/website/data/security/errata.toml
index 8240585f03..d726df571c 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,14 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-25:20.vmm"
+date = "2025-12-16"
+
+[[notices]]
+name = "FreeBSD-EN-25:19.zfs"
+date = "2025-12-16"
+
[[notices]]
name = "FreeBSD-EN-25:18.freebsd-update"
date = "2025-09-30"
diff --git a/website/static/security/advisories/FreeBSD-EN-25:19.zfs.asc b/website/static/security/advisories/FreeBSD-EN-25:19.zfs.asc
new file mode 100644
index 0000000000..1685af0160
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-25:19.zfs.asc
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-25:19.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: Unprivileged kernel NULL pointer dereference
+
+Category: contrib
+Module: openzfs
+Announced: 2025-12-16
+Credits: Collin Funk
+Affects: FreeBSD 15.0
+Corrected: 2025-12-15 14:16:12 UTC (stable/15, 15.0-STABLE)
+ 2025-12-16 23:42:59 UTC (releng/15.0, 15.0-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+ZFS is an advanced and scalable file system that is commonly used on FreeBSD.
+
+II. Problem Description
+
+Invoking the fsync(2) system call on a named pipe will trigger a NULL pointer
+dereference in the kernel, causing a system panic.
+
+III. Impact
+
+A malicious, unprivileged user may be able to panic the system.
+
+Software which attempts to fsync a named pipe may inadvertently panic the
+system.
+
+IV. Workaround
+
+No workaround is available. Systems not using ZFS are unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-25:19/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-25:19/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ d988a0c1fc4c stable/15-n281511
+releng/15.0/ ff6b9c7c1c34 releng/15.0-n280996
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+bIACgkQbljekB8A
+Gu8e+hAA1P5avUtCSkV+8EtFRP06yMwe/Lq79Q/pKZPPznhweJYx2tiEey7qfUEA
+7QT8aE8EgOCaaVs159Jn5c3RmQUeV9k+CKWxGbMuThfQJTX/ytmVdQX9tbTyfet1
+o6zZmvRViWR+GpArtCDrjapV5luvvW4DqFN0wBhqAN4PK4GUG/77kbWeeRGGNcNF
+2hzjrqUsi7vQ4CrhYYJH01PKIOW7V4HySzodPKSD24/LxILRY/XAA5y3n1gLeZ/i
+G8JWIjX3bhKrmyHlL+bOCPcUpJEC3CD//CtisGQX0UsOrRbR6nZrDVpIXGnrW9kM
+qUZvwjd731sTmab/ZyKcqoJ5cOwe1fBHgB/uK7H8DLzUCijiUS2+m+X5U6ncggFW
+qsFpdW2rEUWDoc1n1qkFpIbkQqXZKiEaX5C1MFcQvRv/5nkXszHMVSKuhuamC6xc
+Or7GXnxSVsTLS0H5ASg5aY65KsiJdDJI/4I6VSv7BIzJrZGXA/eH0G5+lAyU7rfd
+vZ67vtT+Gvz2Hof8oFwUL/6ID2v/RLKG9+wIx5m2HB6DsdxqB/UCpAVV5yh2FIt9
+OUODbFKIGQMtBL1pUhqxAIOzbJfAxcZfR11+2MuQWIkEXVMHWu86mRjxrQd33c10
+HET/1kMnGTZBbi77QM9eQvLqxfXRhRslquITHWz6XE+QN4hu44o=
+=o0ys
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-25:20.vmm.asc b/website/static/security/advisories/FreeBSD-EN-25:20.vmm.asc
new file mode 100644
index 0000000000..b7a8736f14
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-25:20.vmm.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-25:20.vmm Errata Notice
+ The FreeBSD Project
+
+Topic: bhyve(8) PCI passthru regression
+
+Category: core
+Module: vmm
+Announced: 2025-12-16
+Affects: FreeBSD 15.0
+Corrected: 2025-12-15 15:47:23 UTC (stable/15, 15.0-STABLE)
+ 2025-12-16 23:43:00 UTC (releng/15.0, 15.0-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+vmm(4) is a kernel module which provides an interface to hardware
+virtualization capabilities. It is the kernel-side counterpart to bhyve(8).
