git: 4ddb195c6c - main - Add EN-25:15 through EN-25:17.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 16 Sep 2025 16:46:37 UTC
The branch main has been updated by gordon:
URL: https://cgit.FreeBSD.org/doc/commit/?id=4ddb195c6cf0ecae254235e9da8e1c6d768888ca
commit 4ddb195c6cf0ecae254235e9da8e1c6d768888ca
Author: Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2025-09-16 16:46:18 +0000
Commit: Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2025-09-16 16:46:18 +0000
Add EN-25:15 through EN-25:17.
Approved by: so
---
website/data/security/errata.toml | 12 ++
.../security/advisories/FreeBSD-EN-25:15.arm64.asc | 137 ++++++++++++++++++++
.../security/advisories/FreeBSD-EN-25:16.vfs.asc | 131 +++++++++++++++++++
.../security/advisories/FreeBSD-EN-25:17.bnxt.asc | 140 +++++++++++++++++++++
.../static/security/patches/EN-25:15/arm64.patch | 11 ++
.../security/patches/EN-25:15/arm64.patch.asc | 16 +++
website/static/security/patches/EN-25:16/vfs.patch | 52 ++++++++
.../static/security/patches/EN-25:16/vfs.patch.asc | 16 +++
.../static/security/patches/EN-25:17/bnxt.patch | 44 +++++++
.../security/patches/EN-25:17/bnxt.patch.asc | 16 +++
10 files changed, 575 insertions(+)
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 6f9ce70d62..e66e06f07d 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,18 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-25:17.bnxt"
+date = "2025-09-16"
+
+[[notices]]
+name = "FreeBSD-EN-25:16.vfs"
+date = "2025-09-16"
+
+[[notices]]
+name = "FreeBSD-EN-25:15.arm64"
+date = "2025-09-16"
+
[[notices]]
name = "FreeBSD-EN-25:14.route"
date = "2025-08-08"
diff --git a/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc b/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc
new file mode 100644
index 0000000000..e2da868709
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-25:15.arm64.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-25:15.arm64 Errata Notice
+ The FreeBSD Project
+
+Topic: arm64 syscall(2) allows unprivileged user to panic kernel
+
+Category: core
+Module: arm64
+Announced: 2025-09-16
+Credits: Juniper Networks, Inc.
+Affects: All supported versions of FreeBSD.
+Corrected: 2025-08-25 15:23:01 UTC (stable/14, 14.3-STABLE)
+ 2025-09-16 16:31:06 UTC (releng/14.3, 14.3-RELEASE-p3)
+ 2025-09-16 16:31:17 UTC (releng/14.2, 14.2-RELEASE-p6)
+ 2025-08-25 15:23:22 UTC (stable/13, 13.5-STABLE)
+ 2025-09-16 16:31:26 UTC (releng/13.5, 13.5-RELEASE-p4)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The FreeBSD arm64 kernel implements a 32-bit compatibility layer, enabling
+execution of unmodified 32-bit arm binaries on a 64-bit system.
+
+FreeBSD implements a pseudo system call, syscall(2), which lets the caller
+invoke a system call selected using the first system call argument.
+
+II. Problem Description
+
+The 32-bit compatibility layer implements syscall(2). It performs some
+validation of the system call parameters and explicitly calls panic() to
+panic the system if an unexpected state is reached.
+
+It is possible to construct a program which can reach this unexpected state,
+resulting in a panic. In particular, no particular privileges are required
+to do so.
+
+III. Impact
+
+An unprivileged user may be able to trigger a panic.
