Build date: 1751493601 - Wed Jul 2 22:00:01 UTC 2025 Build cvs date: 1751491726 - Wed Jul 2 21:28:46 UTC 2025 Build id: 2025-07-03.1 Build tags: amd64-regress sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P bin/ps/extern.h P bin/ps/keyword.c P bin/ps/nlist.c P bin/ps/print.c P bin/ps/ps.c P lib/libc/sys/pledge.2 P lib/libc/sys/socket.2 P lib/libcrypto/evp/evp.h P lib/libcrypto/evp/evp_cipher.c P lib/libcrypto/evp/p_lib.c P lib/libcrypto/man/EVP_PKEY_set1_RSA.3 P lib/libcrypto/pkcs7/pkcs7.h P regress/usr.bin/mandoc/man/RS/paragraph.in P regress/usr.bin/mandoc/man/RS/paragraph.out_ascii P regress/usr.bin/mandoc/man/RS/paragraph.out_html P sys/arch/amd64/amd64/fpu.c P sys/arch/amd64/amd64/trap.c P sys/dev/pci/drm/drm_drv.c P sys/kern/uipc_socket.c P sys/netinet/in_pcb.c P sys/netinet/ip_icmp.c P sys/netinet6/in6_src.c P sys/sys/mutex.h P usr.bin/mandoc/man_term.c P usr.bin/mandoc/mdoc_man.c P usr.bin/tmux/format.c P usr.bin/tmux/options-table.c P usr.bin/tmux/tmux.1 P usr.bin/tmux/tmux.h M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/cert.c commit CrW0Af2KEXxc4mN1 Author: bluhm Date: 2025/07/02 21:28:46 In AMD SEV-ES guest #VC trap asserts interrupts are disabled. Instead of disabling interrupts again, use kassert to verify that #VC trap stub in vector did not enable interrupts before calling vctrap(). Add a comment about the general workings of #VC handling. Prompted and provided by mlarkin@. from hshoexer@; OK mlarkin@ sys/arch/amd64/amd64/trap.c commit 6BfdTUa24bUFIjl0 Author: schwarze Date: 2025/07/02 21:14:00 more tests of .RS/.PP interaction, related to man_term.c rev. 1.199 regress/usr.bin/mandoc/man/RS/paragraph.in regress/usr.bin/mandoc/man/RS/paragraph.out_ascii regress/usr.bin/mandoc/man/RS/paragraph.out_html commit 7FzhldEDo3tJPvpj Author: schwarze Date: 2025/07/02 20:50:09 Fix the logic for printing or skipping vertical spacing before a paragraph if the paragraph is at the beginning of an .RS block. In this case, rather than always printing the spacing as we did in the past, do the spacing as if the .RS block wouldn't be there. The new behaviour is compatible with groff-1.23. This matters for practical purposes because some LLVM manual pages are generated with the rst2man(1) program, which emits insane code in various respects. In some versions, it relies on the finer quirks of how .RS interacts with paragraph macros. usr.bin/mandoc/man_term.c commit Uqp3iX10YhQFMgtx Author: schwarze Date: 2025/07/02 19:57:41 Putting .PP in front of .RS results in unreliable and surprising semantics. For example, with groff-1.23, the sequence text .PD 0 .PP .PD .RS .PP text does not result in a blank line between the two text lines. Consequently, avoid .PP in front of .RS in general. usr.bin/mandoc/mdoc_man.c commit Pr7PY325Xk9kX73B Author: mvs Date: 2025/07/02 16:44:40 Move m_get(9) and m_split(9) calls out of mutex(9) protected section within the "while (((rcvstate & SS_RCVATMARK).." loop of somove(). The loop operates with local data so this is possible. The calls could sleep while somove() called from sosplice(). ok bluhm sys/kern/uipc_socket.c commit bEZHCEU2HJ4jrReA Author: schwarze Date: 2025/07/02 16:07:02 sprinkle some missing .Dv macros in .It heads, no text change lib/libc/sys/socket.2 commit kFRjqYsIKYBe2Gnt Author: schwarze Date: 2025/07/02 15:56:32 fix one instance of ".Va struct stat" to use the correct macro, .Vt