi+ypPYpy+/8dJs8QGmkUD/ypzcZCHp6drAV6dnjkJL9J3HexUnFPnMAErOV
+yQYqyL8bZfxhbbvlYEPT8eFmpARdMMT648lUmtiR8Eoh/YcX1hjsVRDmMNMdq9hn
+XCwffFhvgtjxvaVePJn8K6WnN+Yze4JxO5qSFxcAPP9MlKID0Y+BMlXnXfaJn+c/
+F/GCjJLObn0N58BKwB5gyOAGZVP8HyUvOB+LSL/Sw6c+OcOCPnMT6BQeN2dzlPlo
+Pw3ccZu81ZNOmYIR+f3TTSCngTGgmKQafvO7TQUdKbpaDMtwL6VeZqarlAgascNb
+UccstnGYZ4RnlCsjdh7+vv4CgGVQzDrvVPiQFxYHZpzyc1sXht8Ecl4iImepsBmN
+O7k0SlDGoBJ+0GLJDIDa5FMTPUuroyLYTrBDu0MRvLrhrfYrOlnakFkNb/8V0uYC
+7PmBtc78u/KDtvzvBwYy8ycufkweRsMuNqCDSXI7LvS304iOCLfv/U0F+HWDJ/e2
+bFtiK8pcmXE44YP0xmU0YBPadQSOO4yrJV5WDuH8dTzZNE752oeGtlSjKpR1zwsC
+ahT6tGsCdCy2+v6Oy/5ekGD7EofIZ9/z33rr9xGwtWuuYPtX3nnY4Q1Z3p5DOWJ9
+4IetBflMI9TI84oAcIB5WCTe
+=Zmj1
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:18/setcred-14.patch b/website/static/security/patches/SA-26:18/setcred-14.patch
new file mode 100644
index 0000000000..82444a9083
--- /dev/null
+++ b/website/static/security/patches/SA-26:18/setcred-14.patch
@@ -0,0 +1,15 @@
+--- sys/kern/kern_prot.c.orig
++++ sys/kern/kern_prot.c
+@@ -527,10 +527,10 @@
+ */
+ *groups = wcred->sc_supp_groups_nb < CRED_SMALLGROUPS_NB ?
+ smallgroups : malloc((wcred->sc_supp_groups_nb + 1) *
+- sizeof(*groups), M_TEMP, M_WAITOK);
++ sizeof(gid_t), M_TEMP, M_WAITOK);
+
+ error = copyin(wcred->sc_supp_groups, *groups + 1,
+- wcred->sc_supp_groups_nb * sizeof(*groups));
++ wcred->sc_supp_groups_nb * sizeof(gid_t));
+ if (error != 0)
+ return (error);
+ wcred->sc_supp_groups = *groups + 1;
diff --git a/website/static/security/patches/SA-26:18/setcred-14.patch.asc b/website/static/security/patches/SA-26:18/setcred-14.patch.asc
new file mode 100644
index 0000000000..fb4b8b1fd6
--- /dev/null
+++ b/website/static/security/patches/SA-26:18/setcred-14.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKGwbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvyUAQAOW9vodMeIny/sYwja/h
+i5tiMAYzjX6fT81v8VRRMBu32VRwCp9Y93nhuDlCmrEOr0BUw1makjSX1LKTXU1U
+9Qe22KInT51Ri79z2Q4R8IynYSXACqvBcFXOtrtybbC2Vi41wJKUz7DUXZrVS4+N
+5uBqJ/jYI3/Yxf04vragPa8Zv6ZdXlmkwcMia5HvFgITKT7FfItHxJC9df3UHj5a
+Hi1BA+vQgmJKd8a19rwSJtquMLh1tKDL8M1FQ4fkXi0uKvnSuEy5B4JBm9TbyNnl
+yP/22eVLVNmEuTiS5uhsuOchtKv/hBHYLarcciBlta6Foiw7YyqiXUgX2NwhNSUa
+lSJR8b87Zrt79JhbyC2tfJ1KUHHVWEalOKgjgg40Zrbqs1AfAD8iNzfGo4hWSM3X
+6o7CuVYsu4KmMVWP4qCYrjkdyHt++Cs3c9a+s2gLdP3egZAjnuuOtD9Pg6P8ZzZw
+PeOI4MyGjKN2EDTa5/X6jKCl79ygU2vkhhbcvhBu53T8UUyLp7RmCw173y/bjm9K
+nbN7pVtcLj8nUKKqzxZv5ZiRdZcoj7J/EWhvUb9Uz7EYqc9Qx1VEAl2bWUBGttBS
+ReQkMQiC2ilfNowLKvSlnporTH30UW5JlaBzkMG1go2CBVQNEV3umX4nXTQiYlSp
+qKQvsqfNgxBdCTDq6FsNCu65
+=BocE
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:18/setcred-15.patch b/website/static/security/patches/SA-26:18/setcred-15.patch
new file mode 100644
index 0000000000..9cb65a3574
--- /dev/null
+++ b/website/static/security/patches/SA-26:18/setcred-15.patch
@@ -0,0 +1,15 @@
+--- sys/kern/kern_prot.c.orig
++++ sys/kern/kern_prot.c
+@@ -554,10 +554,10 @@
+ */
+ *groups = wcred->sc_supp_groups_nb <= CRED_SMALLGROUPS_NB ?
+ smallgroups : malloc(wcred->sc_supp_groups_nb *
+- sizeof(*groups), M_TEMP, M_WAITOK);
++ sizeof(gid_t), M_TEMP, M_WAITOK);
+
+ error = copyin(wcred->sc_supp_groups, *groups,
+- wcred->sc_supp_groups_nb * sizeof(*groups));
++ wcred->sc_supp_groups_nb * sizeof(gid_t));
+ if (error != 0)
+ return (error);
+ wcred->sc_supp_groups = *groups;
diff --git a/website/static/security/patches/SA-26:18/setcred-15.patch.asc b/website/static/security/patches/SA-26:18/setcred-15.patch.asc
new file mode 100644
index 0000000000..7dad72c15d
--- /dev/null
+++ b/website/static/security/patches/SA-26:18/setcred-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKG0bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvIiQQAOUHGIICFi6oBcTzbnl3
+yFA/Gm3j9S2zjHcfN3TSOTbuuBNxx2sy7JLdDsG45VRGVdK1sS3gtQv65mey4rXD
+U5tTbkIJaGnPYFfwoYBppFGcQtjhzgqt2YWatkOr28GPv5EKRY0NfPwqObaiMJy/
+L2StoZFwlFGe104dNmqLyDZ5/lDEWAXZgCaZRElk7odOT7wjnZJEcJKqIw1FDrXP
+FrrZPZBbt4hha0KdyFY2A/ddM6Mnve14LoLW10nCFOpQH1+DMORSMoGdXuoFDWDX
+K4nL5scWSbJnkQY5PBmJo6kN2mGMkMLCwpYbAyr6WXeS8WDF9bE8/I6C4EFa4JsG
+D4aynWbE6VpJ35thyKd4p4+YI7VXuLtYVKdlJE0GGNV92qBb2pwCAtjVqfAogDMj
+B1DuG+fcUPEtNS/aBn1A1BdM7UPTNDrp5X6L35e5MqVBU8ScWCgi0zQiscY3LvmR
+BigmHWVeUcStLM+cCSAedhwKhXvJkpsoRVqzvLkIba+mL77YJh10s8zTzPWrlFV0
+k3G3U5yw/vhRIvkhoe6V5k4aw0lcNY4DDWai8xTjgd4T8hM+k7syjw8Q3uHBESyv
+dag0q/OHLrSA/DLUhOjnHtfDaKjNAsfkW1QJINbGaZbbWrL8WB4jUZ1Lu7SPNHxj
+It9S1CwDOvNRusx0xDnkUQUU
+=i9RG
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:19/file-14.patch b/website/static/security/patches/SA-26:19/file-14.patch
new file mode 100644
index 0000000000..327f123923
--- /dev/null
+++ b/website/static/security/patches/SA-26:19/file-14.patch
@@ -0,0 +1,203 @@
+--- sys/dev/netmap/netmap_freebsd.c.orig
++++ sys/dev/netmap/netmap_freebsd.c
+@@ -119,6 +119,7 @@
+ taskqueue_drain(si->ntfytq, &si->ntfytask);
+ taskqueue_free(si->ntfytq);
+ si->ntfytq = NULL;
++ seldrain(&si->si);
+ knlist_delete(&si->si.si_note, curthread, /*islocked=*/0);
+ knlist_destroy(&si->si.si_note);
+ /* now we don't need the mutex anymore */
+--- sys/kern/sys_procdesc.c.orig
++++ sys/kern/sys_procdesc.c
+@@ -273,6 +273,7 @@
+ KASSERT((pd->pd_flags & PDF_CLOSED),
+ ("procdesc_free: !PDF_CLOSED"));
+
++ seldrain(&pd->pd_selinfo);
+ knlist_destroy(&pd->pd_selinfo.si_note);
+ PROCDESC_LOCK_DESTROY(pd);
+ free(pd, M_PROCDESC);
+@@ -315,10 +316,7 @@
+ procdesc_free(pd);
+ return (1);
+ }
+- if (pd->pd_flags & PDF_SELECTED) {
+- pd->pd_flags &= ~PDF_SELECTED;
+- selwakeup(&pd->pd_selinfo);
+- }
++ selwakeup(&pd->pd_selinfo);
+ KNOTE_LOCKED(&pd->pd_selinfo.si_note, NOTE_EXIT);
+ PROCDESC_UNLOCK(pd);
+ return (0);
+@@ -433,10 +431,8 @@
+ PROCDESC_LOCK(pd);
+ if (pd->pd_flags & PDF_EXITED)
+ revents |= POLLHUP;
+- if (revents == 0) {
++ else
+ selrecord(td, &pd->pd_selinfo);
+- pd->pd_flags |= PDF_SELECTED;
+- }
+ PROCDESC_UNLOCK(pd);
+ return (revents);
+ }
+--- sys/sys/procdesc.h.orig
++++ sys/sys/procdesc.h
+@@ -86,7 +86,6 @@
+ * Flags for the pd_flags field.
+ */
+ #define PDF_CLOSED 0x00000001 /* Descriptor has closed. */
+-#define PDF_SELECTED 0x00000002 /* Issue selwakeup(). */
+ #define PDF_EXITED 0x00000004 /* Process exited. */
+ #define PDF_DAEMON 0x00000008 /* Don't exit when procdesc closes. */
+
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -27,6 +27,7 @@
+ .endif
+ ATF_TESTS_C+= ktrace_test
+ ATF_TESTS_C+= module_test
++ATF_TESTS_C+= procdesc
+ ATF_TESTS_C+= ptrace_test
+ TEST_METADATA.ptrace_test+= timeout="15"
+ ATF_TESTS_C+= reaper
+@@ -85,6 +86,7 @@
+ LIBADD.kcov+= pthread
+ CFLAGS.ktls_test+= -DOPENSSL_API_COMPAT=0x10100000L
+ LIBADD.ktls_test+= crypto util
++LIBADD.procdesc+= pthread
+ LIBADD.socket_msg_waitall+= pthread
+ LIBADD.socket_splice+= pthread
+ LIBADD.sendfile_helper+= pthread
+--- /dev/null
++++ tests/sys/kern/procdesc.c
+@@ -0,0 +1,128 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2026 ConnectWise
++ * Copyright (c) 2026 Mark Johnston
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include
++#include
++#include
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++
++#include
++
++/* Tests for procdesc(4) that aren't specific to any one syscall */
++
++static void *
++poll_procdesc(void *arg)
++{
++ struct pollfd pfd;
++
++ pfd.fd = *(int *)arg;
++ pfd.events = POLLHUP;
++ (void)poll(&pfd, 1, 5000);
++ return ((void *)(uintptr_t)pfd.revents);
++}
++
++/*
++ * Regression test to exercise the case where a procdesc is closed while a
++ * thread is poll()ing it.
++ */
++ATF_TC_WITHOUT_HEAD(poll_close_race);
++ATF_TC_BODY(poll_close_race, tc)
++{
++ pthread_t thr;
++ pid_t pid;
++ uintptr_t revents;
++ int error, pd;
++
++ pid = pdfork(&pd, PD_DAEMON);
++ ATF_REQUIRE_MSG(pid >= 0, "pdfork: %s", strerror(errno));
++ if (pid == 0) {
++ pause();
++ _exit(0);
++ }
++
++ error = pthread_create(&thr, NULL, poll_procdesc, &pd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(close(pd) == 0, "close: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLNVAL);
++}
++
++/*
++ * Verify that poll(2) of a procdesc returns POLLHUP when the process exits.
++ */
++ATF_TC_WITHOUT_HEAD(poll_exit_wakeup);
++ATF_TC_BODY(poll_exit_wakeup, tc)
++{
++ pthread_t thr;
++ uintptr_t revents;
++ pid_t pid;
++ int error, pd;
++
++ pid = pdfork(&pd, PD_DAEMON);
++ ATF_REQUIRE_MSG(pid >= 0, "pdfork: %s", strerror(errno));
++ if (pid == 0) {
++ pause();
++ _exit(0);
++ }
++
++ error = pthread_create(&thr, NULL, poll_procdesc, &pd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(pdkill(pd, SIGKILL) == 0,
++ "pdkill: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLHUP);
++
++ ATF_REQUIRE_MSG(close(pd) == 0, "close: %s", strerror(errno));
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++ ATF_TP_ADD_TC(tp, poll_close_race);
++ ATF_TP_ADD_TC(tp, poll_exit_wakeup);
++
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:19/file-14.patch.asc b/website/static/security/patches/SA-26:19/file-14.patch.asc
new file mode 100644
index 0000000000..3ed9fafc3a
--- /dev/null
+++ b/website/static/security/patches/SA-26:19/file-14.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKG8bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvNpoP/jb1grG0Pi0UGPNjwt/V
+nrNT+blyuF/QgBj59Qs8ukTjZ9pkPCYtRFGPRvE046gLGgZxtRflqSchT7MHFi11
+EOe1QX74PFqHYNuTlBndaidapx3J6TOe+KbrriG7yWsaYbjpI7iiu+ebsU4arU8L
+60N/EAiES6Eu8T7uQysOWXNbI0Tp0zehwK/W7Z9H2iiGtggU25MFMgcdFj+onwH+
+qKznW5/2xHiv3/P4k83RMkbSKb0oLAvUvTIGuMSTaLtr1sGkkajrKmxJiiGYZuGK
+Zfw3wEWBZdTs5QM51CAnkqQaDEwxmUsOn70onXeeiTjcpzr7aTwVqSzd6NgJ+xkv
+rr1gbfBDRgJW3Uk3/wOwAUGk4a6E3kDW3u2lc6hPD3TfTjrrBlE/XaT0Lkc//Trz
+up2ebnjRaai9fsMjhA62k2H+hNXsioAzOe/t3aAEjTcCHKqLtyJ0cGEhAmfJvxE6
+c7h6q17hxNnT6fhfqqdfZ4c+JUBA3jiio/RQVL1/x+NzJiZxjRnzct28tuN9Y8am
+BepYRa6pWSet8s7J8L5KNREmBHEgwLwqybKXCEJpjoQn9cQXTTb5M8eJkIa+V86q
+nMDZ6TONl1OHeqiH7uhB47W38+jXGWeFMSromI5+spoKLax3m5zlJwkULMJJi8Vk
+UAdh/UQz3TX+Bw129dVDQES+
+=J8vU
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:19/file-15.patch b/website/static/security/patches/SA-26:19/file-15.patch
new file mode 100644
index 0000000000..53ebcbf036
--- /dev/null
+++ b/website/static/security/patches/SA-26:19/file-15.patch
@@ -0,0 +1,467 @@
+--- sys/dev/netmap/netmap_freebsd.c.orig
++++ sys/dev/netmap/netmap_freebsd.c
+@@ -119,6 +119,7 @@
+ taskqueue_drain(si->ntfytq, &si->ntfytask);
+ taskqueue_free(si->ntfytq);
+ si->ntfytq = NULL;
++ seldrain(&si->si);
+ knlist_delete(&si->si.si_note, curthread, /*islocked=*/0);
+ knlist_destroy(&si->si.si_note);
+ /* now we don't need the mutex anymore */
+--- sys/kern/kern_jaildesc.c.orig
++++ sys/kern/kern_jaildesc.c
+@@ -197,10 +197,7 @@
+ JAILDESC_LOCK(jd);
+ if (hint == NOTE_JAIL_REMOVE) {
+ jd->jd_flags |= JDF_REMOVED;
+- if (jd->jd_flags & JDF_SELECTED) {
+- jd->jd_flags &= ~JDF_SELECTED;
+- selwakeup(&jd->jd_selinfo);
+- }
++ selwakeup(&jd->jd_selinfo);
+ }
+ KNOTE_LOCKED(&jd->jd_selinfo.si_note, hint);
+ JAILDESC_UNLOCK(jd);
+@@ -257,6 +254,7 @@
+ }
+ prison_free(pr);
+ }
++ seldrain(&jd->jd_selinfo);
+ knlist_destroy(&jd->jd_selinfo.si_note);
+ JAILDESC_LOCK_DESTROY(jd);
+ free(jd, M_JAILDESC);
+@@ -276,10 +274,8 @@
+ JAILDESC_LOCK(jd);
+ if (jd->jd_flags & JDF_REMOVED)
+ revents |= POLLHUP;
+- if (revents == 0) {
++ else
+ selrecord(td, &jd->jd_selinfo);
+- jd->jd_flags |= JDF_SELECTED;
+- }
+ JAILDESC_UNLOCK(jd);
+ return (revents);
+ }
+--- sys/kern/sys_procdesc.c.orig
++++ sys/kern/sys_procdesc.c
+@@ -270,6 +270,7 @@
+ KASSERT((pd->pd_flags & PDF_CLOSED),
+ ("procdesc_free: !PDF_CLOSED"));
+
++ seldrain(&pd->pd_selinfo);
+ knlist_destroy(&pd->pd_selinfo.si_note);
+ PROCDESC_LOCK_DESTROY(pd);
+ free(pd, M_PROCDESC);
+@@ -312,10 +313,7 @@
+ procdesc_free(pd);
+ return (1);
+ }
+- if (pd->pd_flags & PDF_SELECTED) {
+- pd->pd_flags &= ~PDF_SELECTED;
+- selwakeup(&pd->pd_selinfo);
+- }
++ selwakeup(&pd->pd_selinfo);
+ KNOTE_LOCKED(&pd->pd_selinfo.si_note, NOTE_EXIT);
+ PROCDESC_UNLOCK(pd);
+ return (0);
+@@ -430,10 +428,8 @@
+ PROCDESC_LOCK(pd);
+ if (pd->pd_flags & PDF_EXITED)
+ revents |= POLLHUP;
+- if (revents == 0) {
++ else
+ selrecord(td, &pd->pd_selinfo);
+- pd->pd_flags |= PDF_SELECTED;
+- }
+ PROCDESC_UNLOCK(pd);
+ return (revents);
+ }
+--- sys/sys/jaildesc.h.orig
++++ sys/sys/jaildesc.h
+@@ -71,7 +71,6 @@
+ /*
+ * Flags for the jd_flags field
+ */
+-#define JDF_SELECTED 0x00000001 /* issue selwakeup() */
+ #define JDF_REMOVED 0x00000002 /* jail was removed */
+ #define JDF_OWNING 0x00000004 /* closing descriptor removes jail */
+
+--- sys/sys/procdesc.h.orig
++++ sys/sys/procdesc.h
+@@ -86,7 +86,6 @@
+ * Flags for the pd_flags field.