+
+IV. Workaround
+
+No workaround is available. Non-arm64 platforms are unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch
+# fetch https://security.FreeBSD.org/patches/EN-25:15/arm64.patch.asc
+# gpg --verify arm64.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 17d87881a363 stable/14-n272249
+releng/14.3/ 99012995b4c6 releng/14.3-n271440
+releng/14.2/ 722746b39e6e releng/14.2-n269534
+stable/13/ 98ac13c4baf5 stable/13-n259404
+releng/13.5/ 751971e55454 releng/13.5-n259175
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:15.arm64.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBEACgkQbljekB8A
+Gu+13w//fHfH1hAOg+FGwV3ZoMh2oEVd+VmkLg/CdghL9T+dGwqzIMOliXMKhaZq
+Nzk++lmKlzdpuDEqaw1ikj+bJ+knhrZyAziTlxpB2uly6K119hchAU5TQK2M6D4W
+8aQWxeJMPxobsfxi9JciVMWcQK9XsurwUzlCDuLvGgUMPPaMVdy89U86NnKo66eE
+fjK2l1Mc730wtisTuTLkY1SHPBchvm20ehu8BVpx4eBEHnecqRaUxQHy2yxTi+/0
+IKrwnpvz8S7/QLcED6TSCKsuLDY/uOx8x6N9PlHHvcLay/ImyvhTPavREld/b3nM
+YC8fFb7bjguPZCC222nr/J+/YkD+2+EqVHPOAq7HxVT0uqss7BL9qwIywg0CIhvT
+G3fw121L7cwXI/f/Hw6coVTFHnNXUB48FyIFkEXPdMxrNBUSE/KejYjkkJ2YaRir
+kXZboMMOoxIf0NPNmv78v+PBj3jpbPP2epjhIk0I5D6uNzdjXEqRlRNgBhqc01Qn
+veu+1tEox5Y0Zp4Mum0EipuTaZMjeT4hwmt9zwogsYEZFnyIvilzIOc3zEFRB4Y2
+IB1EUkw49V/zzHn5KnVujaUiVOdVUxe6G8txFcPIT66mPdJZmKO1fbD3pR/0NDj6
+Smj07jNL8PskCLuoe0MmMFiNJI3CHTh+6Ly39j5UpnSsPCPRTyM=
+=58zg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc b/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc
new file mode 100644
index 0000000000..648944e6a9
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-25:16.vfs.asc
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-25:16.vfs Errata Notice
+ The FreeBSD Project
+
+Topic: copy_file_range(2) fails to set output parameters
+
+Category: core
+Module: vfs
+Announced: 2025-09-16
+Affects: FreeBSD 14.3
+Corrected: 2025-08-23 21:25:20 UTC (stable/14, 14.3-STABLE)
+ 2025-09-16 16:31:07 UTC (releng/14.3, 14.3-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+copy_file_range(2) is a system call which takes two file descriptors as input
+and copies data from one file to the other.
+
+II. Problem Description
+
+The copy_file_range(2) system call accepts two optional pointer arguments,
+inoffp and outoffp. When non-NULL, the kernel is to use their values to
+determine the starting offsets for the input and output files, respectively.
+In this case, the seek offset corresponding to the file descriptor is not
+used or updated.
+
+When finishing the copy, the kernel is supposed to write updated offsets to
+the pointed-to values. However, it does not do so.
