05:33:58 <cyric> polarian: same as what buildworld builds, use src.conf(5), delete-old target is also aware of these settings
08:38:23 <centrix> I consider installing freebsd as a host OS. How is the support for Win 11 + SecBoot + swtpm as a VM in FreeBSD?
08:38:48 <centrix> It is crucial for me. If complicated I install Ubuntu/Debian instead.
08:52:04 <nimaje1> should work fine by adding   -l tpm,swtpm,/path/to/tpm.socket   to the bhyve command line
08:57:48 <centrix> nimaje1, "should" - thanks for paying attention, but I need to know 100% for the Wion 11 source is a company image. There's no room for casual deactivation of the SecBoot and/or tpm2 bypass.
08:58:48 <centrix> A college of mine installed in Ubuntu with no problems. As I like freebsd I'd rather opt for the BSD, but if I have no choice ... Debian.
09:06:49 <nimaje1> you probably have to test that yourself
09:19:32 <centrix> nimaje1, I am. Thanks.
09:44:50 <LXGHTNXNG> = ^
12:55:11 <armin> https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc patch your systeeeeeemz ;-)
12:57:35 <Afterglow> did already:  up 2 days,  7:27
13:00:43 <armin> Afterglow: 👍
14:01:43 <polarian> cyric: ah never heard about src.conf(5) thx
14:02:53 <polarian> ooo you can really strip down your install with this
14:07:28 <polarian> so for the syntax of src.conf, with/without values are ignored, so its just the environment variable without = and a value, separated by newlines?
14:08:53 <mzar> polarian: how are you checking it ?
14:09:48 <polarian> mzar: wdym
14:10:06 <polarian> > The values of WITH_ and WITHOUT_ variables are ignored regardless of
14:10:08 <polarian>      their setting; even if they would be set to “FALSE” or “NO”.  The
14:10:10 <polarian>      presence of an option causes it to be honored by make(1).
14:10:23 <polarian> sorry I didnt strip the newlines :/
14:10:29 <polarian> thats what I am referencing
14:10:34 <polarian> so take WITHOUT_ACPI
14:10:43 <polarian> do I need to set a value, as its ignored anyways
14:11:34 <mzar> WITHOUT_ACPI=yes WITHOUT_ACPI=YES WITHOUT_ACPI=1 WITHOUT_ACPI=OK - this all should work
14:16:08 <mzar> polarian: do you expect it to be broken ?
14:17:39 <polarian> mzar: so you need to set a value but the value is ignored
14:17:49 <polarian> the man page is not very specific about thisd
14:20:36 <mzar> yep, that's how it's been working since ages
14:21:17 <mzar> WITHOUT_ACPI=NO could be really misleading, so it's not recommended setting ;-)
14:21:58 <mzar> #WITHOUT_ACPI=NO - that's OK
14:27:18 <polarian> mzar: alright I assume 1 works too
14:27:20 <polarian> 1 and 0s
14:27:22 <polarian> shorter to type
14:30:28 <cyric> WITHOUT_ACPI= is even shorter :)
14:30:50 <polarian> cyric: so you dont NEED a value then?
14:30:58 <polarian> ffs this is confusing as fuck
14:31:04 <polarian> the value is ignored right?
14:31:09 <polarian> WITHOUT_ACPI is invalid I assume
14:31:10 <cyric> correct, you don't need a value, only to set the variable
14:31:13 <polarian> WITHOUT_ACPI= is then valid?
14:31:19 <polarian> so as long as you have the = its fine?
14:31:24 <cyric> yes!
14:31:27 <polarian> alright thanks
14:31:36 <polarian> I dont know why this has confused me so much
14:38:01 <ghodawalaaman_> Hello
16:03:41 <delgnam> Hi folks, trying to install freebsd on a desktop that I have, checked sha512sum is okay; copied it onto a ventoy drive, can't boot into the installer
16:04:25 <delgnam> Mounting from cd9660:/dev/iso9660/15_0_RELEASE_AMD64_CD failed with error 19
16:05:11 <ghodawalaaman_> delgnam: you are supposed to use mini-stick img
17:01:51 <wavefunction> hah. Watching a 900GB tar assemble on a platter disk... I'm about 20% done and it's been an hour X-D
17:10:28 <cavokz> wavefunction a new Netflix series? :)
17:11:32 <delgnam> also, the drive is okay, booted some other isos on there. Only FreeBSD is failing for some reason :(
17:27:25 <makr> why is pkg taking almost 1 gb to do an upgrade
17:27:29 <makr> of memory
17:27:47 <makr> been noticing it keeps getting killed by the OS because of hogging memory
17:28:03 <makr> "Checking integrity...Child process pid=50693 terminated abnormally: Killed"
17:40:45 <nxjoseph> makr, i don't know if it's normal for pkg to use that much memory or is it even a problem but, i guess you can try protect(1) to protect the job from getting killed
17:46:22 <nerozero> FYI: https://forum.opnsense.org/index.php?topic=50137.0
17:46:31 <nerozero> IPV6 BSD
17:55:48 <makr> nxjoseph: thanks. i filed a ticket for it. this never used to happen before
17:56:10 <nxjoseph> makr, i see, you are welcome
18:08:09 <makr> 2 gb to update 300 pkgs...i'm not too keen on pkgbase lol
18:08:39 <shbrngdo> looks like tie to update kernel/world to -STABLE on everything
18:08:54 <ghodawalaaman_> https://x0.at/OPrQ.png
18:09:00 <ghodawalaaman_> the mirrors are too slow
18:10:26 <shbrngdo> ref CVE-2025-14558 - the link posted by nerozero
18:14:16 <mzar> nerozero?
