Build date: 1757973603 - Mon Sep 15 22:00:03 UTC 2025 Build cvs date: 1757965055 - Mon Sep 15 19:37:35 UTC 2025 Build id: 2025-09-16.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libcrypto/aes/aes.c P lib/libcrypto/mlkem/mlkem_key.c P regress/lib/libcrypto/wycheproof/wycheproof.go P regress/usr.bin/ssh/unittests/misc/test_expand.c P regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_basic.c P regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_misc.c P sbin/unwind/parse.y P sbin/unwind/resolver.c P sbin/unwind/unwind.c P sbin/unwind/unwind.h P share/man/man4/bcmtmon.4 P share/man/man9/disklabel.9 P sys/dev/softraid.c P sys/dev/softraid_crypto.c P sys/dev/vnd.c P sys/dev/fdt/bcm2711_tmon.c P sys/dev/isa/fd.c P sys/kern/subr_disk.c P sys/kern/subr_hibernate.c P sys/net/route.c P sys/sys/disk.h P sys/sys/disklabel.h P usr.bin/newsyslog/newsyslog.c P usr.bin/rcs/rcstime.c P usr.bin/sndiod/listen.c P usr.bin/ssh/auth-options.c P usr.bin/ssh/auth.c P usr.bin/ssh/channels.c P usr.bin/ssh/kex.c P usr.bin/ssh/krl.c P usr.bin/ssh/monitor.c P usr.bin/ssh/mux.c P usr.bin/ssh/scp.c P usr.bin/ssh/sftp-client.c P usr.bin/ssh/sftp-client.h P usr.bin/ssh/sftp.c P usr.bin/ssh/ssh.c P usr.bin/ssh/sshconnect.c P usr.bin/ssh/sshconnect2.c P usr.bin/ssh/sshd-auth.c P usr.bin/ssh/sshsig.c M usr.sbin/bgpd/session.c P usr.sbin/pkg_add/OpenBSD/PkgCreate.pm P usr.sbin/rad/frontend.c P usr.sbin/rad/rad.conf.5 P usr.sbin/rad/rad.h P usr.sbin/rpki-client/ccr.c P usr.sbin/rpki-client/print.c P usr.sbin/rpki-client/rpki-asn1.h U usr.sbin/rpki-client/version.h commit 5PZ2U5BYBRCWvrec Author: millert Date: 2025/09/15 19:37:35 rcs_set_tz: Use timegm() to parse broken-down UTC We used to use mktime() (which expects local time not UTC) and manually adjust the time zone, but this did not take DST into account. From Tomas Rippl usr.bin/rcs/rcstime.c commit wtc1ZzX3wGJKCR0M Author: jan Date: 2025/09/15 18:51:22 newsyslog: use localtime_r(3) with error handling Replace localtime(3) with localtime_r(3) to avoid editing of struct tm in libc. While here do correct error handling of the return value. suggested by bluhm ok bluhm usr.bin/newsyslog/newsyslog.c commit ooDGFZunyD5NdRIg Author: job Date: 2025/09/15 17:08:21 Move rpki-client towards release 9.6 OK tb@ usr.sbin/rpki-client/version.h commit f5eVB9yRqT1pzv8n Author: kettenis Date: 2025/09/15 16:18:28 Register the thermal sensor with the thermal framework. Based on an earlier diff from mglocker@ ok mglocker@, jca@ sys/dev/fdt/bcm2711_tmon.c commit ZXnzYxH9EqypsX1D Author: kettenis Date: 2025/09/15 16:16:20 Mention BCM2712 and the Raspberry Pi 5. requested by mglocker@ share/man/man4/bcmtmon.4 commit i273EYmvOZorooDD Author: job Date: 2025/09/15 15:06:20 Fix memory leak CID 621618 OK tb@ usr.sbin/rpki-client/ccr.c commit afElh1QsXIpPyjoW Author: krw Date: 2025/09/15 14:15:54 Move kernal local struct disklabel variables off of stack and into malloc'd memory. Note that sr_hibernate_io() will be a special case handled separately. Required for future increases in the number of disk partitions and thus the size of a disklabel. Most