polarian: same as what buildworld builds, use src.conf(5), delete-old target is also aware of these settings

I consider installing freebsd as a host OS. How is the support for Win 11 + SecBoot + swtpm as a VM in FreeBSD?

It is crucial for me. If complicated I install Ubuntu/Debian instead.

should work fine by adding -l tpm,swtpm,/path/to/tpm.socket to the bhyve command line

nimaje1, "should" - thanks for paying attention, but I need to know 100% for the Wion 11 source is a company image. There's no room for casual deactivation of the SecBoot and/or tpm2 bypass.

A college of mine installed in Ubuntu with no problems. As I like freebsd I'd rather opt for the BSD, but if I have no choice ... Debian.

you probably have to test that yourself

nimaje1, I am. Thanks.

= ^

freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc patch your systeeeeeemz ;-)

did already: up 2 days, 7:27

Afterglow: 👍

cyric: ah never heard about src.conf(5) thx

ooo you can really strip down your install with this

so for the syntax of src.conf, with/without values are ignored, so its just the environment variable without = and a value, separated by newlines?

polarian: how are you checking it ?

mzar: wdym

> The values of WITH_ and WITHOUT_ variables are ignored regardless of

their setting; even if they would be set to “FALSE” or “NO”. The

presence of an option causes it to be honored by make(1).

sorry I didnt strip the newlines :/

thats what I am referencing

so take WITHOUT_ACPI

do I need to set a value, as its ignored anyways

WITHOUT_ACPI=yes WITHOUT_ACPI=YES WITHOUT_ACPI=1 WITHOUT_ACPI=OK - this all should work

polarian: do you expect it to be broken ?

mzar: so you need to set a value but the value is ignored

the man page is not very specific about thisd

yep, that's how it's been working since ages

WITHOUT_ACPI=NO could be really misleading, so it's not recommended setting ;-)

#WITHOUT_ACPI=NO - that's OK

mzar: alright I assume 1 works too

1 and 0s

shorter to type

WITHOUT_ACPI= is even shorter :)

cyric: so you dont NEED a value then?

ffs this is confusing as fuck

the value is ignored right?

WITHOUT_ACPI is invalid I assume

correct, you don't need a value, only to set the variable

WITHOUT_ACPI= is then valid?

so as long as you have the = its fine?

yes!

alright thanks

I dont know why this has confused me so much

Hello

Hi folks, trying to install freebsd on a desktop that I have, checked sha512sum is okay; copied it onto a ventoy drive, can't boot into the installer

Mounting from cd9660:/dev/iso9660/15_0_RELEASE_AMD64_CD failed with error 19

delgnam: you are supposed to use mini-stick img

hah. Watching a 900GB tar assemble on a platter disk... I'm about 20% done and it's been an hour X-D

wavefunction a new Netflix series? :)

also, the drive is okay, booted some other isos on there. Only FreeBSD is failing for some reason :(

why is pkg taking almost 1 gb to do an upgrade

of memory

been noticing it keeps getting killed by the OS because of hogging memory

"Checking integrity...Child process pid=50693 terminated abnormally: Killed"

makr, i don't know if it's normal for pkg to use that much memory or is it even a problem but, i guess you can try protect(1) to protect the job from getting killed

FYI: forum.opnsense.org/index.php?topic=50137.0

IPV6 BSD

nxjoseph: thanks. i filed a ticket for it. this never used to happen before

makr, i see, you are welcome

2 gb to update 300 pkgs...i'm not too keen on pkgbase lol

looks like tie to update kernel/world to -STABLE on everything

the mirrors are too slow

ref CVE-2025-14558 - the link posted by nerozero

nerozero?

0-day ?

sorry where AFK

if you are not using IPv6 - you are safer

if you are not using IPv6 - you are safe

this issue not effects you

but a lot of changes, update ASAP

eh, i didn't it read it as a problem if you stay on your own trusted network

If you have IPv6 and enabled Router Advertisements from your provided - you are effected

polarian: when using ´WITHOUT_ACPI=´ the value is the empty string

why is the latest branch for freebsd 15 ports not working

after doing echo 'FreeBSD: { url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest" }' > /usr/local/etc/pkg/repos/FreeBSD.conf

i get lots of errors and can't update, eg. pkg: Repository FreeBSD has a wrong packagesite, need to re-create database

is it exploited in the wild ?

nimaje1: yeah i realise that :)

makr: 15 renamed the repos, as the repo name FreeBSD would also fit for pkgbase too, so it is FreeBSD-base, FreeBSD-ports and FreeBSD-ports-kmods now

thanks nimaje1, that fixed it

you should also change your -kmods repo to use pkg+https://pkg.FreeBSD.org/${ABI}/kmods_latest then

handbook comment - maybe I was doing it wrong, ut I was looking for the current method of getting kernel source and it was difficult to pinpoint in the handbook. It oughtto be referenced in every section that discusses building the kernel, In My BombasticO Opinion (used to be). Had to resort to google searching... should be as easy as going to handbook and looking at chapters. FWIW

mzar I am in the process of rebuilding my servr swith new FBSD, ports, and 8TB hard drive (old has 2TB and running 11).. So a kernel/world build is happening NOW. I did a quicky diff from 15-RELEASE installed source and there ARE a lot of changed files. Devs been busy.

