Re: FreeBSD Errata Notice FreeBSD-EN-26:03.vm [and other notices/advisories from today: pkgbase instructions?]
Date: Wed, 28 Jan 2026 20:26:24 UTC
On 1/27/26 16:56, Mark Millard wrote: > On 1/27/26 14:28, FreeBSD Errata Notices wrote: >> ============================================================================= >> FreeBSD-EN-26:03.vm Errata Notice >> The FreeBSD Project >> >> Topic: The page fault handler fails to zero memory >> >> Category: core >> Module: vm >> Announced: 2026-01-27 >> Affects: All supported versions of FreeBSD. >> Corrected: 2025-12-15 10:37:54 UTC (stable/15, 15.0-STABLE) >> 2026-01-27 19:15:47 UTC (releng/15.0, 15.0-RELEASE-p2) >> 2025-12-15 10:42:28 UTC (stable/14, 14.3-STABLE) >> 2026-01-27 19:16:12 UTC (releng/14.3, 14.3-RELEASE-p8) >> 2026-01-26 15:18:32 UTC (stable/13, 13.4-STABLE) >> 2026-01-27 19:16:34 UTC (releng/13.5, 13.5-RELEASE-p9) > My notes use this Errata Notice as an example. But all 3 of the Errata > Notices and the 2 Security Advisories released today look to have > similar points relative to pkgbase-based FreeBSD OS installations. > >> For general information regarding FreeBSD Errata Notices and Security >> Advisories, including descriptions of the fields above, security >> branches, and the following sections, please visit >> <URL:https://security.FreeBSD.org/>. >> >> I. Background >> >> The mmap(2) system call allows applications and system libraries to allocate >> heap memory using the MAP_ANON flag. The system call allocates virtual memory >> in the calling thread's address space and physical memory is allocated on >> demand as page faults occur. Memory allocated this way is guaranteed to be >> zero-filled. >> >> II. Problem Description >> >> Under some conditions, the physical pages allocated and mapped by the kernel >> may not be zero-filled. >> >> III. Impact >> >> This bug has been observed to cause process crashes. >> >> IV. Workaround >> >> No workaround is available. >> >> V. Solution >> >> Upgrade your system to a supported FreeBSD stable or release / security >> branch (releng) dated after the correction date. >> >> Perform one of the following: >> >> 1) To update your system via a binary patch: > The below freebsd-update use is inappropriate for pkgbase based > installations of the 15.0 variants. > > [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based > systems but (1) does not apply there either.] > >> Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, >> or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) >> utility: >> >> # freebsd-update fetch >> # freebsd-update install >> # shutdown -r now >> >> 2) To update your system via a source code patch: > The below source-based steps are inappropriate for pkgbase based > installations of the 15.0 variants. > > [I'm unsure of intended coverage of 14.3's non-re@-pkgbase-use based > systems but (2) does not correctly apply there either.] > >> The following patches have been verified to apply to the applicable >> FreeBSD release branches. >> >> a) Download the relevant patch from the location below, and verify the >> detached PGP signature using your PGP utility. >> >> [FreeBSD 15.0] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-15.patch.asc >> # gpg --verify vm-15.patch.asc >> >> [FreeBSD 14.3] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-14.patch.asc >> # gpg --verify vm-14.patch.asc >> >> [FreeBSD 13.5] >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch >> # fetch https://security.FreeBSD.org/patches/EN-26:03/vm-13.patch.asc >> # gpg --verify vm-13.patch.asc >> >> b) Apply the patch. Execute the following commands as root: >> >> # cd /usr/src >> # patch < /path/to/patch >> >> c) Recompile your kernel as described in >> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the >> system. > There is no section for --or mention of-- pkgbase or of use of > pkg/pkg-static commands for updating at all. > > (Such would not apply to any 13.5 variant.) > >> VI. Correction details >> >> This issue is corrected as of the corresponding Git commit hash in the >> following stable and release branches: >> >> Branch/path Hash Revision >> ------------------------------------------------------------------------- >> stable/15/ 3c0942f99209 stable/15-n281508 >> releng/15.0/ 6e279feb40be releng/15.0-n281002 >> stable/14/ 99f641267d44 stable/14-n272998 >> releng/14.3/ de311ee39b3f releng/14.3-n271457 >> stable/13/ babac9d7bc05 stable/13-n259725 >> releng/13.5/ 4967e14ba25b releng/13.5-n259188 >> ------------------------------------------------------------------------- >> >> Run the following command to see which files were modified by a >> particular commit: >> >> # git show --stat <commit hash> >> >> Or visit the following URL, replacing NNNNNN with the hash: >> >> <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> >> >> To determine the commit count in a working tree (for comparison against >> nNNNNNN in the table above), run: >> >> # git rev-list --count --first-parent HEAD >> >> VII. References >> >> The latest revision of this advisory is available at >> <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:03.vm.asc> >> >> other than overwriting my cloned git /usr/src directory, 'pkg upgrade' acted as expected. now if i could just get my build from source repository to be as easy. thanx gang. odd1 -- When you believe in things, that you don't understand, then you suffer, superstition ain't the way. Stevie Wonder - 1972