+
+PCI passthru is a feature of bhyve(8) on amd64 which allows a PCIe device, such
+as a network interface or GPU, to be effectively detached from the host system
+and passed directly into a guest virtual machine, allowing the guest to control
+the physical hardware.
+
+II. Problem Description
+
+Some refactoring of the vmm(4) code introduced a regression in the portion
+of the module which creates IOMMU mappings of guest memory.
+
+III. Impact
+
+The bug could cause PCI passthrough to not work as expected.
+
+IV. Workaround
+
+No workaround is available. Users not using bhyve(8) with PCI passthrough are
+unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms
+can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-25:20/vmm.patch
+# fetch https://security.FreeBSD.org/patches/EN-25:20/vmm.patch.asc
+# gpg --verify vmm.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 4f7436bf297b stable/15-n281529
+releng/15.0/ 04e9f1aab83a releng/15.0-n280997
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+b0ACgkQbljekB8A
+Gu94Og//V+/8PQJEF9OxtyaDRsgoC2NmHDDdYW4RnwG6uxSCHhSLO8LUH1XjmWWb
+c54Miuk6Xqh1D54D3Ppmr62nFKEhhqihDIZ28JTp67pvrJIFFUC5DXGTVcAUKzOG
+O/6jNJST82SFmfUHu6ntHWwRkaOW7LjUdBnH8pj3JetlseRtYghiWX6Y2Ql5XDfB
+AQF18mnxicXAg/PkI00iLqqkXaolAM29G2Io/KsdwMZZtL9RrFHKOlekX5iIyIBz
+TOm+7hpLznKbNEpybdknphc3VpjG9aaJyoDMqjkuZ/wJSUusFDMNpO3vpggnTS5D
+Yiu9yOGZb1nFEorfRco25Lh06FURaMb6t2lQFdmBg2ade1tiqR8E0CNdEBJIgjU+
+v6qZw7ayLTnfExvHyeHYxgVWpHp9eUpxMITiO7wt03BiEQvmmsnAMFSx2f5+Cvcy
+Q3eddVsJ0S4pS9mhUBAfrUxvDikXj2sQ2fKs3niB5xzk3z6XzC1Ukf6XlGtOyH0J
+PnMwZXRBChgaFwCzMwTdZpw2pZiVcWdsuLy24ecUWp9OUDGlfUG3heIbZBfSrdjz
+VeUo8Mv+gmwVAeOcYZxJLbNftNwjtKIVvjbs/Dx30g8hiGck7QpdBLTOmLQouUx+
+1GcguiXe6fhsf15aywvEM/Okt+g2X4jDArhYM3xF4dZGSoX7RpY=
+=8iiC
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-25:11.ipfw.asc b/website/static/security/advisories/FreeBSD-SA-25:11.ipfw.asc
new file mode 100644
index 0000000000..c67d77839c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-25:11.ipfw.asc
@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-25:11.ipfw Security Advisory
+ The FreeBSD Project
+
+Topic: ipfw denial of service
+
+Category: core
+Module: ipfw
+Announced: 2025-12-16
+Affects: FreeBSD 13 and 14
+Corrected: 2025-11-04 00:52:54 UTC (stable/14, 14.3-STABLE)
+ 2025-12-16 23:43:24 UTC (releng/14.3, 14.3-RELEASE-p7)
+ 2025-11-04 00:52:12 UTC (stable/13, 13.5-STABLE)
+ 2025-12-16 23:43:32 UTC (releng/13.5, 13.5-RELEASE-p8)
+CVE Name: CVE-2025-14769
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+ipfw(4) is one of the firewalls provided in the FreeBSD base system. Its
+`tcp-setmss` configuration directive allows the system administrator to lower
+the Maximum Segment Size of a packet.
+
+II. Problem Description
+
+In some cases, the `tcp-setmss` handler may free the packet data and throw an
+error without halting the rule processing engine. A subsequent rule can then
+allow the traffic after the packet data is gone, resulting in a NULL pointer
+dereference.
+
+III. Impact
+
+Maliciously crafted packets sent from a remote host may result in a Denial of
+Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would
+allow the traffic to pass.
