Build date: 1768345202 - Tue Jan 13 23:00:02 UTC 2026 Build cvs date: 1768340177 - Tue Jan 13 21:36:17 UTC 2026 Build id: 2026-01-14.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P regress/usr.sbin/rpki-client/Makefile.inc cvs server: regress/usr.sbin/rpki-client/test-geofeed.c is no longer in the repository cvs server: regress/usr.sbin/rpki-client/geofeed/geofeed.csv is no longer in the repository P sys/dev/pv/if_vio.c M sys/dev/usb/uhidev.c M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/Makefile P usr.sbin/rpki-client/cert.c P usr.sbin/rpki-client/extern.h P usr.sbin/rpki-client/filemode.c cvs server: usr.sbin/rpki-client/geofeed.c is no longer in the repository P usr.sbin/rpki-client/mft.c P usr.sbin/rpki-client/print.c P usr.sbin/rpki-client/rpki-client.8 P usr.sbin/rpki-client/validate.c P usr.sbin/rpki-client/x509.c commit E5zdKGUBuTkDTLAg Author: job Date: 2026/01/13 21:36:17 Remove support for validating Geofeed data RPKI-based Geofeed authentication (RFC 9632) perhaps was a bit of a ruse to pass IESG review. Nobody is planning on using it. Time to take it behind the barn. OK tb@ regress/usr.sbin/rpki-client/Makefile.inc usr.sbin/rpki-client/Makefile usr.sbin/rpki-client/cert.c usr.sbin/rpki-client/extern.h usr.sbin/rpki-client/filemode.c usr.sbin/rpki-client/mft.c usr.sbin/rpki-client/print.c usr.sbin/rpki-client/rpki-client.8 usr.sbin/rpki-client/validate.c usr.sbin/rpki-client/x509.c commit UiAiJqX9FQzaUrkM Author: sf Date: 2026/01/13 10:15:07 vio: Add more feature bit definitions Add all non-legacy feature bit definitions from virtio 1.3 and the definitions from 1.4 that are not >= bit 64. Remove VIRTIO_NET_F_GSO which never worked and has been removed in virtio 1.x. Also add config register definitions, fix a comment. sys/dev/pv/if_vio.c commit DL9nwy3FgXABmx0E Author: sf Date: 2026/01/13 10:10:14 vio: Improve feature negotiation for LRO/TSO OpenBSD requires that LRO can be switched on and off for things like bridged vlan(4), vxlan(4), bpe(4). We currently only support switching LRO on/off if the VIRTIO_NET_F_CTRL_GUEST_OFFLOADS feature was negotiated. But this means if the hypervisor only offers VIRTIO_NET_F_GUEST_TSO4/6 but not VIRTIO_NET_F_CTRL_GUEST_OFFLOADS, things will break. In this case we must redo feature negotation without the GUEST_TSO4/6 features. Also, if the hypervisor offers GUEST_TSO4/6 but not the VIRTIO_NET_F_MRG_RXBUF feature, we currently put rx buffers with a single 4k mbuf into the rx queue while the standard says we SHOULD insert buffers of at least 65562 bytes. Apple Virtualization refuses to work with this configuration. As 65562 is larger than MAXMCLBYTES, we would need to rework how we allocate our rx buffers to make this work. For now, we would to like to simply disable GUEST_TSO4/6 if MRG_RXBUF is missing. Unfortunately, Apple Virtualization still refuses to work unless HOST_TSO4/6 is also disabled. Therefore, we disable all TSO if MRG_RXBUF is missing. With lots of input from and tested by helg@ ok mlarkin@ sys/dev/pv/if_vio.c commit 9eAHtQr733gvs4VW Author: tb Date: 2026/01/13 08:37:17 rpki-client: only accept BGPsec certs with a single AS number We've long been pointing out that the possibility of adding multiple AS numbers and in particular AS ranges to BGPsec Router Certificates is at best dubious. Enforce that there is a single AS, encoded as an ASID, not as an ASRange with a single element (cf. eid7653 to RFC 3779). Prompted by a report by Xie Yifan with/ok claudio job this is errata/7.7/018_rpki.patch.sig usr.sbin/rpki-client/cert.c commit 0njpwcEWQfFKVC6H Author: tb Date: 2026/01/13 08:36:01 rpki-client: check purpose for .cer files in Manifests Only intermediate CAs and BGPsec certificates are allowed in a Manifest fileList. Check this is the case, otherwise stop processing the cert. Missing check reported by Xie Yifan ok claudio job rpki-client: only accept BGPsec certs with a single AS number We've long been pointing out that the possibility of adding multiple AS numbers and in particular AS ranges to BGPsec Router Certificates is at best dubious. Enforce that there is a single AS, encoded as an ASID, not as an ASRange with a single element (cf. eid7653 to RFC 3779). Prompted by a report by Xie Yifan with/ok claudio job this is errata/7.8/012_rpki.patch.sig usr.sbin/rpki-client/cert.c