+
+III. Impact
+
+Applications which rely on this behaviour may behave incorrectly. No such
+applications exist in the base system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-25:16/vfs.patch.asc
+# gpg --verify vfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 2fd0083fcc23 stable/14-n272229
+releng/14.3/ d1e981cbf3bd releng/14.3-n271441
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288985>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:16.vfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBMACgkQbljekB8A
+Gu8ZLxAAql8vK7+rcHUDI0gKQu9TC2jlNC7EZcDwMupCnbjXFv8mSbC48XWeXUYk
+j6DLDK8BWGOs4+1xftFlHCgu4yPLm7YhcgiUIhqlViAhNBfwIH9YDP/3heYEkvBn
+Ns6sh/jtRkB3t+j1fbrcMFZZT2G1plCr4GTZS1fEE+YXQ6NNwo90liSi5dDh2m2Y
+1OvLjdRwVj/BzVNqygiVJGXkof2SS3KsoVMv8CsoBZnSgvXyIPjgBhqJIjzh6my7
+BqRmylf+8tZXAKCR0Ylp6qFdI1gEcxWNXyadfUuigAoQFiAFSOX/T1NYYtpK7koH
+IROnhKxU6TKj1EhvPrV40I+vdwBYczTZlXIFRrQw0CI7sDIus53T94rmUaqwfY+L
+0yiW7gnqwujzaFkv6u9biAoVvm0FHuqq+tsOeB5k344nQ5BrbzMKVatPw2J3HG53
+alalSlMQzgKZYfCkQPemzusVJIlkazJ5r2kMeHzKukfMtjCLyOP+K/evo+Y0HCHh
+eOwNoRLNdLra92GGlk643bKBx8pbC4J+FYXq7/+/MHQkAFX8GWZ5XoMjqIaq/e1r
+poa72xNwSFrPLbbWkBXf/kknifVv98/VPRE4guzgwNjBo5wVUNzRhhVUsSmzEHPe
+3ris0e+OD+te5gqfp5+cKaQS7RUXItXtGO/FzJHl+mmkEfrkD9I=
+=q5E4
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc b/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc
new file mode 100644
index 0000000000..df6b461cfc
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-25:17.bnxt.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-25:17.bnxt Errata Notice
+ The FreeBSD Project
+
+Topic: bnxt(4) fails to set media type in some cases
+
+Category: core
+Module: bnxt
+Announced: 2025-09-16
+Affects: FreeBSD 14.3
+Corrected: 2025-06-22 07:18:55 UTC (stable/14, 14.3-STABLE)
+ 2025-09-16 16:31:08 UTC (releng/14.3, 14.3-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The bnxt(4) driver provides support for Broadcom NetXtreme-C/NetXtreme-E Family
+of Ethernet controllers. A key function of the driver is to report the various
+supported physical media types and operational modes (e.g., 1000base-T,
+40GBASE-AOC, full-duplex, autoselect) to the operating system's ifmedia
+interface. This allows network administrators to view and configure the
+interface link settings.
+
+II. Problem Description
+
+A logic error was introduced into the bnxt(4) driver which prevented the proper
+population of the supported media list for several physical connection types.
+Inside the function responsible for building this list, a switch statement
+incorrectly used return statements instead of break statements. This caused
+the function to exit prematurely after identifying certain media types,
+including common BASE-T (copper), 40G Active Optical Cable (AOC), and 1G-CX
+connections, before the corresponding speed and duplex options could be
+registered with the network subsystem.
+
+III. Impact
+
+For network controllers using the affected media types, the driver fails to
+advertise any supported link modes. An administrator running ifconfig(8) on
+the interface would see incorrect media (unknown). Because of this, the
+network interface may be unable to establish a link, as the operating system
+cannot properly configure it or initiate auto-negotiation. The network port
+will be unusable.