+ */
+ #define PDF_CLOSED 0x00000001 /* Descriptor has closed. */
+-#define PDF_SELECTED 0x00000002 /* Issue selwakeup(). */
+ #define PDF_EXITED 0x00000004 /* Process exited. */
+ #define PDF_DAEMON 0x00000008 /* Don't exit when procdesc closes. */
+
+--- tests/sys/kern/Makefile.orig
++++ tests/sys/kern/Makefile
+@@ -22,6 +22,7 @@
+ ATF_TESTS_C+= fdgrowtable_test
+ ATF_TESTS_C+= getdirentries_test
+ ATF_TESTS_C+= jail_lookup_root
++ATF_TESTS_C+= jaildesc
+ ATF_TESTS_C+= inotify_test
+ ATF_TESTS_C+= kill_zombie
+ .if ${MK_OPENSSL} != "no"
+@@ -31,6 +32,7 @@
+ ATF_TESTS_C+= listener_wakeup
+ ATF_TESTS_C+= module_test
+ ATF_TESTS_C+= prace
++ATF_TESTS_C+= procdesc
+ ATF_TESTS_C+= ptrace_test
+ TEST_METADATA.ptrace_test+= timeout="15"
+ ATF_TESTS_C+= reaper
+@@ -84,6 +86,7 @@
+
+ LIBADD.copy_file_range+= md
+ LIBADD.jail_lookup_root+= jail util
++LIBADD.jaildesc+= pthread
+ CFLAGS.sys_getrandom+= -I${SRCTOP}/sys/contrib/zstd/lib
+ LIBADD.sys_getrandom+= zstd
+ LIBADD.sys_getrandom+= c
+@@ -95,6 +98,7 @@
+ CFLAGS.ktls_test+= -DOPENSSL_API_COMPAT=0x10100000L
+ LIBADD.ktls_test+= crypto util
+ LIBADD.listener_wakeup+= pthread
++LIBADD.procdesc+= pthread
+ LIBADD.shutdown_dgram+= pthread
+ LIBADD.socket_msg_waitall+= pthread
+ LIBADD.socket_splice+= pthread
+--- /dev/null
++++ tests/sys/kern/jaildesc.c
+@@ -0,0 +1,201 @@
++/*
++ * Copyright (c) 2026 Mark Johnston
++ *
++ * SPDX-License-Identifier: BSD-2-Clause
++ */
++
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++#include
++#include
++#include
++
++/*
++ * Create a persistent jail and return an owning descriptor for it.
++ * The jail is removed when the returned descriptor is closed.
++ */
++static int
++create_jail(const char *name)
++{
++ struct iovec iov[8];
++ int desc, jid, n;
++
++ desc = -1;
++ n = 0;
++ iov[n].iov_base = __DECONST(void *, "name");
++ iov[n++].iov_len = strlen("name") + 1;
++ iov[n].iov_base = __DECONST(void *, name);
++ iov[n++].iov_len = strlen(name) + 1;
++ iov[n].iov_base = __DECONST(void *, "path");
++ iov[n++].iov_len = strlen("path") + 1;
++ iov[n].iov_base = __DECONST(void *, "/");
++ iov[n++].iov_len = strlen("/") + 1;
++ iov[n].iov_base = __DECONST(void *, "persist");
++ iov[n++].iov_len = strlen("persist") + 1;
++ iov[n].iov_base = NULL;
++ iov[n++].iov_len = 0;
++ iov[n].iov_base = __DECONST(void *, "desc");
++ iov[n++].iov_len = strlen("desc") + 1;
++ iov[n].iov_base = &desc;
++ iov[n++].iov_len = sizeof(desc);
++ jid = jail_set(iov, n, JAIL_CREATE | JAIL_OWN_DESC);
++ ATF_REQUIRE_MSG(jid >= 0, "jail_set: %s", strerror(errno));
++ return (desc);
++}
++
++static void *
++poll_jaildesc(void *arg)
++{
++ struct pollfd pfd;
++
++ pfd.fd = *(int *)arg;
++ pfd.events = POLLHUP;
++ (void)poll(&pfd, 1, 5000);
++ return ((void *)(uintptr_t)pfd.revents);
++}
++
++/*
++ * Regression test for the case where a jail descriptor is closed while a
++ * thread is blocking in poll(2) on it.
++ */
++ATF_TC(poll_close_race);
++ATF_TC_HEAD(poll_close_race, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(poll_close_race, tc)
++{
++ pthread_t thr;
++ uintptr_t revents;
++ int error, jd;
++
++ jd = create_jail("jaildesc_poll_close_race");
++
++ error = pthread_create(&thr, NULL, poll_jaildesc, &jd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(close(jd) == 0, "close: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLNVAL);
++}
++
++/*
++ * Verify that poll(2) of a jail descriptor returns POLLHUP when the jail
++ * is removed.
++ */
++ATF_TC(poll_remove_wakeup);
++ATF_TC_HEAD(poll_remove_wakeup, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(poll_remove_wakeup, tc)
++{
++ pthread_t thr;
++ uintptr_t revents;
++ int error, jd;
++
++ jd = create_jail("jaildesc_poll_remove_wakeup");
++
++ error = pthread_create(&thr, NULL, poll_jaildesc, &jd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(jail_remove_jd(jd) == 0,
++ "jail_remove_jd: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLHUP);
++
++ ATF_REQUIRE_MSG(close(jd) == 0, "close: %s", strerror(errno));
++}
++
++static int
++get_jaildesc(const char *name)
++{
++ struct iovec iov[4];
++ char namebuf[MAXHOSTNAMELEN];
++ int desc, jid, n;
++
++ strlcpy(namebuf, name, sizeof(namebuf));
++ desc = -1;
++ n = 0;
++ iov[n].iov_base = __DECONST(void *, "name");
++ iov[n++].iov_len = strlen("name") + 1;
++ iov[n].iov_base = namebuf;
++ iov[n++].iov_len = sizeof(namebuf);
++ iov[n].iov_base = __DECONST(void *, "desc");
++ iov[n++].iov_len = strlen("desc") + 1;
++ iov[n].iov_base = &desc;
++ iov[n++].iov_len = sizeof(desc);
++ jid = jail_get(iov, n, JAIL_GET_DESC);
++ ATF_REQUIRE_MSG(jid >= 0, "jail_get: %s", strerror(errno));
++ return (desc);
++}
++
++/*
++ * Regression test for the same use-after-free as poll_close_race, but with a
++ * non-owning JAIL_GET_DESC descriptor obtained without root privileges.
++ */
++ATF_TC(poll_close_race_get_desc);
++ATF_TC_HEAD(poll_close_race_get_desc, tc)
++{
++ atf_tc_set_md_var(tc, "require.user", "root");
++}
++ATF_TC_BODY(poll_close_race_get_desc, tc)
++{
++ struct passwd *pw;
++ pthread_t thr;
++ uintptr_t revents;
++ int error, jd, owning_jd;
++
++ /* Create the jail as root; keep the owning descriptor for cleanup. */
++ owning_jd = create_jail("jaildesc_poll_close_get_desc");
++
++ /*
++ * Drop root privileges. jail_get(2) with JAIL_GET_DESC does not
++ * require PRIV_JAIL_REMOVE, so a non-root process in the host prison
++ * can obtain a read-only descriptor for any visible jail.
++ */
++ pw = getpwnam("nobody");
++ ATF_REQUIRE_MSG(pw != NULL, "getpwnam: %s", strerror(errno));
++ ATF_REQUIRE_MSG(setuid(pw->pw_uid) == 0, "setuid: %s", strerror(errno));
++
++ jd = get_jaildesc("jaildesc_poll_close_get_desc");
++
++ error = pthread_create(&thr, NULL, poll_jaildesc, &jd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(close(jd) == 0, "close: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLNVAL);
++
++ ATF_REQUIRE_MSG(close(owning_jd) == 0, "close: %s", strerror(errno));
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++ ATF_TP_ADD_TC(tp, poll_close_race);
++ ATF_TP_ADD_TC(tp, poll_remove_wakeup);
++ ATF_TP_ADD_TC(tp, poll_close_race_get_desc);
++
++ return (atf_no_error());
++}
+--- /dev/null
++++ tests/sys/kern/procdesc.c
+@@ -0,0 +1,128 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2026 ConnectWise
++ * Copyright (c) 2026 Mark Johnston
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include
++#include
++#include
++#include
++#include
++#include
++
++#include
++#include
++#include
++#include
++
++#include
++
++/* Tests for procdesc(4) that aren't specific to any one syscall */
++
++static void *
++poll_procdesc(void *arg)
++{
++ struct pollfd pfd;
++
++ pfd.fd = *(int *)arg;
++ pfd.events = POLLHUP;
++ (void)poll(&pfd, 1, 5000);
++ return ((void *)(uintptr_t)pfd.revents);
++}
++
++/*
++ * Regression test to exercise the case where a procdesc is closed while a
++ * thread is poll()ing it.
++ */
++ATF_TC_WITHOUT_HEAD(poll_close_race);
++ATF_TC_BODY(poll_close_race, tc)
++{
++ pthread_t thr;
++ pid_t pid;
++ uintptr_t revents;
++ int error, pd;
++
++ pid = pdfork(&pd, PD_DAEMON);
++ ATF_REQUIRE_MSG(pid >= 0, "pdfork: %s", strerror(errno));
++ if (pid == 0) {
++ pause();
++ _exit(0);
++ }
++
++ error = pthread_create(&thr, NULL, poll_procdesc, &pd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(close(pd) == 0, "close: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLNVAL);
++}
++
++/*
++ * Verify that poll(2) of a procdesc returns POLLHUP when the process exits.
++ */
++ATF_TC_WITHOUT_HEAD(poll_exit_wakeup);
++ATF_TC_BODY(poll_exit_wakeup, tc)
++{
++ pthread_t thr;
++ uintptr_t revents;
++ pid_t pid;
++ int error, pd;
++
++ pid = pdfork(&pd, PD_DAEMON);
++ ATF_REQUIRE_MSG(pid >= 0, "pdfork: %s", strerror(errno));
++ if (pid == 0) {
++ pause();
++ _exit(0);
++ }
++
++ error = pthread_create(&thr, NULL, poll_procdesc, &pd);
++ ATF_REQUIRE_MSG(error == 0, "pthread_create: %s", strerror(error));
++
++ /* Wait for the thread to block in poll(2). */
++ usleep(250000);
++
++ ATF_REQUIRE_MSG(pdkill(pd, SIGKILL) == 0,
++ "pdkill: %s", strerror(errno));
++
++ error = pthread_join(thr, (void *)&revents);
++ ATF_REQUIRE_MSG(error == 0, "pthread_join: %s", strerror(error));
++ ATF_REQUIRE_EQ(revents, POLLHUP);
++
++ ATF_REQUIRE_MSG(close(pd) == 0, "close: %s", strerror(errno));
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++ ATF_TP_ADD_TC(tp, poll_close_race);
++ ATF_TP_ADD_TC(tp, poll_exit_wakeup);
++
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:19/file-15.patch.asc b/website/static/security/patches/SA-26:19/file-15.patch.asc
new file mode 100644
index 0000000000..d15ac5c435
--- /dev/null
+++ b/website/static/security/patches/SA-26:19/file-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHAbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvUPwQAL4Td5qsO6YRMxxoyd9Y
+h59xkv7KCPmLOXRLgAf+Aqxof0lqVGbxOx2e9ULzyL2InRvKEsbFCMthdYyWcR0f
+CRTLqPFWq6sAAd2s1ensgTMMn89Ei7ZJoqjPFF7Cl9EBdPRvROf+8aDLD7BXhxO4
+jwoQY0b0FR/IhhP7sfMUEy3Lg2D6E68rrFV6EvKj0CQPentHY3GFSKYh6RcOmBYP
+V1xRl27vTQOfrjIoPPSKTKyVulfjPb7k2ZNsrNozEwdG541ZGddafk+V59siyBxZ
+zt7WBNPPdqSZUOrdWEfy0WS7ejzVk+EtZejNDT5IyJciZfc+2/EGHJDHD4/13UDJ
+lUC4a5cuvSm6bf8qk1lnz1ISfPxayYK3T53lU/axasIlqOdj3jFwWl+EyMDQLmfq
+lxMskYbDobbuxmRstpET9uTQB+uAu2yg2+eej/FGzdT5p+R/54dS6kdeuU2JNFXD
+KJrlll92vMCm1U9gzW5rzzUb78xXWLl4k07PHvauaqActWXZyDPOUGH7a/Ik57BG
+2kO/EzPJZvhpYbhM7Zidfot+b9X+gO4v9YsFy02XdZhRgblIlzyvtDkl2l7drlC7
+j8fzQiEEHJxnMwhj5bxpE028cRg8XszVXgAYGHeEJMqc2mbkMh5yAVgUZX10GZtc
+lJGd4WA1yrr618fLIvXGz+re
+=3h0D
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:20/fusefs-14.3.patch b/website/static/security/patches/SA-26:20/fusefs-14.3.patch
new file mode 100644
index 0000000000..35b68cec8f
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-14.3.patch
@@ -0,0 +1,146 @@
+--- sys/fs/fuse/fuse_ipc.h.orig
++++ sys/fs/fuse/fuse_ipc.h
+@@ -238,6 +238,7 @@
+ #define FSESS_WARN_WB_CACHE_INCOHERENT 0x400000 /* WB cache incoherent */
+ #define FSESS_WARN_ILLEGAL_INODE 0x800000 /* Illegal inode for new file */
+ #define FSESS_WARN_READLINK_EMBEDDED_NUL 0x1000000 /* corrupt READLINK output */
++#define FSESS_WARN_LSEXTATTR_NUL 0x20000000 /* Non nul-terminated xattr list */
+ #define FSESS_MNTOPTS_MASK ( \
+ FSESS_DAEMON_CAN_SPY | FSESS_PUSH_SYMLINKS_IN | \
+ FSESS_DEFAULT_PERMISSIONS | FSESS_INTR)
+--- sys/fs/fuse/fuse_vnops.c.orig
++++ sys/fs/fuse/fuse_vnops.c
+@@ -2806,8 +2806,8 @@
+ * bsd_list, bsd_list_len - output list compatible with bsd vfs
+ */
+ static int
+-fuse_xattrlist_convert(char *prefix, const char *list, int list_len,
+- char *bsd_list, int *bsd_list_len)
++fuse_xattrlist_convert(struct fuse_data *data, char *prefix, const char *list,
++ int list_len, char *bsd_list, int *bsd_list_len)
+ {
+ int len, pos, dist_to_next, prefix_len;
+
+@@ -2816,7 +2816,13 @@
+ prefix_len = strlen(prefix);
+
+ while (pos < list_len && list[pos] != '\0') {
+- dist_to_next = strlen(&list[pos]) + 1;
++ dist_to_next = strnlen(&list[pos], list_len - pos - 1) + 1;
++ if (list[pos + dist_to_next - 1] != '\0') {
++ fuse_warn(data, FSESS_WARN_LSEXTATTR_NUL,
++ "The FUSE server returned a non nul-terminated "
++ "LISTXATTR response.");
++ return (EIO);
++ }
+ if (bcmp(&list[pos], prefix, prefix_len) == 0 &&
+ list[pos + prefix_len] == extattr_namespace_separator) {
+ len = dist_to_next -
+@@ -2872,6 +2878,7 @@
+ struct fuse_listxattr_in *list_xattr_in;
+ struct fuse_listxattr_out *list_xattr_out;
+ struct mount *mp = vnode_mount(vp);
++ struct fuse_data *data = fuse_get_mpdata(mp);
+ struct thread *td = ap->a_td;
+ struct ucred *cred = ap->a_cred;
+ char *prefix;
+@@ -2949,8 +2956,6 @@
+ linux_list = fdi.answ;
+ /* FUSE doesn't allow the server to return more data than requested */
+ if (fdi.iosize > linux_list_len) {
+- struct fuse_data *data = fuse_get_mpdata(mp);
+-
+ fuse_warn(data, FSESS_WARN_LSEXTATTR_LONG,
+ "server returned "
+ "more extended attribute data than requested; "
+@@ -2967,7 +2972,7 @@
+ * FreeBSD's format before giving it to the user.
