diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 702576a943..885339ab1d 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,955 +1,971 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-24:13.libc++"
+date = "2024-06-19"
+
+[[notices]]
+name = "FreeBSD-EN-24:12.killpg"
+date = "2024-06-19"
+
+[[notices]]
+name = "FreeBSD-EN-24:11.ldns"
+date = "2024-06-19"
+
+[[notices]]
+name = "FreeBSD-EN-24:10.zfs"
+date = "2024-06-19"
+
[[notices]]
name = "FreeBSD-EN-24:09.zfs"
date = "2024-04-24"
[[notices]]
name = "FreeBSD-EN-24:08.kerberos"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:07.clang"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:06.wireguard"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:05.tty"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:04.ip"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:03.kqueue"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:02.libutil"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:01.tzdata"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-23:22.vfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:21.tty"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:20.vm"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:19.pkgbase"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:18.openzfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:17.ossl"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc b/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc
new file mode 100644
index 0000000000..28b188812c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:10.zfs.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:10.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: Kernel memory leak in ZFS
+
+Category: core
+Module: openzfs
+Announced: 2024-06-19
+Affects: FreeBSD 14.1
+Corrected: 2024-06-17 14:35:24 UTC (stable/14, 14.1-STABLE)
+ 2024-06-19 20:36:48 UTC (releng/14.1, 14.1-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+ZFS is an advanced and scalable file system originally developed by Sun
+Microsystems for its Solaris operating system. ZFS was integrated as part of
+the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent
+and preferred choice for storage management.
+
+II. Problem Description
+
+When writing data to a file on ZFS, the kernel may need to handle soft
+page faults that can occur when accessing user data. When doing so, in
+some cases ZFS needs to undo an earlier kernel buffer allocation. A bug
+in the handling of these cases causes this buffer to be leaked.
+
+III. Impact
+
+The leaked kernel memory is effectively lost and cannot be reused for
+other purposes. Some workloads may trigger the leak frequently,
+eventually requiring a reboot of the system.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# reboot
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-24:10/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 1c27279ed22d stable/14-n267965
+releng/14.1/ f566b7eb8d94 releng/14.1-n267680
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTcACgkQbljekB8A
+Gu+zUQ/+IiSe/HQFSKrBwIxBxnlFQfTjNq02f14TPZghCTxNCWdGXXD6QR2d8ydZ
+bfryBwVsnnU3WlCPs6kyJfIlSp9vH2hqRJ+N5VyDvGkBUpWaGm0+ps5LGTQbGR8O
+ig/kIuRzNO0Mqi42MIse6UvozLAuahYA6sQ3nn6j/4grV7jiuxDCrfmfBOMLgN4D
+LZ87ApJM09lT2pe8x7hZBxk8wJKf6cWvpBjNh+zwPLc+oMvvIPkqiMjuy7ni7f/5
+K/GDf4i3XgTf9pdPAwLNZoTNb7UebKzRGWlxmdOie6FUDHIuEwoJledmhbOmH91G
+PKtHx2skFVKKtFXgfMGraK5FBpwkoJbIo1uCUamEoo4cGMGR92ErP/MVa6MsIs3Z
+pLq1M/eN9aYQHCogb1uirQVZAutJhNJ9QsQo0rBJNgLE9l1UPnSIJ6CLpW83nY1f
+8eedQKyfwMYL5jivH/aKEsd/vzqInAiFU55oO64OPvgKv3pj3TgIECoc9kfdfXc7
+VR2yfNy8CKd/exb+CRqgeJGT8LaL2Wy66pUd9usIc/mNola8ce0uuPDc0703b5ob
+xfCorrd3gRhNB+Od3wrs4p7tzwqndfo5882w9EXEhuhubfft9voRTzpDvSe0y3ib
+YPY6EnHWSYAP56+f/shnworMxYtYrUipBYQVYxLBBtdV7DsYuKo=
+=YxSw
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc b/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc
new file mode 100644
index 0000000000..0c58c2d9f0
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:11.ldns.asc
@@ -0,0 +1,152 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:11.ldns Errata Notice
+ The FreeBSD Project
+
+Topic: LDNS uses nameserver commented out in resolv.conf
+
+Category: contrib
+Module: ldns
+Announced: 2024-06-19
+Credits: Michael Gmelin
+ Dag-Erling Smørgrav
+Affects: FreeBSD 13.3 and FreeBSD 14.0.