+
+IV. Workaround
+
+No workaround is available, but systems that do not use ipfw(4) with the
+`tcp-setmss` directive are not affected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+reboot the system.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.3]
+# fetch https://security.FreeBSD.org/patches/SA-25:11/ipfw-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-25:11/ipfw-14.patch.asc
+# gpg --verify ipfw-14.patch.asc
+
+[FreeBSD 13.5]
+# fetch https://security.FreeBSD.org/patches/SA-25:11/ipfw-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-25:11/ipfw-13.patch.asc
+# gpg --verify ipfw-13.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ deb684f9d1d6 stable/14-n272799
+releng/14.3/ c0cb68169beb releng/14.3-n271453
+stable/13/ 94360584542a stable/13-n259534
+releng/13.5/ 60026b06366f releng/13.5-n259185
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+cAACgkQbljekB8A
+Gu9XFA//V2aCX1XCn6tCRPR51ixMJ/9rKfpWmYpGruZoB1GaKC0UvkQqDNIkXw8K
+r6OY1G2rK36y+AGCrxtXHnUKfDj/hzZkL4lEBr9AjcB6N4czk6q/fSuzcL0FCi9T
+CbWjxSEjV2M2IO4nObu8CKB/7cVY6UlIhe2d4iBH+otkzfyBsYHwCSvhDOWxeWFj
+f+I9ddOvCFv7lRh74RZk0CdSPe4HyptCSkwERwIn5Cm+fk7PJIFWDM4hF9atP+G8
+VT3PUirG1na33vtfRw46c/Qj+L8gybq0pztkTnqsm52WME0n1go3aI7mbPmSWTwe
+xSC5totcYxbjQ/lMcXv00kgDzraFuPSzSzej6Z4BYXTHOgNTgHHexa3rqxs8y3i/
+IoOWSDZdyd2d3B9r5xAFSzp+HVv+C9UBB/AQ0kQt0gPTX6j9d0WiMninNiedVSWf
+BOYCmgvI7+0ybeV54QFrVnEsImEoYu32NlLVVmswSnDOBuBcU2XtHtO7/x5BUcyU
+CdOiAZ78TS+007QllROCuidXiQc0FNFqgm+rRFv37Wmmm0LZVkVJ7OVB0vXuk4ps
+iNBFmXxHCiKL6zJGvx+OQmAXLE+xf71n9xt0jJIk/NfI1BkHYRrlYnH7JXhfBvAO
+SYtM+FXK1Kehj+ltLUO+9WYhkgfAUtlI/+7GKLMDzy76Q+ZMzhk=
+=0OhG
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-25:12.rtsold.asc b/website/static/security/advisories/FreeBSD-SA-25:12.rtsold.asc
new file mode 100644
index 0000000000..03844597f1
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-25:12.rtsold.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-25:12.rtsold Security Advisory
+ The FreeBSD Project
+
+Topic: Remote code execution via ND6 Router Advertisements
+
+Category: core
+Module: rtsold
+Announced: 2025-12-16
+Credits: Kevin Day
+Affects: All supported versions of FreeBSD.
+Corrected: 2025-12-16 23:39:32 UTC (stable/15, 15.0-STABLE)
+ 2025-12-16 23:43:01 UTC (releng/15.0, 15.0-RELEASE-p1)
+ 2025-12-16 23:45:05 UTC (stable/14, 14.3-STABLE)
+ 2025-12-16 23:43:25 UTC (releng/14.3, 14.3-RELEASE-p7)
+ 2025-12-16 23:44:10 UTC (stable/13, 13.4-STABLE)
+ 2025-12-16 23:43:33 UTC (releng/13.5, 13.5-RELEASE-p8)
+CVE Name: CVE-2025-14558
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+rtsold(8) and rtsol(8) are programs which process router advertisement
+packets as part of the IPv6 stateless address autoconfiguration (SLAAC)
+mechanism.
+
+II. Problem Description
+
+The rtsol(8) and rtsold(8) programs do not validate the domain search list
+options provided in router advertisement messages; the option body is passed
+to resolvconf(8) unmodified.
+
+resolvconf(8) is a shell script which does not validate its input. A lack of
+quoting meant that shell commands pass as input to resolvconf(8) may be
+executed.
+
+III. Impact
+
+Systems running rtsol(8) or rtsold(8) are vulnerable to remote code execution
+from systems on the same network segment. In particular, router advertisement
+messages are not routable and should be dropped by routers, so the attack does
+not cross network boundaries.