+ */
+ bsd_list = malloc(linux_list_len, M_TEMP, M_WAITOK);
+- err = fuse_xattrlist_convert(prefix, linux_list, linux_list_len,
++ err = fuse_xattrlist_convert(data, prefix, linux_list, linux_list_len,
+ bsd_list, &bsd_list_len);
+ if (err != 0)
+ goto out;
+--- tests/sys/fs/fusefs/xattr.cc.orig
++++ tests/sys/fs/fusefs/xattr.cc
+@@ -448,6 +448,79 @@
+ ASSERT_TRUE(WIFSIGNALED(status));
+ }
+
++/*
++ * A buggy or malicious server returns a list that isn't nul-terminated. The
++ * kernel should handle it gracefully.
++ */
++TEST_F(Listxattr, not_nul_terminated)
++{
++ uint64_t ino = 42;
++ int ns = EXTATTR_NAMESPACE_USER;
++ char *data;
++ const char expected[4] = {3, 'f', 'o', 'o'};
++ const char first[255] = "user.foo\0system.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
++ const uint8_t badlist[9] = {'u', 's', 'e', 'r', '.', 'f', 'o', 'o', 'd'};
++ Sequence seq;
++
++ EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH)
++ .WillRepeatedly(Invoke(
++ ReturnImmediate([=](auto in __unused, auto& out) {
++ SET_OUT_HEADER_LEN(out, entry);
++ out.body.entry.attr.mode = S_IFREG | 0644;
++ out.body.entry.nodeid = ino;
++ out.body.entry.attr.nlink = 1;
++ out.body.entry.attr_valid = UINT64_MAX;
++ out.body.entry.entry_valid = UINT64_MAX;
++ })));
++
++ /*
++ * On the first LISTXATTRS call, return a big attribute just to fill
++ * the heap with non-NUL data.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(first);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(first),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memcpy((void*)out.body.bytes, first, sizeof(first));
++ out.header.len = sizeof(fuse_out_header) + sizeof(first);
++ }), &seq
++ );
++ /*
++ * On the second LISTXATTRS call, return a malformed list with no NUL
++ * termination. The heap might still be full of the data from the
++ * first call.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(badlist);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(badlist),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memset((void*)out.body.bytes, 'x', sizeof(first));
++ memcpy((void*)out.body.bytes, badlist, sizeof(badlist));
++ out.header.len = sizeof(fuse_out_header) + sizeof(badlist);
++ }), &seq
++ );
++
++ data = new char[1024];
++
++ ASSERT_EQ(static_cast(sizeof(expected)),
++ extattr_list_file(FULLPATH, ns, data, sizeof(data)))
++ << strerror(errno);
++ /*
++ * Receiving this malformed list, the kernel should log it to dmesg and
++ * report an IO error to the caller.
++ */
++ ASSERT_EQ(-1, extattr_list_file(FULLPATH, ns, data, sizeof(data)));
++ EXPECT_EQ(EIO, errno);
++}
++
+ /*
+ * Get the size of the list that it would take to list no extended attributes
+ */
diff --git a/website/static/security/patches/SA-26:20/fusefs-14.3.patch.asc b/website/static/security/patches/SA-26:20/fusefs-14.3.patch.asc
new file mode 100644
index 0000000000..0f3c9741eb
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-14.3.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHMbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvlI0QALm6fFHg0EXsCNa/fEx6
+oSYsueeAZgVd4T+gXdQ2Qj/Ne6LImFJiRiG2m9yhIEVCZA2l54r5UP5IpGag+g0S
+h1H8JEs2VYrc/Z7+E2xD2e3bKhwyJ5DDcoHbGALkFFaVvGDibC79yqzmBHmkBdZr
+W5DBi6YuMlDqoZVMZps00qNRnUjbLWNZXafEiuNBf1suUv14hhyI/DD+SPEXWvDG
+IXXeEO5zA7IxecZSUHZak9DQL234c/gR/+tkgVKwgY+42e9AqcTIOFTDgyZFJ56V
+OgJ5BFsFWO0lFxYPmKRvUPs2DnsvEkN+L9meT5G8BxCC3QybeBRuFoi4/5mLTNAf
+gEU6Fg/XIs/cHnRxq2nfqKigdvULAEeqqUZCIZLnPLxx5DKr42PCv5ExalV+UbTW
+826x6NQ5CNM/MncBpQJwfdwVLc3gOo+jx96I1t9Fe1RMzdho0wj2/rd9gjElkAv7
+ffDtKraDy/m2559Bmu9dLYBokeeFMtLvvGgoHMAyum3QgottdLOkqquvGETM1voP
+2dWNuynDmzf+hFIVN5LgL21TaJbYFvS0MZNmYKGyu6Lqx+9KvYyDdy/T0UGWflU0
+mSbDcCflqUfxdqo50lNzaFhn9KLAA5KhO3DcggeCEVS1ylxN+d85j4qPkROF4I6E
+DEYgzjfPApOkOUqpNXFCvtye
+=Bk3h
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:20/fusefs-14.4.patch b/website/static/security/patches/SA-26:20/fusefs-14.4.patch
new file mode 100644
index 0000000000..a598821095
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-14.4.patch
@@ -0,0 +1,146 @@
+--- sys/fs/fuse/fuse_ipc.h.orig
++++ sys/fs/fuse/fuse_ipc.h
+@@ -240,6 +240,7 @@
+ #define FSESS_WARN_READLINK_EMBEDDED_NUL 0x1000000 /* corrupt READLINK output */
+ #define FSESS_WARN_DOT_LOOKUP 0x2000000 /* Inconsistent . LOOKUP response */
+ #define FSESS_WARN_INODE_MISMATCH 0x4000000 /* ino != nodeid */
++#define FSESS_WARN_LSEXTATTR_NUL 0x20000000 /* Non nul-terminated xattr list */
+ #define FSESS_MNTOPTS_MASK ( \
+ FSESS_DAEMON_CAN_SPY | FSESS_PUSH_SYMLINKS_IN | \
+ FSESS_DEFAULT_PERMISSIONS | FSESS_INTR)
+--- sys/fs/fuse/fuse_vnops.c.orig
++++ sys/fs/fuse/fuse_vnops.c
+@@ -2794,8 +2794,8 @@
+ * bsd_list, bsd_list_len - output list compatible with bsd vfs
+ */
+ static int
+-fuse_xattrlist_convert(char *prefix, const char *list, int list_len,
+- char *bsd_list, int *bsd_list_len)
++fuse_xattrlist_convert(struct fuse_data *data, char *prefix, const char *list,
++ int list_len, char *bsd_list, int *bsd_list_len)
+ {
+ int len, pos, dist_to_next, prefix_len;
+
+@@ -2804,7 +2804,13 @@
+ prefix_len = strlen(prefix);
+
+ while (pos < list_len && list[pos] != '\0') {
+- dist_to_next = strlen(&list[pos]) + 1;
++ dist_to_next = strnlen(&list[pos], list_len - pos - 1) + 1;
++ if (list[pos + dist_to_next - 1] != '\0') {
++ fuse_warn(data, FSESS_WARN_LSEXTATTR_NUL,
++ "The FUSE server returned a non nul-terminated "
++ "LISTXATTR response.");
++ return (EIO);
++ }
+ if (bcmp(&list[pos], prefix, prefix_len) == 0 &&
+ list[pos + prefix_len] == extattr_namespace_separator) {
+ len = dist_to_next -
+@@ -2860,6 +2866,7 @@
+ struct fuse_listxattr_in *list_xattr_in;
+ struct fuse_listxattr_out *list_xattr_out;
+ struct mount *mp = vnode_mount(vp);
++ struct fuse_data *data = fuse_get_mpdata(mp);
+ struct thread *td = ap->a_td;
+ struct ucred *cred = ap->a_cred;
+ char *prefix;
+@@ -2937,8 +2944,6 @@
+ linux_list = fdi.answ;
+ /* FUSE doesn't allow the server to return more data than requested */
+ if (fdi.iosize > linux_list_len) {
+- struct fuse_data *data = fuse_get_mpdata(mp);
+-
+ fuse_warn(data, FSESS_WARN_LSEXTATTR_LONG,
+ "server returned "
+ "more extended attribute data than requested; "
+@@ -2955,7 +2960,7 @@
+ * FreeBSD's format before giving it to the user.
+ */
+ bsd_list = malloc(linux_list_len, M_TEMP, M_WAITOK);
+- err = fuse_xattrlist_convert(prefix, linux_list, linux_list_len,
++ err = fuse_xattrlist_convert(data, prefix, linux_list, linux_list_len,
+ bsd_list, &bsd_list_len);
+ if (err != 0)
+ goto out;
+--- tests/sys/fs/fusefs/xattr.cc.orig
++++ tests/sys/fs/fusefs/xattr.cc
+@@ -448,6 +448,79 @@
+ ASSERT_TRUE(WIFSIGNALED(status));
+ }
+
++/*
++ * A buggy or malicious server returns a list that isn't nul-terminated. The
++ * kernel should handle it gracefully.
++ */
++TEST_F(Listxattr, not_nul_terminated)
++{
++ uint64_t ino = 42;
++ int ns = EXTATTR_NAMESPACE_USER;
++ char *data;
++ const char expected[4] = {3, 'f', 'o', 'o'};
++ const char first[255] = "user.foo\0system.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
++ const uint8_t badlist[9] = {'u', 's', 'e', 'r', '.', 'f', 'o', 'o', 'd'};
++ Sequence seq;
++
++ EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH)
++ .WillRepeatedly(Invoke(
++ ReturnImmediate([=](auto in __unused, auto& out) {
++ SET_OUT_HEADER_LEN(out, entry);
++ out.body.entry.attr.mode = S_IFREG | 0644;
++ out.body.entry.nodeid = ino;
++ out.body.entry.attr.nlink = 1;
++ out.body.entry.attr_valid = UINT64_MAX;
++ out.body.entry.entry_valid = UINT64_MAX;
++ })));
++
++ /*
++ * On the first LISTXATTRS call, return a big attribute just to fill
++ * the heap with non-NUL data.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(first);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(first),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memcpy((void*)out.body.bytes, first, sizeof(first));
++ out.header.len = sizeof(fuse_out_header) + sizeof(first);
++ }), &seq
++ );
++ /*
++ * On the second LISTXATTRS call, return a malformed list with no NUL
++ * termination. The heap might still be full of the data from the
++ * first call.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(badlist);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(badlist),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memset((void*)out.body.bytes, 'x', sizeof(first));
++ memcpy((void*)out.body.bytes, badlist, sizeof(badlist));
++ out.header.len = sizeof(fuse_out_header) + sizeof(badlist);
++ }), &seq
++ );
++
++ data = new char[1024];
++
++ ASSERT_EQ(static_cast(sizeof(expected)),
++ extattr_list_file(FULLPATH, ns, data, sizeof(data)))
++ << strerror(errno);
++ /*
++ * Receiving this malformed list, the kernel should log it to dmesg and
++ * report an IO error to the caller.
