Build date: 1758060003 - Tue Sep 16 22:00:03 UTC 2025
Build cvs date: 1758043775 - Tue Sep 16 17:29:35 UTC 2025
Build id: 2025-09-17.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P lib/libc/sys/sysctl.2
P lib/libcrypto/mlkem/mlkem_internal.c
P lib/libcrypto/mlkem/mlkem_key.c
P regress/lib/libcrypto/wycheproof/wycheproof.go
P regress/sys/kern/signal/sig-stop2/sig-stop2.c
P regress/sys/kern/signal/sig-stop3/sig-stop3.c
P regress/usr.sbin/acme-client/Makefile
U regress/usr.sbin/acme-client/acme-client-profile.conf
P sys/arch/amd64/amd64/bios.c
P sys/arch/amd64/amd64/cpu.c
P sys/arch/amd64/amd64/ioapic.c
P sys/arch/amd64/amd64/machdep.c
P sys/arch/amd64/amd64/mainbus.c
P sys/arch/amd64/pci/acpipci.c
P sys/arch/amd64/pci/pchb.c
P sys/arch/amd64/stand/efiboot/cmd_i386.c
P sys/arch/amd64/stand/efiboot/conf.c
P sys/arch/amd64/stand/efiboot/efiboot.c
P sys/arch/arm64/dev/rpigpio.c
P sys/dev/softraid.c
P sys/dev/vscsi.c
P sys/dev/acpi/acpi.c
P sys/dev/acpi/acpicmos.c
P sys/dev/acpi/acpicpu_x86.c
P sys/dev/acpi/acpihpet.c
P sys/dev/acpi/acpimadt.c
P sys/dev/acpi/acpimcfg.c
P sys/dev/acpi/acpiprt.c
P sys/dev/acpi/acpitimer.c
P sys/dev/efi/efi.c
P sys/dev/fdt/pwmfan.c
P sys/dev/ic/com.c
P sys/dev/isa/isa.c
P sys/dev/ofw/ofw_thermal.c
P sys/dev/pci/pci.c
P sys/dev/pci/ppb.c
P sys/dev/pv/if_vio.c
P sys/dev/pv/pvbus.c
P sys/dev/pv/pvclock.c
P sys/dev/pv/vioblk.c
P sys/dev/pv/viocon.c
P sys/dev/pv/viornd.c
P sys/dev/pv/virtio.c
P sys/dev/pv/vmmci.c
P sys/kern/kern_exec.c
P sys/kern/subr_autoconf.c
P sys/net/if_bridge.c
P sys/net/if_vether.c
P sys/netinet/icmp6.h
P sys/netinet/tcp_input.c
P sys/netinet/tcp_output.c
P sys/netinet/tcp_var.h
P sys/netinet6/icmp6.c
P sys/netinet6/in6.c
P sys/netinet6/in6.h
P sys/netinet6/in6_pcb.c
P sys/netinet6/in6_proto.c
P sys/netinet6/ip6_forward.c
P sys/netinet6/ip6_input.c
P sys/netinet6/ip6_mroute.c
P sys/netinet6/ip6_var.h
P sys/netinet6/nd6.c
P sys/netinet6/nd6.h
P sys/netinet6/nd6_nbr.c
P sys/scsi/mpath.c
P sys/scsi/scsiconf.c
P sys/scsi/sd.c
P sys/sys/device.h
P sys/sys/reboot.h
P usr.sbin/acme-client/acme-client.conf.5
P usr.sbin/acme-client/extern.h
P usr.sbin/acme-client/json.c
P usr.sbin/acme-client/main.c
P usr.sbin/acme-client/netproc.c
P usr.sbin/acme-client/parse.h
P usr.sbin/acme-client/parse.y
M usr.sbin/bgpd/session.c
P usr.sbin/vmd/x86_vm.c

commit Mik9X9XsHcUIXYtM
Author: bluhm
Date: 2025/09/16 17:29:35

  Retire TCP flag TF_BLOCKOUTPUT.

  Together with socket splicing the flag TF_BLOCKOUTPUT was introduced
  in 2011.  It was needed to prevent direct calls from tcp_input()
  via sorwakeup() to tcp_output().  Due to unlocking TCP, socket
  wakeup always uses a splicing task on a separate thread, so
  tcp_output() runs deferred.  Also socket lock prevents that anything
  touches this TCP socket concurrently.  TF_BLOCKOUTPUT is not needed
  anymore.  This change also prevents some dangling TCP sockets in
  CLOSING state after running regress/sys/netinet/tcpthread.