+Corrected: 2024-05-20 09:04:54 UTC (stable/14, 14.0-STABLE)
+ 2024-06-19 20:36:59 UTC (releng/14.0, 14.0-RELEASE-p7)
+ 2024-05-20 09:04:59 UTC (stable/13, 13.3-STABLE)
+ 2024-06-19 20:37:08 UTC (releng/13.3, 13.3-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+LDNS is a DNS library that facilitates DNS tool programming.
+
+II. Problem Description
+
+Due to a bug in the library's configuration file parser, commented out
+configuration settings in /etc/resolv.conf were picked up by the LDNS
+resolver, potentially leading to malfunction and/or information leakage.
+
+This included, but was not limited to, the nameserver setting. Given
+this example
+
+ # /etc/resolv.conf
+
+ # nameserver 8.8.8.8
+ nameserver 127.0.0.1
+
+DNS requests were sent to the commented out external resolver instead
+of the local one.
+
+III. Impact
+
+Programs using the LDNS library might behave in unexpected ways. Name
+resolution could be inconsistent with what other tools which use libc
+return, e.g., `ping` vs. `host`. DNS request containing private
+information could leak to third parties. A system's attack surface is
+increased.
+
+Affected tools include host(1), drill(1), and ssh(1), which uses
+LDNS in the VerifyHostKeyDNS feature to fetch SSHFP records.
+
+IV. Workaround
+
+Removing empty lines from /etc/resolv.conf mitigates the problem:
+
+ sed -i '' '/^[[:space:]]*$/d' /etc/resolv.conf
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch
+# fetch https://security.FreeBSD.org/patches/EN-24:11/ldns.patch.asc
+# gpg --verify ldns.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 7daf36028411 stable/14-n267742
+releng/14.0/ bdf75e830a77 releng/14.0-n265418
+stable/13/ e95e16191f63 stable/13-n257915
+releng/13.3/ d45cf1d2f124 releng/13.3-n257434
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTkACgkQbljekB8A
+Gu9BYBAApSQZbv3wgT5PhJRsaCulmOZOH5gywlVdaBA1I4sDF3on0CFwLQfy7lLH
+q2xFEfll5vBVbfGCVp2zVBgb4IyknqMgf8Ae4uBEEJJejRgxxnFTnQmdlzg7a8TR
+9UW3g6QB/5tUIGrxFqIdx4qRAQz1ie6NwR+KvP8ojXk0xVscKIaijXACbmAgT6nH
+HygG7snrB9VmMMlRIHYhoarhRBd+aX68Jg3F+yGUX76FB4HVMSFMYo0fEWgi7SQ3
+psZfq54GvCH+kSvYduXS3QkTJ7N/S9p6JAVraRlJmFnjQ69qE7u59bc68zW0D2pn
+Pj6/c0OZtWE2SQGqCuqgnBffjArisAJ/BKiK/XeO8B1fSvaVKJToR18+6KGTmc0f
+nnqQLxFeGbh5gHHcM8QaLBJFUgm5TVvdevcDmLuiVMSvQyt5iC6rIGwb3UNYAnW7
+w/UFSresVKppsB2JDqyGjaSf2FI00rYIKHChZ8nkKYPMhb6V/TJZr3k25/3idbvi
+6zO7wfbOhwAYQ44Mg/gY/v206qpoYiZO2tMQazbiicOqBOQBYWdXsojYhCB6qkyU
+++kBNAMugpOAsDkIvN9mWLniRnvycrbEqthQlmfR7X3tZRiuz+0S1alx03Z5VsP6
+zM5//i6W2Lt8DmX34zQDeQAMTZXD3bG1JSe2UbKyZkL20vrSTfg=
+=lQUa
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc b/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc
new file mode 100644
index 0000000000..eac987cede
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:12.killpg.asc
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:12.killpg Errata Notice
+ The FreeBSD Project
+
+Topic: Lock order reversal in killpg causing livelock
+
+Category: core
+Module: kern
+Announced: 2024-06-19
+Credits: Peter Holm
+ Konstantin Belousov
+ Michael Gmelin
+Affects: FreeBSD 13.3
+Corrected: 2024-05-22 23:47:55 UTC (stable/13, 13.3-STABLE)
+ 2024-06-19 20:37:09 UTC (releng/13.3, 13.3-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+killpg(2) is a system call that sends signals to process groups.