++ */
++ ASSERT_EQ(-1, extattr_list_file(FULLPATH, ns, data, sizeof(data)));
++ EXPECT_EQ(EIO, errno);
++}
++
+ /*
+ * Get the size of the list that it would take to list no extended attributes
+ */
diff --git a/website/static/security/patches/SA-26:20/fusefs-14.4.patch.asc b/website/static/security/patches/SA-26:20/fusefs-14.4.patch.asc
new file mode 100644
index 0000000000..2c328bce9d
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-14.4.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHQbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvTEYP/ji9A2XSR2utdOfiMp7d
+I3Bhy66qAxYmC3xcVDwQLMe5z/7BK6lgJFfLp6Lq6cFAvKYy+cwY9iR85fAcGK60
+cInncCgFpgl3apNzBQrSg28kD2v1bIM80oaeM/uBJc2WIjKPeu5Z7DdniHiiUxae
+jknvhojwpCkd3KCktqrpW6IBHI1TtXuHJWpDPBWr9KbxEcTWUku4gfnXkLvq8yoi
+9YrMnWIK0zP322BbpEgujQengsoT2dYOQgj2YqXegLgrEiXWn/OdcmqSLSTKTl4W
+5Zdmf90hZbvUMD4jnumXAEoCG++oopec0uFkTPuFLuXTqZhSFeTAT+9P6vepyc6i
+EpoGEaSJjDlAdbpf/usp69ReROr6DHje67bMUcTpDWQXlv3fho8UirCMhOU8qAdI
+ZQS6ogJgTxz29sEfgD+raaiQYte7p3pFIA41RwXpN9g87hyMGk41GRxZMpyRtN44
+W8OUOUf1bwGpNcyu9J/z8WZ7eNT4iwuRw13IeQ7jUcz1bIt7GlnV8TiyFCc+ZsvW
+PzWx15zuWO751AzwnuUJkOR7H+xCZT48aOj5WvegdAIBpqMSz3R2veecyGsEjfRE
+pe9z06/2dNR9ZPCxW+1yA9iBZr46D+wWXAD4TCNajHDXIRUBu18blhITQmTbHqeO
+Ok5rj3IHx1CRL4kNgWDjtzHe
+=ZCVv
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:20/fusefs-15.patch b/website/static/security/patches/SA-26:20/fusefs-15.patch
new file mode 100644
index 0000000000..ff6e838f45
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-15.patch
@@ -0,0 +1,147 @@
+--- sys/fs/fuse/fuse_ipc.h.orig
++++ sys/fs/fuse/fuse_ipc.h
+@@ -240,6 +240,7 @@
+ #define FSESS_WARN_READLINK_EMBEDDED_NUL 0x1000000 /* corrupt READLINK output */
+ #define FSESS_WARN_DOT_LOOKUP 0x2000000 /* Inconsistent . LOOKUP response */
+ #define FSESS_WARN_INODE_MISMATCH 0x4000000 /* ino != nodeid */
++#define FSESS_WARN_LSEXTATTR_NUL 0x20000000 /* Non nul-terminated xattr list */
+ #define FSESS_MNTOPTS_MASK ( \
+ FSESS_DAEMON_CAN_SPY | FSESS_PUSH_SYMLINKS_IN | \
+ FSESS_DEFAULT_PERMISSIONS | FSESS_INTR)
+--- sys/fs/fuse/fuse_vnops.c.orig
++++ sys/fs/fuse/fuse_vnops.c
+@@ -2841,8 +2841,8 @@
+ * bsd_list, bsd_list_len - output list compatible with bsd vfs
+ */
+ static int
+-fuse_xattrlist_convert(char *prefix, const char *list, int list_len,
+- char *bsd_list, int *bsd_list_len)
++fuse_xattrlist_convert(struct fuse_data *data, char *prefix, const char *list,
++ int list_len, char *bsd_list, int *bsd_list_len)
+ {
+ int len, pos, dist_to_next, prefix_len;
+
+@@ -2851,7 +2851,14 @@
+ prefix_len = strlen(prefix);
+
+ while (pos < list_len && list[pos] != '\0') {
+- dist_to_next = strlen(&list[pos]) + 1;
++ dist_to_next = strnlen(&list[pos], list_len - pos - 1) + 1;
++ if (list[pos + dist_to_next - 1] != '\0') {
++ fuse_warn(data, FSESS_WARN_LSEXTATTR_NUL,
++ "The FUSE server returned a non nul-terminated "
++ "LISTXATTR response.");
++ return (EXTERROR(EIO,
++ "The FUSE server returned a malformed list"));
++ }
+ if (bcmp(&list[pos], prefix, prefix_len) == 0 &&
+ list[pos + prefix_len] == extattr_namespace_separator) {
+ len = dist_to_next -
+@@ -2907,6 +2914,7 @@
+ struct fuse_listxattr_in *list_xattr_in;
+ struct fuse_listxattr_out *list_xattr_out;
+ struct mount *mp = vnode_mount(vp);
++ struct fuse_data *data = fuse_get_mpdata(mp);
+ struct thread *td = ap->a_td;
+ struct ucred *cred = ap->a_cred;
+ char *prefix;
+@@ -2987,8 +2995,6 @@
+ linux_list = fdi.answ;
+ /* FUSE doesn't allow the server to return more data than requested */
+ if (fdi.iosize > linux_list_len) {
+- struct fuse_data *data = fuse_get_mpdata(mp);
+-
+ fuse_warn(data, FSESS_WARN_LSEXTATTR_LONG,
+ "server returned "
+ "more extended attribute data than requested; "
+@@ -3005,7 +3011,7 @@
+ * FreeBSD's format before giving it to the user.
+ */
+ bsd_list = malloc(linux_list_len, M_TEMP, M_WAITOK);
+- err = fuse_xattrlist_convert(prefix, linux_list, linux_list_len,
++ err = fuse_xattrlist_convert(data, prefix, linux_list, linux_list_len,
+ bsd_list, &bsd_list_len);
+ if (err != 0)
+ goto out;
+--- tests/sys/fs/fusefs/xattr.cc.orig
++++ tests/sys/fs/fusefs/xattr.cc
+@@ -492,6 +492,79 @@
+ ASSERT_TRUE(WIFSIGNALED(status));
+ }
+
++/*
++ * A buggy or malicious server returns a list that isn't nul-terminated. The
++ * kernel should handle it gracefully.
++ */
++TEST_F(Listxattr, not_nul_terminated)
++{
++ uint64_t ino = 42;
++ int ns = EXTATTR_NAMESPACE_USER;
++ char *data;
++ const char expected[4] = {3, 'f', 'o', 'o'};
++ const char first[255] = "user.foo\0system.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
++ const uint8_t badlist[9] = {'u', 's', 'e', 'r', '.', 'f', 'o', 'o', 'd'};
++ Sequence seq;
++
++ EXPECT_LOOKUP(FUSE_ROOT_ID, RELPATH)
++ .WillRepeatedly(Invoke(
++ ReturnImmediate([=](auto in __unused, auto& out) {
++ SET_OUT_HEADER_LEN(out, entry);
++ out.body.entry.attr.mode = S_IFREG | 0644;
++ out.body.entry.nodeid = ino;
++ out.body.entry.attr.nlink = 1;
++ out.body.entry.attr_valid = UINT64_MAX;
++ out.body.entry.entry_valid = UINT64_MAX;
++ })));
++
++ /*
++ * On the first LISTXATTRS call, return a big attribute just to fill
++ * the heap with non-NUL data.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(first);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(first),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memcpy((void*)out.body.bytes, first, sizeof(first));
++ out.header.len = sizeof(fuse_out_header) + sizeof(first);
++ }), &seq
++ );
++ /*
++ * On the second LISTXATTRS call, return a malformed list with no NUL
++ * termination. The heap might still be full of the data from the
++ * first call.
++ */
++ expect_listxattr(ino, 0,
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ out.body.listxattr.size = sizeof(badlist);
++ SET_OUT_HEADER_LEN(out, listxattr);
++ }), &seq
++ );
++ expect_listxattr(ino, sizeof(badlist),
++ ReturnImmediate([&](auto in __unused, auto& out) {
++ memset((void*)out.body.bytes, 'x', sizeof(first));
++ memcpy((void*)out.body.bytes, badlist, sizeof(badlist));
++ out.header.len = sizeof(fuse_out_header) + sizeof(badlist);
++ }), &seq
++ );
++
++ data = new char[1024];
++
++ ASSERT_EQ(static_cast(sizeof(expected)),
++ extattr_list_file(FULLPATH, ns, data, sizeof(data)))
++ << strerror(errno);
++ /*
++ * Receiving this malformed list, the kernel should log it to dmesg and
++ * report an IO error to the caller.
++ */
++ ASSERT_EQ(-1, extattr_list_file(FULLPATH, ns, data, sizeof(data)));
++ EXPECT_EQ(EIO, errno);
++}
++
+ /*
+ * Get the size of the list that it would take to list no extended attributes
+ */
diff --git a/website/static/security/patches/SA-26:20/fusefs-15.patch.asc b/website/static/security/patches/SA-26:20/fusefs-15.patch.asc
new file mode 100644
index 0000000000..9a7b7393e8
--- /dev/null
+++ b/website/static/security/patches/SA-26:20/fusefs-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHUbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv0+cP/0P7o4+JOhW/CAe6DdQI
+90ZMElw9Q/ceD4P63RTby9oFCIG1l+hEMfCeH9CoaRXuTelIrX8g+O5o+9ED3oPc
+FpPj/baTFXoq8ZnxoT18ZtGqsF/pjpZlEZx4vFLILjXMnmun9WC7Bw2X51gUxh46
+XoilE/ofXmTebRRn/cslae3DTOBezMPO59QVg+qvdQEzoPxTF6YWtGW+775ZiSEo
+i0jxBvTqNe17QKZnjMO5Mr7ZlCAmG10z8ygmWOXbtIyaSSq8I1UKzUBhnq4UUC1E
+BW7YtbYBu/ZIG9Wyg4apcN7Rb4krg2J/5wWaZnJYxLNEWM1wTjR1Mg/AFsV/1mav
+ueJBEkGRfGcTH/UbCi4nMBTizN18dATdkbQSuffU+BeTLYjylS15nramtI5BJcVa
+M2XHMVFHNvQB0bVyRwTXvwXggwSXDnIPeB/k3w+3usyY/xQ66cf5KfaNFZ/MJcRv
+hukTFXwRFt5q6Q0Emnt4whti+gn4HQNnfFHJONdXXPU2X05CGGHtg5/qTdm8wLKm
+iO8ggc3i/15gAdaPKwkWMwQyifwQ4kNYPttwqkrTz+kyCuhzftHuWNJ+ZRnh+99a
+pPNuTMZd9ZOTkjX0DebEbPZD9CZ4qiwquOMnUJ07b6xTa02BHk63D0SDIVl4vV9R
+9u08BlmYuNc2zTAFit1MychY
+=gqpB
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:21/ptrace-14.3.patch b/website/static/security/patches/SA-26:21/ptrace-14.3.patch
new file mode 100644
index 0000000000..1c357dd9e0
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-14.3.patch
@@ -0,0 +1,164 @@
+--- sys/kern/kern_sig.c.orig
++++ sys/kern/kern_sig.c
+@@ -2677,23 +2677,26 @@
+ struct sysentvec *sv;
+ struct sysent *se;
+ register_t rv_saved[2];
++ unsigned int sc;
+ int error, nerror;
+- int sc;
+ bool audited, sy_thr_static;
+
+- sv = p->p_sysent;
+- if (sv->sv_table == NULL || sv->sv_size < tsr->ts_sa.code) {
+- tsr->ts_ret.sr_error = ENOSYS;
+- return;
+- }
+-
+ sc = tsr->ts_sa.code;
+ if (sc == SYS_syscall || sc == SYS___syscall) {
++ if (tsr->ts_nargs == 0) {
++ tsr->ts_ret.sr_error = EINVAL;
++ return;
++ }
+ sc = tsr->ts_sa.args[0];
+ memmove(&tsr->ts_sa.args[0], &tsr->ts_sa.args[1],
+ sizeof(register_t) * (tsr->ts_nargs - 1));
+ }
+
++ sv = p->p_sysent;
++ if (sv->sv_table == NULL || sc >= sv->sv_size) {
++ tsr->ts_ret.sr_error = ENOSYS;
++ return;
++ }
+ tsr->ts_sa.callp = se = &sv->sv_table[sc];
+
+ VM_CNT_INC(v_syscall);
+--- tests/sys/kern/ptrace_test.c.orig
++++ tests/sys/kern/ptrace_test.c
+@@ -4363,6 +4363,25 @@
+ REQUIRE_EQ(close(pd), 0);
+ }
+
++static void
++pt_sc_remote(pid_t pid, struct ptrace_sc_remote *pscr, int error,
++ syscallarg_t ret)
++{
++ pid_t wpid;
++ int status;
++
++ ATF_REQUIRE(ptrace(PT_SC_REMOTE, pid, (caddr_t)pscr, sizeof(*pscr)) !=
++ -1);
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_error, error);
++ if (error == 0)
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_retval[0], ret);
++
++ wpid = waitpid(pid, &status, 0);
++ REQUIRE_EQ(wpid, pid);
++ ATF_REQUIRE(WIFSTOPPED(status));
++ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++}
++
+ /*
+ * Try using PT_SC_REMOTE to get the PID of a traced child process.
+ */
+@@ -4370,8 +4389,7 @@
+ ATF_TC_BODY(ptrace__PT_SC_REMOTE_getpid, tc)
+ {
+ struct ptrace_sc_remote pscr;
+- pid_t fpid, wpid;
+- int status;
++ pid_t fpid;
+
+ ATF_REQUIRE((fpid = fork()) != -1);
+ if (fpid == 0) {
+@@ -4384,35 +4402,62 @@
+ pscr.pscr_syscall = SYS_getpid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getpid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == fpid,
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
+-
+- wpid = waitpid(fpid, &status, 0);
+- REQUIRE_EQ(wpid, fpid);
+- ATF_REQUIRE(WIFSTOPPED(status));
+- REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++ pt_sc_remote(fpid, &pscr, 0, fpid);
+
+ pscr.pscr_syscall = SYS_getppid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getppid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == getpid(),
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
++ pt_sc_remote(fpid, &pscr, 0, getpid());
++
++ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
++}
++
++ATF_TC_WITHOUT_HEAD(ptrace__PT_SC_REMOTE_syscall_validation);
++ATF_TC_BODY(ptrace__PT_SC_REMOTE_syscall_validation, tc)
++{
++ struct ptrace_sc_remote pscr;
++ quad_t code;
++ int status;
++ pid_t fpid, wpid;
++
++ code = SYS_MAXSYSCALL;
++
++ ATF_REQUIRE((fpid = fork()) != -1);
++ if (fpid == 0) {
++ trace_me();
++ exit(0);
++ }
+
+ wpid = waitpid(fpid, &status, 0);
+ REQUIRE_EQ(wpid, fpid);
+ ATF_REQUIRE(WIFSTOPPED(status));
+ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
+
++ pscr.pscr_syscall = SYS_MAXSYSCALL;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
+ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
+ }
+
+@@ -4529,6 +4574,7 @@
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_getpid);
++ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_syscall_validation);
+ ATF_TP_ADD_TC(tp, ptrace__reap_kill_stopped);
+
+ return (atf_no_error());
diff --git a/website/static/security/patches/SA-26:21/ptrace-14.3.patch.asc b/website/static/security/patches/SA-26:21/ptrace-14.3.patch.asc
new file mode 100644
index 0000000000..9f47bb999a
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-14.3.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHgbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvlAMP/10MF70q2uwHdVYqJ8R8
+LNy+2BJDPiPerGbCnbjqtD8ciDAvMRMD6413kMyOrfpMQePSUwyz2y7ByxJPOeca
+xkzoCebhuwpf6iXZJQa86OyTR64hDBbGLl4SF9r8Kmd9icSm79AQXmYxRoXeqsJX
+x/DHY2q08M2nclIAggF6c10zLvtPdOmJNVTvMcFeEt+gsV6RwRIbvk+5nYLMIBlU
++SQ9M/Q0mYuAlEUZAqtJOPC2iOoetyO6arBr76RhBOB6nxced60QrKZLY/sRdBaE
+TTpdkWV5O/E8lj8IbSwzZx8saHo/BS5mT9yJivbDrFSQ6oLds0SZEtGOkXWFLfCR
+/aLnp6vypCIWcJ/BkS5hfqP3sAw4nTuGBD9EtG4tdcqV+ys2NFT6vIOo2oJTKuys
+JcYmGs1lP0a9iT2DM3SOW1C6CIU/mDmpeZ1uJv11a9ZUo4KSQA7WJhm4NpSke5AP
+7+omM3heH+RWzgbysrPywHGIygzWFzhWi6lrE/ys8OC7mHizR+B3DAAhAmdAKa7k
+AQMeIIghg5NphPYO8/tBml1QJ3q6oHp4ohkPIppmiI3M3nUxJH3yb/S9klnM3CM4
+pwCYTQn/ph8519OFr4Hjn/RylZvjmdoIthwImZlX2xfyMhZoWFlFRAg+MzR784Yy
+FDCL4ifSXzPjx9xqeryZ61fk
+=vTiT
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:21/ptrace-14.4.patch b/website/static/security/patches/SA-26:21/ptrace-14.4.patch
new file mode 100644
index 0000000000..0dd7cdc3a3
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-14.4.patch
@@ -0,0 +1,154 @@
+--- sys/kern/kern_sig.c.orig
++++ sys/kern/kern_sig.c
+@@ -2692,23 +2692,26 @@
+ struct sysentvec *sv;
+ struct sysent *se;
+ register_t rv_saved[2];
++ unsigned int sc;
+ int error, nerror;
+- int sc;
+ bool audited, sy_thr_static;
+
+- sv = p->p_sysent;
+- if (sv->sv_table == NULL || sv->sv_size < tsr->ts_sa.code) {
+- tsr->ts_ret.sr_error = ENOSYS;
+- return;
+- }
+-
+ sc = tsr->ts_sa.code;
+ if (sc == SYS_syscall || sc == SYS___syscall) {
++ if (tsr->ts_nargs == 0) {
++ tsr->ts_ret.sr_error = EINVAL;
++ return;
++ }
+ sc = tsr->ts_sa.args[0];
+ memmove(&tsr->ts_sa.args[0], &tsr->ts_sa.args[1],
+ sizeof(register_t) * (tsr->ts_nargs - 1));
+ }
+
++ sv = p->p_sysent;
++ if (sv->sv_table == NULL || sc >= sv->sv_size) {
++ tsr->ts_ret.sr_error = ENOSYS;
++ return;
++ }
+ tsr->ts_sa.callp = se = &sv->sv_table[sc];
+
+ VM_CNT_INC(v_syscall);
+--- tests/sys/kern/ptrace_test.c.orig
++++ tests/sys/kern/ptrace_test.c
+@@ -4363,6 +4363,25 @@
+ REQUIRE_EQ(close(pd), 0);
+ }
+
++static void
++pt_sc_remote(pid_t pid, struct ptrace_sc_remote *pscr, int error,
++ syscallarg_t ret)
++{
++ pid_t wpid;
++ int status;
++
++ ATF_REQUIRE(ptrace(PT_SC_REMOTE, pid, (caddr_t)pscr, sizeof(*pscr)) !=
++ -1);
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_error, error);
++ if (error == 0)
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_retval[0], ret);
++
++ wpid = waitpid(pid, &status, 0);
++ REQUIRE_EQ(wpid, pid);
++ ATF_REQUIRE(WIFSTOPPED(status));
++ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++}
++
+ /*
+ * Try using PT_SC_REMOTE to get the PID of a traced child process.
