-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear FreeBSD community, As of June 30, 2026, FreeBSD 14.3 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 14.3 are strongly encouraged to upgrade to a newer release as soon as possible. After June 30, the supported branches and releases, along with their expected end-of-life dates, will be: +--------------------------------------------------------------------+ | Branch | Release | Release Date | Estimated EoL | +-------------+--------------+------------------+--------------------+ | stable/15 | N/A | N/A | December 31, 2029 | +-------------+--------------+------------------+--------------------+ | releng/15.1 | 15.1-RELEASE | June 16, 2026 | March 31, 2027 | +-------------+--------------+------------------+--------------------+ | releng/15.0 | 15.0-RELEASE | December 2, 2025 | September 30, 2026 | +-------------+--------------+------------------+--------------------+ | stable/14 | N/A | N/A | November 30, 2028 | +-------------+--------------+------------------+--------------------+ | releng/14.4 | 14.4-RELEASE | March 10, 2026 | December 31, 2026 | +--------------------------------------------------------------------+ Please refer to https://security.freebsd.org/ for an up-to-date list of supported releases and the latest security advisories. - -- The FreeBSD Security Team -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmo1nlAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvFWgQANI2OvsTE6HRlzv6HPMC 4WgW6SfZA0AX6rKqMvEhUjI9n/XMtXORhtu/xRBguiu0sqST+ejzlUw5jZwfWuno hPoLjoh9wzKXIjxnycbu+nG3P6s0uxlO/2yISI6wZOUqYCSW55G9AVWsqeBgIGOs 22rZRqbcfulzM6vAgCjUksb7pT0KRk9p+mdZv/J+5Qj/h20t/qb5ArTNChk1ON6B 0stkq8/8lLP6aN7+/pXBr4u6Vu79UTV1vAaLE8wy2jsVS6AcpdJuraP6Omh+E2Nb NkF7TyMpsCM7sqFckpm3m2xaEOpHD6h7qSSThmgRthwRk41q3AWQRCrRA2H9/mIH q9UA9QfCuoAT460wvwslxmQZFthx5q1z0UW6lXkqz2FdtwNswV2Neqtomt43pqnJ 8ybadh2xvoiMoPEYbj401swQDH6RLakigSV4bSJ7ALxFam6LtgfKfdeBBu2Dm8Gz YCuPAcFxVwTHH+RuicOGIMfcMpyr4M3ip1wNKiMfRzmX9r6FoXj9d1M8uD90mazF OWYD16oqGBiFToQ3DzgWBbCvCwQGEbXd7eEYiqFaPDU8K45MqCou68p9wLzxOZgJ 0PzBGj32Fr8EyKW9mKt8cGM93s+wDYlJgelSk4hB/FGUZndYnqayo+F6QO8kQPbr 4Pqlve3NzDVbkJ9ANKoROoaU =dZZX -----END PGP SIGNATURE-----
Friday, June 19, 2026
Wednesday, June 17, 2026
FreeBSD Security Advisory FreeBSD-SA-26:26.ktls [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09 Credits: Bumsrakete Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:28 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:06 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:43 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:46 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:05 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:35 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-45257 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision History v1.0 -- Initial revision v1.1 -- Update workaround section I. Background Kernel TLS (KTLS) moves Transport Layer Security (TLS) record processing into the kernel, allowing applications to encrypt and decrypt socket data without copying it to and from userspace and to serve TLS data with sendfile(2). When a connection uses software KTLS on the receive path, the kernel decrypts each incoming TLS record in place within the socket buffer. II. Problem Description The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data. III. Impact An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system. IV. Workaround Set sysctl kern.ipc.tls.enable=0 to disable KTLS entirely. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch # fetch https://security.FreeBSD.org/patches/SA-26:26/ktls.patch.asc # gpg --verify ktls.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ a51345704403 stable/15-n283882 releng/15.1/ 48c1c5e3c348 releng/15.1-n283550 releng/15.0/ 540a315cdb46 releng/15.0-n281052 stable/14/ 333bdd7e9427 stable/14-n274311 releng/14.4/ d43259dd66b3 releng/14.4-n273714 releng/14.3/ af3398862ac0 releng/14.3-n271514 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-45257> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:26.ktls.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoyuewbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvze8P/RRvp3TUprrxMgg4prj6 Mv7sglMFvwyVPGJstM0zBV2k+seMm8S5QmJtO+m8N5NHAIyJWL6PzvMFE9klI/IC g8Jov8lcEcAml0G+xJFCPeeG0fYszqtE8/gxGNdatDv01AnMoFnVMUyy4y1QpSyo kJzymPs49LysxggffSmPgmX446hEo7pZ6iQLBuEc0XKNN/7LYmiYq6kcVLzTpkRa kfYwsJphWZkfdR2AVzCSxMiMb9D/NQ7WN96B3o+xYX8XoHgrsQmvZ2YrvRf9nyRs lgAm9QxlkTcWlwPrNoacg2sN/jZFb3k01GRJAFbcKbDP1t3lkFygD+UHNnlStO+s hb5fKHgQgrUpX7atsD2UQ2W+irca0ejLhflxxvgY7pRTLnnmJ20fXDhDn2sWb7zs cPxir+4bJk4IZvomK0raFH5eMeJ434/rfkMjfE87WOEryFHabnGsiH9xO2u6+ADT UhMl4iBY+wOoaHTTqfpOQpAk2/gO7UUvXtbOkEa8SYZjSQAxMAz7nqyL7Lucix9n 7ES4hLmic87cr7+q+8iwvASvcNjlDxqyGYRoLa2+TECsTmKqVbwEEANcufNKemb+ aPoRFi5apShhwe1kl7/vVCDGPtCssRRYZ+ejwpQY6m4PpRKY9soNFUt2WjOGVmaB iQR9r08fcX9SuW2dTuTzXLEi =wfi1 -----END PGP SIGNATURE-----
Tuesday, June 16, 2026
Re: FreeBSD 15.1-RELEASE Now Available
OK, but how can this update be done? The old command (which the Handbook suggests) doesn't work: # freebsd-update -r 15.1-RELEASE upgrade freebsd-update is incompatible with the use of packaged base. Please see https://wiki.freebsd.org/PkgBase for more information. and the PkgBase wiki is a bit unclear (it tries to reinstall existing files when trying to follow these instructions). I get lost with all these FreeBSD.*.conf files. Are they documented anywhere? Regards -- Marek AnioĊa
Monday, June 15, 2026
FreeBSD 15.1-RELEASE Now Available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 FreeBSD 15.1-RELEASE Announcement Date: June 16, 2026 The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 15.1-RELEASE. This is the second release of the stable/15 branch. Some of the highlights: * The iwlwifi(4) and other LinuxKPI based wireless networking drivers are now based on Linux v7.0. * FreeBSD cloud images using packaged base systems now include pkg(8), and support automatic base system package updates on first boot. * A new kern.sched.name tunable allows the kernel scheduler to be selected at boot time. * Significant progress has been made towards complete support for the C23 version of the C programming language. * Unicode support has been updated to Unicode 17.0.0 and CLDR 48, adding 4,803 characters. For a complete list of new features, supported hardware, and known problems, please see the online release notes, hardware compatibility notes, and errata list, available at: * https://www.FreeBSD.org/releases/15.1R/relnotes/ * https://www.FreeBSD.org/releases/15.1R/hardware/ * https://www.FreeBSD.org/releases/15.1R/errata/ For more information about FreeBSD release engineering activities, please see: * https://www.FreeBSD.org/releng/ Dedication The FreeBSD Project dedicates the FreeBSD 15.1-RELEASE to the memory of Peter G. Neumann, a longtime collaborator with FreeBSD developers on capability-based security, as well as having originated, through contributions to historic projects such as Multics, so many of the central concepts in OS security that we take for granted today. Availability FreeBSD 15.1-RELEASE is now available for the amd64, aarch64, armv7, powerpc64, powerpc64le, and riscv64 architectures. FreeBSD 15.1-RELEASE can be installed from bootable ISO images or over the network. Some architectures also support installing from a USB memory stick. The required files can be downloaded as described below. SHA512 and SHA256 hashes for the release ISO, memory stick, and SD card images are included at the bottom of this message. PGP-signed checksums for the release images are also available at: * https://www.FreeBSD.org/releases/15.1R/signatures/ A PGP-signed version of this announcement is available at: * https://www.FreeBSD.org/releases/15.1R/announce.asc The purpose of the images provided as part of the release are as follows: dvd1 This contains everything necessary to install the base FreeBSD operating system, the documentation, debugging distribution sets, and a small set of pre-built packages aimed at getting a graphical workstation up and running. It also supports booting into a "livefs" based rescue mode. This should be all you need if you can burn and use DVD-sized media. Additionally, this can be written to a USB memory stick (flash drive) for the amd64 