+
+IV. Workaround
+
+No workaround is available. Users not using IPv6, and IPv6 users that do not
+configure the system to accept router advertisement messages, are not affected.
+A network interface listed by ifconfig(8) accepts router advertisement messages
+if the string "ACCEPT_RTADV" is present in the nd6 option list.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-25:12/rtsold.patch
+# fetch https://security.FreeBSD.org/patches/SA-25:12/rtsold.patch.asc
+# gpg --verify rtsold.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 6759fbb1a553 stable/15-n281548
+releng/15.0/ 408f5c61821f releng/15.0-n280998
+stable/14/ 26702912e857 stable/14-n273051
+releng/14.3/ 3c54b204bf86 releng/14.3-n271454
+stable/13/ 4fef5819cca9 stable/13-n259643
+releng/13.5/ 35cee6a90119 releng/13.5-n259186
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+cMACgkQbljekB8A
+Gu9YXA//UpSYz4dseSTcDElpN6jp/2W0+OKDYVqRkH0PaLwZX8iGugm8QwqCxLoL
+m1xK2BJir15wuUYmD++EYbjHajXrKIPaD+sW9KjqxgxDVsQWwfl9ZND743JM5TFE
+Y3fx8halkChIwtNGCNDHTu5N2DmEPoTO03jOqKqjH6PZwJ6ycYTw4zJvPdP5eDiT
++zWpTNNm0VCkBQQB7ukJGku3zWAh4swZWylP2GvyzifcYKR3Z4OGhDdwQCBa99cn
+jC67D7vURTqlk4pcTFJ6JrIVRIQJdNWQGRou3hAedE59bpAZZc8B/fd//Ganmrit
+CBG1kMLYVxtV3/12+maEt/DLEMM7isGJPQiSWYe+qseBcdakmuJ8hdR8HKTqrK40
+57ZO59CnzEFr49DrrTD4B97cJwtrXLWtUp4LiXxuYy0CkCl8CiXvcgovCBusQpx+
+r68dgbfcH0UY/ryQp0ZWTI1y3NKmOSuPVpkW4Ss0BeGESlA4DJHuEwIs1D4TnOJL
+90C5D7v7jeOtdXhZ6BHVLtXB+nn8zMpAO209H/pRQWJdAEpABheKCgisP9C80g6h
+kM300GZjH4joYDyFbMYrW6uWfylwDFC1g8MdFi8yjZzEEOfrKNcY63b+Kx+c3xNL
+hIa8yUcjLYHvMRnjTQU1bgUVU+SmW6n05HcqtWV7VKh39ATJcX4=
+=TK7t
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-25:19/zfs.patch b/website/static/security/patches/EN-25:19/zfs.patch
new file mode 100644
index 0000000000..83ceaef2be
--- /dev/null
+++ b/website/static/security/patches/EN-25:19/zfs.patch
@@ -0,0 +1,11 @@
+--- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c.orig
++++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
+@@ -5275,7 +5275,7 @@
+ * Push any dirty mmap()'d data out to the DMU and ZIL, ready for
+ * zil_commit() to be called in zfs_fsync().