+ */
+@@ -4387,35 +4406,62 @@
+ pscr.pscr_syscall = SYS_getpid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getpid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == fpid,
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
+-
+- wpid = waitpid(fpid, &status, 0);
+- REQUIRE_EQ(wpid, fpid);
+- ATF_REQUIRE(WIFSTOPPED(status));
+- REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++ pt_sc_remote(fpid, &pscr, 0, fpid);
+
+ pscr.pscr_syscall = SYS_getppid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getppid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == getpid(),
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
++ pt_sc_remote(fpid, &pscr, 0, getpid());
++
++ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
++}
++
++ATF_TC_WITHOUT_HEAD(ptrace__PT_SC_REMOTE_syscall_validation);
++ATF_TC_BODY(ptrace__PT_SC_REMOTE_syscall_validation, tc)
++{
++ struct ptrace_sc_remote pscr;
++ quad_t code;
++ int status;
++ pid_t fpid, wpid;
++
++ code = SYS_MAXSYSCALL;
++
++ ATF_REQUIRE((fpid = fork()) != -1);
++ if (fpid == 0) {
++ trace_me();
++ exit(0);
++ }
+
+ wpid = waitpid(fpid, &status, 0);
+ REQUIRE_EQ(wpid, fpid);
+ ATF_REQUIRE(WIFSTOPPED(status));
+ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
+
++ pscr.pscr_syscall = SYS_MAXSYSCALL;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
+ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
+ }
+
+@@ -4658,6 +4704,7 @@
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_getpid);
++ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_syscall_validation);
+ ATF_TP_ADD_TC(tp, ptrace__reap_kill_stopped);
+ ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_no_EINTR);
+ ATF_TP_ADD_TC(tp, ptrace__PT_DETACH_continued);
diff --git a/website/static/security/patches/SA-26:21/ptrace-14.4.patch.asc b/website/static/security/patches/SA-26:21/ptrace-14.4.patch.asc
new file mode 100644
index 0000000000..7b82a1c802
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-14.4.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHkbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrviIQP/0J+7WsDP2sa3qN/bPca
+m6rVHn83Jo8wnPSaUwUHqiWWCsXZBKSWpMcUneQoknmqArC7l2SNPAhXv3EH01fi
+ot63ojivc6/Fi0LPhnLC0XSvOePelm9EAkIuYny106q4mWDO0AQIKLks8AMWyJF7
+nEqUzVkXegoasWYmcS+9s0ddS+mVZdNm9Ajd+7gohX2T1/SK3FgIdJMZaDLx4cUV
+3B+44iS557PZLTpEjBSESxVM9132HFY16Fz3HUI6i+Cohrnip9KmSAFbutqmKARa
+08xfFDGeuLgkxZJFoiBmF9o3QxiutRlTeGl3l2A2WIKkMuIf4UtEMMaD+9KrMIpP
+idi0Sa9utRVc1TKRg2hjb2121b7ZAM3SaCvBbunBmV8Kv051sVRcoElG4QsmZgxf
+4rwpSBLQdtIBTjvSwhzTwnPJLcb6Lehb2ntZ55NDelSru/3DODEX7oKqKfst3Bgv
+QM+L/UYmedbb9qCe58tCgXOE9GEXn8pL7URUT7zv0zf6nX+Tc4viS9TO8lG65wU6
+c8/QnDt9kxts6/Nzfe5JAnSMxPLExuc7Cka6n625nB0L/q81rCvWISwUpJFa49in
+mbeuih5Jggpn/kZ+ifFQIpK59rpHShzumTdIWMZubJOSALjpAXFynvC1si/k/W6/
+xxi7tyKq1Tb/SRsXWk4ChxNZ
+=c4Yi
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:21/ptrace-15.patch b/website/static/security/patches/SA-26:21/ptrace-15.patch
new file mode 100644
index 0000000000..97f0d5f84c
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-15.patch
@@ -0,0 +1,154 @@
+--- sys/kern/kern_sig.c.orig
++++ sys/kern/kern_sig.c
+@@ -2678,23 +2678,26 @@
+ struct sysentvec *sv;
+ struct sysent *se;
+ register_t rv_saved[2];
++ unsigned int sc;
+ int error, nerror;
+- int sc;
+ bool audited, sy_thr_static;
+
+- sv = p->p_sysent;
+- if (sv->sv_table == NULL || sv->sv_size < tsr->ts_sa.code) {
+- tsr->ts_ret.sr_error = ENOSYS;
+- return;
+- }
+-
+ sc = tsr->ts_sa.code;
+ if (sc == SYS_syscall || sc == SYS___syscall) {
++ if (tsr->ts_nargs == 0) {
++ tsr->ts_ret.sr_error = EINVAL;
++ return;
++ }
+ sc = tsr->ts_sa.args[0];
+ memmove(&tsr->ts_sa.args[0], &tsr->ts_sa.args[1],
+ sizeof(register_t) * (tsr->ts_nargs - 1));
+ }
+
++ sv = p->p_sysent;
++ if (sv->sv_table == NULL || sc >= sv->sv_size) {
++ tsr->ts_ret.sr_error = ENOSYS;
++ return;
++ }
+ tsr->ts_sa.callp = se = &sv->sv_table[sc];
+
+ VM_CNT_INC(v_syscall);
+--- tests/sys/kern/ptrace_test.c.orig
++++ tests/sys/kern/ptrace_test.c
+@@ -4362,6 +4362,25 @@
+ REQUIRE_EQ(close(pd), 0);
+ }
+
++static void
++pt_sc_remote(pid_t pid, struct ptrace_sc_remote *pscr, int error,
++ syscallarg_t ret)
++{
++ pid_t wpid;
++ int status;
++
++ ATF_REQUIRE(ptrace(PT_SC_REMOTE, pid, (caddr_t)pscr, sizeof(*pscr)) !=
++ -1);
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_error, error);
++ if (error == 0)
++ ATF_REQUIRE_EQ(pscr->pscr_ret.sr_retval[0], ret);
++
++ wpid = waitpid(pid, &status, 0);
++ REQUIRE_EQ(wpid, pid);
++ ATF_REQUIRE(WIFSTOPPED(status));
++ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++}
++
+ /*
+ * Try using PT_SC_REMOTE to get the PID of a traced child process.
+ */
+@@ -4386,35 +4405,62 @@
+ pscr.pscr_syscall = SYS_getpid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getpid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == fpid,
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
+-
+- wpid = waitpid(fpid, &status, 0);
+- REQUIRE_EQ(wpid, fpid);
+- ATF_REQUIRE(WIFSTOPPED(status));
+- REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
++ pt_sc_remote(fpid, &pscr, 0, fpid);
+
+ pscr.pscr_syscall = SYS_getppid;
+ pscr.pscr_nargs = 0;
+ pscr.pscr_args = NULL;
+- ATF_REQUIRE(ptrace(PT_SC_REMOTE, fpid, (caddr_t)&pscr, sizeof(pscr)) !=
+- -1);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_error == 0,
+- "remote getppid failed with error %d", pscr.pscr_ret.sr_error);
+- ATF_REQUIRE_MSG(pscr.pscr_ret.sr_retval[0] == getpid(),
+- "unexpected return value %jd instead of %d",
+- (intmax_t)pscr.pscr_ret.sr_retval[0], fpid);
++ pt_sc_remote(fpid, &pscr, 0, getpid());
++
++ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
++}
++
++ATF_TC_WITHOUT_HEAD(ptrace__PT_SC_REMOTE_syscall_validation);
++ATF_TC_BODY(ptrace__PT_SC_REMOTE_syscall_validation, tc)
++{
++ struct ptrace_sc_remote pscr;
++ quad_t code;
++ int status;
++ pid_t fpid, wpid;
++
++ code = SYS_MAXSYSCALL;
++
++ ATF_REQUIRE((fpid = fork()) != -1);
++ if (fpid == 0) {
++ trace_me();
++ exit(0);
++ }
+
+ wpid = waitpid(fpid, &status, 0);
+ REQUIRE_EQ(wpid, fpid);
+ ATF_REQUIRE(WIFSTOPPED(status));
+ REQUIRE_EQ(WSTOPSIG(status), SIGSTOP);
+
++ pscr.pscr_syscall = SYS_MAXSYSCALL;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS_syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 0;
++ pscr.pscr_args = NULL;
++ pt_sc_remote(fpid, &pscr, EINVAL, 0);
++
++ pscr.pscr_syscall = SYS___syscall;
++ pscr.pscr_nargs = 1;
++ pscr.pscr_args = (syscallarg_t *)&code;
++ pt_sc_remote(fpid, &pscr, ENOSYS, 0);
++
+ ATF_REQUIRE(ptrace(PT_DETACH, fpid, (caddr_t)1, 0) != -1);
+ }
+
+@@ -4657,6 +4703,7 @@
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__procdesc_reparent_wait_child);
+ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_getpid);
++ ATF_TP_ADD_TC(tp, ptrace__PT_SC_REMOTE_syscall_validation);
+ ATF_TP_ADD_TC(tp, ptrace__reap_kill_stopped);
+ ATF_TP_ADD_TC(tp, ptrace__PT_ATTACH_no_EINTR);
+ ATF_TP_ADD_TC(tp, ptrace__PT_DETACH_continued);
diff --git a/website/static/security/patches/SA-26:21/ptrace-15.patch.asc b/website/static/security/patches/SA-26:21/ptrace-15.patch.asc
new file mode 100644
index 0000000000..609bfc84b7
--- /dev/null
+++ b/website/static/security/patches/SA-26:21/ptrace-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKHobFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv+mIP/jrd2IsNHPhHsbnSjg16
+fbLtDSzIBAA5NT8ELxD21EvUVrQlIIakjdxmBs9GyssUDQMWdhXJvVUg+Buk0WPo
+U6sLJU8KfA1r8R3BVvwQVUilIOZd3rbf2p8v+SnilKxLtHThm0N8N05og4k9J4wj
+sbN5cXapiaLeQlrGD9e7qDQRTrxO9XG4qxvipUtjgGqgOPxhfAvPxylieWrQwr80
+V+wpX/gbGLr8psmwYk/4XNkd4tHI4OguNzyOaCgMfcb16AueQBxzgkexlZ1GIxgY
+VF8LMr8w/Qfh2ukjTtgvpKJ8G7TDqoZTxqs+c3mxuW66AxX20x8i+WRlo4X0VTjm
+lTd77Fejoyff6DI8yIDmTaCblX2OLyZFsoi8cY3TRkK6BVDvW08bSE3ztZZwJO4e
+oFVZsONII8GBTRf2yjhOxLaJpheRsff75AqSwTpy8w9XkqQ70n7K8OUsWmHTN2VK
+ZpCMGIu6tX7ShxnigVrA3o0O30fg3VuvVqnsbyA7jDyjzUjpywwd12zcQ+0eZz8U
+1i2XH/hmZ+0dxArVB19QQ/I2vBSQvqYdRxwmitVOWpxZLWWr6FDLMS8BumHXn2IN
+oNbDdiClPyW7+CpJzfrxA5kcnZsBF/aBi/xRZtV/xof4M5LhYDYzbdDWJYgEmW4p
+JSVYiYuiRnJmeWi01UJYGWr6
+=I125
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:22/libcasper-14.patch b/website/static/security/patches/SA-26:22/libcasper-14.patch
new file mode 100644
index 0000000000..7cddb28b48
--- /dev/null
+++ b/website/static/security/patches/SA-26:22/libcasper-14.patch
@@ -0,0 +1,539 @@
+--- lib/libcasper/libcasper/libcasper_impl.h.orig
++++ lib/libcasper/libcasper/libcasper_impl.h
+@@ -54,6 +54,8 @@
+ void service_start(struct service *service, int sock, int procfd);
+ const char *service_name(struct service *service);
+ int service_get_channel_flags(struct service *service);
++bool service_have_connections(void);
++bool service_poll_dispatch(void);
+
+ /* Private service connection functions. */
+ struct service_connection *service_connection_add(struct service *service,
+@@ -64,10 +66,6 @@
+ int service_connection_clone(
+ struct service *service,
+ struct service_connection *sconn);
+-struct service_connection *service_connection_first(
+- struct service *service);
+-struct service_connection *service_connection_next(
+- struct service_connection *sconn);
+ cap_channel_t *service_connection_get_chan(
+ const struct service_connection *sconn);
+ int service_connection_get_sock(
+--- lib/libcasper/libcasper/libcasper_service.c.orig
++++ lib/libcasper/libcasper/libcasper_service.c
+@@ -223,10 +223,6 @@
+ void
+ casper_main_loop(int fd)
+ {
+- fd_set fds;
+- struct casper_service *casserv;
+- struct service_connection *sconn, *sconntmp;
+- int sock, maxfd, ret;
+
+ if (zygote_init() < 0)
+ _exit(1);
+@@ -236,55 +232,10 @@
+ */
+ service_register_core(fd);
+
+- for (;;) {
+- FD_ZERO(&fds);
+- FD_SET(fd, &fds);
+- maxfd = -1;
+- TAILQ_FOREACH(casserv, &casper_services, cs_next) {
+- /* We handle only core services. */
+- if (!CSERVICE_IS_CORE(casserv))
+- continue;
+- for (sconn = service_connection_first(casserv->cs_service);
+- sconn != NULL;
+- sconn = service_connection_next(sconn)) {
+- sock = service_connection_get_sock(sconn);
+- FD_SET(sock, &fds);
+- maxfd = sock > maxfd ? sock : maxfd;
+- }
+- }
+- if (maxfd == -1) {
+- /* Nothing to do. */
+- _exit(0);
+- }
+- maxfd++;
+-
+-
+- assert(maxfd <= (int)FD_SETSIZE);
+- ret = select(maxfd, &fds, NULL, NULL, NULL);
+- assert(ret == -1 || ret > 0); /* select() cannot timeout */
+- if (ret == -1) {
+- if (errno == EINTR)
+- continue;
++ while (service_have_connections()) {
++ if (!service_poll_dispatch())
+ _exit(1);
+- }
+-
+- TAILQ_FOREACH(casserv, &casper_services, cs_next) {
+- /* We handle only core services. */
+- if (!CSERVICE_IS_CORE(casserv))
+- continue;
+- for (sconn = service_connection_first(casserv->cs_service);
+- sconn != NULL; sconn = sconntmp) {
+- /*
+- * Prepare for connection to be removed from
+- * the list on failure.
+- */
+- sconntmp = service_connection_next(sconn);
+- sock = service_connection_get_sock(sconn);
+- if (FD_ISSET(sock, &fds)) {
+- service_message(casserv->cs_service,
+- sconn);
+- }
+- }
+- }
+ }
++
++ _exit(0);
+ }
+--- lib/libcasper/libcasper/service.c.orig
++++ lib/libcasper/libcasper/service.c
+@@ -30,8 +30,7 @@
+ * SUCH DAMAGE.