architecture and used to do an install on machines capable of booting off USB drives. It also supports booting into a "livefs" based rescue mode. As one example of how to use the dvd1 image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-15.1-RELEASE-amd64-dvd1.iso \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. disc1 This contains the base FreeBSD operating system. It also supports booting into a "livefs" based rescue mode. There are no pre-built third-party packages. Additionally, this can be written to a USB memory stick (flash drive) for the amd64 architecture and used to do an install on machines capable of booting off USB drives. It also supports booting into a "livefs" based rescue mode. As one example of how to use the disc1 image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-15.1-RELEASE-amd64-disc1.iso \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. bootonly This supports booting a machine using the CDROM drive but does not contain the installation distribution sets for installing FreeBSD from the CD itself. You would need to perform a network based install (e.g., from an HTTP or FTP server) after booting from the CD. Additionally, this can be written to a USB memory stick (flash drive) for the amd64 architecture and used to do an install on machines capable of booting off USB drives. It also supports booting into a "livefs" based rescue mode. There are no pre-built packages. As one example of how to use the bootonly image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-15.1-RELEASE-amd64-bootonly.iso \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. memstick This can be written to a USB memory stick (flash drive) and used to do an install on machines capable of booting off USB drives. It also supports booting into a "livefs" based rescue mode. There are no pre-built third-party packages. As one example of how to use the memstick image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-15.1-RELEASE-amd64-memstick.img \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. mini-memstick This can be written to a USB memory stick (flash drive) and used to boot a machine, but does not contain the installation distribution sets on the medium itself, similar to the bootonly image. It also supports booting into a "livefs" based rescue mode. There are no pre-built packages. As one example of how to use the mini-memstick image, assuming the USB drive appears as /dev/da0 on your machine something like this should work: # dd if=FreeBSD-15.1-RELEASE-amd64-mini-memstick.img \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. FreeBSD/arm SD card images These can be written to an SD card and used to boot the supported arm system. The SD card image contains the full FreeBSD installation, and can be installed onto SD cards as small as 5 GB. For convenience for those without console access to the system, a freebsd user with a password of freebsd is available by default for ssh(1) access. Additionally, the root user password is set to root; it is strongly recommended to change the password for both users after gaining access to the system. To write the FreeBSD/arm image to an SD card, use the dd(1) utility, replacing KERNEL with the appropriate kernel configuration name for the system. # dd if=FreeBSD-15.1-RELEASE-arm64-aarch64-RPI.img \ of=/dev/da0 bs=1m conv=sync Be careful to make sure you get the target (of=) correct. Pre-installed virtual machine images are also available for the amd64 (x86_64), i386 (x86_32), AArch64 (arm64), and RISCV (riscv64) architectures in QCOW2, VHD, and VMDK disk image formats, as well as raw (unformatted) images. FreeBSD 15.1-RELEASE is also available on these cloud hosting platforms: * FreeBSD Amazon(R) EC2(TM): FreeBSD/amd64 EC2 AMI IDs can be retrieved from the Systems Manager Parameter Store in each region using the keys: /aws/service/freebsd/amd64/base/ufs/15.1/RELEASE /aws/service/freebsd/amd64/base/zfs/15.1/RELEASE /aws/service/freebsd/amd64/builder/ufs/15.1/RELEASE /aws/service/freebsd/amd64/builder/zfs/15.1/RELEASE /aws/service/freebsd/amd64/cloud-init/ufs/15.1/RELEASE /aws/service/freebsd/amd64/cloud-init/zfs/15.1/RELEASE /aws/service/freebsd/amd64/small/ufs/15.1/RELEASE /aws/service/freebsd/amd64/small/zfs/15.1/RELEASE AMIs are also available in the AWS Marketplace at: https://aws.amazon.com/marketplace/pp/prodview-kweb77e4ra73a (UFS) https://aws.amazon.com/marketplace/pp/prodview-aw2y73mf6h2n2 (ZFS) FreeBSD/aarch64 EC2 AMI IDs can be retrieved from the Systems Manager Parameter Store in each region using the keys: /aws/service/freebsd/arm64/base/ufs/15.1/RELEASE /aws/service/freebsd/arm64/base/zfs/15.1/RELEASE /aws/service/freebsd/arm64/builder/ufs/15.1/RELEASE /aws/service/freebsd/arm64/builder/zfs/15.1/RELEASE /aws/service/freebsd/arm64/cloud-init/ufs/15.1/RELEASE /aws/service/freebsd/arm64/cloud-init/zfs/15.1/RELEASE /aws/service/freebsd/arm64/small/ufs/15.1/RELEASE /aws/service/freebsd/arm64/small/zfs/15.1/RELEASE AMIs are also available in the AWS Marketplace at: https://aws.amazon.com/marketplace/pp/prodview-nzqrtvofigje4 (UFS) https://aws.amazon.com/marketplace/pp/prodview-vnapmjh56ncaw (ZFS) * Google(R) Compute Engine(TM): Instances can be deployed using the gcloud utility: % gcloud compute instances create INSTANCE \ --image freebsd-15-1-release-amd64-ufs \ --image-project=freebsd-org-cloud-dev % gcloud compute ssh INSTANCE Replace INSTANCE with the name of the Google Compute Engine instance. FreeBSD images are also expected to be available in the Google Compute Engine(TM) Marketplace at: https://console.cloud.google.com/marketplace/browse?filter=category:os&filter=price:free&q=freebsd * Microsoft(R) Azure(TM): FreeBSD virtual machine images are expected to be available on the Azure Marketplace at: https://azuremarketplace.microsoft.com/marketplace/apps/freebsd.freebsd-15_1 Download FreeBSD 15.1-RELEASE may be downloaded via https from the following site: * https://download.freebsd.org/releases/ISO-IMAGES/15.1/ FreeBSD 15.1-RELEASE virtual machine images may be downloaded from: * https://download.freebsd.org/releases/VM-IMAGES/15.1-RELEASE/ FreeBSD 15.1-RELEASE BASIC-CI images may be downloaded from: * https://download.freebsd.org/releases/CI-IMAGES/15.1-RELEASE/ FreeBSD 15.1-RELEASE OCI container images may be downloaded from: * https://download.freebsd.org/releases/OCI-IMAGES/15.1-RELEASE/ and are also available in the Docker and GitHub container repositories. For instructions on installing FreeBSD or updating an existing machine to 15.1-RELEASE please see: * https://www.FreeBSD.org/releases/15.1R/installation/ Support This point release, FreeBSD 15.1-RELEASE, will be supported until March 31, 2027. The previous point release, FreeBSD 15.0-RELEASE, will reach its End of Life at September 30, 2026. The FreeBSD 15 release series will be supported until December 31, 2029. Additional support information can be found at: * https://www.FreeBSD.org/platforms/ * https://www.FreeBSD.org/security/ Acknowledgments Many companies donated equipment, network access, or human time to support the release engineering activities for FreeBSD 15.1 including: Amazon Fastly The FreeBSD Foundation Juniper Networks New York Internet Sentex Data Communications Tarsnap 365 Data Centers Your.org The release engineering team for 15.1-RELEASE includes: Antoine Brodin <antoine@FreeBSD.org> Package Building Dave Cottlehuber <dch@FreeBSD.org> Release Engineering Sergio Carlavilla Delgado Release Engineering <carlavilla@FreeBSD.org> Marc Fonvieille <blackend@FreeBSD.org> Release Engineering, Documentation Craig Leres <leres@FreeBSD.org> Release Engineering Xin Li <delphij@FreeBSD.org> Release Engineering, Security Team Liaison Ed Maste <emaste@FreeBSD.org> Release Engineering Deputy Lead Colin Percival <cperciva@FreeBSD.org> Release Engineering Lead, 15.1-RELEASE Release Engineer Vladlen Popolitov <vladlen@FreeBSD.org> Release Engineering Muhammad Moinur Rahman <bofh@FreeBSD.org> Release Engineering Lexi Winter <ivy@FreeBSD.org> Release Engineering Alexander Ziaee <ziaee@FreeBSD.org> Release Engineering Trademark FreeBSD is a registered trademark of The FreeBSD Foundation. ISO Image Checksums amd64 (x86_64): SHA512 (FreeBSD-15.1-RELEASE-amd64-bootonly.iso) = 67e245a1e6ab32d4abdf3b1f3827b24b6eab7d71724e09c3cb77d58042aaffc1fc9c0c408d74223992f740e770b337903d3ea54dd488ef8b45f45acd4a96662c