4 files changed, 204 insertions, 40 deletions

diff --git a/website/content/en/releases/15.0R/relnotes.adoc b/website/content/en/releases/15.0R/relnotes.adoc
index d91e1fae8e..29f78cc9d7 100644
--- a/website/content/en/releases/15.0R/relnotes.adoc
+++ b/website/content/en/releases/15.0R/relnotes.adoc
@@ -175,25 +175,33 @@ This section lists the various Security Advisories and Errata Notices since {rel
 |29 October 2024
 |Certificate revocation list man:fetch[1] option fails
 
-| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh]
-| 2025-01-29
-| OpenSSH Keystroke Obfuscation Bypass
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc[FreeBSD-SA-25:01.openssh]
+|29 January 2025
+|OpenSSH Keystroke Obfuscation Bypass
 
-| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs]
-| 2025-01-29
-| Buffer overflow in some filesystems via NFS
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc[FreeBSD-SA-25:02.fs]
+|29 January 2025
+|Buffer overflow in some filesystems via NFS
 
-| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate]
-| 2025-01-29
-| Unprivileged access to system files
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc[FreeBSD-SA-25:03.etcupdate]
+|29 January 2025
+|Unprivileged access to system files
 
-| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace]
-| 2025-01-29
-| Uninitialized kernel memory disclosure via man:ktrace[2]
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc[FreeBSD-SA-25:04.ktrace]
+|29 January 2025
+|Uninitialized kernel memory disclosure via man:ktrace[2]
 
-| https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh]
-| 2025-02-21
-| Multiple vulnerabilities in OpenSSH
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc[FreeBSD-SA-25:05.openssh]
+|21 February 2025
+|Multiple vulnerabilities in OpenSSH
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:06.xz.asc[FreeBSD-SA-25:06.xz]
+|02 July 2025
+|Use-after-free in multi-threaded xz decoder
+
+|https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc[FreeBSD-SA-25:07.libarchive]
+|08 August 2025
+|Integer overflow in libarchive leading to double free
 |===
 
 [[errata]]
@@ -286,7 +294,7 @@ This section lists the various Security Advisories and Errata Notices since {rel
 |19 June 2024
 |Lock order reversal in killpg causing livelock
 
-|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libc++.asc[FreeBSDS-EN-24:13:libc++]
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-24:13.libc\+\+.asc[FreeBSDS-EN-24:13:libc++]
 |19 June 2024
 |Incorrect size passed to heap allocated std::string delete
 
@@ -306,37 +314,61 @@ This section lists the various Security Advisories and Errata Notices since {rel
 |20 October 2024
 |XDG runtime directory's file descriptor leak at login
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc]
-| 2025-01-29
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:01.rpc.asc[FreeBSD-EN-25:01.rpc]
+|29 January 2025
 | NULL pointer dereference in the NFSv4 client
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit]
-| 2025-01-29
-| System call auditing disabled by DTrace
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:02.audit.asc[FreeBSD-EN-25:02.audit]
+|29 January 2025
+|System call auditing disabled by DTrace
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata]
+|29 January 2025
+|Timezone database information update
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata]
+|10 April 2025
+|Timezone database information update
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat]
+|10 April 2025
+|Update expat to 2.7.1
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon]
+|10 April 2025
+|man:daemon[8] missing signals
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl]
+|10 April 2025
+|Update OpenSSL to 3.0.16
+
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot]
+|10 April 2025
+|Root certificate bundle update
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:03.tzdata.asc[FreeBSD-EN-25:03.tzdata]
-| 2025-01-29
-| Timezone database information update
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:09.libc.asc[FreeBSD-EN-25:09:libc]
+|02 July 2025
+|Dynamically-loaded C++ libraries crashing at exit
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:04.tzdata.asc[FreeBSD-EN-25:04.tzdata]
-| 2025-04-10
-| Timezone database information update
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:10.zfs.asc[FreeBSD-EN-25:10:zfs]
+|02 July 2025
+|Corruption in ZFS replication streams from encrypted datasets
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:05.expat.asc[FreeBSD-EN-25:05.expat]
-| 2025-04-10
-| Update expat to 2.7.1
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:11.ena.asc[FreeBSD-EN-25:11:ena]
+|02 July 2025
+|ena resets and kernel panic on Nitro v4 or newer instances
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:06.daemon.asc[FreeBSD-EN-25:06.daemon]
-| 2025-04-10
-| man:daemon[8] missing signals
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:12.efi.asc[FreeBSD-EN-25:12:efi]
+|08 August 2025
+|man:bsdinstall[8] not copying the correct loader on systems with IA32 UEFI firmware.
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:07.openssl.asc[FreeBSD-EN-25:07.openssl]
-| 2025-04-10
-| Update OpenSSL to 3.0.16
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:13.wlan_tkip.asc[FreeBSD-EN-25:13:wlan_tkip]
+|08 August 2025
+|net80211 TKIP crypto support fails for some drivers
 
