-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:07.pkgbase Errata Notice The FreeBSD Project Topic: Base packages fail to build with newer versions of libucl Category: core Module: packages Announced: 2026-04-21 Affects: FreeBSD 15.0 Corrected: 2026-04-07 11:27:02 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:26 UTC (releng/15.0, 15.0-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The libucl library is used for parsing documents in the UCL markup format. The base system private Lua (flua) exposes libucl to Lua applications via the "ucl" module. II. Problem Description In libucl version 0.9.3, an API change was made in the Lua ucl module to prohibit the use of certain syntax by default, specifically the ".include" directive. This change causes the base system package build ("make update-packages") to fail when the host system is using libucl 0.9.3 or later. III. Impact Future versions of FreeBSD, which include libucl 0.9.3 or later, will be unable to build FreeBSD 15.0 base system packages from source. IV. Workaround No workaround is available. V. Solution Update the base system source tree to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No action is required on the host (build) system. To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch.asc # gpg --verify pkgbase.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 976b2ebf4309 stable/15-n282865 releng/15.0/ f3bbb238daa1 releng/15.0-n281021 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoaEACgkQbljekB8A Gu9oRhAAog+a+4hJ3OtOel1VVHOgB+JrKfKQHedMitP5RDZAy0e3tWBkm2lKXitv akZIxFeqmJufBtZRQQSqa9Y9GSFklYHOXh+p/YvObshgkyXijHt+6DtcMtQEmryd ZDSpVxBpmFP/taGHO7KdSOYuhoyaF5zYUzbuh62AlYHWD/48TPCyBWnEBzcPrGXz Ew3FltDqKwtccACBZyI9VZFUMCTfCQeaOxB41zEhNGAbxu9DAmpD1t3e5kxHr8ji imFRVwi0CsKvB9JGcU5BXKU1YtmG4hXEl9CvacNwxOFGjONB+MYZCNfdNXA9SDjn 9fRhz1TzVcFN6i4zWgu2YCV8id5YtaFQuYYjLZQczWgtoNKxBhqpEjeNGKTp1YIb kwCdF+K+bbLPdtOl6w8E7q3Ksm7AluwbtjJaXskABgUYfXTSDlo6N/HHFd8WNRM0 +u+XZ/DRhpgNVUDlQJU2XhfYKQyGyd3H//ZtD+ExQeMnTQYASBll3t6hhHx5wTWo ZHpWJ1dUTZfv0vJMcNrIF0H81AgTigA6Saq4OrIYiec/4HBAIs+MeVO0oWCvF0bs 0g67n6+1Kxz29mXi2nWIbFmILZGEYq3J0y+hEJsr8gmRBgmWpFQJBOYUHXnZwYUG q4YDpXvE9WWKATm/KB3clAd08QQej26P+Qow0ck1Gq17aPWCL6w= =jKUS -----END PGP SIGNATURE-----