18:14:25 <mzar> 0-day ?
18:15:02 <nerozero> sorry where AFK
18:15:13 <nerozero> if you are not using IPv6 - you are safer
18:15:15 <nerozero> if you are not using IPv6 - you are safe
18:15:23 <nerozero> this issue not effects you
18:16:46 <nerozero> but a lot of changes, update ASAP
18:17:50 <rtprio> eh, i didn't it read it as a problem if you stay on your own trusted network
18:18:55 <nerozero> If you have IPv6 and  enabled Router Advertisements from your provided - you are effected
18:22:12 <nimaje1> polarian: when using ´WITHOUT_ACPI=´ the value is the empty string
18:24:49 <makr> why is the latest branch for freebsd 15 ports not working
18:25:13 <makr> after doing echo 'FreeBSD: { url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest" }' > /usr/local/etc/pkg/repos/FreeBSD.conf
18:25:28 <makr> i get lots of errors and can't update, eg. pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
18:27:00 <mzar> is it exploited in the wild ?
18:28:04 <polarian> nimaje1: yeah i realise that :)
18:36:13 <nimaje1> makr: 15 renamed the repos, as the repo name FreeBSD would also fit for pkgbase too, so it is FreeBSD-base, FreeBSD-ports and FreeBSD-ports-kmods now
18:40:47 <makr> thanks nimaje1, that fixed it
18:45:03 <nimaje1> you should also change your -kmods repo to use  pkg+https://pkg.FreeBSD.org/${ABI}/kmods_latest  then
18:48:00 <shbrngdo> handbook comment - maybe I was doing it wrong, ut I was looking for the current method of getting kernel source and it was difficult to pinpoint in the handbook.  It oughtto be referenced in every section that discusses building the kernel, In My BombasticO Opinion (used to be). Had to resort to google searching... should be as easy as going to handbook and looking at chapters.  FWIW
18:52:20 <shbrngdo> mzar I am in the process of rebuilding my servr swith new FBSD, ports, and 8TB hard drive (old has 2TB and running 11)..  So a kernel/world build is happening NOW.  I did a quicky diff from 15-RELEASE installed source and there ARE a lot of changed files.  Devs been busy.
18:53:08 <shbrngdo> as for those behind firewall I am fuessing they may be ok using the erver as a gateway but I'll update them anyway to 14-STABLE(latest)
18:53:40 * shbrngdo ises IPv6 through he.net
18:54:17 <mzar> tnanks for reporting shbrngdo; I am also still running FreeBSD, now mostly 15/stable, bu
18:54:44 <mzar> but this machine runs 16.0-CURRENT #19 main-n282646-df6861d755c8: Fri Dec 19 18:08:48 CET 2025
18:54:59 <shbrngdo> yeah it was 'cause I looked at the link nerozero posted, so all kudos to him.  I'm just escalating the visibility a bit
18:55:28 <shbrngdo> maybe worth a tpic mention
18:55:41 <mzar> I am not much worried, rtsold is rarely run on servers
18:56:41 <mzar> moreover, we at least need small exploit and bad guy with the access to the network
18:57:16 <shbrngdo> well I'm not using dhclient on server either.  I hav a somewhat pricey /29 now
18:57:17 <mzar> does such exploit exist ?
18:57:18 <LXGHTNXNG> «rtsold is rarely run on servers»
18:57:30 <LXGHTNXNG> speak for yourself, many people have good reason to
18:57:43 <mzar> OK, I am speaking for myself
18:59:28 <shbrngdo> grok says none in the wild - https://grok.com/share/c2hhcmQtNA_a0dc7179-21fe-444a-abf8-3f6f518991ca
18:59:30 <nimaje1> mzar: ACCEPT_RTADV is the thing to look out for
18:59:59 <makr> nimaje1: i don't need to add _${VERSION_MINOR} like in /etc/pkg/FreeBSD.conf ?