-| https://www.freebsd.org/security/advisories/FreeBSD-EN-25:08.caroot.asc[FreeBSD-EN-25:08.caroot]
-| 2025-04-10
-| Root certificate bundle update
+|https://www.freebsd.org/security/advisories/FreeBSD-EN-25:14.route.asc[FreeBSD-EN-25:14:route]
+|08 August 2025
+|man:route[8] monitor buffers too much when redirected to a file
 |===
 
 [[userland]]
@@ -414,7 +446,8 @@ gitref:3a2ec5957ea9[repository=src]
 === Contributed Software
 
 One True Awk (man:awk[1]) has been updated to 2nd Edition, with new -csv support and UTF-8 support.
-gitref:daf917daba9c[repository=src]
+The snapshot used is 20250804.
+gitref:b45a181a74c8[repository=src]
 
 The man:sendmail[8] suite has been upgraded to version 8.18.1, addressing CVE-2023-51765.
 gitref:58ae50f31e95[repository=src]
diff --git a/website/content/en/status/report-2025-04-2025-06/group-changes.adoc b/website/content/en/status/report-2025-04-2025-06/group-changes.adoc
new file mode 100644
index 0000000000..01dc8f2a13
--- /dev/null
+++ b/website/content/en/status/report-2025-04-2025-06/group-changes.adoc
@@ -0,0 +1,27 @@
+=== ucred / group changes in FreeBSD 15.0
+
+Links: +
+link:https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html[freebsd-arch@ discussion] URL: https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html[] +
+link:https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51[Primary kernel change] URL: https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51[] +
+link:https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc[Primary userspace change] URL: https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc
+
+Contact: Kyle Evans <kevans@FreeBSD.org> +
+Contact: Olivier Certner <olce@FreeBSD.org>
+
+FreeBSD 15.0 will change how supplementary groups are handled in both userspace and the kernel in FreeBSD 15.0 in a way that warrants additional attention and feedback.
+
+For some background: FreeBSD has historically tracked the effective group-ID of a process in the man:ucred[9] cr_groups array as the first element, with the rest of the array describing its supplementary groups.
+The natural consequence of this decision is that the arrays used in man:setgroups[2] and man:getgroups[2] follow the same format, and man:setgroups[2] has the documented side effect of setting the effective group-ID.
+The vast majority of other platforms do not exhibit this behavior anymore, including NetBSD and OpenBSD.
+macOS appears to be the only exception found in testing.
+
+The problem is that the vast majority of software in the FreeBSD Ports Collection comes from other platforms, where man:setgroups[2] and man:setgroups[2] operate purely on the supplementary groups.
+This kind of a behavior difference is very subtle and would need to be audited more carefully to be sure that we have not introduced a potential security issue in ported software.
+
+In FreeBSD 15.0, the primary user-facing change is that man:setgroups[2], man:getgroups[2], and man:initgroups[3] behavior will change to match other platforms, and users are requested to be extra vigilant in areas that may be affected as we proceed through the release cycle.
+In general, the expectation is that this change may:
+
+* Fix some small number of bugs where we would have lost either our expected effective group membership or one of the supplementary groups we should have been in
+* (Less likely) Introduce some even smaller number of bugs where something expected man:setgroups[2] to change our effective group membership but now it is just a supplementary group and our effective group-ID is unchanged
+