+ */
+- if (vm_object_mightbedirty(vp->v_object)) {
++ if (vp->v_object != NULL && vm_object_mightbedirty(vp->v_object)) {
+ zfs_vmobject_wlock(vp->v_object);
+ if (!vm_object_page_clean(vp->v_object, 0, 0, 0))
+ err = SET_ERROR(EIO);
diff --git a/website/static/security/patches/EN-25:19/zfs.patch.asc b/website/static/security/patches/EN-25:19/zfs.patch.asc
new file mode 100644
index 0000000000..0425b9df66
--- /dev/null
+++ b/website/static/security/patches/EN-25:19/zfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+bwACgkQbljekB8A
+Gu9SoRAAm4keitzrLj9mO+gAZdzrfK/JO3QhWbwhIRnzRlGId4Y2tXQg0kQspeQZ
+Wm81e0tDPLHsFJs5xeDg0IC4s0EJAx+6xleDhDCHJQL76C75O9WdcYAq6KKOTxyW
+I1hsNNlFD/b3fG64yB7EXQCmb3zLBFArP4gvBi0m5Juy0C6Eu8jxdu8+fbxNcRXs
+OUJRJ0OBFnQ1xBxeKsxjXA2TJendAj2TmLGlWwnoAiEuHrAjT0xaH5+m53xfuNgH
+7HIGs+4xXh31EFWA9893e64dMQZ1JPUL1M5tG9BlWlMAx3QfDMrjh//UiN4eoLXe
+tRQitwKinIP2vBMNptOS1Jz9EBKpkaqkGn5J0Os4vYxOdKG/dbNOuHmlzAhm7SvE
+VmrCo2EhxwACgR2GptWJ6/3EszIHNrhqLKkXdg52LziuIgxRYoT/Rpyui1aCEx+j
+stPEn+dWjTyiZ6jStgcr3KkaroQST56LifSZDds619XCZl6VFYcD1c5CTa9tBKNP
+aOuNLBU75cREmhsAzAN8NNJ4z5OwV/b72LwUSnPEfls1MjRktbWdTs9KaFlXmkog
+eToz8wkMsWu/w4QB+XdjHT5T9T3RDhDXzGtvDK4FGPJChdhQMflUdqk1qto9BIoK
+E6nmw6FW3GeDCWKi/4ffsbyBmpJdePjXdlH/PFylhRfuCBmIA3E=
+=198O
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-25:20/vmm.patch b/website/static/security/patches/EN-25:20/vmm.patch
new file mode 100644
index 0000000000..fa68754d4b
--- /dev/null
+++ b/website/static/security/patches/EN-25:20/vmm.patch
@@ -0,0 +1,28 @@
+--- sys/amd64/vmm/vmm.c.orig
++++ sys/amd64/vmm/vmm.c
+@@ -755,10 +755,10 @@
+ sx_assert(&vm->mem.mem_segs_lock, SX_LOCKED);
+
+ for (i = 0; i < VM_MAX_MEMMAPS; i++) {
+- if (!vm_memseg_sysmem(vm, i))
++ mm = &vm->mem.mem_maps[i];
++ if (!vm_memseg_sysmem(vm, mm->segid))
+ continue;
+
+- mm = &vm->mem.mem_maps[i];
+ KASSERT((mm->flags & VM_MEMMAP_F_IOMMU) == 0,
+ ("iommu map found invalid memmap %#lx/%#lx/%#x",
+ mm->gpa, mm->len, mm->flags));
+@@ -803,10 +803,10 @@
+ sx_assert(&vm->mem.mem_segs_lock, SX_LOCKED);
+
+ for (i = 0; i < VM_MAX_MEMMAPS; i++) {
+- if (!vm_memseg_sysmem(vm, i))
++ mm = &vm->mem.mem_maps[i];
++ if (!vm_memseg_sysmem(vm, mm->segid))
+ continue;
+
+- mm = &vm->mem.mem_maps[i];
+ if ((mm->flags & VM_MEMMAP_F_IOMMU) == 0)
+ continue;
+ mm->flags &= ~VM_MEMMAP_F_IOMMU;
diff --git a/website/static/security/patches/EN-25:20/vmm.patch.asc b/website/static/security/patches/EN-25:20/vmm.patch.asc
new file mode 100644
index 0000000000..3a82c526bf
--- /dev/null
+++ b/website/static/security/patches/EN-25:20/vmm.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+b8ACgkQbljekB8A
+Gu8rmg//fxgg8RHsX+2subMm7G4VlBKHDk0vULQgGV4PXMAmSn30b+TLuNsJsaTp
+fvPVKq2Q2Xuu5icWV2cdSmjd+egDOZfVRMdEbhr3ZdoUfPWtx1Om7xbwRtrTYtku
+GloBN/KzUPvyk7d33K8qAIW7xyKOjCdepaG3EheMzgwWaWXrGUWJacGGqsYI7yrJ
+HNvy6Zn0bxyVJUMVKMjgElt57K/D/CwzCOx3uTngbMTz09AGxuA4gHL1wMcJUqEI
+SZ63RK4B2GfNj9+nNYCThwZAdmXLSCLdcc18Etq06spiJFJHG/xD/UZmJZV5N3ze