+In order to prevent race conditions with the fork(2) system call,
+locking is required.
+
+II. Problem Description
+
+The code designed to prevent lock order reversals between killpg(2)
+and fork(2) did not wait for lock availability before retrying to
+acquire a lock, which could result in a livelock causing very high
+system load.
+
+III. Impact
+
+Affected machines are practically unusable. They recover if the
+processes causing the load are killed.
+
+IV. Workaround
+
+No workaround is available. Systems that fork a lot are more likely to
+to hit this problem.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10m "Rebooting for a stability patch"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch
+# fetch https://security.FreeBSD.org/patches/EN-24:12/killpg.patch.asc
+# gpg --verify killpg.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ cd73b38955f6 stable/13-n257926
+releng/13.3/ eb410545d00d releng/13.3-n257435
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTsACgkQbljekB8A
+Gu9uEA//cITydBAKrRYsf6xP1z/tDmKR3DqAkQYYytFGFI35lsvM6iN77wq5QFW4
+5i1nVS1+YMPINlI9jXCfgoEsA8KAC2l8untSKHRh0uR8TzFak6BWTjbnCBFYd1K/
+I0bnc38FeRDjMEPyCDmiq26aU7WZ0Ftjb5mgf0PUn09pX9hP8/MXa1FTxkwyWq5Y
+9RZXNXUSAEug9+uCgJqzl4CiYzqbaxHZ3ich6Erd955gDb72LwxHHkWiq0ADi35K
+d0C8LipwtpKCYoo1dfXkLnoPo0loDt18pzSIx0svmUQinlipfwSbGxuZ31NiLLgE
+bEzc6OFhV1D0WhIxM8z+kunTmWAY5/Uo5YHARulD406SS27GWp0s8fEbnN4rcnPG
+m5cPNQYXemBjRB2LnqoocgczkEHNVHr+ZuN3/mPSadS/m4llavj8xqGlrdDB1eLT
+LCkSSnF/4kBLZyHO7C5hJHQseRoWpLd/hR+h4Q/nnTsU2mbelhFm0C297mPWpt+D
+8RHxOshrA8WryQCVEqJmC63bmA3MtmqyuMhpi3+c4Iy4bvj2GKGcdsB0E4JugbMf
+5zg+muywBmIQMYIIFrdRN0i3BW8y6KPvgokoBPUfnCsdS65WWlLBQLxKpfDHCkzl
+juEZY5CUGvBnc3eFtLOzEvriFY7tAhephW0ZSal0wMyHw2NbE7E=
+=5wI2
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc b/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc
new file mode 100644
index 0000000000..53eacbcba6
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:13.libc++.asc
@@ -0,0 +1,151 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:13.libc++ Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect size passed to heap allocated std::string delete
+
+Category: contrib
+Module: libc++
+Announced: 2024-06-19
+Affects: FreeBSD 14.1
+Corrected: 2024-06-07 07:29:25 UTC (stable/14, 14.1-STABLE)
+ 2024-06-19 20:36:50 UTC (releng/14.1, 14.1-RELEASE-p1)
+ 2024-06-07 07:29:30 UTC (stable/13, 13.3-STABLE)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+libc++ is an implementation of the C++ Standard Library, provided by the LLVM
+project. It is used by C++ programs in the base system, and also by many C++
+programs in the ports collection.
+
+II. Problem Description
+
+C++14 and later supports size-aware deletion of heap objects, when the compiler
+is able to determine at compile time what the exact size of a particular object
+is. For this purpose, there are specific variants of "operator delete" that take
+an additional size_t argument. If such a variant is called, the size is passed
+through to the underlying allocator, which can optionally utilize this size for
+for more efficient deallocation.
+
+A recent change in libc++'s implementation of std::string has introduced a
+potential mismatch between the actual size allocated on the heap for the
+contained string, and the size that is passed to "operator delete" when the
+string is eventually destroyed.
+
+III. Impact
+
+The default allocator in FreeBSD does not leverage the size_t argument and is
+unaffected.
+
+When std::string objects of a known size are deleted, and the size passed
+through to the deallocation function does not match the actual size on the heap,
+the underlying allocator can potentially produce unexpected results. In case of
+allocators that are used for heap debugging or profiling, such as with Google's
+gperftools (aka tcmalloc) this can lead to runtime warnings about incorrect
+deallocations.