SHA512 (FreeBSD-15.1-RELEASE-amd64-bootonly.iso.xz) = 4ebb291632e5a194aeef4c2cdd6f4818f15fe39aabdd665e25bc53e19af6e301ad2ee35bc653218bf655fee357cc63da925eb9a64ee6075b6c4d16fba3dfab7c SHA512 (FreeBSD-15.1-RELEASE-amd64-disc1.iso) = 7b844d390648eb9888a74da02e63a76fad58b5722ab25624cf547395e687a2c5de4275781fdfc55a4d717fc4c245913893f1449976fb778be5e160495c538e28 SHA512 (FreeBSD-15.1-RELEASE-amd64-disc1.iso.xz) = 067c05cbf7a97ef6b43a1961f65425ca91bb8607ca2072a2f69d280a6231a7392d839091539e4450e519db584717d63f1f811e2cd80039381b0befd7e81ce3d3 SHA512 (FreeBSD-15.1-RELEASE-amd64-dvd1.iso) = 4b1ce39fe5125a1e2c5f641a82cde3f0cc2d6965d6e61a4f5ce551cbd859b423876bf9ceb79c8ad0066db1c4523a1d144429f1204e67b711a4c469b6153bf3d4 SHA512 (FreeBSD-15.1-RELEASE-amd64-dvd1.iso.xz) = 68de9e69c0d101139c5a58a6032ad3937c1c1e0a1b830b2042f9b9f8b62e093615251965f43a370512537d4abe683b6055f0090c904705f0bb81ac6ca46b1e98 SHA512 (FreeBSD-15.1-RELEASE-amd64-memstick.img) = 5545bbab67f4d7974a06364cb97e4eddaad1b01d8e0fbcfba0661dbb07624f0505ad93fda8650f3159368c0bcd308faa6ca671d99d77d8e55aec51e43fd3fdcc SHA512 (FreeBSD-15.1-RELEASE-amd64-memstick.img.xz) = 9a0f0df0d0e4f1e941f456b5908545a2b9167e0a7f7a4da46a3dedb0f43b3f594a146926e26fc4bd452ef19b58a3543a106d3695c4d19dcb43151a564c368f33 SHA512 (FreeBSD-15.1-RELEASE-amd64-mini-memstick.img) = 3940ae1dec2ec93a875944658b39ef3abb9690e554cf8770db2db153f76eefffbe42c31ba03ae9fa34af81e4c7a755fdf10eff050ec40465fad0cf57e03e7992 SHA512 (FreeBSD-15.1-RELEASE-amd64-mini-memstick.img.xz) = 719c0377038bcb5a0090f5071ad86ded4106a0bf66b4e360915f5a24b5eb7449647c373fc9251bd749c770bc1fd3bfbf0bd5465bd3deccdcaa3d4e09f3ac8881 SHA256 (FreeBSD-15.1-RELEASE-amd64-bootonly.iso) = 3e74120a59512cefc35840443bdd05087c8a010a27cf8a6fbb4f7450824f092e SHA256 (FreeBSD-15.1-RELEASE-amd64-bootonly.iso.xz) = 807b31dc257f8c1b3979cb48f875bc9e198f615ea1dbf5a5ab3a0fefc2115d5f SHA256 (FreeBSD-15.1-RELEASE-amd64-disc1.iso) = fa27646f05a1440fd26ffbb85e06a50bc86e128242a4e9cb7bb3ea76e1aa5fd9 SHA256 (FreeBSD-15.1-RELEASE-amd64-disc1.iso.xz) = 7983bc92cf0e2098df8769c36ae471b235552ebe99733e0673fe7ad85c2e9950 SHA256 (FreeBSD-15.1-RELEASE-amd64-dvd1.iso) = 027504262c65e096d78bd345d74905a8a7216bbb3c6155d55634ae8328f76c5d SHA256 (FreeBSD-15.1-RELEASE-amd64-dvd1.iso.xz) = 1aa52e114672753acd6734b588b586350c384fd720355bba679dafa5ce0c19f0 SHA256 (FreeBSD-15.1-RELEASE-amd64-memstick.img) = 26c6d5de1156e7a99df920d047578b504c4899865d91b1156b1de1a0c5239eae SHA256 (FreeBSD-15.1-RELEASE-amd64-memstick.img.xz) = ab63c91cd501cedfa7a28020464f2991123ea599c061ca9080c4e453cb0a8e76 SHA256 (FreeBSD-15.1-RELEASE-amd64-mini-memstick.img) = 61c4a454eb799bc92fcef375d434c0d48721951c598e4cb91b5aa8faa30d7a40 SHA256 (FreeBSD-15.1-RELEASE-amd64-mini-memstick.img.xz) = 25602a32253ed7cbbb50007d43c48e2f4342b92985465a79d8808a2156179b3f aarch64 GENERIC: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-bootonly.iso) = 85192ab914601ba7fdac334868922e769f1d859523da925202a01e7f33edb4bb61003f9265581fcc374a7c18d8990367c65163cb84e52a5f0573d9c57ec68e05 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-bootonly.iso.xz) = a2e866934a558274ddcd78a50f90120a126ea604ab47129e4f9a2e5f2b2608d4634ce541db041f575422c9a15c2ce134726be290523072befb6f68eafd1724ee SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-disc1.iso) = e58fb2a1ab510a699ac7c55958b947a77effda95ae2144e7d55f0b5739c334e9fed591ffd955845de16e6404126f56c9d5cb8dfed2b3c265d45de203a7a07b95 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-disc1.iso.xz) = 9339045a95b4a978c76cc502a27bd51afe9592bfc0f008cd0679ba44f272dae2304398cabe79535e1adc1db97a8cb2d1187b36ba991cb13cdaa46d4d65522ae6 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-dvd1.iso) = 3070ad6c296fdb5118510b24d874f954212ce576a01bc0beab1594a78434c3f5a093cf6800d62f3fca0efd359fe2b4bfbcad7de5bdec5d47b47a4b3f613aac0a SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-dvd1.iso.xz) = ef2e9b5590bb0f23a5b59fbeb260f3e7ec7ffa6604e4a1ee94a12a5667357ba727addeea199eee4edb411105243ace6180f5ba2bdd5ea1ccb54f2192b98c6a1b SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-memstick.img) = 5b128b4d9b7afe181b57c5ce22af385bed14b858f41a56c926eacecadb003c0d00e834ad7767544c40963f0221bea20b8357733fbe4bbc1d7be7779cf326f879 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-memstick.img.xz) = 37fdbe3c752a7790c07af4da695d7df4e7173c2fe9e10022b12e581eaefc38318b38050d73ccedc0595ec2fc21261dab3d356f558a063333889d20a76992e728 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-mini-memstick.img) = 96cf44b1cebbc6bf4b7dbf7fdbddbeb421882bd7ad7dd7876a36a6fdcf8d6b30f939989a49d68f049628835de77687a790443485565005f85be7bbf4d2308d74 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = 73931546df26bb51544f187359b30d773fe5225db2cfc28bf90ac105cf600aebfb6199eba28b21a9817f3a1256fdbca639879d135750cb1a9bbccbee84412273 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-bootonly.iso) = 359136c2af73e03da6f15ad59f0c67bc561ca8b69631d78bfb8f2225e2c9a5ef SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-bootonly.iso.xz) = 33e2dc303b5dce5a374727ba12c41c303db70fe0676e76333e09e0ea8cb2fbd0 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-disc1.iso) = e17805c6e5a1323d4a31919053b7b2b25876344f2fada3762a4d8009770f1d7f SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-disc1.iso.xz) = 1758ca67edfe560ad6ef1ffc54f30c406e957eb7a55b547dd1f823240c09788d SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-dvd1.iso) = 6542055b12b873685abdc66e990b301c863cb4efa68e00a08f50f7b7874e7417 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-dvd1.iso.xz) = cfb52a199ce07836e34b3596237a1d2583db8de51d0513b66407f6b3464a3e8a SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-memstick.img) = 23c81763ef507b95f2d1051eda206d99c47311e80084c4fb996ec8a5d8196fcd SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-memstick.img.xz) = 8efdd6afa289188ca09b3200b5065263820b0160b717eb5504eb6031558f9973 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-mini-memstick.img) = 7183df3fa97c9de7718e4a63c54fd622f0abf1a784341ee214e79c6b6e96f402 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-mini-memstick.img.xz) = fd0d1f622faedc06d8ab90c549416b0c3d39ea2e7c16cf31922433d1017cb9e5 aarch64 RPI (3/4): SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-RPI.img.xz) = ee44ec2226d4d7bb366fc612bd87610f5091b039802dabb5414763cb9e37de029d14d4069bac5dcc117ea63bf8226109a93bc70c6758752301fc61cb3a09753c SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-RPI.img.xz) = 707bfa60224c548d0d37ffaaf80d85c750c7e943397737a0448a6f31942711a6 aarch64 PINE64: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINE64.img.xz) = 8c542ecb5ff7d12d8aa296000a22b9b750765e5b74479911d5a3f363cc4f582f7068a8936069a5ddffd548cbdbec69511313c2b46c095fadb41671e7c526ce55 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINE64.img.xz) = 302cad70bc9aeadda59b6fb5e9b7df82940599ce2b524f9f4a4a40d719ef9b3c aarch64 PINE64-LTS: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINE64-LTS.img.xz) = d6666d6aeaa4acbfe6649a78e059a4dc3c70b77ce2211717c29f0d2b5c41aa81f56a8a90bac447d4b63f6bc36abec096a141cab48b162c39602c26238bd7d62b SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINE64-LTS.img.xz) = 93c4fd63b0d902ee062ae88d3b3db076af5bb344bc277ab97eb9c59d3d8f2b35 aarch64 PINEBOOK: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINEBOOK.img.xz) = ea40a72c0bdf33e6fbd17c9a519ba710e316e6f821572c383fe839fbe121895b80e9242772bafa4a007b3c03087fc7982c64f6aeff6d45e847e1b3d7b9ca2a73 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-PINEBOOK.img.xz) = 2b5f396f0eca2361898b054784a52873c3de26e685869dfc273f3712af82a786 aarch64 ROCK64: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ROCK64.img.xz) = 6994a77460d04d311259314d788f296b5bb09bc16e7a615faeac841ad0537ba89b31d57d3c99939ac19cdf2e7dfe2d1118a99aaf77f1bb9566eb4c88b7672ae4 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ROCK64.img.xz) = ed0e57541b0f445c36ad41f804509fc236b1cf39d1e4a1f933dd93efbc829234 aarch64 ROCKPRO64: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ROCKPRO64.img.xz) = 27257e0daa54ffa24b07cd8e8d946912ba895cde71b866f56ab8e04139b08a258d39c7468966894b48c762f1dfa25261dc47aa3433d1307f01b8bafcd16c1a4e SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ROCKPRO64.img.xz) = c84374007448497a8905f137d7fa79c800dc93ff2f85c3cbf9e2f5ce81cccb03 