+
+IV. Workaround
+
+No workaround is available. Only systems that uses bnxt(4) device with the
+affected media types are affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch
+# fetch https://security.FreeBSD.org/patches/EN-25:17/bnxt.patch.asc
+# gpg --verify bnxt.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 33f65f12eba1 stable/14-n271757
+releng/14.3/ c07b1838f9c9 releng/14.3-n271442
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=33f65f12eba1>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287395>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:17.bnxt.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBUACgkQbljekB8A
+Gu//GBAAu3k3rFlqFKbSgq38xldf8fFngj/IuLa4BjB2lcTa7Rpy+6vxlFxXyqVk
+9VVXf+tkXNhQ5ngY52SqMDdlG0OQdr+rwPcB8bI2nw+1DW1FRMVvBN7PlJrGgs2N
+OtE6I4Wy+IK7vyzEgs8P3Kq3U7oXQVz/jJ3n1DmmjxlKfNqlo3eOGDlNZgTdFF2h
+NbZUW4CGZTQxV4Ihq7Zg99bJw38o6WkOjkBkd7/djQfLm9aufVoWPN7SDaVnDun0
+vtWTTXrxsmPfVZB0sxdhYLjKPX+4GdVype0k3A26K50dTNVh5GAhWzH1LqFS6BR4
+DveE4/02bjaTAqK1XW+08JoGqibzmOTt8mUOlKL1aomACgmFc2Lzj33Qd6z1JdJB
+6XYTcAoi2Kz94VHBMYjgWOBjiw66YryEyNpHJkFCfWnA3jgZB9TKZn2FZPxGBbvM
+6an5ZcjaKHv1X+en2Fh8Ri1Hq4CKN/SmI/Sp0B28hXv8MQCNOnTqxqgdKgg2xQnD
+0BasLt7y8y4rAHed+znWW1gRHWLP9q4FLqdvargtdMO81N2n/fm8jKe+SD2YNfTQ
+Nvs29hRzs/thxI1gJMhDmmHkprGOyy6fzdZLtUjqhPh2l/YvHq32i/iNKpVfCy5v
+hHpd38wxOpTs5nk4qbVZlS2DgRuTSO/VU0IMphaIwBhwHkZaoWY=
+=jvzm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-25:15/arm64.patch b/website/static/security/patches/EN-25:15/arm64.patch
new file mode 100644
index 0000000000..c5c5ea4b31
--- /dev/null
+++ b/website/static/security/patches/EN-25:15/arm64.patch
@@ -0,0 +1,11 @@
+--- sys/arm64/arm64/elf32_machdep.c.orig
++++ sys/arm64/arm64/elf32_machdep.c
+@@ -195,7 +195,7 @@
+ register_t *ap;
+ struct syscall_args *sa;
+ int error, i, nap, narg;
+- unsigned int args[4];
++ unsigned int args[6];
+
+ nap = 4;
+ p = td->td_proc;
diff --git a/website/static/security/patches/EN-25:15/arm64.patch.asc b/website/static/security/patches/EN-25:15/arm64.patch.asc
new file mode 100644
index 0000000000..5b8cae892e
--- /dev/null
+++ b/website/static/security/patches/EN-25:15/arm64.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBIACgkQbljekB8A
+Gu/RohAA4pWcgChN+oBJGkiwMVH8mj+pdLE0aIbC3EVPEMfcF3twv2ZHrI+L38p6
+sRL1tMohZQFkA1NmTNnxf/qZmwnMei1nqeTTkfCHZPMBUeeoFh7TK9gl+qpGTcJr
+WibRnC2breqD63sQXvaSihPo2ayc0AWDrDE8XRLEHgYE4EV940nFyb0elr8cV+4P
+EaXOGn3vN9k7xYnPXwlX9Nt8MoYpY0LJFONCcBhpZNyun+VR3GaUBuGe9fyfMZYP
+znNBdH4Kx5wwd3rEa2uo/ErLA1HU2E5BXrjE99VGHt+GNn8TgIxC4oS1+jKV56oM
+/4VeeBlouIAM266opHtzk6OsQC5H9FyilM6XjSr1G80HfKYz3h1zPwIMRYKuI7sr
+lQd7/XotZKkBIGy5bNeouwPhqt5iXerbDBNq+i80AoxQcLup+GEKmNRmkiahyetm