+
+IV. Workaround
+
+No workaround is available. Systems using the default memory allocator are
+not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+No reboot is necessary, but programs compiled against the old version of the
+ header should be rebuilt to fully fix the problem.
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch
+# fetch https://security.FreeBSD.org/patches/EN-24:13/libc++.patch.asc
+# gpg --verify libc++.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+No reboot is necessary, but programs compiled against the old version of the
+ header should be rebuilt to fully fix the problem.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 55c5dad2f305 stable/14-n267917
+releng/14.1/ 8e0e6b428cb8 releng/14.1-n267681
+stable/13/ ef4d145057c1 stable/13-n257958
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRT0ACgkQbljekB8A
+Gu/HpQ//Xkz6NMBUg4CdmV1ElSP+dTUfh8YpNfD/X//4RgngKoz9DKt6CM78KSWI
+68JfNrn6XRGdhjG0Mn/YvRCe8xzGBGpvcd1lcun7mAw5yqpsbSAUKvFmywjX+oxs
+bQpCJRloBLZJE6NoZgBmhw2K2HzfmvApPin3TjLGa/u/ovsK+pD7SvDynbR5VsxH
+Bey21H2+3LOqyBPaiTe6ccJ4JXCOX9+oAK5byhMLPrnRqLyvh3IV2jttWurbtNki
+nFMYhqoBq6cWoAba3gVD0ZM7S5C+P5VDeMMIBOPKQVRwIl9eDS/UKICXrMbaMNqL
+002egG7Oia22H0dpYuYX6dl7cAtn/M3NcBEwDDvqNuHncbGVeaYA8qXHAh+eeA3R
+gBK2NkltdDvZbk8Uv9hgHwIrdJyENhWGoT1OQ1JqgaIKo7tIvlhIA/HtpTygeyMA
+F/TgFvg+K42/kWQ/N1UTwUFbEH6jgDu1BGTZzkMMyQf3rymdQ1VM6Z1p7dxppVI7
+uw2+80BePzDbnV9naXMzlhr/YjYgytRRQFbVR2ZlPM+rEGyfMAM/XvtCWfdlstwY
+3bZXo/vPRZPXg/sd/AFEKqIiz1ZvVTJroMUCnnDvsDKcRzAHgIIHfMK1mMpSizna
+LNDS/vvyQszgINWPUMZOZaALQzUY9SAmm0eNqIz3uV4o0qM6DQE=
+=7Qxx
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:10/zfs.patch b/website/static/security/patches/EN-24:10/zfs.patch
new file mode 100644
index 0000000000..10cc6dc682
--- /dev/null
+++ b/website/static/security/patches/EN-24:10/zfs.patch
@@ -0,0 +1,10 @@
+--- sys/contrib/openzfs/module/zfs/dbuf.c.orig
++++ sys/contrib/openzfs/module/zfs/dbuf.c
+@@ -2840,6 +2840,7 @@
+ failed = B_FALSE;
+ } else if (failed) {
+ VERIFY(!dbuf_undirty(db, tx));
++ arc_buf_destroy(db->db_buf, db);
+ db->db_buf = NULL;
+ dbuf_clear_data(db);
+ DTRACE_SET_STATE(db, "fill failed");
diff --git a/website/static/security/patches/EN-24:10/zfs.patch.asc b/website/static/security/patches/EN-24:10/zfs.patch.asc
new file mode 100644
index 0000000000..a601f3e9ba
--- /dev/null
+++ b/website/static/security/patches/EN-24:10/zfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTgACgkQbljekB8A
+Gu86Lw//bYytQzAfOOGO1h03/l0QCiaz8jcekW3DVG0Lfl8mYVumlbzCRxOsXGox
+hzNonjnEOu8h7ShJURFu+RvmZ+dYG9i6nsXZeqO6bE8unktnpLGpvO64oSuYObPk
+NLGx6uVKdlf9c1niYzydKcLOWtQG6OA2jZOl4WPadQsrdsf3MpQ94aQWxQYV7GwY
+FhVlfFDsMFP35a6MWtnQCRmsIQUcMGSIiUkmvgfdEALoaf5pfUI8Dri9TR7ePfm9
+dfmtnyC7FTA/i8K+VdqURl/pKdAVtkpfv8OAk79Jgi77If5/+0prpC8M7kgbCq3o
+z8vOjcRkmdJO0ckflcR9onpyHSB9MK8f0aZl+a0+4ED7HiFFcB0JsnPjw16KjsEz
+qv0tur7HhBcdjIvKX9jZNx67yMtXMiLCTbK0s2fW/3y7uKkonyKiZxJf7RN05ft2