armv7 GENERICSD: SHA512 (FreeBSD-15.1-RELEASE-arm-armv7-GENERICSD.img.xz) = a50077a25a44a38cf3ff55b0a6e3da839ea96b829e5d975f27e1f3c0a6f0f68ef97a7d5ce845f3f0d76fce800814e57ff9c3499d518257210eb7e32913c720f5 SHA256 (FreeBSD-15.1-RELEASE-arm-armv7-GENERICSD.img.xz) = d568d7324825af9072405b11b7d0f4ba892d10ca05687fe4fd65e328e72cf7b8 powerpc64: SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-bootonly.iso) = 3cb2eed819dd1aa22eb268da00ef44770c2698ac3b31922e75853351470f8285bdc105eb3d8ad46efaaf9bd3e691cb09a79358c501fd029cc8258ef493d70098 SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = e8078a8a53fc5d9487d8f11fb1657a310cf2fd88e6e8be5845cfa2308e67517c8d2053ad81395e8c41a2f7532ef537a277ccc1cfca39b59add493ef09b7febdb SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-disc1.iso) = eb9c657d475e7d4c6ea4d4cf643f022f1890d5f95fecf5413fac2cafa884454b67a79f2630a4921909b67d2e2bec085819adcdf2877b8f854531c546bf6a2f55 SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = aeb86e91aff4e1d8d8c4a75df0647aad29733576476a80c7e03fc768934d549df7b132f450378528b167f1d725a0ad085ae436ee20722ecf2e145d60dab6f6a5 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-bootonly.iso) = d7dafaa94f37a19d427202c9e0b0ce101ffd1adc7b57d5af46f16e03d25b0e30 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-bootonly.iso.xz) = f35c65d120542f2aa849b8fdf3c930e9c76d29d389c6509e245ef3a2b25155ad SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-disc1.iso) = 8e6ebe67335e10ecf4a98e8570e18901be6a65d906d5b21ee89beb241a1ef753 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-disc1.iso.xz) = 225db0307cda1dafc381d00cd1b797d8e39feaad014d12a6ab16e81a35211ee5 powerpc64le: SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-bootonly.iso) = 43340d78f423b1f612dc4558bb7b048c14beccc95023bfb6329604f711e41966aa2e47b07c1ee9d5e59132afa8c9a5786e6f09063ee528c2527bd0d31787124f SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-bootonly.iso.xz) = 0b267c42ca07d15bb223c8a0bb7e1d1a36c6f14813d1f0a4911e37c04e108150f87c2f9921dab118dc65e3f74793a7aeae0805caa651a61b5ae0478b700a5800 SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-disc1.iso) = 6df8276b52201d0330ad4c46f5f2b9adef1b13bb33b2ccbd0323025d463f5c45b19d6288eeb29a4a77a0b44925ca21152d227d889c0b54458396b6643ebacfad SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-disc1.iso.xz) = 7eaee1ad4059a4db99b777f7fe6058487eca805dbf77e3234c458317f4c41d64c3b3e815d7fd1120bf8b178ac27f3e8406c01cc2be69467ec3cbbf42d3810e9b SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-bootonly.iso) = 9a23d474adce7efe05c19e10fa42d87b0137126d382935b7a846de1cb4adeac3 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-bootonly.iso.xz) = d80a4b1d99d3f64d2852055831fc9bba5b26d60e64bcbcaa50a6afd62914022a SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-disc1.iso) = b25624362ac45cfe6e77a6af7293aaea4255a43ddcd8fbeeecb5d87cb80ccd47 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-disc1.iso.xz) = 13ca311ed72b8a62dc38ead8e61ca44ad814d405197004cad2a35d5af3132331 riscv64 GENERIC SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-bootonly.iso) = 0c6ede2106b5e381c6680a228e0879d164d8d314410e84e4afeab0733ab23d5e05bdfc9b89a3064c5a86ad45c57d51d65572bba634f14a5293361d110ef00f71 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-bootonly.iso.xz) = 86837d1418a4e9be7a69ab1ec0a86bc4cdca42340a99c295ee380245cd0d5d96437bee9f77e69d6c1365bcc87b5e764a33f0834efc4e123dc7f4754e79c8e0e9 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-disc1.iso) = 0bc56ab925a0ff11316d1618370fa0fe5f72b553661f460fb49122df41dad3739d56fcf8ff81269e779a0dfe6159a80a7ee280f4f0fb41018b51838f8350ed90 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-disc1.iso.xz) = be32601404b011e8de0e7afc9117255e3d19061a712a45478a54f3496bf56ce4bfa04bc1d0751e5118f2899264745483662549e9eeb4dd63f47c8c10e4ecc1c6 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-memstick.img) = 457097c41388395bb06c3ffc72575eaa4116746aa0c0deb6abe07cdfc1eb4eaeaa9da0c5f80f1c49fcc525358f87f7f9e6283ac499731ac6bdbc8318103a2a14 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-memstick.img.xz) = 23cec4b50f827bdf791eb5a04b687377f31fb0164a81e1248438228630475734f04bd2c1551f858e4335e88a73a7fda055ab1da491e6061273f936baaea040cb SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-mini-memstick.img) = 13bc48d4ba711d6790b9269e2fedac99d9458630fad35ff5cd8b9cd3eff8d2134fa041287f4f7a3621b2f7c745ca9023e59aad05ca66d117cf0a42b179494a4c SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-mini-memstick.img.xz) = a4da6ac949cff06501eda9fcd3e9318e01061f09f4aa2a8e73855a0640939f50a08af36021618ec0b7546be018bc64d3f69903b6c0b3f3f01d54f1bb314c4a50 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-bootonly.iso) = d03c777878e8ca170e88c17de9084f8375f581df0697a94faa594f181c8c74bf SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-bootonly.iso.xz) = e6abe65d20634869bb51e7b82cc798753625ca74284417f0797ac19e53e864f4 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-disc1.iso) = ef91ed14169f280c27132458d84061575d42da4210938cfe141016887752bc09 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-disc1.iso.xz) = b7caca83078129dce0a676b6a33709b4ac1c6a4e9fb357a293069ebe8970e17f SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-memstick.img) = 0d0cb0dee236473bb5e3fc006a9ef2268b586135a3825a8b6d07f194ba859028 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-memstick.img.xz) = 3ce7815e73c2928233df380158093d6e3a611a3040b3beed0e7047e05f0a8412 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-mini-memstick.img) = 670d881fc5ad47597b0871e74b767cdcc5aae4752ab93ee8631f9dd1b07b8bd0 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-mini-memstick.img.xz) = be51476e7ae19284dc0898759871975f0864967d5028781b3c723bb46defb081 riscv64 GENERICSD: SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-GENERICSD.img.xz) = b7e18894440fdf2124713a072abcf359a4d81bc37d151b808c3d9ee40e86d09f1ab022745a0ac7c530babadf813e074571502b840e0219cee8509a5b972998d5 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-GENERICSD.img.xz) = a2e0785e6100dda5943f6946aeab5377d5bb5c64468479d97c42331fa89d44ac Virtual Machine Disk Image Checksums amd64 (x86_64): SHA512 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-ufs.qcow2.xz) = bea82b91a983a20eb7ecdc6f11c1006d394ebbc5668b7f0ecdecf5a54fc5f9ea3a8384fc9f74a6611a9b08c183fa953327147ebfaa0de199fd015e67dd1e608a SHA512 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-ufs.raw.xz) = 36a0807476d4a02b69b54d40139e54a00c57e0ab35a6e0beff58f89205e06b8f8be3cc339f79a96639b3a4fcc0844ccf1cad61d21333258f65066b272da8a355 SHA512 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-zfs.qcow2.xz) = b264ef36be15fa38428f68f1c910ed5a5db2de47dc82f74e2f126d9ab2ff25650aa24f6b7db69b0afc11a5e924ad2193cbf1ff65b6c455586a378eeeded4ae85 SHA512 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-zfs.raw.xz) = e14e0a0585d736a1784b7bdd4258ab6e52e97148f8ed70c797660cd7b66f14ae82bf56ef54e29c1f269f6b9aac674f856f66970209e35301d129edaae7aa848d SHA512 (FreeBSD-15.1-RELEASE-amd64-ufs.qcow2.xz) = 005e4b886e6fa1f246c1cfee27dcb6eb84aff381f270786ae7d783a21dbb8a9afcd612b9e5075c4041551a10e1739500aff7d58a3d20a040e85a40fe8cee10e5 SHA512 (FreeBSD-15.1-RELEASE-amd64-ufs.raw.xz) = de0305a29315711b85c5bbcf325c30b37d6a43cd19548c82269377c3f064236a65b0470d8b48da1ad2e1f87bf185522eabe0d07be9a2d9d45ee619d60402be8b SHA512 (FreeBSD-15.1-RELEASE-amd64-ufs.vhd.xz) = b200cbedcc849cb0dfe7eb828169746ea160642183d835164b3b5a7ac2c1f2553a18e328e096b491d61d19725283c008d350fcd09f9483ba6b94a7576c703479 SHA512 (FreeBSD-15.1-RELEASE-amd64-ufs.vmdk.xz) = 5f451e4fffabd924e24996f0ab6f0273751588da5c33b50d67916a0b68e29e03ce9c9e1d5aa9c2c03f06f33613daf08046f87fe0b2c7b46ce5e1d89593235f04 SHA512 (FreeBSD-15.1-RELEASE-amd64-zfs.qcow2.xz) = 72ec4b8a89d8b6dafeee121a215251e4b669e5a1f1824e7557064dfa7d60aca96c74cdabe297957c3fa29e2374895e8d24bb40e9365b95bae2a1d1c5aaa8a57d SHA512 (FreeBSD-15.1-RELEASE-amd64-zfs.raw.xz) = da9dc47d8612c4b201cc04a6c70b1b0e9da7a899e5d4394b8c1e75cd942e2f9e0300c7534853167a929e3bcdf3bbff5c9ec597202a384a0dd411b6d01a03518a SHA512 (FreeBSD-15.1-RELEASE-amd64-zfs.vhd.xz) = 55218925c08d1eb63907cda4ea1dcd4fdb170893810b44ff7dfb71b3ba1d1cb355ac4686e71f064f5dfddca375a544b71437ea50a651a0a3fca1484cafafd724 SHA512 (FreeBSD-15.1-RELEASE-amd64-zfs.vmdk.xz) = 