+Software included in the base system is largely unaffected or improved by this change, with OpenSSH being a notable example of a link:https://cgit.freebsd.org/src/commit/?id=239e8c98636a7578cc67a6f9d54d14c71b095e36[strange bug] caused by the historical implementation.
diff --git a/website/content/en/status/report-2025-04-2025-06/intro.adoc b/website/content/en/status/report-2025-04-2025-06/intro.adoc
new file mode 100644
index 0000000000..3dcc419a3e
--- /dev/null
+++ b/website/content/en/status/report-2025-04-2025-06/intro.adoc
@@ -0,0 +1,17 @@
+Here is the second 2025 status report, with 32 entries.
+
+As for the preceding quarters, this report is published just a few days before calls for 2025Q3 report submissions are sent.
+Indeed, although according to our link:https://docs.freebsd.org/en/articles/freebsd-status-report-process/#_timeline[timeline] we should have published this report in July (general rule is publication should happen within the month just after the calls for reports are sent), we kept receiving important reports until the end of August.
+This is both a positive and a negative thing.
+On a hand, it means that our FreeBSD community is busy fixing existing issues and implementing new features, making the OS we love better and better every day; it means that the community works so intensely that very little time remains for reporting.
+On the other hand, it means that news in these reports is always two months old when published.
+Two months is not bad, especially if we consider that FreeBSD communication happens on many other channels too, but it would be nice if we could improve it.
+
+If you are a late submitter, please take some time to evaluate if there is anything you can do to improve your report submission punctuality.
+The Status team is always glad to ease the submission process: if there is something we can do for you, just ask.
+If you are a contributor or just a FreeBSD user, please consider contributing more if you can.
+Even working on a single small simple task only is useful, it can help to lower the pressure on other developers, for whom it might thus become easier to find the time to document their work.
+
+Have a nice reading!
+
+Lorenzo Salvadore, on behalf of the Status Team.
diff --git a/website/content/en/status/report-2025-04-2025-06/kw-hackathon.adoc b/website/content/en/status/report-2025-04-2025-06/kw-hackathon.adoc
new file mode 100644
index 0000000000..5b8aba58ee
--- /dev/null
+++ b/website/content/en/status/report-2025-04-2025-06/kw-hackathon.adoc
@@ -0,0 +1,87 @@
+=== Hackathon 202506 Kitchener-Waterloo, Canada
+
+Links: +
+link:https://wiki.freebsd.org/Hackathon/202506[Hackathon/202506 Wiki Page] URL: link:https://wiki.freebsd.org/Hackathon/202506[]
+link:https://wiki.freebsd.org/Hackathon[FreeBSD Hackathon Wiki Page] URL: link:https://wiki.freebsd.org/Hackathon[]
+
+In the week following link:https://www.bsdcan.org/2025/[BSDCan 2025], a hackathon took place in the Kitchener-Waterloo area.
+
+Thanks to Ed Maste for hosting this event at the Communitech Hub in Kitchener.
+
+==== Pictures of the hackathon
+
+Pictures of the hackathon are collected link:https://people.freebsd.org/~emaste/hackathon202506/[here].
+
+National FreeBSD day landed sometime during the hackathon, so Charlie Li treated us to a great DJ set to celebrate, mixing entirely on FreeBSD at an arcade bar in Waterloo :)
+
+==== The work done during the hackathon
+
+===== WiFi Testbed (Li-Wen Hsu)
+
+- The hardware of a proof-of-concept wireless has been set up in Foundation's Kitchener office.
+- The current setup is simple:
+    - One baremetal machine has multiple wireless interface and,
+    - One access point is also connected to the machine via a serial console and a private testing network