+KfPMWwUv1uq70V0gyo+cwYzrEbucQTl63fCwt8E71DL24mrPTWYHm0Ags1qM+zgn
+OeVdycKVEmZTnbSkFhyfu9Wqle0OOY0dzmKUd5qOR3U/C9XoB6r3G6Jw/tDHqBH+
+dfWF2LcTOvVGmFB2T8I/R6+hgIZ33e3J3u/Pc7xDWuzbubwfoBPQ4/MJ3aditBb2
+ev04cADlvm2MUnEHjZZJxTUQjgQRcz/1trzOeMpwezGhaxs1ZTo=
+=8kFd
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:11/ldns.patch b/website/static/security/patches/EN-24:11/ldns.patch
new file mode 100644
index 0000000000..4faad85808
--- /dev/null
+++ b/website/static/security/patches/EN-24:11/ldns.patch
@@ -0,0 +1,207 @@
+--- contrib/ldns/ldns/parse.h.orig
++++ contrib/ldns/ldns/parse.h
+@@ -95,6 +95,8 @@
+ */
+ ldns_status ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed, const char *delim, int *line_nr);
+
++ssize_t ldns_fget_token_l_resolv_conf(FILE *f, char *token, const char *delim, size_t limit, int *line_nr);
++
+ /**
+ * returns a token/char from the buffer b.
+ * This function deals with ( and ) in the buffer,
+--- contrib/ldns/parse.c.orig
++++ contrib/ldns/parse.c
+@@ -27,9 +27,14 @@
+ return ldns_fget_token_l(f, token, delim, limit, NULL);
+ }
+
+-ldns_status
+-ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed
+- , const char *delim, int *line_nr)
++enum file_type2parse {
++ zone_file_type, resolv_conf_file_type
++};
++
++static ldns_status
++ldns_fget_token_l_st_file_type(FILE *f, char **token, size_t *limit,
++ bool fixed, const char *delim, int *line_nr,
++ enum file_type2parse file_type)
+ {
+ int c, prev_c;
+ int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
+@@ -98,7 +103,9 @@
+ }
+
+ /* do something with comments ; */
+- if (c == ';' && quoted == 0) {
++ if ((c == ';'
++ || (c == '#' && file_type == resolv_conf_file_type))
++ && quoted == 0) {
+ if (prev_c != '\\') {
+ com = 1;
+ }
+@@ -215,6 +222,26 @@
+ return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK;
+ }
+
++ldns_status
++ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed
++ , const char *delim, int *line_nr)
++{
++ return ldns_fget_token_l_st_file_type(
++ f, token, limit, fixed, delim, line_nr, zone_file_type);
++}
++
++ssize_t
++ldns_fget_token_l_resolv_conf(FILE *f, char *token, const char *delim,
++ size_t limit, int *line_nr)
++{
++ if (limit == 0)
++ limit = LDNS_MAX_LINELEN;
++ if (ldns_fget_token_l_st_file_type(f, &token, &limit, true, delim,
++ line_nr, resolv_conf_file_type))
++ return -1;
++ else
++ return (ssize_t)strlen(token);
++}
+
+ ssize_t
+ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
+--- contrib/ldns/resolver.c.orig
++++ contrib/ldns/resolver.c
+@@ -775,7 +775,7 @@
+ #endif
+ ssize_t gtr, bgtr;
+ ldns_buffer *b;
+- int lnr = 0, oldline;
++ int lnr = 0;
+ FILE* myfp = fp;
+ if(!line_nr) line_nr = &lnr;
+
+@@ -809,36 +809,18 @@
+
+ gtr = 1;
+ word[0] = 0;
+- oldline = *line_nr;
+ expect = LDNS_RESOLV_KEYWORD;
+ while (gtr > 0) {
+- /* check comments */
+- if (word[0] == '#') {
+- word[0]='x';
+- if(oldline == *line_nr) {