1150256c202d4db1cc638f62a5035f0e2e19347ffbb7dd4a66a7e9fca7c95edc5b4dd5e529bbacb13bcd434bf3fe534b2b86b97d7f06cc522a6c2a6bfbc439e0 SHA256 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-ufs.qcow2.xz) = e4ca4db889f8559c9b9dfcacc70405c038476f4b6d41649b152d3809a2ed9e1f SHA256 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-ufs.raw.xz) = 926733d965078b5d635931eccc34022f74f803d35b79c05ccc2ec8a7f0ebcca2 SHA256 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-zfs.qcow2.xz) = 4159e137d4a78f46b62d3523edd9a4dc79fd0cdcf17e34e531342f52333f4131 SHA256 (FreeBSD-15.1-RELEASE-amd64-BASIC-CLOUDINIT-zfs.raw.xz) = 93011721f334015ce203d43c4d204e7cddc73dc6e3e757532fe67b740dc916b4 SHA256 (FreeBSD-15.1-RELEASE-amd64-ufs.qcow2.xz) = 25ad16e9d0c037f40a43c6f3c474b5c1ba62eaf9204dbd7f034fdbffe2c3dae5 SHA256 (FreeBSD-15.1-RELEASE-amd64-ufs.raw.xz) = a8e2c0f8331be615ef008c167069076833a417e968ff6b7d8e83b4ac762e9409 SHA256 (FreeBSD-15.1-RELEASE-amd64-ufs.vhd.xz) = a6b6632af7d6308008850480c1c9f1b0730455baa6351de517f226a2aa7c840b SHA256 (FreeBSD-15.1-RELEASE-amd64-ufs.vmdk.xz) = 1bc19a845ddfba9f85c6a44e2c14d074ed232abb0040b2e6f51c4af1ff349565 SHA256 (FreeBSD-15.1-RELEASE-amd64-zfs.qcow2.xz) = 9161f11d130d46afb8a5f5d3166459cdd1a87590facb594e11a64da564f68e7a SHA256 (FreeBSD-15.1-RELEASE-amd64-zfs.raw.xz) = f026812a56222b2b8941caa88a405159cea81a5d213e0f9e10843057bbaff42e SHA256 (FreeBSD-15.1-RELEASE-amd64-zfs.vhd.xz) = e3d5e2df215cb354b27e4b9113a776b0937db47620319a020fda75435cf1ad5f SHA256 (FreeBSD-15.1-RELEASE-amd64-zfs.vmdk.xz) = 8c3aaf2805c0a1fd362545fbb50e5250e901c9bdeef061d56e99d902459c6a0c aarch64 (arm64): SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-ufs.qcow2.xz) = df37de822fffdf19d7dddfdd3947390b5ae4dcd7f18a5ef6c6e6bb22effd52b593e09970c85ae081a2bb8290bad99a0fa5e473aed41be332a47bbac62c62bfb4 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-ufs.raw.xz) = bd815da771a0bbae6cf6be9da0f23bbe6369336cf1310d166aee7b6be766250271800486a74b732a4498232471935b02ee587740c9f0b97ddce58a6729139db9 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-zfs.qcow2.xz) = d14d2f1c4e066b40f04859d14f7adc5d349246be514d30171d2d86eeb0e6d5262e2e5eb92e0f1ffa16fe70ddf874eaeb26e4226b6218b9857bc4b6c521eb66fe SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-zfs.raw.xz) = 517d8ddd674fe65635034344fce789be15ff5b50fb86ca41f72c2a8ae00e9ee0bac83ef48fa7e62559ccdc5340feb5ab08caf1e69eb6014a5015bd24da2bdab0 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.qcow2.xz) = 4cf3706d857349d7a324b5cef4e421fdb3457853cde8a2020135e819c6e1bb44b3995fdd3863d46975759a5c080f52daa18c1dd128b25c98ca71f098ab18958e SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.raw.xz) = bdc48ca4dcf8535cc63e856bf59c441fca68e05aa55b65c8baeaa9a9c9ab606ceb1f8a23a65926ba98749082f3a8c90cf8d9f1185c70491473290e63bd627de3 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.vhd.xz) = 76c7100262bcf453fce32befa452f79383310cd7ea10148e3c54b2e75ee17e15a2bb6db0063d7e4ebe949d2a16bb3e6499395801e5d28b30298bb655fe8e3099 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.vmdk.xz) = 45344a620666a691151027f3d8ad523dd06eafd8ff4b9fabbeb6fc38f842e7b47325fce218f27d07f3321b2d102a1c3a9e2b5c0c909ac69382a64242aef18ae4 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.qcow2.xz) = 5b986e6a1d57cc43acb1e99193a52c80a0cc3fba99d6824380d84447bff15a1715c053d92a7da43329350e58b88886a005fdb05b61444edb640ffd20a8e1aaad SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.raw.xz) = 16c1c64fedb953da3e83c31b2516862c156632a223bce5134d5a24f1ec53767959a27db821c7a50986d59c7f93c98a798257ba4afe8a8864c8806d63943b70e4 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.vhd.xz) = 3c8fcd93528258b725a49b3990160cd6473064c9b85f6a3367c394aaafc93c1346bf599406127d759dd2dc2003e13d0fe5abd10b3a7ef44bba0f88f5608a4664 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.vmdk.xz) = 8a727e297fe26e411597e455215aeb4d2cc1a3163aa7973a5cee615350236310bfa5abc53bf1acbe602cfaff7cb0918486bdde08879a931209b50dead2b8b189 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-ufs.qcow2.xz) = 9722aea499610802de9a14bb645707fc4f6df49ff765cd9ce372b783c4693963 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-ufs.raw.xz) = 6784c274f8f20eb4687de5e79283d5a3486a07278fce4d58d0d01d198d2c45ed SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-zfs.qcow2.xz) = 0911a033b0a5d060486f92e534f3482c6a2ab96af6abb8a60683eeb24f6746af SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-zfs.raw.xz) = 907ca57e12503124cc48da5d698da139459c60afa023aa12e82729d655e8e15b SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.qcow2.xz) = b61e4f47886332aaff9eb88cfd40c4202132a5c7bf8b56d5b4221f29b683eac2 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.raw.xz) = 36028829cbd5a74a050d9964cd5fd391c9d12edca1c3d520cbcce257e1d999c8 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.vhd.xz) = f8973eb184b6c730a04b30dd0f1ba6e5f9a740ffcc4726518bce99d136b53a1d SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-ufs.vmdk.xz) = e62ec018fdfdf7d6b9ee2674c9d15a5fcb70114f3c9c0eaab3e47fa3fa3d1ddb SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.qcow2.xz) = 7bb9e2263f6bae92fb0c09acd887d057636140a4083b7c74f125b2eaf7198394 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.raw.xz) = 8bcaefd673c63fcd0923c1bc5797293edb7381bc66ba9d51e9046b511a706f62 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.vhd.xz) = ef74bbdcffcd5eac99a1252ffdda3ff5cca0cc993553d551ac56ff239bddf5ae SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-zfs.vmdk.xz) = 0d12182def725884991bd777c8f2a76d28c3d63b92af09686af7e8cfd25d9c78 riscv64: SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.qcow2.xz) = 4c63fed1f8814c8cf52ffe371a83c083c93fc938d38c149313413223fc950d9d482f4eca224236591ff33448ffa00484d22b8352e55a38fe8b9c4e3bf924600d SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.raw.xz) = 81125607e8fef52a4ca6e7f448bb1648230001cea8fb30abf624e8009f75a27ed1723018d66b775d8b551efd6a112fa4b6f54ced67a9e8f7e0e09f27b534c352 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.vhd.xz) = b9bf3a4336b81af2d8175c07fb146bcf1abea4debcd2308ffe1d2624d4135d835a297f696fce48d2883b2fe70999359ed47c734f130081bbd5bf9e312105a2b7 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.vmdk.xz) = 6dd17b63584db3fb0ba68cdbb05679a713bc627feeb3d1f1eb8a2ec26b0abb5817bdd9146aba5866ba70d5dd73359d7af73ab04bda611f41bfe5879ed054a93f SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.qcow2.xz) = 7fa2e228ebaa3c0f98b77905ccfef03d2e22669d08481bcfc38fdcc34dcb47452fca5b75bd30480a4ad9979dffd6fb3036b028befc880eee8801b04b4bb55efd SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.raw.xz) = 73349ffa1d929e761a491c54e038dd13d969a78c86dfe7baca60e3d0deb40046991a772a30709637e5c9e3ff3b649ccc3a3410ce80ec871e9597dabd6bb0dfbe SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.vhd.xz) = 6cdc644e557d5817c49172f84a9453db2830a749abd8ac014d0ac345b862a371c4aaefad6a403ea1dc2ce02820aac37362563a28fdd3e19aac27958402af08c5 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.vmdk.xz) = 2d91c65883443063dca280bf55bd8a39ac9ca7f74fc337206917125e2a6d2c3c098a0dad478298e4c09523022ed60da53d4f6c1696a6a7415cf4d1cb9c3a5fc7 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.qcow2.xz) = 0269081ec3a8fd61c0f75a41227011a61d02a2c79e1457c04d4e042f98553b16 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.raw.xz) = 46adb88fa8614af88807424d80cc24f05d8faf5e5f04c76532eeef2cb5da8cb1 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.vhd.xz) = 0a123d7eb6dc0d2c16982cb4fd93cfe1fcd7bd9427fd2e40eccf4e678fc2a722 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-ufs.vmdk.xz) = a2f439ba2c7f75926a7f09465d15a2a6423d03486277550ae8cc33e3c3ca7f85 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.qcow2.xz) = e81a3397fed63ad3a82742ebcc1ff37397f40614c7d47427da81e009a600e3ec SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.raw.xz) = ac343c9ab0e58f98f9547b2cb093cd2d0ebc4501e03b32d6f43a876937f9e104 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.vhd.xz) = 6a47227cfad129d433e1b67efb9f4e7ed6df51cd8b63c5ee0cdc35a21178c9ef SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-zfs.vmdk.xz) = 326127bb100b3f696e943e334bb4b26cf48d78f766cb6aec902414901b91f528 amd64 (x86_64) BASIC-CI: SHA512 (FreeBSD-15.1-RELEASE-amd64-BASIC-CI-ufs.raw.xz) = 030259e36d133dd7dfa1bde3819c4f933bef49523f30c2a552940095e26807863a99534a9517700ec9b8d0f464d28c3a9c6308cf4d64cdca0bf6769fb81390d9 SHA256 (FreeBSD-15.1-RELEASE-amd64-BASIC-CI-ufs.raw.xz) = 908e735f18ba192eaf48c2703b549225c9b96e74e3784bd9278c7120b4139962 aarch64 (arm64) BASIC-CI: SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CI-ufs.raw.xz) = 7d0453ba84d5086a1110f1931061b940fabe93940ded4282fd3773315fc443e724c5089fe78db0a6c4b73700cc14b21d3e3a52f122ed9e81acd5744239473fcc SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-BASIC-CI-ufs.raw.xz) = 69f5009497ea4e550910f4f71d13fd56c468e6a5df492c8117df7116c7118820 OCI Container Checksums amd64 (x86_64): SHA512 (FreeBSD-15.1-RELEASE-amd64-container-image-dynamic.txz) = 80665cf7a3ee10d9d162e53c0f128a628758cc03c8be13726c29e3651c3ea6eb457089293bd2c438cb66dddf143aa05bf8623b2ed8d82ad23a7ff001b225d849 SHA512 (FreeBSD-15.1-RELEASE-amd64-container-image-notoolchain.txz) = 72176737aff8c226b6118ef4f09580fb7a739bb48e1272ccce0aa072f010be81067b9594155e657c905d63789780c6cce5102665dba5d2b6247a3235d966391b SHA512 (FreeBSD-15.1-RELEASE-amd64-container-image-runtime.txz) = 19ae4b1959372182da39ff98db3d38317d7156b770551aa8cd731657530ff4816345e3140daa61156628845898f4a6215f7ab0a31b7396989918ab61f60664ec SHA512 (FreeBSD-15.1-RELEASE-amd64-container-image-static.txz) = f92548023689d9fc2bd6616dc0debbfc4a50595de9b066ad1dd03e8d5f7f17ea67152614fb2964fdcf628ecda7c760743ae4c216b7b183e1fb375656e46e68fd SHA512 (FreeBSD-15.1-RELEASE-amd64-container-image-toolchain.txz) = 7e74057cf935d7b0a5ef58b5e14435b9df2fc563b6859c9c12d8d0547715d40a425505c0b24f9597ce1ce2ed1c8b5e7466513c590385cfbb42ae6809343405fc SHA256 (FreeBSD-15.1-RELEASE-amd64-container-image-dynamic.txz) = 12b314b41bbe9ddbf85cd8d4890150dc0f1af897e0459721c63137cccc8fe408 SHA256 (FreeBSD-15.1-RELEASE-amd64-container-image-notoolchain.txz) = 7293cb3c6b016dbec030c8b7c12685ccc54a4610c7ddb87f559730c6b555491f SHA256 (FreeBSD-15.1-RELEASE-amd64-container-image-runtime.txz) = 9a31ee149a96117848d3be0f9c3e81377aace4a7d7224ca1eb06d79147e33853 SHA256 (FreeBSD-15.1-RELEASE-amd64-container-image-static.txz) = 483d55d127764389833e8955a25edd032a871de04ac848b0cf16309180679ca8 SHA256 (FreeBSD-15.1-RELEASE-amd64-container-image-toolchain.txz) = 0fca3e8373704547db5a3abb463c93960eb9dfb57e1c4ec624f3daea6292a4d3 aarch64 (arm64): SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-dynamic.txz) = 66d3bb5eeb15a538ae3c52e0fd3244e660e28a8e3c6efeee2f235ca4df3ae34457317b64d890107dd67110215a1a8a1d93bafe003e66d2835372a6e1e7475127 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-notoolchain.txz) = f4903eacf58d86aa5fb9b20abf27c806c8b7bd07c97a4e38dc637c7d2fdd82b0836aa2a78b8e4c534eab3c07c3ca046d2d6fc4dc3b544802f1efb4de5654e03f SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-runtime.txz) = ad96db23f8a8631adf3b7683fab07edbaff52f43d271e30ff2149295670b4f0f7f262e3a580203fc5b56d5948873a9768fe570155cd6d824b2ed31e5b3d02079 SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-static.txz) = 7c8b9aaf29a659a6d4aca97c22a2520ef2065ee656f6e700393b8d89db7a3b2efdc22e3566215dc980a79b40ea77874c32d05764bc63a36465d4599ac517e9cc SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-toolchain.txz) = 714ddb6fca464b7d3b858d6e93cd22bcf157218371592ca86076322bda6a760f32a54934e949618a11aeb9f17b925433e392e7ba6487e523b52aa04eaefa372e SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-dynamic.txz) = eda33a6afc0e601b7de140911cf945dbab829f3c689f3bb956a1877ffe315774 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-notoolchain.txz) = b6e83bff1e9843d6c2e4e14fbe868ad892b05dfd115f34169bf2f321be2c979d SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-runtime.txz) = 855808e48a4acc934ce2cd83a5c30352fb9ebbce7594701aea9f39c3f219133c SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-static.txz) = 9d3cfa6d89925d728636d9fea15e4fa4f950fdc34de3080793c93236294d50e1 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-container-image-toolchain.txz) = fd10f69be3080e50e7c4c451afd77923b14a120b20ce9521cf89af84b2b34ac0 riscv64: SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-dynamic.txz) = e6e8bee50ec9b980ae52b026c48b8c8e301c2c7ce02caf4f26b3b6d18c0137e04a51188c868787213d293afb653f98289a0893517b89287462875fef2a6234db SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-notoolchain.txz) = 86e50233a26dcae0dd8549822c848a33d56195ae220e19a5b2b597626165f849690df27d38db0618ca1551850652043f3840d72b10f2e9ab0144632765dd8ad7 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-runtime.txz) = 6d4c095afc53cd268118a29ffdd4d173a6cfc652b712acb800e96f6d3c39fce148672638181e9c778074da7ba06742dfcb395530b235c1e2b41487ba6610c4a4 SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-static.txz) = 8c3f5dc71228bf7a6307982f22444793c72fea00c2f40db67e92dd6babdb75e33e21594c610c769e066cef887f8df2c443c23ebce62177d4f213500b65adbe5d SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-toolchain.txz) = f08de0dd3e2ce0ce665841a69cd7e350b96e87b9f33f7bc54994fabbc3acf37c2f2c4509e85c9d473fd71acff9062c442507fcd6ea945efc07200d6bf7f875f2 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-dynamic.txz) = 5d76518a04d3416e263842cfbe15827b0cd0619422889a2ef7999a3ef1b96c87 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-notoolchain.txz) = 34c0608bd81692e14d01b0bfe6f6ea94c4379d5b2b51f2551509c0109abf0ad6 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-runtime.txz) = b247687d953bbc78719ddf7b64443634221312cf548a5ad93c25d49b533d309e SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-static.txz) = 4fab0d62de08383944bc3bc4379189d9f38667287f0c111b3915401b42d03d2e SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-container-image-toolchain.txz) = 3af45f52b21330a931b973ee44b40fa145e76d81448a90123b31b023acf26aec PKGBASE Repository Checksums amd64 (x86_64): SHA512 (FreeBSD-15.1-RELEASE-amd64-pkgbase-repo.tar) = d2d2ce2bbafcf22af7afa72a4499c1af46b623f88073438ea20fa4ff05fbb0f0957686ec1b3bf5f5d00553936d5a4f9e28733825e710f9537605a25fe62e2bf7 SHA256 (FreeBSD-15.1-RELEASE-amd64-pkgbase-repo.tar) = d6313e25d1180af552686fbb6a5690e6f35482c8f2bc12e0cadb40b14a2c8df3 aarch64 (arm64): SHA512 (FreeBSD-15.1-RELEASE-arm64-aarch64-pkgbase-repo.tar) = 511a2b1dcb0d9ede8604c3b7f2596b2c04a2e23eff45e7c70bd1e74cc41edef5aa80d5efa2368d578ef3256f283af541e985ff2cd7d8b0c916aff1cb92fd3244 SHA256 (FreeBSD-15.1-RELEASE-arm64-aarch64-pkgbase-repo.tar) = ba23167bb86e3cc621834fd7f6c46ad51d634493d60a5cd9356f8611f98a7005 powerpc64: SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-pkgbase-repo.tar) = ecb319629868bc03aff912812506b490d240f62137347fd26aaa23ed11d99a145790c27c6b25e5dd19398db6376d6887ba9f9f620bba276714ff504d709f221e SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64-pkgbase-repo.tar) = d4d7da6858c2fd11869f670c98e6b95292674eef6cb2c880ebe93c2a11d3f4be powerpc64le: SHA512 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-pkgbase-repo.tar) = 50fcb350468d42e382be1002ff77ef2d20d4c7866ef31ada35f7e46b7d86bd4d3932e2fbb96614f7c8bb2f0bd108b441044091cdd14c650b968f6753671410f4 SHA256 (FreeBSD-15.1-RELEASE-powerpc-powerpc64le-pkgbase-repo.tar) = 6e5b9d6683c28f7c6c6ebae133b372bd3ece1f0a917d80a0cee05a8090d19751 riscv64: SHA512 (FreeBSD-15.1-RELEASE-riscv-riscv64-pkgbase-repo.tar) = aa26ab9c0ed8e0b9b1bc38ca236263277e415df8a15693dbab7f058a220353c23b7678727a3c224f02dd5f8bb042f8bdf53ad1bca25a10c668d10a104d495995 SHA256 (FreeBSD-15.1-RELEASE-riscv-riscv64-pkgbase-repo.tar) = a0ce64d1e0ec6ec67535cd84d42abf0c263071b949122f26fb3ceba262e90df9 Love FreeBSD? Support this and future releases with a donation to The FreeBSD Foundation! https://freebsdfoundation.org/donate/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEglY7hNBiDtwN+4ZBOJfy4i5lrT8FAmowjSAACgkQOJfy4i5l rT+7IQ/+OpLI4UkB8OOifC7ppWXBupOu6BMoeJ2BW+LA/Huz4Q2f82iEOHjyeX1m 843Lbc2IzlnfdvXdi5OiXcbmnbGV3317EKYC50CFxf0HgS9wy29/m6ve8xKoc7zh 6y76bCBgceDFNP1vWlU00bLmCEIg2Wh5F0MJgQY7UzVNDyzdhvLcQVfY1wB+WjSV nZ1+n0SmjhnMp7dJfZ+MadVMU62y7evmpS9f0E3TSTksRJ4UDg+j6om+c8CKJoZ8 BnIa2lT3FAKJ8zbZXaRD/VTdcVkRSevrgaE8nYM5wmy10p3vjMG+qlTMA4tBlHPn T4C+LA3rsZSDQTNjl/RjqSxXEfXnUh1RUkKvY4HIGmH+w7XsKFMJxOSlYKpbRryf cL5IrWnl+CLg5CaiIwg7+kP5oXAnvmD4ugtVsHrOi0T5JDOh5d0WyfaylW0ZmF2+ i0Xi96NqeFR84c4g2aRUnZ/rEDxr2In37TzeQNyQVOH/n4aU0Ycq7fpu0Jesc67u tuzDkiDkipUFql9U5r/asut98/Nt/wSFpZclPxDkDJ+4o4LE63R7o6ucjPGK6+mM jI0b1EjtkajqJA5roxIryTFSQXm/XQy/0VEbzTOgNOx8qeBivncXJqpE7x2HPn+l G/OR9a6vt10s5OtOHfVqrDke6CKxP7+VLBQtsXx7VHAUgH1/23I= =tRJH -----END PGP SIGNATURE-----
Saturday, June 13, 2026
F44 Elections Cycle - Results are in!