lib/libc/sys/pledge.2 commit zCIsZDiikn7oMc9q Author: schwarze Date: 2025/07/02 15:42:13 tweak previous: use .Xr for manual page references and .Dv for object-like preprocessor macros lib/libc/sys/pledge.2 commit 89ajE7KzlmwZxXLW Author: kettenis Date: 2025/07/02 14:51:31 Add an splassert(IPL_NONE) in fpu_kernel_enter() to catch unintended use of this function in interrupt context. ok claudio@, deraadt@ sys/arch/amd64/amd64/fpu.c commit sheBppzKGXPsCxIM Author: claudio Date: 2025/07/02 14:50:05 Rewrite m_getuio() to better align data in the mbufs Especially for datagram traffic data should be put at the end of a buffer that also holds at least max_hdr bytes extra space. Doing so should prevent the stack from calling m_prepend() later on. Also handle cluster allocations differently. If there is no cluster available just wait for memory and stop building stupidly long mbuf chains. In the very old times the number of clusters was very limited and so this was kind of needed but this has not been the case for a long time. Also most drivers will need to m_defrag() such a chain anyway which requires the same mbuf cluster to succeed. Joint work with dlg@ OK bluhm@ sys/kern/uipc_socket.c commit VH6lxrXSMxhoBgmX Author: claudio Date: 2025/07/02 14:36:56 Make the mtx_owner pointer volatile in struct db_mutex else db_mtx_enter() may not work properly. OK kettenis@ miod@ sys/sys/mutex.h commit EYZ6fog7H4v3cMyR Author: tb Date: 2025/07/02 14:30:00 rpki-client: move AKI handling to cert_parse_extensions() With this, the extension parsing switch is complete. ok job usr.sbin/rpki-client/cert.c commit fn4bbllgdtPyBvcJ Author: tb Date: 2025/07/02 14:28:33 rpki-client: move SKI handling to cert_parse_extensions() ok job usr.sbin/rpki-client/cert.c commit hKrKk9u8PeXc9HMs Author: deraadt Date: 2025/07/02 13:25:05 use a local definition of MINIMUM bin/ps/print.c commit lvxkLh9gP574qF2w Author: deraadt Date: 2025/07/02 13:24:48 stop using an extern variable to collect errors; ok tedu millert bin/ps/extern.h bin/ps/keyword.c bin/ps/nlist.c bin/ps/ps.c commit w4EvaKXGKzrXshbX Author: deraadt Date: 2025/07/02 13:08:21 Describe the "dns" promise in more detail, as being distinct from "inet". This is a pretty important factor that makes it impossible for other operating systems to do pledge.. lib/libc/sys/pledge.2 commit lffKqHoSzn36lAzi Author: jsg Date: 2025/07/02 12:19:26 run drm_managed cleanup from drm detach avoids a 'pool busy: still out' panic seen when radeondrm firmware is missing on non-efi installs reported by landry@ sys/dev/pci/drm/drm_drv.c commit cIXKdc5MtcbxTtS6 Author: tb Date: 2025/07/02 11:23:25 rpki-client: add an X509 reference to cert early on In order to deal with SKI and AKI, it's cleaner to have the libcrypto cert available in struct cert when parsing them so that the extension handlers can all have the same signature. Hoisting the assignment up in cert_parse_ee_cert() for this is very simple. In cert_parse_pre() we own the X509 from the start, so we take an extra reference which we must release before exit. In the error path there's an X509_free() and cert_free() releases the extra reference. Again this will become a bit simpler in a few more steps. ok job usr.sbin/rpki-client/cert.c commit Qb835v6zzmuPsxW1 Author: tb Date: 2025/07/02 11:13:34 rpki-client: add CRLDP parsing to cert_parse_extensions() Add a version of x509_get_crl() to