+LriUeaOiCZgtVweVH+3JrFhvbQ/8Du0+8U7vPUV6bStE1czb1jAuWVKtZvT+6n4j
+IwnLbST9Iymw/kXdiD238Js7tPUQKTR+kgpLyGNGRAIeadqFvfZ/T+iNgBXVPRRm
+B4Lt+DI+Cxs6mP5+8zwc6rYKEwOsMTdLPWCe9rFX6BUy0SYpB/oTNPFI9c+lMvw7
+huGZQJcGlDSDuTr4FXTxjvs5wZdRL9aq/l9fFB9xgB4UJozOwa/SFt2p4Ff60CzG
+5lCYWqgsOsm802f2NNwtMQZ1of3MutogBPh0HxYOOJHUxtqJ7o2D1EYtJx3kCc/7
+pAxgVSbZwMM6bvzuMJ3ZY9QJQfarj34BJQPlZRveSzSzoIxeeY8=
+=uBhK
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-25:11/ipfw-13.patch b/website/static/security/patches/SA-25:11/ipfw-13.patch
new file mode 100644
index 0000000000..fb05925f47
--- /dev/null
+++ b/website/static/security/patches/SA-25:11/ipfw-13.patch
@@ -0,0 +1,85 @@
+--- sys/netpfil/ipfw/pmod/tcpmod.c.orig
++++ sys/netpfil/ipfw/pmod/tcpmod.c
+@@ -58,7 +58,8 @@
+ #define V_tcpmod_setmss_eid VNET(tcpmod_setmss_eid)
+
+ static int
+-tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss)
++tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss,
++ int *done)
+ {
+ struct mbuf *m;
+ u_char *cp;
+@@ -73,8 +74,10 @@
+ * TCP header with options.
+ */
+ *mp = m = m_pullup(m, m->m_pkthdr.len);
+- if (m == NULL)
++ if (m == NULL) {
++ *done = 1;
+ return (ret);
++ }
+ }
+ /* Parse TCP options. */
+ for (tlen -= sizeof(struct tcphdr), cp = (u_char *)(tcp + 1);
+@@ -115,7 +118,7 @@
+
+ #ifdef INET6
+ static int
+-tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss)
++tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss, int *done)
+ {
+ struct ip6_hdr *ip6;
+ struct ip6_hbh *hbh;
+@@ -143,13 +146,13 @@
+ /* We must have TCP options and enough data in a packet. */
+ if (hlen <= sizeof(struct tcphdr) || hlen > plen)
+ return (IP_FW_DENY);
+- return (tcpmod_setmss(mp, tcp, hlen, mss));
++ return (tcpmod_setmss(mp, tcp, hlen, mss, done));
+ }
+ #endif /* INET6 */
+
+ #ifdef INET
+ static int
+-tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss)
++tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss, int *done)
+ {
+ struct tcphdr *tcp;
+ struct ip *ip;
+@@ -163,7 +166,7 @@
+ /* We must have TCP options and enough data in a packet. */
+ if (hlen <= sizeof(struct tcphdr) || hlen > plen)
+ return (IP_FW_DENY);
+- return (tcpmod_setmss(mp, tcp, hlen, mss));
++ return (tcpmod_setmss(mp, tcp, hlen, mss, done));
+ }
+ #endif /* INET */
+
+@@ -207,19 +210,23 @@
+ switch (args->f_id.addr_type) {
+ #ifdef INET
+ case 4:
+- ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1));
++ ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1),
++ done);
+ break;
+ #endif
+ #ifdef INET6
+ case 6:
+- ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1));
++ ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1),
++ done);
+ break;
+ #endif
+ }
+ /*
+ * We return zero in both @ret and @done on success, and ipfw_chk()
+ * will update rule counters. Otherwise a packet will not be matched
+- * by rule.
++ * by rule. We passed @done around above in case we hit a fatal error
++ * somewhere, we'll return non-zero but signal that rule processing
++ * cannot succeed.