--
-- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Friday, June 12, 2026
[arch-announce] Active AUR malicious packages incident
We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository. We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed. While this is happening, and while we work to create a more permanent solution, users may see issues with the following: - Creating new accounts on the AUR - Pushing package updates - Adopting or creating new packages We continue to encourage all users of AUR packages to review *all* PKGBUILD and install script changes when updating, especially during this time. If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information. URL: https://archlinux.org/news/active-aur-malicious-packages-incident/
Thursday, June 11, 2026
F45 Change Proposal: libxml215 (system-wide)
Wiki - https://fedoraproject.org/wiki/Changes/Libxml215 Discussion thread - https://discussion.fedoraproject.org/t/f45-change-proposal-libxml215-system-wide/193575 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == Update the <code>libxml2</code> library from version 2.13.9 to 2.15.3. This release includes critical security fixes and requires a system-wide mass rebuild due to an ABI (soname) change. Additionally, this update marks the official deprecation of the libxml2 Python bindings, which are scheduled for removal in 2.16. == Owner == * Name: [[User:Amigadave| David King]] * Email: amigadave@amigadave.com == Detailed Description == The update to 2.15.3 is necessary to address several security vulnerabilities fixed only in version 2.15.2 and above. Version 2.14 introduces an ABI change, requiring all packages linked against libxml2 to be rebuilt. Furthermore, upstream has deprecated the libxml2 Python bindings. While these remain present in 2.15.3, they will be removed in 2.16. Fedora packages currently using these bindings must be ported to alternatives, such as python3-lxml or the standard library's xml.etree. Concretely, this will mean that the python3-libxml2 subpackage will be marked as deprecated. == Feedback == == Benefit to Fedora == * Security: Several security vulnerabilities, that are only fixed in 2.15.2 and above, are fixed in this release * Modernization: Aligns Fedora with the latest upstream release, which sees security and bugfixes. == Scope == * Proposal owners: ** Perform the {{package|libxml2}} library update in Rawhide. ** Coordinate the mass rebuild with Release Engineering. ** Deprecation Management: *** Audit all packages in Fedora using <code>python3-libxml2</code>. *** Notify maintainers of affected packages. *** Provide guidance/patches for migrating to <code>lxml</code> or <code>ElementTree</code>. * Other developers: ** Mass Rebuild: Maintainers of packages depending on <code>libxml2</code> must ensure their packages rebuild successfully against the new ABI. ** Migration: Maintainers of packages relying on the Python bindings in <code>python3-libxml2</code> must begin porting their code to alternative libraries before the planned removal in 2.16. * Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues/13382 #13382] ** A mass rebuild will be required due to the ABI change. * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: == Upgrade/compatibility impact == * C ABI: Applications not rebuilt will fail to run due to the soname change. * Python ABI: Although applications using the Python bindings will run, the applications will need to be ported to alternative APIs before libxml2 2.16 is released. == Early Testing (Optional) == Do you require 'QA Blueprint' support? N Proposed MR for the package update to 2.15.3: https://src.fedoraproject.org/rpms/libxml2/pull-request/16 == How To Test == There should be no user-visible changes to test, as the majority of the upstream changes are removing old and unused code in the libxml2 library. A mass rebuild of dependent packages is the most effective test, but testing that functionality using libxml2 in those packages still works as expected will be useful. == User Experience == == Dependencies == Preliminary list of packages depending on libxml2: approximately 600 binary packages, including many critical path packages. Preliminary list of packages depending on python3-libxml2, which will be affected by the deprecation and eventual removal: *beaker-client *gnome-doc-utils *imagefactory *itstool *koji-vm *ovfenv- *python3-dmidecode *python3-libxslt *rteval *setroubleshoot-server *virt-manager-common == Contingency Plan == ** ABI Breakage: If the mass rebuild is unsuccessful or reveals widespread, unresolvable issues, revert to 2.13.9. ** Binding Deprecation: If a critical system package cannot be ported away from the libxml2 Python bindings in time, we will maintain the bindings in a separate legacy package (python3-libxml2-legacy) as a temporary measure until the migration is completed. * Contingency deadline: Beta freeze * Blocks release? Yes == Documentation == There were many removals and deprecations between 2.13.9 and 2.15.3, including: * Removal of FTP, HTTP and LZMA support * Removal of the <code>libxml.m4</code> autoconf macros * Deprecation of direct struct access, with many accessor functions added In addition, many other bugfixes and security fixes were added, including: * CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c * CVE-2026-0990 fix: Prevent infinite recursion in xmlCatalogListXMLResolve * CVE-2026-0992 fix: Exponential behavior when handling * parser: Fix infinite loop in xmlCtxtParseContent * CVE-2025-10911 libxslt related: Ignore next/prev of documents when traversing XPath * CVE-2026-0989 fix: Add RelaxNG include limit == Release Notes == -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
F45 Change Proposal: Grub EFI For Confidential Computing (self-contained)
Wiki - https://fedoraproject.org/wiki/Changes/Grub2LightForConfidentialComputing Discussion thread - https://discussion.fedoraproject.org/t/f45-change-proposal-grub-efi-for-confidential-computing-self-contained/193574 This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == An independent separate incarnation (package) of the GRUB bootloader for UEFI only that contains a minimal number of built-in modules, and can quickly boot a Unified Kernel Image (UKI) using Bootloader Specification (BLS) files. It will be built separately from the main GRUB package, and does not replace it for general usage. == Owner == * Name: [[User:lsandova| Leo Sandoval]] | lsandova@redhat.com * Name: [[User:mlewando| Marta Lewandowska]] | mlewando@redhat.com == Detailed Description == There is a need for a smaller, lighter version of the GRUB bootloader on UEFI to support booting sealed bootable container images, such as for Confidential Computing. Since confidential VMs rely on remote attestation, TPM PCR values need to be stable and predictable over long periods of time. Updating the bootloader results in changes to PCRs, and should therefore be avoided if possible. Additionally, Unified Kernel Images (UKIs) have become the preferred choice over the regular signed kernel because the whole payload is bundled and signed for Secure Boot, thus removing the vulnerability of the unsigned initramfs. They are used often in virtual environments, for confidential computing, and by CoreOS. Taken together, the ideal bootloader for these types of environments should be small, light, and not get updated too often. The fewer modules are built-in, the smaller the attack surface, and the less frequent updates need to be. The resulting idea is to create a smaller version of GRUB, the supported bootloader in most Linux environments, for UEFI, which is built as a separate package from the main GRUB build, contains only the modules that are absolutely necessary for VMs, and natively supports UKI loading. This new package is not meant to be a replacement for GRUB for general use; rather it's an additional package for specific applications. A separate rpm that is still a part of the grub2 build is already available for [https://kojipkgs.fedoraproject.org//packages/grub2/2.12/60.fc45/x86_64/grub2-efi-x64-cc-2.12-60.fc45.x86_64.rpm x86_64] and [https://kojipkgs.fedoraproject.org//packages/grub2/2.12/60.fc45/aarch64/grub2-efi-aa64-cc-2.12-60.fc45.aarch64.rpm aarch64] in Fedora Rawhide for testing. It is signed for Secure Boot with the GRUB key. In the future, it is expected to get its own Secure Boot signing key. Work is in progress to add support for this new build of GRUB in bootupd to enable safe bootloader updates on bootable container systems: https://github.com/coreos/bootupd/issues/1080 == Feedback == The original idea was to use systemd-boot for this application, but this was rejected for a number of reasons: * While the systemd team can support sd-boot in its present form, they view any additional features as a no-go * Although sd-boot is a light and trivial bootloader, it has not been widely tested or fuzzed, like GRUB has been * Long term maintenance of more than one bootloader would result in a lack of parity and added technical debt * Potential expansion to other architectures would necessitate a compatible bootloader anyway. The new lighter GRUB build is already being tested by CoreOS, and is generally working as expected. Small changes are still being made, and suggestions for changes are welcome. == Benefit to Fedora == This change will create a minimal UEFI bootloader for virtual environments that can further be tailored for use in those environments. It will natively load UKIs, support Secure Boot, and be a part of a robust and tested bootloader used in many Linux environments. == Scope == * Proposal owners: The bootloader engineering team needs to create a new GRUB package, separate from the core package that includes all the changes mentioned. * Other developers: CoreOS, who will be the main users, at least in the beginning, need to test, provide feedback, and perhaps change some of their workflows as needed. * Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues #Releng issue number] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: == Upgrade/compatibility impact == This is a new package, independent of the normal all-purpose GRUB, so unless a user installs it on purpose, there is no compatibility impact. == Early Testing (Optional) == This new package is designed specifically for VMs that run UEFI firmware, so an x86_64 or aarch64 VM is the environment to use. ===Prepare the test environment:=== * Install or create one or more UKIs ** Install `kernel-uki-virt` and add a command line addon using `ukify`, see instructions below ** Use `ukify` to create the UKI from scratch, see instructions below * If booting with Secure Boot enabled, sign your add-on or UKI, and enroll your public key in the MOK, see instructions below.