work by & ok deraadt@ sys/dev/softraid.c sys/dev/softraid_crypto.c sys/kern/subr_disk.c sys/kern/subr_hibernate.c commit dLvHXm1LK0WZMh1h Author: bluhm Date: 2025/09/15 13:51:24 Revert: Clear RTF_MPATH flag for cloned routes. In rev 1.449 the multipath flag was cleared for cloned routes to avoid a crash during removal. Unfortunately this breaks a feature where we have multiple llinfo entries for interfaces with different priority. regress/sbin/route rttest32 detects this and fails. Meanwhile ARP and ND6 lists use iterator to be MP safe. So removing the wrong llinfo route should not be a problem anymore. Eventually the timeout will catch both of them. Do not clear RTF_MPATH flag anymore. regress failure noted by anton@ sys/net/route.c commit u98nu2AitP1HDcrF Author: job Date: 2025/09/15 12:05:15 Cosmetic change to avoid linewrapping "fine" tb@ usr.sbin/rpki-client/ccr.c commit ODcx3TI8XaOM1Ix0 Author: job Date: 2025/09/15 11:52:07 Add thisUpdate in ManifestRef in CCR file format Store the thisUpdate value from Manifest eContent payloads in the CCR/Erik protocol ManifestRef structure. This will be useful for debugging Erik protocol exchanges, but also paves the way to generate Erik objects directly from CCR objects. OK tb@ usr.sbin/rpki-client/ccr.c usr.sbin/rpki-client/print.c usr.sbin/rpki-client/rpki-asn1.h commit C8hDZKtb9dLxb8QV Author: krw Date: 2025/09/15 10:33:03 Expand the masks tracking disk partition status to 64 bits. Required for future increases in the number of disk partitions. ok deraadt@ share/man/man9/disklabel.9 sys/dev/vnd.c sys/dev/isa/fd.c sys/kern/subr_disk.c sys/sys/disk.h sys/sys/disklabel.h commit xqNrijUdvx0YCrqF Author: tb Date: 2025/09/15 09:43:42 wycheproof: run HMACSM3 tests against libcrypto regress/lib/libcrypto/wycheproof/wycheproof.go commit 4CYtLDzkwbrnyqWs Author: florian Date: 2025/09/15 09:01:56 Be able to limit interface configured lifetimes. When a prefix on an advertising interface is configured with lifetimes, rad(8) would use those and ignore lifetimes from the configuration. On "sensible" networks, this is perfectly fine, however some dhcpv6 servers might hand out leases with excessively long lifetimes (months) and there was no way to limit those lifetimes. Now the minimum of lifetimes from the config file and the interface is used. Problem pointed out by Ryan Vogt (rvogt.ca AT gmail), who also provided a diff, which inspired this change. Lots of testing by Ryan Vogt. OK bluhm usr.sbin/rad/frontend.c usr.sbin/rad/rad.conf.5 usr.sbin/rad/rad.h commit crstKW9SdX0xLf9Z Author: florian Date: 2025/09/15 08:43:51 Disable aggressive-nsec when "force" is in use. When resolution of a domain is forced to a resolver type, the resolver might have an nsec chain in its cache that proofs the non-existence of the domain. With aggressive-nsec enabled (the default in unbound), the query will then not be forwarded and resolution fails, even if "accept bogus" is configured. For example, if one squats on the undelegated tld "foobar": force forwarder { foobar } and then typo's it as foobaa: foo. 86400 IN NSEC food. NS DS RRSIG