On 1/27/26 16:56, Mark Millard wrote:
On 1/27/26 14:28, FreeBSD Errata Notices wrote:
=============================================================================
FreeBSD-EN-26:03.vm Errata Notice
The FreeBSD Project
Topic: The page fault handler fails to zero memory
Category: core
Module: vm
Announced: 2026-01-27
Affects: All supported versions of FreeBSD.
Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE)
2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2)
2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE)
2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8)
2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE)
2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9)
My notes use this Errata Notice as an example. But all 3 of the Errata
Notices and the 2 Security Advisories released today look to have
similar points relative to pkgbase-based FreeBSD OS installations.
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The mmap(2) system call allows applications and system libraries to allocate
heap memory using the MAP_ANON flag. The system call allocates virtual memory
in the calling thread's address space and physical memory is allocated on
demand as page faults occur. Memory allocated this way is guaranteed to be
zero-filled.
II. Problem Description
Under some conditions, the physical pages allocated and mapped by the kernel
may not be zero-filled.
III. Impact
This bug has been observed to cause process crashes.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
The below freebsd-update use is inappropriate for pkgbase based
installations of the 15.0 variants.
[I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based
systems but (1) does not apply there either.]
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r now
2) To update your system via a source code patch:
The below source-based steps are inappropriate for pkgbase based
installations of the 15.0 variants.
[I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based
systems but (2) does not correctly apply there either.]
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 15.0]
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc
# gpg --verify vm-15.patch.asc
[FreeBSD 14.3]
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc
# gpg --verify vm-14.patch.asc
[FreeBSD 13.5]
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch
# fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc
# gpg --verify vm-13.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
There is no section for --or mention of-- pkgbase or of use of
pkg/pkg-static commands for updating at all.
(Such would not apply to any 13.5 variant.)
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
-------------------------------------------------------------------------
stable/15/ 3c0942f99209 stable/15-n281508
releng/15.0/ 6e279feb40be releng/15.0-n281002
stable/14/ 99f641267d44 stable/14-n272998
releng/14.3/ de311ee39b3f releng/14.3-n271457
stable/13/ babac9d7bc05 stable/13-n259725
releng/13.5/ 4967e14ba25b releng/13.5-n259188
-------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:03.vm.asc>
other than overwriting my cloned git /usr/src directory, 'pkg upgrade'
acted as expected.
now if i could just get my build from source repository to be as easy.
thanx gang.
odd1
--
When you believe in things,
that you don't understand,
then you suffer,
superstition ain't the way.
Stevie Wonder - 1972
odd1@fb15r:/usr/src % sudo pkg upgrade
Password:
Updating FreeBSD-ports repository catalogue...
FreeBSD-ports repository is up to date.
Updating FreeBSD-ports-kmods repository catalogue...
Fetching data: 100% 35 KiB 35.5 k/s 00:01
Processing entries: 100%
FreeBSD-ports-kmods repository update completed. 239 packages processed.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating FreeBSD-kmods repository catalogue...
Fetching data: 100% 35 KiB 35.6 k/s 00:01
Processing entries: 100%
FreeBSD-kmods repository update completed. 239 packages processed.
All repositories are up to date.
Checking for upgrades (17 candidates): 100%
Processing candidates (17 candidates): 100%
The following 16 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
FreeBSD-devmatch: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-kernel-generic: 15.0p1 -> 15.0p2 [FreeBSD-base]
FreeBSD-kernel-generic-dbg: 15.0p1 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl-dbg-lib32: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl-dev: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl-dev-lib32: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl-lib: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-openssl-lib32: 15.0 -> 15.0p2 [FreeBSD-base]
FreeBSD-rescue: 15.0p1 -> 15.0p2 [FreeBSD-base]
FreeBSD-runtime: 15.0p1 -> 15.0p2 [FreeBSD-base]
FreeBSD-src: 15.0p1 -> 15.0p2 [FreeBSD-base]
FreeBSD-src-sys: 15.0p1 -> 15.0p2 [FreeBSD-base]
dav1d: 1.5.2 -> 1.5.3 [FreeBSD-ports]
qt6-declarative: 6.10.1_1 -> 6.10.1_2 [FreeBSD-ports]
thunderbird: 147.0 -> 147.0.1 [FreeBSD-ports]