<br> '''If you will not sign your UKI/addon, don't forget to disable Secure Boot.''' * Create the `/boot/efi/loader/entries` directory * Create BLS entries in that directory for each UKI. Specify the path to the UKI using the `efi` keyword, as you normally would use `linux` for the kernel. A minimal BLS file only needs to have a title and the path to the UKI: <pre> # cat /boot/efi/loader/entries/7.0.10-200-UKI.fc45.x86_64.conf title Fedora 45 UKI (7.0.10-200.fc45.x86_64) efi /EFI/Linux/7.0.10-200.fc45.x86_64.efi </pre> === (If you don't feel like doing all of that, you can boot regular kernels instead): === Because this version of GRUB is intended for UKIs, it expects those UKIs to be on the EFI system partition, but it can load a regular kernel too, as long as it's in the correct place. If you copy a kernel and its initrd from `/boot` to `/boot/efi/EFI/Linux` and that kernel's BLS configuration file from `/boot/loader/entries` to `/boot/efi/loader/entries` (and edit it to reflect the correct paths), then it should simply boot as usual. === Test: === * Download the [https://kojipkgs.fedoraproject.org//packages/grub2/2.12/60.fc45/x86_64/grub2-efi-x64-cc-2.12-60.fc45.x86_64.rpm grub2-efi-x64-cc rpm], unpack it, and replace your regular grub efi with it: <pre> # cp ./usr/lib/efi/grub2/1\:2.12-60.fc45/EFI/fedora/cc/grubx64-cc.efi /boot/efi/EFI/fedora/grubx64.efi </pre> * Reboot your machine You should see the GRUB menu with entries for each of the UKIs that you installed. If you press 'e' to edit an entry, you should see something like `chainloader /path/to/UKI` and when you execute any of the entries, they should successfully boot. You can check the size of the efi, and see that it is smaller than the normal grubx64.efi. Use the `tpm2_pcrread` command between reboots of different UKIs to see that the value of PCR8 does not change. ==== How to build your own UKI addon ==== The generic UKI that fedora ships has only `console=tty0 console=ttyS0` on its kernel command line. In order for it to actually boot on your system, it needs more information, like the root filesystem UUID, which you can see if you `# cat /proc/cmdline`. Since the UKI already has the command line bundled, you need to create a command line addon containing the additional information. You can do this using the [https://www.man7.org/linux/man-pages//man1/ukify.1.html ukify] command. First get the generic UKI by installing `kernel-virt-uki` and the command by installing `systemd-ukify`. Then something like this should work: <pre> # ukify build \ -cmdline "$(cat /proc/cmdline | cut -d' ' -f2-6)" \ --output set_root.unsigned.addon.efi </pre> You then need to copy the addon to the UKI's extra.d directory in `/boot/efi/EFI/Linux/` if you want to only apply it to a single UKI, or create `/boot/efi/loader/addons/` and copy it there, if you want it to work for all UKIs. (If you are planning to sign the addon, wait to move it until after you have signed it.) ==== How to build your own UKI ==== You can build your own UKI using kernels and initrds that you already have installed on your system once you have also installed `systemd-ukify`. Building one for the running kernel using the [https://www.man7.org/linux/man-pages//man1/ukify.1.html ukify] command, looks like this: <pre> # ukify build \ --linux /usr/lib/modules/$(uname -r)/vmlinuz \ --initrd /boot/initramfs-$(uname -r).img \ --uname $(uname -r) \ --cmdline "$(cat /proc/cmdline | cut -d' ' -f2-6)" \ --output kernel-$(uname -r | rev | cut -d'.' -f3-6 | rev)-UKI.efi \ --profile "kernel $(uname -r | rev | cut -d'.' -f3-6 | rev) UKI (Fedora $(cat /etc/os-release | grep VERSION_ID | sed -e 's/VERSION_ID=//g'))" </pre> You then need to copy the UKI to the correct directory. Typically this is `/boot/efi/EFI/Linux/` but can be the directory of your choosing, as long as you specify that in the UKI's BLS file. (If you are planning to sign the UKI, wait to move it until after you have signed it.) ==== How to sign for Secure Boot ==== It's actually possible to sign your UKI or addon during the ukify build, but this more generic procedure can be used to sign any artifact for Secure Boot. Install `openssl` and `pesign` and generate your signing key: <pre> # openssl req -quiet -newkey rsa:4096 -nodes \ -keyout custom_db.key -new -x509 -sha256 -days 3650 \ -subj "/CN=UKI Signing key/" \ --outform DER -out custom_db.der </pre> In this case the key size is 4096 bit, uses [https://en.wikipedia.org/wiki/RSA_cryptosystem RSA] for encryption, and can be used for signing for 10 years. Import the public key into the NSS database that `pesign` uses and give it a nickname: <pre> # certutil -A -t ",," -d /etc/pki/pesign -n \ 'My Secureboot Signer' -i custom_db.der </pre> Convert the public and private keys to PKCS12 format and import the result to enable signing using `pesign`: <pre> # openssl pkcs12 -export -out custom_db.pfx \ -inkey custom_db.key -in custom_db.der </pre> <pre> # pk12util -i custom_db.pfx \ -d/etc/pki/pesign -n 'My Secureboot Signer' </pre> Sign your UKI or addon with your private key: <pre> # pesign --certificate 'My Secureboot Signer' \ --in set_root.unsigned.addon.efi \ --out set_root.addon.efi --sign </pre> Move or copy the UKI or addon to the proper directory, see above. Import your public key into the Machine Owner Key (MOK) database: <pre> # mokutil --import custom_db.der </pre> You will be asked to create a password. You need to reboot the machine to complete the enrollment, and you will be asked for this password at that time. After rebooting, you can check that your key is actually in the MOK database: <pre> # mokutil --list-enrolled </pre> == Dependencies == N/A as this is a new package. == Documentation == N/A (not a System Wide Change) or to be determined. == Release Notes == To be determined. -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Tuesday, June 9, 2026
FreeBSD Security Advisory FreeBSD-SA-26:32.elf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:32.elf Security Advisory The FreeBSD Project Topic: ASLR bypass for setuid executables via procctl(2) Category: core Module: kernel Announced: 2026-06-09 Credits: Synacktiv Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:35 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:13 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:51 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:53 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:13 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:43 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2026-49414 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background Address Space Layout Randomization (ASLR) randomizes the base addresses of executable images and shared libraries in a process's address space. FreeBSD enables ASLR by default for Position-Independent Executables (PIEs). The procctl(2) system call allows a process to set per-process ASLR preferences, including force-disabling randomization. When a setuid or setgid binary is executed, the kernel is expected to ignore any such user-set preferences if they come from an unprivileged user. II. Problem Description The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. III. Impact An unprivileged local user can disable ASLR for a setuid PIE binary by calling procctl(2) before execve(2). This makes exploitation of any separate memory corruption vulnerability in that binary significantly easier. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-15.patch.asc # gpg --verify elf-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.4.patch.asc # gpg --verify elf-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:32/elf-14.3.patch.asc # gpg --verify elf-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ e1cdc49846c1 stable/15-n283888 releng/15.1/ 796579bcfbc4 releng/15.1-n283557 releng/15.0/ 6e51dfc401e7 releng/15.0-n281059 stable/14/ e417948e6139 stable/14-n274317 releng/14.4/ 547fc2a98a24 releng/14.4-n273721 releng/14.3/ 744f62ccbf82 releng/14.3-n271521 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-49414> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:32.elf.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmoolxcbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvzjAP/izsPLlrhPmUVbO6pLVA 22HiuxV4URIIzMe4SbVa8ALyWM85TNAKjRUyr7VwAslFvfzRCtL0o/w0Fypsvoss a4jpiC8QHjeUFlRz6fmYq4sgHZdi/sz0zOmGKHVYiCA1Jdrp1tM4NxkKeDquc61d iD1yulnjkr8axb4gv4Y/C1McT7fvECbiaK9ni/vgwwluy0cqRIz7rPe8NrAD6pYn 1WPgkHmGeNwpIhPHbBd9WCoQNiU+BLyNyuFASWjZWiIMiMwCKQdvm0qVJ1fPWxeP 2GxxpWfoftwDkRy1/tURs0dVuI+Ko40sTFKiUVUMyOu0ndnyuR8VGICWlwA903yY N05s8R65FpXJbERu3Bc4HO+fKzQxCqWocgcUHBI9VO9QGIcNRR1S1PgkltNUI0wI KTJith+ru6XFRK5ts74cBR7i2p2r+cVFs/FyzXXP1v4A1U+Fe6PwwdhWdwJy9r4s aOJPh5b5Go2BvRayptPt+18vdXm8N4L1xk94lk/h9X6lrMe9+WhWnH1BUnMD3dVm m8mSczWkkveFNiEfj3WGdbTlpVvXUqHdwIx+v2obj0fBUDkg9r1M2ZZjaW3DEPM9 aLOrjdK9t+ntJyNBQCnNCRZFaiFGHK9bdEjm9WhyfMAnxoKg1hNhzhq+jyxrPDZY OY6FBpNTQ9NhGUkgpkgArAEj =unW5 -----END PGP SIGNATURE-----
FreeBSD Security Advisory FreeBSD-SA-26:31.arm64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:31.arm64 Security Advisory The FreeBSD Project Topic: Arm CPU errata may bypass page table permission changes Category: core Module: arm64 Announced: 2026-06-09 Affects: All supported versions of FreeBSD Corrected: 2026-06-09 19:17:34 UTC (stable/15, 15.1-STABLE) 2026-06-09 19:20:12 UTC (releng/15.1, 15.1-RC3-p1) 2026-06-09 19:19:50 UTC (releng/15.0, 15.0-RELEASE-p10) 2026-06-09 19:17:51 UTC (stable/14, 14.4-STABLE) 2026-06-09 19:19:12 UTC (releng/14.4, 14.4-RELEASE-p6) 2026-06-09 19:18:41 UTC (releng/14.3, 14.3-RELEASE-p15) CVE Name: CVE-2025-10263 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background Page tables control the translation of virtual addresses to physical addresses and the access permissions on those addresses. On Arm CPUs, when page table permissions are updated, a TLB Invalidate (TLBI) instruction followed by a Data Synchronization Barrier (DSB) must be issued to ensure subsequent accesses observe the new permissions. II. Problem Description Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has been globally observed. III. Impact This erratum may allow software to write to a previously writable location after the page table is modified to forbid writes to that location. Consequently this may allow software to write to memory owned by a higher exception level, possibly allowing software to escalate privilege to that higher exception level. IV. Workaround No workaround is available. The following ARM CPU models are affected: C1-Premium C1-Ultra Cortex-A76 Cortex-A76AE Cortex-A77 Cortex-A78 Cortex-A78AE Cortex-A78C Cortex-A710 Cortex-X1 Cortex-X1C Cortex-X2 Cortex-X3 Cortex-X4 Cortex-X925 Neoverse-N1 Neoverse-N2 Neoverse-V1 Neoverse-V2 Neoverse-V3 Neoverse-V3AE V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms which were not installed using base system packages can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.x] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-15.patch.asc # gpg --verify arm64-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.4.patch.asc # gpg --verify arm64-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:31/arm64-14.3.patch.asc # gpg --verify arm64-14.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 9d9d6c6e6081 stable/15-n283887 releng/15.1/ 81435fc0882c releng/15.1-n283556 releng/15.0/ a53619675cdc releng/15.0-n281058 stable/14/ e99aa8682dba stable/14-n274316 releng/14.4/ 889e306ded21 releng/14.4-n273720 releng/14.3/ 61d0cea4c00f releng/14.3-n271520 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2025-10263> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:31.arm64.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmooiWIbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrv4nwP/3M5KElYqojhl044KzbV UyoCXW3MoTm+aXnjlkf2f6+00EHtEkmboe3fYGwsUGFOp9uk0iNgDCE1jMmAhDY7 AJSegcxbUVhCcZwxfaUkIDRtv3iYt4vkN59se62/QrgA/2UiyBRWMJLYvLN4ZF0C 7xuwJVyJjHq65Z1jU4noaXQ/UqaCQgPJBmZ2XL+OMfJtdHZdproN3vL/7BLXaPwv wuiZSc/agrBQgnbv4IFlNWc/LtXo+Hh3/vSSw3U2GUnNHARLxb62Kj2vaMz9HWP3 ObykAXru4hpLXdRndf+dsqHCow6slbb89Iqzn93axbmvhxvuOdNNkNkS0Yfj+B9Y kMuDMqTR8Q+wXFY5JlTsTGGH8paDdyYWeZUHsI+2HqgYWS8CMQJwal2hErT4TG82 gU0xIIpZKHc09FMsw+z/TjNZO0aLQbbZAN45qpqdvZoQ174jX/ZVtkIGEOSQXyQA YT4O/yozBjNABBTYtCTVwdnJjM6L4sva2mKbtGnCTS/3tC2dVgEhsgE2zwzHtGPv lAtJwTbqyLBOP+aUFh2w0OaNwy0c5bB88AxyS/EKcliHtyAveedbXYFjLLVIMhLY tpodoCSwrM6PgkddWy6+YVCbcoD6JfS1U5T2IH0EJXPSQvV8SPbs3LRY4F7O5zDi x+jJy5JL/2hjps/C/581Iq5y =SmlG -----END PGP SIGNATURE-----
Bouncing messages from freebsd-announce@FreeBSD.org
Hi, this is the Mlmmj program managing the <freebsd-announce@FreeBSD.org> mailing list. Some messages to you could not be delivered. If you're seeing this message it means things are back to normal, and it's merely for your information. Here is the list of the bounced messages: - 267, Message-ID: <20260609231335.2F2F41FC54@freefall.freebsd.org>