+- /* skip until end of line */
+- int c;
+- do {
+- c = fgetc(myfp);
+- } while(c != EOF && c != '\n');
+- if(c=='\n') (*line_nr)++;
+- }
+- /* and read next to prepare for further parsing */
+- oldline = *line_nr;
+- continue;
+- }
+- oldline = *line_nr;
+ switch(expect) {
+ case LDNS_RESOLV_KEYWORD:
+ /* keyword */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+ if (gtr != 0) {
+- if(word[0] == '#') continue;
+ for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) {
+ if (strcasecmp(keyword[i], word) == 0) {
+ /* chosen the keyword and
+ * expect values carefully
+- */
++ */
+ expect = i;
+ break;
+ }
+@@ -856,16 +838,12 @@
+ break;
+ case LDNS_RESOLV_DEFDOMAIN:
+ /* default domain dname */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+ if (gtr == 0) {
+ if(!fp) fclose(myfp);
+ ldns_resolver_deep_free(r);
+ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+ }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
+ if (!tmp) {
+ if(!fp) fclose(myfp);
+@@ -879,16 +857,12 @@
+ break;
+ case LDNS_RESOLV_NAMESERVER:
+ /* NS aaaa or a record */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+ if (gtr == 0) {
+ if(!fp) fclose(myfp);
+ ldns_resolver_deep_free(r);
+ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+ }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+ if(strchr(word, '%')) {
+ /* snip off interface labels,
+ * fe80::222:19ff:fe31:4222%eth0 */
+@@ -911,7 +885,7 @@
+ break;
+ case LDNS_RESOLV_SEARCH:
+ /* search list domain dname */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+ b = LDNS_MALLOC(ldns_buffer);
+ if(!b) {
+ ldns_resolver_deep_free(r);
+@@ -929,10 +903,6 @@
+ bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1);
+ while (bgtr > 0) {
+ gtr -= bgtr;
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- break;
+- }
+ tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
+ if (!tmp) {
+ ldns_resolver_deep_free(r);
+@@ -954,28 +924,23 @@
+ }
+ break;
+ case LDNS_RESOLV_SORTLIST:
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+ /* sortlist not implemented atm */
+ expect = LDNS_RESOLV_KEYWORD;
+ break;
+ case LDNS_RESOLV_OPTIONS:
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
+ /* options not implemented atm */
+ expect = LDNS_RESOLV_KEYWORD;
+ break;
+ case LDNS_RESOLV_ANCHOR:
+ /* a file containing a DNSSEC trust anchor */
+- gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
++ gtr = ldns_fget_token_l_resolv_conf(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr);
+ if (gtr == 0) {
+ ldns_resolver_deep_free(r);
+ if(!fp) fclose(myfp);
+ return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR;
+ }
+- if(word[0] == '#') {
+- expect = LDNS_RESOLV_KEYWORD;
+- continue;
+- }
+-
+ #ifdef HAVE_SSL
+ tmp_rr = ldns_read_anchor_file(word);
+ (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr);
diff --git a/website/static/security/patches/EN-24:11/ldns.patch.asc b/website/static/security/patches/EN-24:11/ldns.patch.asc