Number of packages to be upgraded: 16
555 MiB to be downloaded.
Proceed with this action? [y/N]: y
[ 1/16] Fetching FreeBSD-kernel-generic-dbg-15.0p2: 100% 124 MiB 1.0 M/s
02:09
[ 2/16] Fetching FreeBSD-devmatch-15.0p2: 100% 17 KiB 17.4 k/s 00:01
[ 3/16] Fetching FreeBSD-src-15.0p2: 100% 158 MiB 955.3 k/s 02:53
[ 4/16] Fetching FreeBSD-kernel-generic-15.0p2: 100% 45 MiB 663.0 k/s
01:11
[ 5/16] Fetching FreeBSD-openssl-lib-15.0p2: 100% 2 MiB 768.6 k/s 00:03
[ 6/16] Fetching FreeBSD-openssl-dbg-lib32-15.0p2: 100% 4 MiB 1.3 M/s
00:03
[ 7/16] Fetching qt6-declarative-6.10.1_2: 100% 16 MiB 930.1 k/s 00:18
[ 8/16] Fetching FreeBSD-openssl-lib32-15.0p2: 100% 2 MiB 2.1 M/s 00:01
[ 9/16] Fetching FreeBSD-src-sys-15.0p2: 100% 87 MiB 916.0 k/s 01:40
[10/16] Fetching FreeBSD-rescue-15.0p2: 100% 7 MiB 1.2 M/s 00:06
[11/16] Fetching FreeBSD-runtime-15.0p2: 100% 3 MiB 759.7 k/s 00:04
[12/16] Fetching FreeBSD-openssl-dev-15.0p2: 100% 13 MiB 1.1 M/s 00:12
[13/16] Fetching FreeBSD-openssl-dev-lib32-15.0p2: 100% 9 MiB 777.4 k/s
00:12
[14/16] Fetching thunderbird-147.0.1: 100% 84 MiB 811.5 k/s 01:49
[15/16] Fetching dav1d-1.5.3: 100% 639 KiB 327.4 k/s 00:02
[16/16] Fetching FreeBSD-openssl-15.0p2: 100% 631 KiB 646.5 k/s 00:01
Checking integrity... done (0 conflicting)
[ 1/16] Upgrading FreeBSD-devmatch from 15.0 to 15.0p2...
[ 1/16] Extracting FreeBSD-devmatch-15.0p2: 100%
[ 2/16] Upgrading FreeBSD-kernel-generic from 15.0p1 to 15.0p2...
[ 2/16] Extracting FreeBSD-kernel-generic-15.0p2: 100%
[ 3/16] Upgrading FreeBSD-kernel-generic-dbg from 15.0p1 to 15.0p2...
[ 3/16] Extracting FreeBSD-kernel-generic-dbg-15.0p2: 100%
[ 4/16] Upgrading FreeBSD-openssl from 15.0 to 15.0p2...
[ 4/16] Extracting FreeBSD-openssl-15.0p2: 100%
[ 5/16] Upgrading FreeBSD-openssl-dbg-lib32 from 15.0 to 15.0p2...
[ 5/16] Extracting FreeBSD-openssl-dbg-lib32-15.0p2: 100%
[ 6/16] Upgrading FreeBSD-openssl-dev from 15.0 to 15.0p2...
[ 6/16] Extracting FreeBSD-openssl-dev-15.0p2: 100%
[ 7/16] Upgrading FreeBSD-openssl-dev-lib32 from 15.0 to 15.0p2...
[ 7/16] Extracting FreeBSD-openssl-dev-lib32-15.0p2: 100%
[ 8/16] Upgrading FreeBSD-openssl-lib from 15.0 to 15.0p2...
[ 8/16] Extracting FreeBSD-openssl-lib-15.0p2: 100%
[ 9/16] Upgrading FreeBSD-openssl-lib32 from 15.0 to 15.0p2...
[ 9/16] Extracting FreeBSD-openssl-lib32-15.0p2: 100%
[10/16] Upgrading FreeBSD-rescue from 15.0p1 to 15.0p2...
[10/16] Extracting FreeBSD-rescue-15.0p2: 100%
[11/16] Upgrading FreeBSD-runtime from 15.0p1 to 15.0p2...
[11/16] Extracting FreeBSD-runtime-15.0p2: 100%
[12/16] Upgrading FreeBSD-src from 15.0p1 to 15.0p2...
[12/16] Extracting FreeBSD-src-15.0p2: 100%
[13/16] Upgrading FreeBSD-src-sys from 15.0p1 to 15.0p2...
[13/16] Extracting FreeBSD-src-sys-15.0p2: 100%
[14/16] Upgrading dav1d from 1.5.2 to 1.5.3...
[14/16] Extracting dav1d-1.5.3: 100%
[15/16] Upgrading qt6-declarative from 6.10.1_1 to 6.10.1_2...
[15/16] Extracting qt6-declarative-6.10.1_2: 100%
[16/16] Upgrading thunderbird from 147.0 to 147.0.1...
[16/16] Extracting thunderbird-147.0.1: 100%
==> Running trigger: mandoc.ucl
Generating apropos(1) database for /usr/share/man...
Generating apropos(1) database for /usr/share/openssl/man...
==> Running trigger: desktop-file-utils.ucl
Building cache database of MIME types
odd1@fb15r:/usr/src %