+- Currently we have following hardware to be passthru to bhyve VM provisioned with the image from link:https//artifact.ci.freebsd.org[Artifact server of FreeBSD CI]
+    - Intel AX210
+    - Realtek RTL8812AU
+- The work continues on connecting it to link:https//ci.freebsd.org[FreeBSD CI cluster] as a downstream job after standard tests finishes.
+
+===== Installer (Joseph Mingrone, Ed Maste, Aymeric Wibo)
+
+- Go through installer step-by-step and create the link:https://wiki.freebsd.org/ImproveInstaller[Improving the Installer] wiki page with the notes we collected.
+- lualoader: Add distinct brand for installer (Make it obvious to users that the system is booting into the installer.)
+  Patch: link:https://reviews.freebsd.org/D51001[]
+
+===== pkgbase (Ed Maste)
+
+- man:bsdinstall[8]: Default to pkgbase if media contains base packages
+  Patch: link:https://reviews.freebsd.org/D50467[]
+- man:release[7]: Add set -e to abort upon failure
+  Patch: link:https://reviews.freebsd.org/D50383[]
+
+===== Landing scheduler run queue patches (Olivier Certner)
+
+- Land all scheduler runqueue patches.
+* link:https://reviews.freebsd.org/D45387[D45387]
+* link:https://reviews.freebsd.org/D45388[D45388]
+* link:https://reviews.freebsd.org/D45389[D45389]
+* link:https://reviews.freebsd.org/D45390[D45390]
+* link:https://reviews.freebsd.org/D45391[D45391]
+* link:https://reviews.freebsd.org/D45392[D45392]
+* link:https://reviews.freebsd.org/D46566[D46566]
+* link:https://reviews.freebsd.org/D46567[D46567]
+* link:https://reviews.freebsd.org/D50880[D50880]
+
+
+===== Capsicum (Ed Maste)
+
+- Improvements to the man:capsicum[4] manpage.
+  Patches: link:https://reviews.freebsd.org/D50855[], gitref:ce65ff203a4f7ce59c8782f87d90a657f7ccbc46[repository=src]
+- Capsicumize man:beep[1] to serve as an easy example of Capsicum.
+  Patches: link:https://reviews.freebsd.org/D50709[]
+
+===== s2idle/S0ix/USB4 (Aymeric Wibo, Sheng-Yi Hung)
+
+- Fix some more USB4 driver panics.
+- Discuss how s2idle should work w.r.t. the scheduler with Olivier & Mark, and temporarily implement "idle" state for the scheduler (where it just always chooses the idle thread).
+- Extend amdgpio driver to service all GPIO interrupts (requirement for S0i3 on AMD).
+  We were also looking into how we can consume GPIO interrupts in device drivers on x86 for stuff like reducing the latency of the Framework trackpad with Sheng-Yi.
+- Implement some more S0i3 debugging features for AMD to help us debug why we would not be entering S0i3.
+
+===== Ports (Joseph Mingrone)
+
+- [.filename]#Mk/Scripts/qa.sh#: Fix false positives in LIB_DEPENDS warnings
+  Patch: https://reviews.freebsd.org/D50860[]
+- package:editors/emacs-devel[]: Update to 2025-06-17 snapshot
+  Patch: gitref:4170f65753805c08842bd6b200efd8d5ae20d464[repository=ports]
+
+===== Miscellaneous (Ed Maste, Olivier Certner, Sheng-Yi Hung, Li-Wen Hsu)
+
+- Enable sccache support as an alternative to ccache when building (through `WITH_CCACHE_BUILD` environment variable).
+  Commit: gitref:10cb3979a9bde6c8e441e3ba4aa5fd09963c484f[repository=src]
+- Discussion on the CPPC implementation (Sheng-Yi, Olivier), see in particular https://reviews.freebsd.org/D49587[D49587].
+- Other various fixes.
+  Patches: https://reviews.freebsd.org/D50876[D50876], gitref:956100d60fa86daebc1bd46ea62f207f6b54d93d[repository=src], gitref:fc77abfd1e62751b0c76cd5d8ef3299b8ca398c6[repository=src], https://reviews.freebsd.org/D50938[D50938], gitref:6d8cfd29d477c64376b3e286946cddb93c7373c5[repository=src], gitref:4f33d073003ccd91390709e14e5c1bf1f0c1c85c[repository=src]
+
+Sponsor: The FreeBSD Foundation