Build date: 1733180402 - Mon Dec  2 23:00:02 UTC 2024
Build cvs date: 1733178777 - Mon Dec  2 22:32:57 UTC 2024
Build id: 2024-12-03.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-newvers.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P usr.bin/ssh/myproposal.h
P usr.sbin/bgpctl/bgpctl.c
P usr.sbin/bgpd/bgpd.c
P usr.sbin/bgpd/bgpd.h
P usr.sbin/bgpd/control.c
P usr.sbin/bgpd/rde.c
P usr.sbin/bgpd/rtr.c
P usr.sbin/bgpd/session.c
P usr.sbin/pkg_add/OpenBSD/PkgAdd.pm
P usr.sbin/rpki-client/extern.h
P usr.sbin/rpki-client/main.c
P usr.sbin/rpki-client/output.c
P usr.sbin/rpki-client/rpki-client.8

commit bkRKBn2M6A0Mcd9m
Author: sthen
Date: 2024/12/02 22:32:57

  Have pkg_add run ldconfig after each updateset if the list of shared
  libraries was changed. Before @tag we used to execute programs directly
  as part of many updates (rebuilding desktop databases, icon cache, etc)
  but those are now usually deferred until the end of the run, leaving
  some executables not able to be run until pkg_add finishes.

  From espie.

  usr.sbin/pkg_add/OpenBSD/PkgAdd.pm

commit l6WNJqaIaWGOzIK6
Author: claudio
Date: 2024/12/02 16:31:51

  Check in bgpctl show rib commands if the table / rib passed is
  Adj-RIB-Out and in that case set F_CTL_ADJ_OUT on the request.
  With this 'bgpctl show rib out' and 'bgpctl show rib table Adj-RIB-Out'
  return the same results.
  OK tb@

  usr.sbin/bgpd/rde.c

commit 7NfATzKwCGrxp0Aj
Author: claudio
Date: 2024/12/02 15:13:57

  Remove the ASPA imsg size workaround now that imsg are large enough to
  handle MAX_ASPA_SPAS_COUNT (10k) entries.
  OK tb@

  usr.sbin/bgpd/bgpd.c
  usr.sbin/bgpd/rtr.c

commit leb49ozYQ85hvdTW
Author: claudio
Date: 2024/12/02 15:03:46

  Bump imsg size like bgpd just did.
  OK tb@

  usr.sbin/bgpctl/bgpctl.c

commit vz5rsYsbfi5KD2Ja
Author: claudio
Date: 2024/12/02 15:03:18

  Bump imsg size up to MAX_BGPD_IMSGSIZE (128k) to support extended messages
  and more.
  OK tb@

  usr.sbin/bgpd/bgpd.c
  usr.sbin/bgpd/bgpd.h
  usr.sbin/bgpd/control.c
  usr.sbin/bgpd/rde.c
  usr.sbin/bgpd/rtr.c
  usr.sbin/bgpd/session.c

commit FB0S7KbrCbYgax0H
Author: job
Date: 2024/12/02 14:55:02

  If AS0 TALs are provided, by default omit VRPs derived from such AS0 TALs

  AS0 TALs represent unmitigated operational risks: what if the RIR by
  accident marks some IP space as 'unassigned'?

  APNIC notes in their limitation of liability statement:

  """
  Depending on router configuration, errors in the AS0 ROA could
  cause unintended interruption to routing with other networks.
  For this reason, it is strongly recommended that the AS0 ROA is
  used for advisory and/ or alerting purposes only, and not for
  automatic filtering of BGP routes.
  """
  https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/

  Guard usage of AS0 TALs behind new '-0' option

  OK deraadt@ tb@

  usr.sbin/rpki-client/extern.h
  usr.sbin/rpki-client/main.c
  usr.sbin/rpki-client/output.c
  usr.sbin/rpki-client/rpki-client.8

commit dGLk7SFZPgBDlz2o
Author: djm
Date: 2024/12/02 14:06:42

  unbreak

  usr.bin/ssh/myproposal.h

commit FGPt8MVJUAMgMXV8
Author: claudio
Date: 2024/12/02 13:46:11

  Remove global queue_buf which is no longer used.
  OK compiler

  usr.sbin/bgpd/rde.c

commit prCJCd3Of2kXxxGQ
Author: djm
Date: 2024/12/02 13:37:18

  prefer AES-GCM to AES-CTR; ok deraadt markus

  usr.bin/ssh/myproposal.h