+nj6dJRwtn1f8Fy8w3sMeH9UswFBi8j/oUcQ48GQ8s4BxcYKFkm4+aViYYa85AlSp
+awFDp2un/oZIR8KNalAQI5cPTSyG6E/G2Ssg08ThhDrXANF9hPuzKodmc69+okVX
+5EoC8wAVYG1mdR2V/7nQO478w8yRu+ne9bvQvAup7umdwGR7psNMB+Zua6zl1WsJ
+8I2N8jC5w32scN7pzVNfdwYD5S8eLZB8iFQ6WlxKE/LhTJ7lXEw=
+=pygX
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-25:16/vfs.patch b/website/static/security/patches/EN-25:16/vfs.patch
new file mode 100644
index 0000000000..226ae9f81a
--- /dev/null
+++ b/website/static/security/patches/EN-25:16/vfs.patch
@@ -0,0 +1,52 @@
+--- sys/kern/vfs_syscalls.c.orig
++++ sys/kern/vfs_syscalls.c
+@@ -5050,11 +5050,12 @@
+ size_t retlen;
+ void *rl_rcookie, *rl_wcookie;
+ off_t inoff, outoff, savinoff, savoutoff;
+- bool foffsets_locked;
++ bool foffsets_locked, foffsets_set;
+
+ infp = outfp = NULL;
+ rl_rcookie = rl_wcookie = NULL;
+ foffsets_locked = false;
++ foffsets_set = false;
+ error = 0;
+ retlen = 0;
+
+@@ -5122,6 +5123,8 @@
+ }
+ foffset_lock_pair(infp1, &inoff, outfp1, &outoff, 0);
+ foffsets_locked = true;
++ } else {
++ foffsets_set = true;
+ }
+ savinoff = inoff;
+ savoutoff = outoff;
+@@ -5180,11 +5183,12 @@
+ vn_rangelock_unlock(invp, rl_rcookie);
+ if (rl_wcookie != NULL)
+ vn_rangelock_unlock(outvp, rl_wcookie);
++ if ((foffsets_locked || foffsets_set) &&
++ (error == EINTR || error == ERESTART)) {
++ inoff = savinoff;
++ outoff = savoutoff;
++ }
+ if (foffsets_locked) {
+- if (error == EINTR || error == ERESTART) {
+- inoff = savinoff;
+- outoff = savoutoff;
+- }
+ if (inoffp == NULL)
+ foffset_unlock(infp, inoff, 0);
+ else
+@@ -5193,6 +5197,9 @@
+ foffset_unlock(outfp, outoff, 0);
+ else
+ *outoffp = outoff;
++ } else if (foffsets_set) {
++ *inoffp = inoff;
++ *outoffp = outoff;
+ }
+ if (outfp != NULL)
+ fdrop(outfp, td);
diff --git a/website/static/security/patches/EN-25:16/vfs.patch.asc b/website/static/security/patches/EN-25:16/vfs.patch.asc
new file mode 100644
index 0000000000..5d302e77f4
--- /dev/null
+++ b/website/static/security/patches/EN-25:16/vfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBQACgkQbljekB8A
+Gu9MZBAAghcIHmJAoGyWlG9gEsbEMRWmg9KDcNZuJ6oJM3EzRw/d7nzfvFHQUkk4
+5Seao9EexaN6XO/sq4v+6dVYh3c1lrlBTK7dHA0Mt9XSCip202Fh4rzZA5QhhjhD
+8WwaF1J/y1FZv0ag5Z8XJxCIQCz49V/VctObzhq5PpB1XF+Axbddz2H80Jxb27Kh
+GEcbKW66+CfVtL3AAhpvCUfgLyEciS1qhfC2tnNrIEl2gSlEqj7AaZ/fx4v/F1QK
+ixo0nFQyox13HrlOMWgJBQJM1bCjwueERVmZSnT88SG9cro+LiEdzrbY+ITAMtqT
+lA2oQ8AbOYYVPvwc0fnlDlxhwmjFzMSCm+mQQ/haYVrLrIcMeJ8SzV/gxEuamkpi
+C0lgf5Y4mzv102CKUygghuOfNnOi0zFjCTqSf5q/7TwaNuelYn/kndMOj9qFFCjn
+Wtvvn1BPVnnsLj2xgr1w4V6BnZDjo+xLujLQKOYt5x1RrlPQ/pEt3WNg/ekldLEy