cert_parse_extensions(). One change is that we disallow TA certs and the other one is that the deserialization matches all the other handlers. Also populate cert->crl directly. As with the other nearly duplicated code, the old x509_get_crl() will be removed later on. ok job usr.sbin/rpki-client/cert.c commit 7X2v9O5VRCRfhY7w Author: tb Date: 2025/07/02 11:11:39 rpki-client: annotate basic constraints and (extended) key usage These are handled by cert_parse_pre(), add comments to make it more obvious that we're close to being done with this switch (finally). ok job (as part of a larger diff) usr.sbin/rpki-client/cert.c commit rIKwmlY1gRlwSkRm Author: tb Date: 2025/07/02 10:24:17 pkcs7.h: remove whitespace before opening paren. fixes in particular ./check_complete.pl pkcs7 lib/libcrypto/pkcs7/pkcs7.h commit JXxJGFJodyagp5hi Author: nicm Date: 2025/07/02 08:13:09 Add sorting to W, P, L operators as well, and add some new session format variables. From Michael Grant in GitHub issue 4516. usr.bin/tmux/format.c usr.bin/tmux/options-table.c usr.bin/tmux/tmux.1 usr.bin/tmux/tmux.h commit B0BjViuz5keEJgzK Author: tb Date: 2025/07/02 06:40:28 Const correct the documentation of EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}() lib/libcrypto/man/EVP_PKEY_set1_RSA.3 commit YhmtMjAbNK6lqype Author: tb Date: 2025/07/02 06:36:52 Const correct EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}() These are safe to call concurrently and they don't modify the memory region pointed to by the pkey - they only bump the refcount of the key hanging off of it. The returned "legacy" key has to be handled with care in threaded constexts, so it is handed back as non-const. This also matches what EVP_PKEY_get0() always had. This way our signature is identical to BoringSSL's and doesn't cause compiler warnings in code that overuses const because one of the many API incoherencies added by OpenSSL 3 was to turn get0 into a function that takes and returns const while leaving get1 as it was. dlg agrees ok kenjiro lib/libcrypto/evp/evp.h lib/libcrypto/evp/p_lib.c commit wi8Smuv3mKJVjsDc Author: tb Date: 2025/07/02 06:27:44 Fix documented EVP_PKEY{,_base}_id() signature These have been taking a const pkey ever since they were added in OpenSSL 1.0.0. lib/libcrypto/man/EVP_PKEY_set1_RSA.3 commit pJ89ANYMzEM8eXhg Author: tb Date: 2025/07/02 06:19:46 EVP_CipherInit_ex(): normalize EVP_CIPHER_CTX_ctrl() error check While EVP_CIPHER_CTX_ctrl() can return a negative value this can't actually happen currently as all ciphers with EVP_CIPH_CTRL_INIT set normalize the EVP_CTRL_INIT return value to boolean in their ctrl() methods. Still, this check looks weird in grep, so align it. ok beck kenjiro lib/libcrypto/evp/evp_cipher.c commit 9IZKK57PTOzpMUzQ Author: dlg Date: 2025/07/02 05:44:46 have route sourceaddr use RTF_GATEWAY to decide when to kick in. previously it used !RTF_HOST and !RTF_LLINFO. the intention with route sourceaddr was to use it except when a peer was on link. however, it is possible to have host routes (ie, RTF_HOST) via a gateway, which ended up not using the route sourceaddr when it should not have. by definition any route with RTF_GATEWAY set is not directly connected, so using it seems to better suit what route sourceaddr is doing. discussed with and ok claudio@ denis@ tested by denis@ sys/netinet/in_pcb.c sys/netinet/ip_icmp.c sys/netinet6/in6_src.c