  OK florian@

  sys/netinet/tcp_input.c
  sys/netinet/tcp_output.c
  sys/netinet/tcp_var.h

commit vKHTiQbdbZE3dVST
Author: tb
Date: 2025/09/16 15:45:34

  wycheproof: provide PBKDF2 test harness

  Skip the tests for now since they increase the test's runtime by ~50%.
  A later commit will gate these tests behind REGRESS_SKIP_SLOW.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit v5dAdEt8zaUDkAiX
Author: sthen
Date: 2025/09/16 15:12:50

  regress parts for acme-client profile support, from florian

  regress/usr.sbin/acme-client/Makefile
  regress/usr.sbin/acme-client/acme-client-profile.conf

commit wGx7qRiRRbwVJXMc
Author: mlarkin
Date: 2025/09/16 15:10:03

  vmd(8): fix a wrong comment

  comment had the wrong function name

  usr.sbin/vmd/x86_vm.c

commit KZQ5BOZwl2YHqnSe
Author: sthen
Date: 2025/09/16 15:06:02

  implement draft-ietf-acme-profiles for acme-client, ok florian

  letsencrypt uses this to allow asking for a certificate with a specific
  TLS profile; see https://letsencrypt.org/docs/profiles/ for current options

  note that with current timers, if you select the non-default "shortlived"
  profile, renewal will be done at each acme-client run. if this results in
  exceeding rate limits, adjust cronjobs, or don't do that. (this is being
  looked at, but may possibly be too sensitive to change before release).

  usr.sbin/acme-client/acme-client.conf.5
  usr.sbin/acme-client/extern.h
  usr.sbin/acme-client/json.c
  usr.sbin/acme-client/main.c
  usr.sbin/acme-client/netproc.c
  usr.sbin/acme-client/parse.h
  usr.sbin/acme-client/parse.y

commit rzMghq7hsDo90gj4
Author: dv
Date: 2025/09/16 13:34:33

  Stop enabling vmm mode on cpus in cpu_init().

  vmm(4) handles this on-demand and during DVACT_WAKEUP.

  ok mlarkin@

  sys/arch/amd64/amd64/cpu.c

commit ptPq2ojLknvZhib5
Author: hshoexer
Date: 2025/09/16 12:18:10

  Whitelist devices in cfdriver for use when SEV is enabled

  Skip devices, that are not flagged for use with SEV.  Hook into
  config_search() and isascan().

  To be a bit more generic prefer "COCO" (confidential computing)
  over "SEV" (AMD specific term).

  ok bluhm@; "fine to go in" kettenis@; discussed with mlarkin@

  sys/arch/amd64/amd64/bios.c
  sys/arch/amd64/amd64/cpu.c
  sys/arch/amd64/amd64/ioapic.c
  sys/arch/amd64/amd64/machdep.c
  sys/arch/amd64/amd64/mainbus.c
  sys/arch/amd64/pci/acpipci.c
  sys/arch/amd64/pci/pchb.c
  sys/dev/softraid.c
  sys/dev/vscsi.c
  sys/dev/acpi/acpi.c
  sys/dev/acpi/acpicmos.c
  sys/dev/acpi/acpicpu_x86.c
  sys/dev/acpi/acpihpet.c
  sys/dev/acpi/acpimadt.c
  sys/dev/acpi/acpimcfg.c
  sys/dev/acpi/acpiprt.c
  sys/dev/acpi/acpitimer.c
  sys/dev/efi/efi.c
  sys/dev/ic/com.c
  sys/dev/isa/isa.c
  sys/dev/pci/pci.c
  sys/dev/pci/ppb.c
  sys/dev/pv/if_vio.c
  sys/dev/pv/pvbus.c
  sys/dev/pv/pvclock.c
  sys/dev/pv/vioblk.c
  sys/dev/pv/viocon.c
  sys/dev/pv/viornd.c
  sys/dev/pv/virtio.c
  sys/dev/pv/vmmci.c
  sys/kern/subr_autoconf.c
  sys/scsi/mpath.c
  sys/scsi/scsiconf.c
  sys/scsi/sd.c
  sys/sys/device.h
  sys/sys/reboot.h

commit 00SrfnBliHCyoLpH
Author: kettenis
Date: 2025/09/16 12:15:06

  Fix reference counting for sigobject initialization.  Simplify error
  handling; we can't even exec init(8) if sigobject initialization fails,
  so just panic and don't worry about cleaning up after ourselves.  This
  code should always succeed.

  ok mpi@

  sys/kern/kern_exec.c

commit 0zlpXSi7wnpRTqEA
Author: florian
Date: 2025/09/16 09:52:49

  After 25 years these #if 0 can go, we do not need the printf.

  sys/netinet6/nd6_nbr.c

commit jZgBe3D2pR64FJ5k
Author: jsg
Date: 2025/09/16 09:35:39

  remove duplicate err.h includes

  regress/sys/kern/signal/sig-stop2/sig-stop2.c
  regress/sys/kern/signal/sig-stop3/sig-stop3.c

commit YnamYrn9tcSbQKOP
Author: florian
Date: 2025/09/16 09:19:43

  Remove upper layer neighbor reachability hints.

  Running neighbor discovery once in a while is better than touching the
  neighbor cache for (nearly) every TCP packet.

  This functionality was disabled by default, however due to a bug /
  missing optimization, the code did a bunch of work before figuring out
  that the feature is disabled.