+ */
+
+-#include
+-#include
++#include
+ #include
+ #include
+ #include
+@@ -42,6 +41,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -72,7 +72,8 @@
+ int sc_magic;
+ cap_channel_t *sc_chan;
+ nvlist_t *sc_limits;
+- TAILQ_ENTRY(service_connection) sc_next;
++ struct service *sc_service;
++ size_t sc_pollidx;
+ };
+
+ #define SERVICE_MAGIC 0x5e91ce
+@@ -82,9 +83,90 @@
+ uint64_t s_flags;
+ service_limit_func_t *s_limit;
+ service_command_func_t *s_command;
+- TAILQ_HEAD(, service_connection) s_connections;
+ };
+
++#define POLLSET_CHUNK 8
++static struct pollfd *pollset_pfds;
++static struct service_connection **pollset_conns;
++static size_t pollset_cap;
++static size_t pollset_size;
++
++static int
++pollset_add(struct service_connection *sconn, int sock)
++{
++ size_t i, newcap;
++ void *p;
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].fd < 0)
++ break;
++ }
++ if (i == pollset_size) {
++ newcap = roundup2(pollset_size + 1, POLLSET_CHUNK);
++ if (newcap > pollset_cap) {
++ p = reallocarray(pollset_pfds, newcap,
++ sizeof(*pollset_pfds));
++ if (p == NULL)
++ return (-1);
++ pollset_pfds = p;
++ p = reallocarray(pollset_conns, newcap,
++ sizeof(*pollset_conns));
++ if (p == NULL)
++ return (-1);
++ pollset_conns = p;
++ pollset_cap = newcap;
++ }
++ pollset_size++;
++ }
++ pollset_pfds[i].fd = sock;
++ pollset_pfds[i].events = POLLIN;
++ pollset_pfds[i].revents = 0;
++ pollset_conns[i] = sconn;
++ sconn->sc_pollidx = i;
++ return (0);
++}
++
++static void
++pollset_remove(struct service_connection *sconn)
++{
++
++ pollset_pfds[sconn->sc_pollidx].fd = -1;
++ pollset_conns[sconn->sc_pollidx] = NULL;
++}
++
++bool
++service_have_connections(void)
++{
++ size_t i;
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].fd >= 0)
++ return (true);
++ }
++ return (false);
++}
++
++bool
++service_poll_dispatch(void)
++{
++ size_t i;
++ int ret;
++
++ do {
++ ret = poll(pollset_pfds, pollset_size, -1);
++ } while (ret == -1 && errno == EINTR);
++ if (ret == -1)
++ return (false);
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].revents == 0)
++ continue;
++ service_message(pollset_conns[i]->sc_service,
++ pollset_conns[i]);
++ }
++ return (true);
++}
++
+ struct service *
+ service_alloc(const char *name, service_limit_func_t *limitfunc,
+ service_command_func_t *commandfunc, uint64_t flags)
+@@ -102,7 +184,6 @@
+ service->s_limit = limitfunc;
+ service->s_command = commandfunc;
+ service->s_flags = flags;
+- TAILQ_INIT(&service->s_connections);
+ service->s_magic = SERVICE_MAGIC;
+
+ return (service);
+@@ -111,13 +192,16 @@
+ void
+ service_free(struct service *service)
+ {
+- struct service_connection *sconn;
++ size_t i;
+
+ assert(service->s_magic == SERVICE_MAGIC);
+
+ service->s_magic = 0;
+- while ((sconn = service_connection_first(service)) != NULL)
+- service_connection_remove(service, sconn);
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_conns[i] != NULL &&
++ pollset_conns[i]->sc_service == service)
++ service_connection_remove(service, pollset_conns[i]);
++ }
+ free(service->s_name);
+ free(service);
+ }
+@@ -154,8 +238,16 @@
+ return (NULL);
+ }
+ }
++ sconn->sc_service = service;
++ if (pollset_add(sconn, sock) == -1) {
++ serrno = errno;
++ nvlist_destroy(sconn->sc_limits);
++ (void)cap_unwrap(sconn->sc_chan, NULL);
++ free(sconn);
++ errno = serrno;
++ return (NULL);
++ }
+ sconn->sc_magic = SERVICE_CONNECTION_MAGIC;
+- TAILQ_INSERT_TAIL(&service->s_connections, sconn, sc_next);
+ return (sconn);
+ }
+
+@@ -167,7 +259,7 @@
+ assert(service->s_magic == SERVICE_MAGIC);
+ assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+
+- TAILQ_REMOVE(&service->s_connections, sconn, sc_next);
++ pollset_remove(sconn);
+ sconn->sc_magic = 0;
+ nvlist_destroy(sconn->sc_limits);
+ cap_close(sconn->sc_chan);
+@@ -197,31 +289,6 @@
+ return (sock[1]);
+ }
+
+-struct service_connection *
+-service_connection_first(struct service *service)
+-{
+- struct service_connection *sconn;
+-
+- assert(service->s_magic == SERVICE_MAGIC);
+-
+- sconn = TAILQ_FIRST(&service->s_connections);
+- assert(sconn == NULL ||
+- sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+- return (sconn);
+-}
+-
+-struct service_connection *
+-service_connection_next(struct service_connection *sconn)
+-{
+-
+- assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+-
+- sconn = TAILQ_NEXT(sconn, sc_next);
+- assert(sconn == NULL ||
+- sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+- return (sconn);
+-}
+-
+ cap_channel_t *
+ service_connection_get_chan(const struct service_connection *sconn)
+ {
+@@ -330,14 +397,6 @@
+ nvlist_destroy(nvlout);
+ }
+
+-static int
+-fd_add(fd_set *fdsp, int maxfd, int fd)
+-{
+-
+- FD_SET(fd, fdsp);
+- return (fd > maxfd ? fd : maxfd);
+-}
+-
+ const char *
+ service_name(struct service *service)
+ {
+@@ -418,9 +477,6 @@
+ void
+ service_start(struct service *service, int sock, int procfd)
+ {
+- struct service_connection *sconn, *sconntmp;
+- fd_set fds;
+- int maxfd, nfds;
+
+ assert(service != NULL);
+ assert(service->s_magic == SERVICE_MAGIC);
+@@ -430,43 +486,9 @@
+ if (service_connection_add(service, sock, NULL) == NULL)
+ _exit(1);
+
+- for (;;) {
+- FD_ZERO(&fds);
+- maxfd = -1;
+- for (sconn = service_connection_first(service); sconn != NULL;
+- sconn = service_connection_next(sconn)) {
+- maxfd = fd_add(&fds, maxfd,
+- service_connection_get_sock(sconn));
+- }
+-
+- assert(maxfd >= 0);
+- assert(maxfd + 1 <= (int)FD_SETSIZE);
+- nfds = select(maxfd + 1, &fds, NULL, NULL, NULL);
+- if (nfds < 0) {
+- if (errno != EINTR)
+- _exit(1);
+- continue;
+- } else if (nfds == 0) {
+- /* Timeout. */
+- abort();
+- }
+-
+- for (sconn = service_connection_first(service); sconn != NULL;
+- sconn = sconntmp) {
+- /*
+- * Prepare for connection to be removed from the list
+- * on failure.
+- */
+- sconntmp = service_connection_next(sconn);
+- if (FD_ISSET(service_connection_get_sock(sconn), &fds))
+- service_message(service, sconn);
+- }
+- if (service_connection_first(service) == NULL) {
+- /*
+- * No connections left, exiting.
+- */
+- break;
+- }
++ while (service_have_connections()) {
++ if (!service_poll_dispatch())
++ _exit(1);
+ }
+
+ _exit(0);
+--- lib/libcasper/tests/Makefile.orig
++++ lib/libcasper/tests/Makefile
+@@ -1,5 +1,13 @@
++.include
+
+-.PATH: ${SRCTOP}/tests
+-KYUAFILE= yes
++PACKAGE= tests
++
++ATF_TESTS_C= cap_main_test
++
++.if ${MK_CASPER} != "no"
++LIBADD+= casper
++CFLAGS+= -DWITH_CASPER
++.endif
++LIBADD+= nv
+
+ .include
+--- /dev/null
++++ lib/libcasper/tests/cap_main_test.c
+@@ -0,0 +1,142 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2026 Mariusz Zaborski
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include
++#include
++
++#include
++#include
++#include
++#include
++
++#include
++
++#include
++
++#define NCONNECTIONS (FD_SETSIZE + 64)
++#define FD_HEADROOM 64
++
++/* Test that file descriptors past FD_SETSIZE (1024) work. */
++ATF_TC_WITHOUT_HEAD(many_connections);
++ATF_TC_BODY(many_connections, tc)
++{
++ struct rlimit rl;
++ cap_channel_t *chan;
++ cap_channel_t **clones;
++ size_t i;
++
++ if (getrlimit(RLIMIT_NOFILE, &rl) != 0)
++ atf_tc_skip("getrlimit: %s", strerror(errno));
++ if (rl.rlim_max < NCONNECTIONS + FD_HEADROOM)
++ atf_tc_skip("RLIMIT_NOFILE hard cap %ju below required %d",
++ (uintmax_t)rl.rlim_max, NCONNECTIONS + FD_HEADROOM);
++ rl.rlim_cur = rl.rlim_max;
++ ATF_REQUIRE_MSG(setrlimit(RLIMIT_NOFILE, &rl) == 0,
++ "setrlimit: %s", strerror(errno));
++
++ chan = cap_init();
++ ATF_REQUIRE_MSG(chan != NULL, "cap_init failed: %s", strerror(errno));
++
++ clones = calloc(NCONNECTIONS, sizeof(*clones));
++ ATF_REQUIRE(clones != NULL);
++
++ /*
++ * Every cap_clone(3) adds one more connection to the helper.
++ * After this loop the helper is watching more fds than an
++ * fd_set can hold.
++ */
++ for (i = 0; i < NCONNECTIONS; i++) {
++ clones[i] = cap_clone(chan);
++ ATF_REQUIRE_MSG(clones[i] != NULL,
++ "cap_clone failed at %zu/%d: %s",
++ i, NCONNECTIONS, strerror(errno));
++ }
++
++ for (i = 0; i < NCONNECTIONS; i++)
++ cap_close(clones[i]);
++ free(clones);
++ cap_close(chan);
++}
++
++#define CHURN_CONNECTIONS 50
++#define CHURN_CLOSE_STEP 5
++
++/* Test that gaps in the file descriptor list do not break casper. */
++ATF_TC_WITHOUT_HEAD(connection_churn);
++ATF_TC_BODY(connection_churn, tc)
++{
++ cap_channel_t *chan, *survivor, *extra;
++ cap_channel_t *clones[CHURN_CONNECTIONS];
++ size_t i, survivor_idx;
++
++ chan = cap_init();
++ ATF_REQUIRE_MSG(chan != NULL, "cap_init failed: %s", strerror(errno));
++
++ for (i = 0; i < CHURN_CONNECTIONS; i++) {
++ clones[i] = cap_clone(chan);
++ ATF_REQUIRE_MSG(clones[i] != NULL,
++ "cap_clone failed at %zu: %s", i, strerror(errno));
++ }
++
++ /*
++ * Close every Nth clone.
++ */
++ for (i = 0; i < CHURN_CONNECTIONS; i += CHURN_CLOSE_STEP) {
++ cap_close(clones[i]);
++ clones[i] = NULL;
++ }
++
++ /*
++ * Force a poll() cycle: the helper handles POLLIN on chan and
++ * POLLHUP on the closed clones in the same walk.
++ */
++ extra = cap_clone(chan);
++ ATF_REQUIRE_MSG(extra != NULL, "cap_clone after churn failed: %s",
++ strerror(errno));
++
++ /* A surviving clone must still round-trip. */
++ survivor_idx = 1;
++ survivor = cap_clone(clones[survivor_idx]);
++ ATF_REQUIRE_MSG(survivor != NULL,
++ "cap_clone on survivor failed: %s", strerror(errno));
++
++ cap_close(survivor);
++ cap_close(extra);
++ for (i = 0; i < CHURN_CONNECTIONS; i++) {
++ if (clones[i] != NULL)
++ cap_close(clones[i]);
++ }
++ cap_close(chan);
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++
++ ATF_TP_ADD_TC(tp, many_connections);
++ ATF_TP_ADD_TC(tp, connection_churn);
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:22/libcasper-14.patch.asc b/website/static/security/patches/SA-26:22/libcasper-14.patch.asc
new file mode 100644
index 0000000000..1754ed5247
--- /dev/null
+++ b/website/static/security/patches/SA-26:22/libcasper-14.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKH0bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvE1wQAIFN2hAU+76Vf5P6J1w9
+ERxUl9XWB+9e+KCvpJzVprwpM6sLm3/04snX5J3dk3/GJ7ngYEmwO0K8fqF8pqTI
+N040UkRk0pIdNPmfzrGZO7vbPhdJeLgiCozzS4x8NLVY297S7pD7chLqw42noJlu
+qZ+RLbaBz+5jeyLnO5y4x40GYuUrQPkD3ksRMr9MXDrN/VJZp48mEBc5fpTe+dTG
+Ina5PB33C70V/Hu7KtPYCvEMhT139ZY/X6zBXJWkFac+yy5Iw5XpQGgtxmiU53ti
+Rfjg1h3lC/mQD1lIvdDBXxhwASqbiqKLBjtl2j+HJbXTw6F1STHr3fl2stPcRu5O
+e4cTEfULoraVKhvUa2/rVc3O9UiWT6ttJeqiLSFLMPje+EzsRRPv7BURIgjCX4ZO
+XbaAS0lPr49tqhDssSN8V4EUaRe4cJm1/bB+1xydpEKmm/5lbvQyA3GMyKau4jEH
+85/E6d6oi0LOK4o5V89tSo0kNiozWHe/uHcZqLCS0FNHtjAhrky+EynKlBD8aQED
+IA+O1RJnFENxG8R6aC290KCDupYG3LBxXavYxm8RA5fIStvQX2srpRoUuCAEh9Dr
+Nwv+nHZZK4yRssf04uwurf/3SUvuOt06fCkzkQxdFByxgjEVFw2LukYaIExtVYH8
+czK6p++bNvfTzQNAx+Mx/4zS
+=hxFw
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:22/libcasper-15.patch b/website/static/security/patches/SA-26:22/libcasper-15.patch
new file mode 100644
index 0000000000..fa89b524a3
--- /dev/null
+++ b/website/static/security/patches/SA-26:22/libcasper-15.patch
@@ -0,0 +1,538 @@
+--- lib/libcasper/libcasper/libcasper_impl.h.orig
++++ lib/libcasper/libcasper/libcasper_impl.h
+@@ -54,6 +54,8 @@
+ void service_start(struct service *service, int sock, int procfd);
+ const char *service_name(struct service *service);
+ int service_get_channel_flags(struct service *service);
++bool service_have_connections(void);
++bool service_poll_dispatch(void);
+
+ /* Private service connection functions. */
+ struct service_connection *service_connection_add(struct service *service,
+@@ -64,10 +66,6 @@
+ int service_connection_clone(
+ struct service *service,
+ struct service_connection *sconn);
+-struct service_connection *service_connection_first(
+- struct service *service);
+-struct service_connection *service_connection_next(
+- struct service_connection *sconn);
+ cap_channel_t *service_connection_get_chan(
+ const struct service_connection *sconn);
+ int service_connection_get_sock(
+--- lib/libcasper/libcasper/libcasper_service.c.orig
++++ lib/libcasper/libcasper/libcasper_service.c
+@@ -222,10 +222,6 @@
+ void
+ casper_main_loop(int fd)
+ {
+- fd_set fds;
+- struct casper_service *casserv;
+- struct service_connection *sconn, *sconntmp;
+- int sock, maxfd, ret;
+
+ if (zygote_init() < 0)
+ _exit(1);
+@@ -235,55 +231,10 @@
+ */
+ service_register_core(fd);
+
+- for (;;) {
+- FD_ZERO(&fds);
+- FD_SET(fd, &fds);
+- maxfd = -1;
+- TAILQ_FOREACH(casserv, &casper_services, cs_next) {
+- /* We handle only core services. */
+- if (!CSERVICE_IS_CORE(casserv))
+- continue;
+- for (sconn = service_connection_first(casserv->cs_service);
+- sconn != NULL;
+- sconn = service_connection_next(sconn)) {
+- sock = service_connection_get_sock(sconn);
+- FD_SET(sock, &fds);
+- maxfd = sock > maxfd ? sock : maxfd;
+- }
+- }
+- if (maxfd == -1) {
+- /* Nothing to do. */
+- _exit(0);
+- }
+- maxfd++;
+-
+-
+- assert(maxfd <= (int)FD_SETSIZE);
+- ret = select(maxfd, &fds, NULL, NULL, NULL);
+- assert(ret == -1 || ret > 0); /* select() cannot timeout */
+- if (ret == -1) {
+- if (errno == EINTR)
+- continue;
++ while (service_have_connections()) {
++ if (!service_poll_dispatch())
+ _exit(1);
+- }
+-
+- TAILQ_FOREACH(casserv, &casper_services, cs_next) {
+- /* We handle only core services. */
+- if (!CSERVICE_IS_CORE(casserv))
+- continue;
+- for (sconn = service_connection_first(casserv->cs_service);
+- sconn != NULL; sconn = sconntmp) {
+- /*
+- * Prepare for connection to be removed from
+- * the list on failure.