19:00:01 <ximon98> Is freebsd less code than linux
19:00:05 <mzar> yes, that's common for my destkops
19:02:03 <mzar> ximon98: is it an issue ?
19:02:20 <shbrngdo> ximon - I could test that, compare size of FreeBSD sopource to Linux source.  I don't have soyurce for the latest kernel, though and you'd have to include base gnu tool source as wwell.
19:02:48 <shbrngdo> stupid keyboard.  stupid cataracts.
19:03:35 <nimaje1> makr: ah, yeah probably I just looked at usr.sbin/pkg/FreeBSD.conf.latest in the src repo, but yeah use what is in your /etc/pkg/FreeBSD.conf and change quarterly to latest
19:05:24 <makr> done, thanks nimaje1 :)
19:06:30 <nimaje1> mzar: I really don't understand why the code to react to Router Advertisement was put into rtsol too, its name suggests it only handles Router Solicitation
19:08:03 <mzar> do you think that we need another daemon for this job ?
19:09:51 <nimaje1> rtsol is no daemon, I think that part should be extracted with a better name, maybe rtadv-handler
19:11:49 <mzar> 3792  -  ICs    0:00,02 /usr/sbin/rtsold -a -i 3796  -  Is     0:00,00 rtsold: rtsold.llflags (rtsold) 3797  -  Is     0:00,00 rtsold: rtsold.script (rtsold) 3799  -  Is     0:00,00 rtsold: rtsold.sendmsg (rtsold) 3800  -  Is     0:00,02 rtsold: system.syslog (rtsold)
19:12:12 <mzar> it's a deamon /usr/sbin/rtsold: ELF 64-bit LSB pie executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 16.0 (1600007), FreeBSD-style, stripped
19:14:11 <mzar> ha.. it looks like ACPI again doesn't power off the system on recent CURRENT
19:14:36 <mzar> this issue became common in recent months
19:14:38 <nimaje1> yeah, you can use it as a daemon if you want it to send Router Solicitation, but if you just have accept_rtadv it will be used to configure stuff in response to Router Advertisement but Solicitation are never in the picture then
19:29:42 <nimaje> shbrngdo: another example why llms are not to be trusted, it confuses CVE-2025-14558 (rtsol) with CVE-2025-14769 (ipfw) there
21:48:43 <flatdog> The buggers just throttled my access. Why didn't you plainly ban me?
21:49:11 <aic> new phone who dis?
21:50:16 <flatdog> Cheap way to deal with "unpleasant" members of the forums. F*** this.
21:51:42 <aic> what was the flame war about?
21:51:47 <aic> emacs vs. vim?
21:52:57 <flatdog> There was no flame war at all. Relax.
21:53:45 <flatdog> A single post, with a statement.
21:55:08 <ant-x> nimaje, Generally, LLMs are not to be trusted because they a generators of Frankfurtean bullshit: <https://www.scientificamerican.com/article/chatgpt-isnt-hallucinating-its-bullshitting/>
21:55:48 <flatdog> About policy and politics. Iky subject.
21:56:49 <flatdog> I hate them, both.
22:02:41 <flatdog> One way or another, I will have my pun.
22:21:52 <flatdog> Why send a private message if you know it cannot be read? Crivens, most likely. Explain here.
22:24:46 <flatdog> Please explain, I will not take silence for an answer.
22:37:00 <flatdog> Are we going back to commie Era? Censoring anything + 1? Hmmm... sad future dawns
22:44:07 <flatdog> As long as I am not banned (no reason for that) I have the right to read my messages. Do you understand that?
22:44:52 <flatdog> *private messages
22:56:47 <flatdog> Good PR :)
23:22:46 <kerneldove_> 15.0 seems to be a really solid release. great job team!
23:36:35 <satanist> I'm currently looking at the rtsol cve and I don't find the lack of quoting in resolvconf(8) which in the leads to the rce
23:37:21 <satanist> is there a prove of concept for this cve?
23:52:20 <rwp> satanist, The advisory listed the patches which fixed the problem.  The patches were only for rtsol.c only and there were no changes for resolvconf.
23:52:23 <rwp> https://security.FreeBSD.org/patches/SA-25:12/rtsold.patch
23:54:14 <satanist> the advisary claims: "A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed. [...] Systems running rtsol(8) or rtsold(8) are vulnerable to remote code execution"
23:56:13 <rwp> I don't know but...  I think they are talking about on the command line to resolvconf from rtsold and therefore it was lack of quoting from rtsold.
23:57:07 <satanist> but resolvconf takes domains on stdin
23:59:07 <rwp> I don't know anything about how rtsold is coded up.  I would need to crawl through that source code to understand how it is working and what it is doing.