+Po4Hzmih/DLfqUo3ttKI4ZXeTisv7KmHE4woy/ok+FZ4U+SxaWKalEoNab7MgTRm
+nV7jfMA4AiiK5jkK/3TCPvc82TktgufH19IVuCrMe1RocVxfjIGtXoJ0osLG1YIL
+pGlJ5/MXZQLGE4oPi4wb2lErHwpogfS6Jq0prnXE6IbLAi6EHFk=
+=Yxtv
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-25:17/bnxt.patch b/website/static/security/patches/EN-25:17/bnxt.patch
new file mode 100644
index 0000000000..796f2332bf
--- /dev/null
+++ b/website/static/security/patches/EN-25:17/bnxt.patch
@@ -0,0 +1,44 @@
+--- sys/dev/bnxt/bnxt_en/if_bnxt.c.orig
++++ sys/dev/bnxt/bnxt_en/if_bnxt.c
+@@ -4609,34 +4609,34 @@
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_40G_ACTIVE_CABLE:
+ media_type = BNXT_MEDIA_AC;
+- return;
++ break;
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_1G_BASECX:
+ media_type = BNXT_MEDIA_BASECX;
+- return;
++ break;
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_1G_BASET:
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASET:
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASETE:
+ media_type = BNXT_MEDIA_BASET;
+- return;
++ break;
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_BASEKX:
+ media_type = BNXT_MEDIA_BASEKX;
+- return;
++ break;
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_SGMIIEXTPHY:
+ media_type = BNXT_MEDIA_BASESGMII;
+- return;
++ break;
+
+ case HWRM_PORT_PHY_QCFG_OUTPUT_PHY_TYPE_UNKNOWN:
+ /* Only Autoneg is supported for TYPE_UNKNOWN */
+- return;
++ break;
+
+ default:
+ /* Only Autoneg is supported for new phy type values */
+ device_printf(softc->dev, "phy type %d not supported by driver\n", phy_type);
+- return;
++ break;
+ }
+
+ switch (link_info->sig_mode) {
diff --git a/website/static/security/patches/EN-25:17/bnxt.patch.asc b/website/static/security/patches/EN-25:17/bnxt.patch.asc
new file mode 100644
index 0000000000..6e25f45b25
--- /dev/null
+++ b/website/static/security/patches/EN-25:17/bnxt.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjJlBYACgkQbljekB8A
+Gu/wNRAAsT7ZDT8E6cuOTcv2lZMKjYdW4gVdM8FQPbHrWm1GgURK7Gm9X6HPmSEC
+kZRO4aYr3CDuPPLkUQk6PvQybIrZWq2/MkNu3OqnN4ByUCb1qzIIBMWAgzwyKZjT
+rkh0VXgIHB0AMbecUsvX6y0J99eesxi0FG1zuGu9YrtKPwdM2ZejEaK+Ix5owpbP
+czcvxcr6iLU7HJQgl7vWM0lnmKCUzTu/X+UH/UEyX8NRIfBdnsW39QheDR8/2ony
+aL3z9V8I0rczQSxsRBFn4cDl4vYQ87zrtu8eai1hj9NQ1yCUuP5tqICBR0Ljwn+Q
+oDlkZaVp/KgTVX1b5JxxU2EAHYAdVFBz9c1wJ7hz4ciuC4+luVFSZljz9tnrniuK
+GmS/xPt9HirPFqH2GeYrdD8a58eKmr0ew9kL3upf49cITRvfIiwn8KSUzbakNok2
+SmKeAO7ScgCfS2I9xWj/VYiePwKsd2tPQ8/TgZfeHxKrFdwzpm1GZsacqX9kymvX
+7r7Kl6VjNhuv2sLeEgd25GtG9i6G0bFXJJhC4ZUCkW5LCULIOywUdGEQ1HAvIvlb
+ppHCIXZavoHYyXWRaPTAfxj6v9UdxHFzChK4AG21I4Chh28EutvDTG675HQ7FScd
+ICnCu+g4bDgVJcWkwp+Ou5ViYFQM0e7WgJoBQ23krj6VFj0D0T4=
+=66Ry
+-----END PGP SIGNATURE-----