+- */
+- sconntmp = service_connection_next(sconn);
+- sock = service_connection_get_sock(sconn);
+- if (FD_ISSET(sock, &fds)) {
+- service_message(casserv->cs_service,
+- sconn);
+- }
+- }
+- }
+ }
++
++ _exit(0);
+ }
+--- lib/libcasper/libcasper/service.c.orig
++++ lib/libcasper/libcasper/service.c
+@@ -30,7 +30,7 @@
+ * SUCH DAMAGE.
+ */
+
+-#include
++#include
+ #include
+ #include
+ #include
+@@ -41,6 +41,7 @@
+ #include
+ #include
+ #include
++#include
+ #include
+ #include
+ #include
+@@ -71,7 +72,8 @@
+ int sc_magic;
+ cap_channel_t *sc_chan;
+ nvlist_t *sc_limits;
+- TAILQ_ENTRY(service_connection) sc_next;
++ struct service *sc_service;
++ size_t sc_pollidx;
+ };
+
+ #define SERVICE_MAGIC 0x5e91ce
+@@ -81,9 +83,90 @@
+ uint64_t s_flags;
+ service_limit_func_t *s_limit;
+ service_command_func_t *s_command;
+- TAILQ_HEAD(, service_connection) s_connections;
+ };
+
++#define POLLSET_CHUNK 8
++static struct pollfd *pollset_pfds;
++static struct service_connection **pollset_conns;
++static size_t pollset_cap;
++static size_t pollset_size;
++
++static int
++pollset_add(struct service_connection *sconn, int sock)
++{
++ size_t i, newcap;
++ void *p;
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].fd < 0)
++ break;
++ }
++ if (i == pollset_size) {
++ newcap = roundup2(pollset_size + 1, POLLSET_CHUNK);
++ if (newcap > pollset_cap) {
++ p = reallocarray(pollset_pfds, newcap,
++ sizeof(*pollset_pfds));
++ if (p == NULL)
++ return (-1);
++ pollset_pfds = p;
++ p = reallocarray(pollset_conns, newcap,
++ sizeof(*pollset_conns));
++ if (p == NULL)
++ return (-1);
++ pollset_conns = p;
++ pollset_cap = newcap;
++ }
++ pollset_size++;
++ }
++ pollset_pfds[i].fd = sock;
++ pollset_pfds[i].events = POLLIN;
++ pollset_pfds[i].revents = 0;
++ pollset_conns[i] = sconn;
++ sconn->sc_pollidx = i;
++ return (0);
++}
++
++static void
++pollset_remove(struct service_connection *sconn)
++{
++
++ pollset_pfds[sconn->sc_pollidx].fd = -1;
++ pollset_conns[sconn->sc_pollidx] = NULL;
++}
++
++bool
++service_have_connections(void)
++{
++ size_t i;
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].fd >= 0)
++ return (true);
++ }
++ return (false);
++}
++
++bool
++service_poll_dispatch(void)
++{
++ size_t i;
++ int ret;
++
++ do {
++ ret = poll(pollset_pfds, pollset_size, -1);
++ } while (ret == -1 && errno == EINTR);
++ if (ret == -1)
++ return (false);
++
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_pfds[i].revents == 0)
++ continue;
++ service_message(pollset_conns[i]->sc_service,
++ pollset_conns[i]);
++ }
++ return (true);
++}
++
+ struct service *
+ service_alloc(const char *name, service_limit_func_t *limitfunc,
+ service_command_func_t *commandfunc, uint64_t flags)
+@@ -101,7 +184,6 @@
+ service->s_limit = limitfunc;
+ service->s_command = commandfunc;
+ service->s_flags = flags;
+- TAILQ_INIT(&service->s_connections);
+ service->s_magic = SERVICE_MAGIC;
+
+ return (service);
+@@ -110,13 +192,16 @@
+ void
+ service_free(struct service *service)
+ {
+- struct service_connection *sconn;
++ size_t i;
+
+ assert(service->s_magic == SERVICE_MAGIC);
+
+ service->s_magic = 0;
+- while ((sconn = service_connection_first(service)) != NULL)
+- service_connection_remove(service, sconn);
++ for (i = 0; i < pollset_size; i++) {
++ if (pollset_conns[i] != NULL &&
++ pollset_conns[i]->sc_service == service)
++ service_connection_remove(service, pollset_conns[i]);
++ }
+ free(service->s_name);
+ free(service);
+ }
+@@ -153,8 +238,16 @@
+ return (NULL);
+ }
+ }
++ sconn->sc_service = service;
++ if (pollset_add(sconn, sock) == -1) {
++ serrno = errno;
++ nvlist_destroy(sconn->sc_limits);
++ (void)cap_unwrap(sconn->sc_chan, NULL);
++ free(sconn);
++ errno = serrno;
++ return (NULL);
++ }
+ sconn->sc_magic = SERVICE_CONNECTION_MAGIC;
+- TAILQ_INSERT_TAIL(&service->s_connections, sconn, sc_next);
+ return (sconn);
+ }
+
+@@ -166,7 +259,7 @@
+ assert(service->s_magic == SERVICE_MAGIC);
+ assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+
+- TAILQ_REMOVE(&service->s_connections, sconn, sc_next);
++ pollset_remove(sconn);
+ sconn->sc_magic = 0;
+ nvlist_destroy(sconn->sc_limits);
+ cap_close(sconn->sc_chan);
+@@ -196,31 +289,6 @@
+ return (sock[1]);
+ }
+
+-struct service_connection *
+-service_connection_first(struct service *service)
+-{
+- struct service_connection *sconn;
+-
+- assert(service->s_magic == SERVICE_MAGIC);
+-
+- sconn = TAILQ_FIRST(&service->s_connections);
+- assert(sconn == NULL ||
+- sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+- return (sconn);
+-}
+-
+-struct service_connection *
+-service_connection_next(struct service_connection *sconn)
+-{
+-
+- assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+-
+- sconn = TAILQ_NEXT(sconn, sc_next);
+- assert(sconn == NULL ||
+- sconn->sc_magic == SERVICE_CONNECTION_MAGIC);
+- return (sconn);
+-}
+-
+ cap_channel_t *
+ service_connection_get_chan(const struct service_connection *sconn)
+ {
+@@ -329,14 +397,6 @@
+ nvlist_destroy(nvlout);
+ }
+
+-static int
+-fd_add(fd_set *fdsp, int maxfd, int fd)
+-{
+-
+- FD_SET(fd, fdsp);
+- return (fd > maxfd ? fd : maxfd);
+-}
+-
+ const char *
+ service_name(struct service *service)
+ {
+@@ -417,9 +477,6 @@
+ void
+ service_start(struct service *service, int sock, int procfd)
+ {
+- struct service_connection *sconn, *sconntmp;
+- fd_set fds;
+- int maxfd, nfds;
+
+ assert(service != NULL);
+ assert(service->s_magic == SERVICE_MAGIC);
+@@ -429,43 +486,9 @@
+ if (service_connection_add(service, sock, NULL) == NULL)
+ _exit(1);
+
+- for (;;) {
+- FD_ZERO(&fds);
+- maxfd = -1;
+- for (sconn = service_connection_first(service); sconn != NULL;
+- sconn = service_connection_next(sconn)) {
+- maxfd = fd_add(&fds, maxfd,
+- service_connection_get_sock(sconn));
+- }
+-
+- assert(maxfd >= 0);
+- assert(maxfd + 1 <= (int)FD_SETSIZE);
+- nfds = select(maxfd + 1, &fds, NULL, NULL, NULL);
+- if (nfds < 0) {
+- if (errno != EINTR)
+- _exit(1);
+- continue;
+- } else if (nfds == 0) {
+- /* Timeout. */
+- abort();
+- }
+-
+- for (sconn = service_connection_first(service); sconn != NULL;
+- sconn = sconntmp) {
+- /*
+- * Prepare for connection to be removed from the list
+- * on failure.
+- */
+- sconntmp = service_connection_next(sconn);
+- if (FD_ISSET(service_connection_get_sock(sconn), &fds))
+- service_message(service, sconn);
+- }
+- if (service_connection_first(service) == NULL) {
+- /*
+- * No connections left, exiting.
+- */
+- break;
+- }
++ while (service_have_connections()) {
++ if (!service_poll_dispatch())
++ _exit(1);
+ }
+
+ _exit(0);
+--- lib/libcasper/tests/Makefile.orig
++++ lib/libcasper/tests/Makefile
+@@ -1,6 +1,13 @@
+-.PATH: ${SRCTOP}/tests
++.include
+
+ PACKAGE= tests
+-KYUAFILE= yes
++
++ATF_TESTS_C= cap_main_test
++
++.if ${MK_CASPER} != "no"
++LIBADD+= casper
++CFLAGS+= -DWITH_CASPER
++.endif
++LIBADD+= nv
+
+ .include
+--- /dev/null
++++ lib/libcasper/tests/cap_main_test.c
+@@ -0,0 +1,142 @@
++/*-
++ * SPDX-License-Identifier: BSD-2-Clause
++ *
++ * Copyright (c) 2026 Mariusz Zaborski
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include
++#include
++
++#include
++#include
++#include
++#include
++
++#include
++
++#include
++
++#define NCONNECTIONS (FD_SETSIZE + 64)
++#define FD_HEADROOM 64
++
++/* Test that file descriptors past FD_SETSIZE (1024) work. */
++ATF_TC_WITHOUT_HEAD(many_connections);
++ATF_TC_BODY(many_connections, tc)
++{
++ struct rlimit rl;
++ cap_channel_t *chan;
++ cap_channel_t **clones;
++ size_t i;
++
++ if (getrlimit(RLIMIT_NOFILE, &rl) != 0)
++ atf_tc_skip("getrlimit: %s", strerror(errno));
++ if (rl.rlim_max < NCONNECTIONS + FD_HEADROOM)
++ atf_tc_skip("RLIMIT_NOFILE hard cap %ju below required %d",
++ (uintmax_t)rl.rlim_max, NCONNECTIONS + FD_HEADROOM);
++ rl.rlim_cur = rl.rlim_max;
++ ATF_REQUIRE_MSG(setrlimit(RLIMIT_NOFILE, &rl) == 0,
++ "setrlimit: %s", strerror(errno));
++
++ chan = cap_init();
++ ATF_REQUIRE_MSG(chan != NULL, "cap_init failed: %s", strerror(errno));
++
++ clones = calloc(NCONNECTIONS, sizeof(*clones));
++ ATF_REQUIRE(clones != NULL);
++
++ /*
++ * Every cap_clone(3) adds one more connection to the helper.
++ * After this loop the helper is watching more fds than an
++ * fd_set can hold.
++ */
++ for (i = 0; i < NCONNECTIONS; i++) {
++ clones[i] = cap_clone(chan);
++ ATF_REQUIRE_MSG(clones[i] != NULL,
++ "cap_clone failed at %zu/%d: %s",
++ i, NCONNECTIONS, strerror(errno));
++ }
++
++ for (i = 0; i < NCONNECTIONS; i++)
++ cap_close(clones[i]);
++ free(clones);
++ cap_close(chan);
++}
++
++#define CHURN_CONNECTIONS 50
++#define CHURN_CLOSE_STEP 5
++
++/* Test that gaps in the file descriptor list do not break casper. */
++ATF_TC_WITHOUT_HEAD(connection_churn);
++ATF_TC_BODY(connection_churn, tc)
++{
++ cap_channel_t *chan, *survivor, *extra;
++ cap_channel_t *clones[CHURN_CONNECTIONS];
++ size_t i, survivor_idx;
++
++ chan = cap_init();
++ ATF_REQUIRE_MSG(chan != NULL, "cap_init failed: %s", strerror(errno));
++
++ for (i = 0; i < CHURN_CONNECTIONS; i++) {
++ clones[i] = cap_clone(chan);
++ ATF_REQUIRE_MSG(clones[i] != NULL,
++ "cap_clone failed at %zu: %s", i, strerror(errno));
++ }
++
++ /*
++ * Close every Nth clone.
++ */
++ for (i = 0; i < CHURN_CONNECTIONS; i += CHURN_CLOSE_STEP) {
++ cap_close(clones[i]);
++ clones[i] = NULL;
++ }
++
++ /*
++ * Force a poll() cycle: the helper handles POLLIN on chan and
++ * POLLHUP on the closed clones in the same walk.
++ */
++ extra = cap_clone(chan);
++ ATF_REQUIRE_MSG(extra != NULL, "cap_clone after churn failed: %s",
++ strerror(errno));
++
++ /* A surviving clone must still round-trip. */
++ survivor_idx = 1;
++ survivor = cap_clone(clones[survivor_idx]);
++ ATF_REQUIRE_MSG(survivor != NULL,
++ "cap_clone on survivor failed: %s", strerror(errno));
++
++ cap_close(survivor);
++ cap_close(extra);
++ for (i = 0; i < CHURN_CONNECTIONS; i++) {
++ if (clones[i] != NULL)
++ cap_close(clones[i]);
++ }
++ cap_close(chan);
++}
++
++ATF_TP_ADD_TCS(tp)
++{
++
++ ATF_TP_ADD_TC(tp, many_connections);
++ ATF_TP_ADD_TC(tp, connection_churn);
++ return (atf_no_error());
++}
diff --git a/website/static/security/patches/SA-26:22/libcasper-15.patch.asc b/website/static/security/patches/SA-26:22/libcasper-15.patch.asc
new file mode 100644
index 0000000000..ba65d33054
--- /dev/null
+++ b/website/static/security/patches/SA-26:22/libcasper-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKH4bFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv3kEQAMJU7f++QUOGUqTiANS4
+69poIhn4KaawwwzRRblcMRVYVhBZoT92YJUOauXILbNsqQZjQ5K4kdW/mgBk3ivw
+v7P8y3Bc9t/ZWX4Z9tBB5KmmDhMKdShWTHaHZiCYliJGW+Yzaki/zPBJ+R3vPETd
+Cm/X8rvxjMh4tM9HTqaNCrT+DfjAYxS/CCi+mUaNKiP6tLSPAUWYfc2WtBY85OvS
+sRVxFBpFPtVwxuVM0XhAIBrPq9fIxILdT3bLi7Q85epLjstoXirCzEjpqhnYE/6m
+huyAZCe54qWt+ZhdiRwsLUV/Asom3cLlkuBv0c4QK4tfpZaQqyysAB8+QrNLZ7L8
+V+SnBu8RwEWlsviIf0aWkVnM/YKyoTPs3Wqm7yuWgMz0DuiVuNUs99wLWwDmeAwX
+2XA86LsLpi5MPgd7oX2Py4XUKtkiVS7zuKRYW/i5DqSCarUm+wV3v/5EoYwNHVmD
+P+Idbe9XkwwYYT+MIHmxYAi2E/jmCvp2RA724K/Iy10Nv0vKz4bbf69P9RPfSnrM
+d+H1A6o4LEo5tGS+gcln9rTyg3PME1fXGri1vLT8JJauTQfn1OV0KX2LsZKHAq1i
+O4P6M6iUuqupwEAOiqZ39olo241exOzsyP7mXPIwYtS1xi/npWEHrwz2rHEPvD2X
+XoXsfguRWHH1Gu7LatZ+XlFm
+=B6VF
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:23/bsdinstall-14.patch b/website/static/security/patches/SA-26:23/bsdinstall-14.patch
new file mode 100644
index 0000000000..ed81ef5e70
--- /dev/null
+++ b/website/static/security/patches/SA-26:23/bsdinstall-14.patch
@@ -0,0 +1,102 @@
+--- usr.sbin/bsdconfig/share/media/wlan.subr.orig
++++ usr.sbin/bsdconfig/share/media/wlan.subr
+@@ -813,6 +813,7 @@
+ [ $nmatches -le ${#DIALOG_MENU_TAGS} ] || break
+ f_substr -v tag "$DIALOG_MENU_TAGS" $nmatches 1
+
++ f_shell_escape "$wssid" wssid
+ f_wireless_describe WIRELESS_$n help
+ menu_list1="$menu_list1
+ '$tag $wssid' '$wbssid' '$help'
+@@ -1076,6 +1077,7 @@
+ while [ $n -lt $nunique ]; do
+ n=$(( $n + 1 ))
+ menuitem_$n get ssid ssid
++ f_shell_escape "$ssid" ssid
+
+ menuitem_$n get nconfigs nconfigs
+ desc="$nconfigs $msg_configured_lc"
+@@ -1184,6 +1186,7 @@
+ while [ $n -lt $nunique ]; do
+ n=$(( $n + 1 ))
+ menuitem_$n get ssid ssid
++ f_shell_escape "$ssid" ssid
+
+ desc=
+ if [ "$DIALOG_MENU_WLAN_SHOW_ALL" ]; then
+--- usr.sbin/bsdinstall/scripts/wlanconfig.orig
++++ usr.sbin/bsdinstall/scripts/wlanconfig
+@@ -147,6 +147,34 @@
+ country_set "$regdomain" "$country"
+ }
+
++dialog_network_select()
++{
++ local ssid flags height width rows prompt
++
++ # Avoid using eval on untrusted data.