new file mode 100644
index 0000000000..cbf6dd5acc
--- /dev/null
+++ b/website/static/security/patches/EN-24:11/ldns.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRToACgkQbljekB8A
+Gu+/nBAArstsX30sRh4RTztlnK+YppF0LX6qdi5btBGcQeim3qeVrgDem8eblbxY
+aN1rseaRjEai7KbgGzArC0w3wLOKC7fDwt5MPoPproqyb9bf03441GslGurA4hBW
+NkCyHBCuXog1DkdWvu2YONiC7UPxoHAmBaRbE9IXMmCdsopZd+m0BqAOf3GO6Hem
+XXXb0hzxBKQPS2qnnYF04OvYjitloG/Azsh0RBpRkYKhJXbypkTR+ZnfUTKke2V3
+SFu0pG2fDWc3rTQV3wY9ZezR9x4mtDuRXfupE5RLg53fI0XZzPdvLQ0FH4GfMN7E
+KbRqMuNmpkhw+NQ7XoVl9h/+COZT75lU+WTGhO3/PH6qgzGnIZ8BAYqbbmWgYXsK
+FuKWFFPQTJ5AdEaQdxe2GMCZ7/xLMpde9Bv95/s/s3NSRlj0M4SMUs+oVeiHZmQV
+/S2v/EHVze9yuKszFY9ZVtm0Km+ejRc7+hBLWJ23buB1RKOepxIfTuuMxvW+V1X7
+8OcfmRIfw+iPayWyftYpWURkKJzrWE9NHrCLtXUqgGn+0zL33Sdh/JGg6UII9OJg
+cccgev4/ohPDlZdmaKQfV37ukHO/ehdmVs6emGfqYgczTtNEvNY6uAeDWlHdZqrY
+qSWVBtHuBbSi8j3u+BYj5iRZ4R5ZzS1aoyCR4uW28eFKOWhviWw=
+=Yb9t
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:12/killpg.patch b/website/static/security/patches/EN-24:12/killpg.patch
new file mode 100644
index 0000000000..7b9134334b
--- /dev/null
+++ b/website/static/security/patches/EN-24:12/killpg.patch
@@ -0,0 +1,63 @@
+--- sys/kern/kern_proc.c.orig
++++ sys/kern/kern_proc.c
+@@ -587,8 +587,12 @@
+ ("enterpgrp: session leader attempted setpgrp"));
+
+ old_pgrp = p->p_pgrp;
+- if (!sx_try_xlock(&old_pgrp->pg_killsx))
++ if (!sx_try_xlock(&old_pgrp->pg_killsx)) {
++ sx_xunlock(&proctree_lock);
++ sx_xlock(&old_pgrp->pg_killsx);
++ sx_xunlock(&old_pgrp->pg_killsx);
+ return (ERESTART);
++ }
+ MPASS(old_pgrp == p->p_pgrp);
+
+ if (sess != NULL) {
+@@ -656,11 +660,18 @@
+ ("%s: p %p belongs to pgrp %p", __func__, p, pgrp));
+
+ old_pgrp = p->p_pgrp;
+- if (!sx_try_xlock(&old_pgrp->pg_killsx))
++ if (!sx_try_xlock(&old_pgrp->pg_killsx)) {
++ sx_xunlock(&proctree_lock);
++ sx_xlock(&old_pgrp->pg_killsx);
++ sx_xunlock(&old_pgrp->pg_killsx);
+ return (ERESTART);
++ }
+ MPASS(old_pgrp == p->p_pgrp);
+ if (!sx_try_xlock(&pgrp->pg_killsx)) {
+ sx_xunlock(&old_pgrp->pg_killsx);
++ sx_xunlock(&proctree_lock);
++ sx_xlock(&pgrp->pg_killsx);
++ sx_xunlock(&pgrp->pg_killsx);
+ return (ERESTART);
+ }
+
+--- sys/kern/kern_prot.c.orig
++++ sys/kern/kern_prot.c
+@@ -345,10 +345,8 @@
+ error = EPERM;
+ } else {
+ error = enterpgrp(p, p->p_pid, newpgrp, newsess);
+- if (error == ERESTART) {
+- sx_xunlock(&proctree_lock);
++ if (error == ERESTART)
+ goto again;
+- }
+ MPASS(error == 0);
+ td->td_retval[0] = p->p_pid;
+ newpgrp = NULL;
+@@ -458,11 +456,11 @@
+ error = enterthispgrp(targp, pgrp);
+ }
+ done:
+- sx_xunlock(&proctree_lock);
+ KASSERT(error == 0 || newpgrp != NULL,
+ ("setpgid failed and newpgrp is NULL"));
+ if (error == ERESTART)
+ goto again;
++ sx_xunlock(&proctree_lock);
+ uma_zfree(pgrp_zone, newpgrp);
+ return (error);
+ }