+ */
+ return (ret);
+ }
diff --git a/website/static/security/patches/SA-25:11/ipfw-13.patch.asc b/website/static/security/patches/SA-25:11/ipfw-13.patch.asc
new file mode 100644
index 0000000000..67aea97cdc
--- /dev/null
+++ b/website/static/security/patches/SA-25:11/ipfw-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+cEACgkQbljekB8A
+Gu+asw//WJUmaNnjyTsdXVY8r6CxzKjDngJFx0wiQ0KG2PB27ZckN/8HTB+ufDpt
+XppOzfoplV0NPS3MY+Zbsl3UB+H51tpe72r4s8DJO0CY0YN1870JwQ7STCGOSY6r
+iC8ZUe59tfBS96BKkEJmCVzMQtw6Sl2uBdUUvH3SdkOWN8qmzgsvnX9sJxPKS90f
+vrYvEuOvSXzpj6k5RwoW0bHyVKd8bYxHby2yyyySyShUYSOZZYN8HLPKqFTrKA7x
+80bJWK//OssKLKdBGQjS0jbXnqwy+jvz1hfTbijvZnbTfkY5JbnxZ/nLHjgdGB3i
+T8VoT5IixsDxN0XN+GzphlGkE++LzhVsm8SB3361Twxr/J2PPWAMbY+Ic18qgbhV
+OlNolgIpTeatQ2zCrX6A15z+gWaLMv6XFdhR/kgNU715MoFAc+o+Zzf/3FMgE0wN
+R+J5vuUc5Wbv4IT3eQvmgEUzaTst4vGX7NHY51IHlSLa/AZqJl0dvutKQCBb8o8R
+qWlubHA4nIMLM8avN555NFgVAN3wSKlgyPaWCMQxbwTQjN4IQdIRFwiSWfs5E2aM
+WJPMbeV9w/bnFK2oM8ieei24UwhKGB/QJ8Z97VdI5fbj+C4OrD/Pq6MFPeNLeEH8
+LZ8aXmx7MaD1vuDr/LiDm88BTE47dIsP4NQwqX+mnwXlAa3I2S8=
+=HOuk
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-25:11/ipfw-14.patch b/website/static/security/patches/SA-25:11/ipfw-14.patch
new file mode 100644
index 0000000000..fb05925f47
--- /dev/null
+++ b/website/static/security/patches/SA-25:11/ipfw-14.patch
@@ -0,0 +1,85 @@
+--- sys/netpfil/ipfw/pmod/tcpmod.c.orig
++++ sys/netpfil/ipfw/pmod/tcpmod.c
+@@ -58,7 +58,8 @@
+ #define V_tcpmod_setmss_eid VNET(tcpmod_setmss_eid)
+
+ static int
+-tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss)
++tcpmod_setmss(struct mbuf **mp, struct tcphdr *tcp, int tlen, uint16_t mss,
++ int *done)
+ {
+ struct mbuf *m;
+ u_char *cp;
+@@ -73,8 +74,10 @@
+ * TCP header with options.
+ */
+ *mp = m = m_pullup(m, m->m_pkthdr.len);
+- if (m == NULL)
++ if (m == NULL) {
++ *done = 1;
+ return (ret);
++ }
+ }
+ /* Parse TCP options. */
+ for (tlen -= sizeof(struct tcphdr), cp = (u_char *)(tcp + 1);
+@@ -115,7 +118,7 @@
+
+ #ifdef INET6
+ static int
+-tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss)
++tcpmod_ipv6_setmss(struct mbuf **mp, uint16_t mss, int *done)
+ {
+ struct ip6_hdr *ip6;
+ struct ip6_hbh *hbh;
+@@ -143,13 +146,13 @@
+ /* We must have TCP options and enough data in a packet. */
+ if (hlen <= sizeof(struct tcphdr) || hlen > plen)
+ return (IP_FW_DENY);
+- return (tcpmod_setmss(mp, tcp, hlen, mss));
++ return (tcpmod_setmss(mp, tcp, hlen, mss, done));
+ }
+ #endif /* INET6 */
+
+ #ifdef INET
+ static int
+-tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss)
++tcpmod_ipv4_setmss(struct mbuf **mp, uint16_t mss, int *done)
+ {
+ struct tcphdr *tcp;
+ struct ip *ip;
+@@ -163,7 +166,7 @@
+ /* We must have TCP options and enough data in a packet. */
+ if (hlen <= sizeof(struct tcphdr) || hlen > plen)
+ return (IP_FW_DENY);
+- return (tcpmod_setmss(mp, tcp, hlen, mss));
++ return (tcpmod_setmss(mp, tcp, hlen, mss, done));
+ }
+ #endif /* INET */
+
+@@ -207,19 +210,23 @@
+ switch (args->f_id.addr_type) {
+ #ifdef INET
+ case 4:
+- ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1));
++ ret = tcpmod_ipv4_setmss(&args->m, htons(icmd->arg1),
++ done);
+ break;
+ #endif
+ #ifdef INET6
+ case 6:
+- ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1));
++ ret = tcpmod_ipv6_setmss(&args->m, htons(icmd->arg1),
++ done);
+ break;
+ #endif
+ }
+ /*
+ * We return zero in both @ret and @done on success, and ipfw_chk()
+ * will update rule counters. Otherwise a packet will not be matched
+- * by rule.