++ set --
++ while IFS=$'\t' read -r ssid flags; do
++ [ -n "$ssid" ] || continue
++ set -- "$@" "$ssid" "$flags"
++ done <&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
++}
++
+ ############################################################ MAIN
+
+ : > "$BSDINSTALL_TMPETC/wpa_supplicant.conf"
+@@ -213,27 +241,14 @@
+
+ f_eval_catch -dk SCAN_RESULTS wlanconfig wpa_cli "wpa_cli scan_results"
+ NETWORKS=$( echo "$SCAN_RESULTS" | awk -F '\t' '
+- /..:..:..:..:..:../ && $5 { printf "\"%s\"\t\"%s\"\n", $5, $4 }
++ /..:..:..:..:..:../ && $5 { print $5 "\t" $4 }
+ ' | sort | uniq )
+
+ if [ ! "$NETWORKS" ]; then
+ f_dialog_title "$msg_error"
+ f_yesno "No wireless networks were found. Rescan?" && continue
+ else
+- f_dialog_title "Network Selection"
+- prompt="Select a wireless network to connect to."
+- f_dialog_menu_size height width rows "$DIALOG_TITLE" \
+- "$DIALOG_BACKTITLE" "$prompt" "" $menu_list
+- NETWORK=$( eval $DIALOG \
+- --title \"\$DIALOG_TITLE\" \
+- --backtitle \"\$DIALOG_BACKTITLE\" \
+- --extra-button \
+- --extra-label \"Rescan\" \
+- --menu \"\$prompt\" \
+- $height $width $rows \
+- $NETWORKS \
+- 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
+- )
++ NETWORK=$( dialog_network_select )
+ fi
+ retval=$?
+ f_dialog_data_sanitize NETWORK
+@@ -270,7 +285,7 @@
+ done
+
+ [ "$ENCRYPTION" ] || ENCRYPTION=$( echo "$NETWORKS" |
+- awk -F '\t' "/^\"$NETWORK\"\t/ { print \$2 }" )
++ awk -F '\t' "/^$NETWORK\t/ { print \$2 }" )
+
+ if echo "$ENCRYPTION" | grep -q PSK; then
+ PASS=$( $DIALOG \
diff --git a/website/static/security/patches/SA-26:23/bsdinstall-14.patch.asc b/website/static/security/patches/SA-26:23/bsdinstall-14.patch.asc
new file mode 100644
index 0000000000..1a58120aa4
--- /dev/null
+++ b/website/static/security/patches/SA-26:23/bsdinstall-14.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKIAbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvVmgP/ikDqOYGMuEuPfDArmAt
+px7cSmVbijPdRRJLcYvboUfRsT/5PtYIJiVTRdr6kG/BH9xz28XNwzm6IfyUbsEO
+XwlgRkincO4zXJq6F6ZKJSiHJaM1Px6IkccIRLcZYILzVfULagoQ+OVxkMSntiCR
+KRSiqeoG5qBswUbU3jxtlfpKv3Ayk+H4+u7ELPi/zxLXLOuZWgjm8/oF/KJx4CmQ
+eqnBaWxd5zswLG+jZ7PZ3wc2s5qw0b2xbOHPdjxyikvkaqgc38cbjJQBKHzfCrpi
+4KBkqs9tZY9QotNzZDznfgnJS3skymRJs9uDrhQwO/StC+iu4WuscU/73OWt/x2Z
+QKJ3WKyJVfVvSeoQqF0h98ynWeUvA/7cqpBnaJCZXlQaRrMrlz8bV83HiE3968hP
+AUKdLGEdUWiaZI2sFsVvE/s7794UCQrpd4piODqhcr5VOX9Gp06h1ShCZREIpd0v
+lfgen3d8PNcH7sXFFAMerlvqZbL/YZuaWPk/izOHP0dNC04OCM4+3SMO3IFYBc3l
+VcTKTu5GcwmURn687E/YoL/2x6Edikz7xmm33lRqTAs5Qn8ohsTs0b4igpZuRQSo
+VTjOiwO78akyfYM8AiASwu0qLlgh6nO1n/wBHRIAmFztChWBGyBQTsRvYb1uTA8J
+67ktHpJ1y1tnRuCV0ar7RoJL
+=hjx8
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:23/bsdinstall-15.patch b/website/static/security/patches/SA-26:23/bsdinstall-15.patch
new file mode 100644
index 0000000000..69d23b373b
--- /dev/null
+++ b/website/static/security/patches/SA-26:23/bsdinstall-15.patch
@@ -0,0 +1,102 @@
+--- usr.sbin/bsdconfig/share/media/wlan.subr.orig
++++ usr.sbin/bsdconfig/share/media/wlan.subr
+@@ -813,6 +813,7 @@
+ [ $nmatches -le ${#DIALOG_MENU_TAGS} ] || break
+ f_substr -v tag "$DIALOG_MENU_TAGS" $nmatches 1
+
++ f_shell_escape "$wssid" wssid
+ f_wireless_describe WIRELESS_$n help
+ menu_list1="$menu_list1
+ '$tag $wssid' '$wbssid' '$help'
+@@ -1076,6 +1077,7 @@
+ while [ $n -lt $nunique ]; do
+ n=$(( $n + 1 ))
+ menuitem_$n get ssid ssid
++ f_shell_escape "$ssid" ssid
+
+ menuitem_$n get nconfigs nconfigs
+ desc="$nconfigs $msg_configured_lc"
+@@ -1184,6 +1186,7 @@
+ while [ $n -lt $nunique ]; do
+ n=$(( $n + 1 ))
+ menuitem_$n get ssid ssid
++ f_shell_escape "$ssid" ssid
+
+ desc=
+ if [ "$DIALOG_MENU_WLAN_SHOW_ALL" ]; then
+--- usr.sbin/bsdinstall/scripts/wlanconfig.orig
++++ usr.sbin/bsdinstall/scripts/wlanconfig
+@@ -147,6 +147,34 @@
+ country_set "$regdomain" "$country"
+ }
+
++dialog_network_select()
++{
++ local ssid flags height width rows prompt
++
++ # Avoid using eval on untrusted data.
++ set --
++ while IFS=$'\t' read -r ssid flags; do
++ [ -n "$ssid" ] || continue
++ set -- "$@" "$ssid" "$flags"
++ done <&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
++}
++
+ ############################################################ MAIN
+
+ : > "$BSDINSTALL_TMPETC/wpa_supplicant.conf"
+@@ -213,27 +241,14 @@
+
+ f_eval_catch -dk SCAN_RESULTS wlanconfig wpa_cli "wpa_cli scan_results"
+ NETWORKS=$( echo "$SCAN_RESULTS" | awk -F '\t' '
+- /..:..:..:..:..:../ && $5 { printf "\"%s\"\t\"%s\"\n", $5, $4 }
++ /..:..:..:..:..:../ && $5 { print $5 "\t" $4 }
+ ' | sort | uniq )
+
+ if [ ! "$NETWORKS" ]; then
+ f_dialog_title "$msg_error"
+ f_yesno "No wireless networks were found. Rescan?" && continue
+ else
+- f_dialog_title "Network Selection"
+- prompt="Select a wireless network to connect to."
+- f_dialog_menu_size height width rows "$DIALOG_TITLE" \
+- "$DIALOG_BACKTITLE" "$prompt" "" $NETWORKS
+- NETWORK=$( eval $DIALOG \
+- --title \"\$DIALOG_TITLE\" \
+- --backtitle \"\$DIALOG_BACKTITLE\" \
+- --extra-button \
+- --extra-label \"Rescan\" \
+- --menu \"\$prompt\" \
+- $height $width $rows \
+- $NETWORKS \
+- 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD
+- )
++ NETWORK=$( dialog_network_select )
+ fi
+ retval=$?
+ f_dialog_data_sanitize NETWORK
+@@ -270,7 +285,7 @@
+ done
+
+ [ "$ENCRYPTION" ] || ENCRYPTION=$( echo "$NETWORKS" |
+- awk -F '\t' "/^\"$NETWORK\"\t/ { print \$2 }" )
++ awk -F '\t' "/^$NETWORK\t/ { print \$2 }" )
+
+ if echo "$ENCRYPTION" | grep -q PSK; then
+ PASS=$( $DIALOG \
diff --git a/website/static/security/patches/SA-26:23/bsdinstall-15.patch.asc b/website/static/security/patches/SA-26:23/bsdinstall-15.patch.asc
new file mode 100644
index 0000000000..d015b06731
--- /dev/null
+++ b/website/static/security/patches/SA-26:23/bsdinstall-15.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKIEbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv1e0P/RqYWzbb1NdABp3BvIay
+D0WebRVJuItsRDdalt0cXumP76UGTa1KVKawVE6OSkzM3cQ0hktBHFd16uDlLH0n
+M3uO61BCz0hPJcalO4PAxT1QO1SOA5bVY1FWB0wvSL1mj9OS35YCbbaxFqlwcTrJ
+CDjBXyC4CAD4drbOMmfLKLHCkB7gb1TKgN4gpXsMEyhkeOrBBwKg94p6xdqYfxdI
+yn6kX54BKcDy0fgVnWgtVufpNLqz5wNlShw6TsNM07Mu91yFX5n9jv1jaQet1+Jd
+QGi1n0r9evuun5BbBzeX2GU6Hq7xwRUYueTEyzPJGn8TBzzjLacEUDGuDA4hDRhI
+Y9F/wQJdVJN2Pa5e3CtNXc8VQ1V/W92vAkPAzqPEJDsXWa/qp14bS4GpdXWlwFHj
+ucvI00hC/6kmlhTpa4RjtMUG22qkOeIABoy6ah23qTICVQr29E9nMgLS8wQWDR52
+rgM6iX6sQ3mOAleFIqT12kaiT8nE7IJnMTRTjoKBkG6iaePuIdFNkrrQAML04TzO
+TMdHsE4qjgFhI7in2LxVuJIlGLqGDt7uj6M36px2vYvVPu6s8758SpYeiIXGfHnR
+L7Ihv4P8M48tBIp4yGp10HwYwEBY+CON7NsRCk/gANTBAnPfiHWsjZaH4ZR6f8mg
+nQqftY90HhsoCa1C/SRm/HKa
+=mgO8
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:24/cap_net.patch b/website/static/security/patches/SA-26:24/cap_net.patch
new file mode 100644
index 0000000000..d2fdd5c208
--- /dev/null
+++ b/website/static/security/patches/SA-26:24/cap_net.patch
@@ -0,0 +1,60 @@
+--- lib/libcasper/services/cap_net/cap_net.c.orig
++++ lib/libcasper/services/cap_net/cap_net.c
+@@ -1122,12 +1122,37 @@
+ return (0);
+ }
+
++/*
++ * If the old sublimit restricted a subkey, the new one must too;
++ * a missing subkey means "allow any" at request time.
++ */
++static bool
++verify_subkeys_present(const nvlist_t *oldfunclimits,
++ const nvlist_t *newfunclimit)
++{
++ void *cookie;
++ const char *name;
++
++ if (oldfunclimits == NULL)
++ return (true);
++
++ cookie = NULL;
++ while ((name = nvlist_next(oldfunclimits, NULL, &cookie)) != NULL) {
++ if (!nvlist_exists(newfunclimit, name))
++ return (false);
++ }
++ return (true);
++}
++
+ static bool
+ verify_only_sa_newlimts(const nvlist_t *oldfunclimits,
+ const nvlist_t *newfunclimit)
+ {
+ void *cookie;
+
++ if (!verify_subkeys_present(oldfunclimits, newfunclimit))
++ return (false);
++
+ cookie = NULL;
+ while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
+ void *sacookie;
+@@ -1200,6 +1225,9 @@
+ LIMIT_NV_ADDR2NAME, NULL);
+ }
+
++ if (!verify_subkeys_present(oldfunclimits, newfunclimit))
++ return (false);
++
+ cookie = NULL;
+ while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
+ if (strcmp(cnvlist_name(cookie), "sockaddr") == 0) {
+@@ -1258,6 +1286,9 @@
+ LIMIT_NV_NAME2ADDR, NULL);
+ }
+
++ if (!verify_subkeys_present(oldfunclimits, newfunclimit))
++ return (false);
++
+ cookie = NULL;
+ while (nvlist_next(newfunclimit, NULL, &cookie) != NULL) {
+ if (strcmp(cnvlist_name(cookie), "hosts") == 0) {
diff --git a/website/static/security/patches/SA-26:24/cap_net.patch.asc b/website/static/security/patches/SA-26:24/cap_net.patch.asc
new file mode 100644
index 0000000000..ad87a51dd7
--- /dev/null
+++ b/website/static/security/patches/SA-26:24/cap_net.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJPBAABCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoOKIQbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvlq4P/272F0oQ3tEr9MPfrErE
+L74yVBNk7EDAJqniPUlFL7sRqpnFem0K2TBSj55j/nGbONYDkBTppM0cN8zsrbyq
+iZkF1c6qPPZtq1brDxY5ZQQokUS3+XcOyW13d7ImT8cdh0o+WpfAtEPFYQa/yrM1
+IkQMmkiWMp+/XX6C3wYjYAFlbztx0aRrh7f54FUk6uQL58cdbWH2ZuH74cMkv6AW
+0fIBRkwpfqpjTN90BRZq/2ePIVw7e2rw6aqNqAyOURIQAIYY8sucEK5r2YosieMU
+SJIpB1ejW6S6egAvuHXx4OD6Xqw4TouCo9GnaPf+PQvER8eQvvUJAfHfJeAjj5+I
+5QmGDXz47Zn9fSLiSKrzk4rkGuHHcNGyCbwuYtRXoBlLoRrWousP59KYO1kR63gv
+1p7fPitzqHXCfdohN8xkv2RtSWTU9jUXb6h5rEyI5SdBB6kX0w4BbwW5qXwmGWtM
+282ey6jNVCIi+xeJ1xwSeHcSuHHj6AhtOANxM2I1xNMhmCMcAX65cGCg0EVYhO6X
+9BQXyVJXdojVUNOP3NV1OjbXvSFHHaIJ0iBJOJ38GUl377AXW+KW0cp5yggbZMhD
+J3dRdAqTZO9FObwJF86Zd1xyuqySIqVnnycBTboNwoKkRDvRib8vwwQCBCoWSMwj
+ge/Ki9+fl13Q/5uoW/dWyf4J
+=ci2w
+-----END PGP SIGNATURE-----