as for those behind firewall I am fuessing they may be ok using the erver as a gateway but I'll update them anyway to 14-STABLE(latest)

tnanks for reporting shbrngdo; I am also still running FreeBSD, now mostly 15/stable, bu

but this machine runs 16.0-CURRENT #19 main-n282646-df6861d755c8: Fri Dec 19 18:08:48 CET 2025

yeah it was 'cause I looked at the link nerozero posted, so all kudos to him. I'm just escalating the visibility a bit

maybe worth a tpic mention

I am not much worried, rtsold is rarely run on servers

moreover, we at least need small exploit and bad guy with the access to the network

well I'm not using dhclient on server either. I hav a somewhat pricey /29 now

does such exploit exist ?

«rtsold is rarely run on servers»

speak for yourself, many people have good reason to

OK, I am speaking for myself

grok says none in the wild - grok.com/share/c2hhcmQtNA_a0dc7179-21fe-444a-abf8-3f6f518991ca

mzar: ACCEPT_RTADV is the thing to look out for

nimaje1: i don't need to add _${VERSION_MINOR} like in /etc/pkg/FreeBSD.conf ?

Is freebsd less code than linux

yes, that's common for my destkops

ximon98: is it an issue ?

ximon - I could test that, compare size of FreeBSD sopource to Linux source. I don't have soyurce for the latest kernel, though and you'd have to include base gnu tool source as wwell.

stupid keyboard. stupid cataracts.

makr: ah, yeah probably I just looked at usr.sbin/pkg/FreeBSD.conf.latest in the src repo, but yeah use what is in your /etc/pkg/FreeBSD.conf and change quarterly to latest

done, thanks nimaje1 :)

mzar: I really don't understand why the code to react to Router Advertisement was put into rtsol too, its name suggests it only handles Router Solicitation

do you think that we need another daemon for this job ?

rtsol is no daemon, I think that part should be extracted with a better name, maybe rtadv-handler

3792 - ICs 0:00,02 /usr/sbin/rtsold -a -i 3796 - Is 0:00,00 rtsold: rtsold.llflags (rtsold) 3797 - Is 0:00,00 rtsold: rtsold.script (rtsold) 3799 - Is 0:00,00 rtsold: rtsold.sendmsg (rtsold) 3800 - Is 0:00,02 rtsold: system.syslog (rtsold)

it's a deamon /usr/sbin/rtsold: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 16.0 (1600007), FreeBSD-style, stripped

ha.. it looks like ACPI again doesn't power off the system on recent CURRENT

this issue became common in recent months

yeah, you can use it as a daemon if you want it to send Router Solicitation, but if you just have accept_rtadv it will be used to configure stuff in response to Router Advertisement but Solicitation are never in the picture then

shbrngdo: another example why llms are not to be trusted, it confuses CVE-2025-14558 (rtsol) with CVE-2025-14769 (ipfw) there

The buggers just throttled my access. Why didn't you plainly ban me?

new phone who dis?

Cheap way to deal with "unpleasant" members of the forums. F*** this.

what was the flame war about?

emacs vs. vim?

There was no flame war at all. Relax.

A single post, with a statement.

nimaje, Generally, LLMs are not to be trusted because they a generators of Frankfurtean bullshit: <scientificamerican.com/article/chat…isnt-hallucinating-its-bullshitting>

About policy and politics. Iky subject.

I hate them, both.

One way or another, I will have my pun.

Why send a private message if you know it cannot be read? Crivens, most likely. Explain here.

Please explain, I will not take silence for an answer.

Are we going back to commie Era? Censoring anything + 1? Hmmm... sad future dawns

As long as I am not banned (no reason for that) I have the right to read my messages. Do you understand that?

*private messages

Good PR :)

15.0 seems to be a really solid release. great job team!

I'm currently looking at the rtsol cve and I don't find the lack of quoting in resolvconf(8) which in the leads to the rce

is there a prove of concept for this cve?

satanist, The advisory listed the patches which fixed the problem. The patches were only for rtsol.c only and there were no changes for resolvconf.

the advisary claims: "A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed. [...] Systems running rtsol(8) or rtsold(8) are vulnerable to remote code execution"

I don't know but... I think they are talking about on the command line to resolvconf from rtsold and therefore it was lack of quoting from rtsold.

but resolvconf takes domains on stdin

I don't know anything about how rtsold is coded up. I would need to crawl through that source code to understand how it is working and what it is doing.