++ * by rule. We passed @done around above in case we hit a fatal error
++ * somewhere, we'll return non-zero but signal that rule processing
++ * cannot succeed.
+ */
+ return (ret);
+ }
diff --git a/website/static/security/patches/SA-25:11/ipfw-14.patch.asc b/website/static/security/patches/SA-25:11/ipfw-14.patch.asc
new file mode 100644
index 0000000000..2be67b87f8
--- /dev/null
+++ b/website/static/security/patches/SA-25:11/ipfw-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmlB+cIACgkQbljekB8A
+Gu/0YhAA1u4RvqedV9mVTbrHhsUUl0+O9WhSyiuqTWKOFihFYnJbL+z1C/bsnY5w
+/u4EpyaRKion9FykXek3UFyteK6+ugqW8++H/5cN+95AuOVBZcz6gAhziy+beHA8
+YeO5G5o9p/pCQNWp5XP70uG8i4qm4fJ2GfHD2xY4Ji2A0IGEz0+NFK0+bfMUiHNx
+HgJVEjFBZbgjltajatNbtf080/Gc5hJbvwejri9WRI0CxntJvHd9n6SJj9y9eBa8
+vr6bQcSY+IM8noEwmU2vtFF/AuCl8kRY6wHO78usEO7whnIzSQHqX2z0lKi1nImd
+6gY2a69ZT11iKA0R7Qa2gtSZvJvA6Hb1D6i6t7EKKHcrVrGBEUYovCSyMR9g+cCV
+7XPcweh/b/SIH+++oc856aw/hIeQTHcngFF6G+wJA0c7VyatMvARdit4u7q6Qfha
+CwmeZTEWH+p1wBBMm8S5fPkUFDR87rW2NX3SnGpw4xKvsF3A8SW9cC1ktIvZY1km
+VzXAAFWotWaRpju/LBSlzfYGl/uG86byY0/F1E3IvANympuzsL+ja0iE7lvDntca
+Rwf8rVnA7ofK6Q3pF2Rm3ZqwH0RB9X8PiAWMHyR6RVhn+rScqOZx3skOI5n071/I
+kX+ZkAX5Ca/tpGSmimI4ZgBpyBR6rHksUUbudq1i2JhG+OtrJrY=
+=QOXB
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-25:12/rtsold.patch b/website/static/security/patches/SA-25:12/rtsold.patch
new file mode 100644
index 0000000000..a448720b35
--- /dev/null
+++ b/website/static/security/patches/SA-25:12/rtsold.patch
@@ -0,0 +1,62 @@
+--- usr.sbin/rtsold/rtsol.c.orig
++++ usr.sbin/rtsold/rtsol.c
+@@ -776,6 +776,41 @@
+ argv[0], status);
+ }
+
++#define PERIOD 0x2e
++#define hyphenchar(c) ((c) == 0x2d)
++#define periodchar(c) ((c) == PERIOD)
++#define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) || \
++ ((c) >= 0x61 && (c) <= 0x7a))
++#define digitchar(c) ((c) >= 0x30 && (c) <= 0x39)
++
++#define borderchar(c) (alphachar(c) || digitchar(c))
++#define middlechar(c) (borderchar(c) || hyphenchar(c))
++
++static int
++res_hnok(const char *dn)
++{
++ int pch = PERIOD, ch = *dn++;
++
++ while (ch != '\0') {
++ int nch = *dn++;
++
++ if (periodchar(ch)) {
*** 59 LINES SKIPPED ***