  With this, net.inet6.icmp6.nd6_maxnudhint can be removed.

  OK bluhm

  lib/libc/sys/sysctl.2
  sys/netinet/icmp6.h
  sys/netinet/tcp_input.c
  sys/netinet6/icmp6.c
  sys/netinet6/nd6.c
  sys/netinet6/nd6.h
  sys/netinet6/nd6_nbr.c

commit qxDU5x175nYlCJny
Author: florian
Date: 2025/09/16 09:19:16

  There is no reason not to do flowlabels.

  Remove net.inet6.ip6.auto_flowlabel knob.
  OK sthen, bluhm

  lib/libc/sys/sysctl.2
  sys/netinet6/in6.h
  sys/netinet6/in6_pcb.c
  sys/netinet6/in6_proto.c
  sys/netinet6/ip6_input.c
  sys/netinet6/ip6_var.h

commit DQALQjCSyc0lmAQc
Author: florian
Date: 2025/09/16 09:18:55

  Stop logging to syslog when an IPv6 packet cannot be forwarded.

  IPv4 does not do this and it is one of thousands of things that can go
  wrong and we do not log those either.

  With that net.inet6.ip6.log_interval can go.

  OK sthen, bluhm jca

  lib/libc/sys/sysctl.2
  sys/netinet6/in6.h
  sys/netinet6/in6_proto.c
  sys/netinet6/ip6_forward.c
  sys/netinet6/ip6_input.c
  sys/netinet6/ip6_mroute.c
  sys/netinet6/ip6_var.h

commit wFmuCkrx69w4w3V3
Author: florian
Date: 2025/09/16 09:18:29

  Remove net.inet6.ip6.use_deprecated knob.

  There is no good reason to not use the default of using deprecated
  addresses. Furthermore it confused netinet/tcp_input.c, which followed
  an older RFC. RFC 4862 5.5.4 has:

  IP and higher layers (e.g., TCP, UDP) MUST continue to accept and
  process datagrams destined to a deprecated address as normal since a
  deprecated address is still a valid address for the interface.

  As for the knob itself:
  An implementation MAY prevent any new communication from using a
  deprecated address, but system management MUST have the ability to
  disable such a facility, and the facility MUST be disabled by
  default.

  OK sthen, bluhm, jca

  lib/libc/sys/sysctl.2
  sys/netinet/tcp_input.c
  sys/netinet6/in6.c
  sys/netinet6/in6.h
  sys/netinet6/in6_proto.c
  sys/netinet6/ip6_input.c
  sys/netinet6/ip6_var.h

commit 6CWU96fXhr9htQ0s
Author: jan
Date: 2025/09/16 09:07:00

  bridge: use VLAN hardware tagging

  with tweaks from Timo Mirau
  tested by bluhm

  ok bluhm

  sys/net/if_bridge.c
  sys/net/if_vether.c

commit pALY7drPfH2PcPTJ
Author: kettenis
Date: 2025/09/16 08:52:11

  Set the cooling level of all cooling devices to 0 when we initialize
  a zone.  This makes sure that things like fans don't stay permanently on
  if we're below the first trip point.  If we're already above the first
  trip point the code to turn the fans on will run immediately after we
  finish initialization.

  ok mglocker@

  sys/dev/ofw/ofw_thermal.c

commit XiRYEsljvon93UTj
Author: kettenis
Date: 2025/09/16 08:46:33

  Start fan at maximum speed such that it is in a known state.

  ok mglocker@

  sys/dev/fdt/pwmfan.c

commit JPlpSW4g4kSIwSQq
Author: kettenis
Date: 2025/09/16 08:42:59

  Add pin muxing functionality.  Based on an earlier diff from mglocker@

  ok mglocker@

  sys/arch/arm64/dev/rpigpio.c

commit n1x8Pm6xZ7cnNI3v
Author: tb
Date: 2025/09/16 06:12:04

  mlkem_generate_key_external_entropy: normalize sizeof() use

  lib/libcrypto/mlkem/mlkem_internal.c

commit i90IAzSwYRccT41h
Author: tb
Date: 2025/09/16 06:10:24

  Simplify MLKEM_{private,public}_key_new()

  This removes two unnecessary variables in each of these functions,
  normalizes the sizeof() use and undoes unnecessary line wraps.

  ok deraadt djm kenjiro

  lib/libcrypto/mlkem/mlkem_key.c

commit YEE9BgMlwpQX1ZGX
Author: yasuoka
Date: 2025/09/16 05:07:33

  Fix "machine memory" to handle the arguments.  The modified map had
  been reverted to the origin when efi_memprobe_internal() is called
  for the second time after efi_cleanup().  test by Crystal Kolipe
  and Andrzej.

  ok mlarkin

  sys/arch/amd64/stand/efiboot/cmd_i386.c
  sys/arch/amd64/stand/efiboot/conf.c
  sys/arch/amd64/stand/efiboot/efiboot.c