diff --git a/website/static/security/patches/EN-24:12/killpg.patch.asc b/website/static/security/patches/EN-24:12/killpg.patch.asc
new file mode 100644
index 0000000000..363703308e
--- /dev/null
+++ b/website/static/security/patches/EN-24:12/killpg.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRTwACgkQbljekB8A
+Gu+AKxAAmp+mUgrb3m/4fo8Zh5XmnglFct0OpNZJwIbDkRb5mA7/9huybYyi0lpC
+1GnwKhlFsCNOk7e2i1GGb+hx4emCyDWvqAweD7GJ0w/9mlF4lGvjQ/fnD3IT2vKl
+ECT3fcejW8dr0Ge/I8nyZUJ9FiRybeFjGk+FT/TsoqI+3IPgSa1qJAW+X2SWP0sG
+89q7UMlqon0ImiVTjKLnkhQN5vn7pBW7HJxlYOc74E/SpVKHJxLhYHuGe9BHPjbf
+2CS4PPUQTNG+IA6N67z2DxqK8mx1eC2foAtxq+qX7NfYN7zSHKUL+DpofF/EEaru
+8osfvzrwfApjSbZZFmuTJ+HfsnCwqLn1BVDZXjzZ55EkKLz9/5JwKaEvrx9DGbOO
+1VimdSJGWziwV0fVtOHPFNQcYaeY5v65VBKJEJFRnE4RZSl8NflGnJ76zaNjH8Uz
+w92aYLaaPLCl11YCUQ7YsLxjfyaKHC0E3+6w0O/c0Mxgl2zfk744uxfvUys3yqVn
+IiMi1cPSN/WWoDrASJ2TEsxqYHi8LDZRnGfSVmexstX21xyNCLdxfoPz3eqIYvpu
+E0gwvdh+gSbz9erO0dXUL0xouwXeeXLvLZOhLTnKBkQuvVW7Fggnjqhool5jefWk
+pp5E/kS/zGYHzJucJ8dJDxwv4TfzoRqqL3lSPPax4tvNV4q459A=
+=q91Y
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:13/libc++.patch b/website/static/security/patches/EN-24:13/libc++.patch
new file mode 100644
index 0000000000..d0dd1308df
--- /dev/null
+++ b/website/static/security/patches/EN-24:13/libc++.patch
@@ -0,0 +1,16 @@
+--- contrib/llvm-project/libcxx/include/string.orig
++++ contrib/llvm-project/libcxx/include/string
+@@ -1943,10 +1943,10 @@
+ if (__s < __min_cap) {
+ return static_cast(__min_cap) - 1;
+ }
+- size_type __guess =
+- __align_it < sizeof(value_type) < __alignment ? __alignment / sizeof(value_type) : 1 > (__s + 1) - 1;
++ const size_type __boundary = sizeof(value_type) < __alignment ? __alignment / sizeof(value_type) : __endian_factor;
++ size_type __guess = __align_it<__boundary>(__s + 1) - 1;
+ if (__guess == __min_cap)
+- ++__guess;
++ __guess += __endian_factor;
+ return __guess;
+ }
+
diff --git a/website/static/security/patches/EN-24:13/libc++.patch.asc b/website/static/security/patches/EN-24:13/libc++.patch.asc
new file mode 100644
index 0000000000..b13ab10bec
--- /dev/null
+++ b/website/static/security/patches/EN-24:13/libc++.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmZzRT4ACgkQbljekB8A
+Gu+S2g//T54gWR8M+1A9ASIM8wZu4nZEpxAOF5Rj88A7a8iSSeBgsiEPcL0ODpf6
+5WLd7j5ZVN2ufptJAAaV+K8sieVgW18b82UA5lyJP/j2nekXWVaJErsqYUYXNfbo
+E24TvArqJmTSCyUBqIUXAKTgKufX0gMdc5cQq74DZyY+9U1ZysaMgZY1Z0fLoYt2
+5Tf/MwwVqv4Rfwf3+JCyozy1qAEupTF2Xv/Zq55duqGDofvh2LkQYrtBM7sag4nD
+qfMXNNeeDmdsBUtdX6t2Ug1ozmpHAhGZEfSVCcxVMYkGvDT/BEPJeOoBAuKTZrjJ
+Y3ai0R4zzhok+SBxcE1x5HNRl81VShEkHSkyVJ/q7r4J6VXnA31Czo9A9hf7yYLb
++wab47bZOtZoxC+Z3xO5awXyKqR6cvYC8DET+3mpq4rl6B6OJ3tvI4s+qRvLwltx
+/hfd+owk4xMiPcimSj/Ntn39bBxisPhuUdri2Zu79Sypsn1NA0XHkeDH/RVyw+jy
+q9JoXPiVNlZEfA9H0gkhYvyzu2ARB1YQh7ZOcM7nLrzNZxZ6Q5IWtP09sDQjG6vp
+iRdLVaw6HE8gHXl5iGhINmOg4KkE/KmN1246+xWdPRdE7yoQz+KUoPgHey46f1rq
+Dqna+k+uCDnUGxVdqgjGRYJN7ddLKCxEnt8KxuxhOBBe18ugVbI=
+=Eje0
+-----END PGP SIGNATURE-----