NSEC Problem reported by, testing & OK tb Suggestion to turn off aggressive-nsec by otto sbin/unwind/parse.y sbin/unwind/resolver.c sbin/unwind/unwind.c sbin/unwind/unwind.h commit PZlIfF524294ME0V Author: jsg Date: 2025/09/15 08:39:22 test correct variable for file_new() return value found with smatch, ok ratchov@ usr.bin/sndiod/listen.c commit BNLPfHdTjhG48up8 Author: tb Date: 2025/09/15 07:36:12 aes: move explicit_bzero() after NULL check CID 621601 621602 ok djm jsg jsing miod lib/libcrypto/aes/aes.c commit INuRranOz3wYMEjy Author: djm Date: 2025/09/15 05:17:37 fix leaks of struct sftp_conn in scp; ok dtucker@ usr.bin/ssh/scp.c usr.bin/ssh/sftp-client.c usr.bin/ssh/sftp-client.h commit ATaTwVZJtVdxrNlC Author: djm Date: 2025/09/15 04:52:41 leak of principals file lines; ok dtucker@ usr.bin/ssh/sshsig.c commit 14MUQZ8kulrxfxk7 Author: djm Date: 2025/09/15 04:52:12 leak of authentication options at exit; ok dtucker@ usr.bin/ssh/sshd-auth.c commit huToK7OEXZWOTtwY Author: djm Date: 2025/09/15 04:51:35 memleak of keys not used for authentication; ok dtucker@ usr.bin/ssh/sshconnect2.c commit 9h7yFgLkQCjm630c Author: djm Date: 2025/09/15 04:50:42 memleak of certificate path; ok dtucker@ usr.bin/ssh/ssh.c commit wK8yof49W5ajU2gI Author: djm Date: 2025/09/15 04:49:41 memleak of hostkey when downgrading host cert->key;\^Mok dtucker usr.bin/ssh/sshconnect.c commit eh0BXOpImJtXSMIz Author: djm Date: 2025/09/15 04:49:00 memleak of editline history; ok dtucker@ usr.bin/ssh/sftp.c commit t9TeimQIVxsKnC4J Author: djm Date: 2025/09/15 04:48:29 memleak of rfwd callback context; ok dtucker@ usr.bin/ssh/mux.c commit mR07VyoJ5ghljhlo Author: djm Date: 2025/09/15 04:47:49 memleaks of request packet and hostkeys blob;\^Mok dtucker@ usr.bin/ssh/monitor.c commit dKqfFKGJqqwrJ8cL Author: djm Date: 2025/09/15 04:41:20 memleak of KRL revoked certs struct; ok dtucker usr.bin/ssh/krl.c commit Z3slNY7JsE88el25 Author: djm Date: 2025/09/15 04:40:34 memleak of kex->server_sig_algs; ok dtucker@ usr.bin/ssh/kex.c commit vSKbUDukTaXB0qN2 Author: djm Date: 2025/09/15 04:39:58 fix memleak of channel forwarding permissions; ok dtucker@ usr.bin/ssh/channels.c commit c3tvEPihwIzt00jV Author: djm Date: 2025/09/15 04:39:15 when merging auth options into the active set, don't leak the old struct sshauthopt; ok dtucker@ usr.bin/ssh/auth.c commit jGXManbbiMmwYtQq Author: djm Date: 2025/09/15 04:38:00 fix memleak when applying certificate options; ok dtucker usr.bin/ssh/auth-options.c commit uBivEDXMJvMsSyOF Author: tb Date: 2025/09/15 03:34:58 MLKEM_private_key_new: add missing space before = lib/libcrypto/mlkem/mlkem_key.c commit Xs3yApwYw4hz9IZB Author: djm Date: 2025/09/15 03:00:22 memory leaks in unit tests regress/usr.bin/ssh/unittests/misc/test_expand.c regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_basic.c regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_misc.c commit u9DL3L23FBddU6rE Author: afresh1 Date: 2025/09/15 01:59:37 Revert previous I failed to build devel/gtest with it, so it will need more testing to find the correct fix. usr.sbin/pkg_add/OpenBSD/PkgCreate.pm