Build date: 1739574003 - Fri Feb 14 23:00:03 UTC 2025 Build cvs date: 1739561939 - Fri Feb 14 19:38:59 UTC 2025 Build id: 2025-02-15.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P distrib/amd64/common/install.md P distrib/sets/lists/man/mi P lib/libc/sys/sysctl.2 P lib/libcrypto/arch/alpha/Makefile.inc P lib/libcrypto/arch/alpha/crypto_arch.h P lib/libcrypto/arch/amd64/Makefile.inc P lib/libcrypto/arch/amd64/crypto_arch.h P lib/libcrypto/arch/arm/Makefile.inc P lib/libcrypto/arch/arm/crypto_arch.h P lib/libcrypto/arch/hppa/Makefile.inc P lib/libcrypto/arch/hppa/crypto_arch.h P lib/libcrypto/arch/i386/Makefile.inc P lib/libcrypto/arch/i386/crypto_arch.h P lib/libcrypto/arch/mips64/Makefile.inc P lib/libcrypto/arch/mips64/crypto_arch.h P lib/libcrypto/arch/powerpc/Makefile.inc P lib/libcrypto/arch/powerpc/crypto_arch.h P lib/libcrypto/arch/powerpc64/Makefile.inc P lib/libcrypto/arch/sparc64/Makefile.inc P lib/libcrypto/arch/sparc64/crypto_arch.h P lib/libcrypto/sha/sha1.c P lib/libcrypto/sha/sha256.c P lib/libcrypto/sha/sha512.c P regress/sys/net/rtable/util.c P share/man/man4/Makefile U share/man/man4/mtrng.4 P sys/arch/arm64/arm64/pmap.c P sys/arch/arm64/conf/GENERIC P sys/arch/arm64/conf/RAMDISK P sys/arch/arm64/dev/aplsmc.c P sys/arch/arm64/dev/rtkit.c P sys/arch/armv7/conf/GENERIC P sys/arch/armv7/conf/RAMDISK P sys/dev/audio.c P sys/dev/fdt/files.fdt U sys/dev/fdt/mtrng.c P sys/dev/pci/drm/apple/apldcp.c P sys/dev/wscons/wskbd.c P sys/kern/kern_sysctl.c P sys/net/if_bridge.c P sys/net/if_sec.c P sys/netinet/ip_ipsp.h P sys/netinet/ip_output.c P sys/netinet/ipsec_output.c P sys/netinet6/ip6_output.c P sys/sys/sysctl.h commit 6uTHXv3Nb3Jhufbo Author: deraadt Date: 2025/02/14 19:38:59 sync distrib/sets/lists/man/mi commit 2Gz33OXYcSXq24zy Author: kettenis Date: 2025/02/14 18:42:43 It is important that we map memory with the right attributes otherwise we may trigger an SError. The crashlog entries for the SMC live in SRAM which needs to be mapped as device memory. To make this possible, make the rk_logmap() rtkit callback function return the desired memory attributes in the low bits of the address, using PMAP_NOCACHE or PMAP_DEVICE defines. Rewrite the DCP implementation of rk_logmap() to do a better job ati determining the correct mapping. The current code would fail in some cases (i.e. on the M1 Pro MacBook Pro) and map some unused address as normal non-cachable which could also trigger an SError. ok jca@ sys/arch/arm64/dev/aplsmc.c sys/arch/arm64/dev/rtkit.c sys/dev/pci/drm/apple/apldcp.c commit iWXtcjikFFGjwkZu Author: kettenis Date: 2025/02/14 18:36:04 Add support for device mappings in pmap_kenter_pa(9) the same way we handle those in pmap_enter(9). ok jca@ sys/arch/arm64/arm64/pmap.c commit TRIIKCgda7jfIw53 Author: ratchov Date: 2025/02/14 13:29:00 Add the kern.audio.kbdcontrol sysctl(2) variable If set to 0, the volume keys on multimedia keyboards are handled as regular keys, allowing programs to use them. The default is 1, i.e. the current behavior. ok armani, kettenis, mvs lib/libc/sys/sysctl.2 sys/dev/audio.c sys/dev/wscons/wskbd.c sys/kern/kern_sysctl.c sys/sys/sysctl.h commit Lo1AV3qMwOO1UVql Author: dlg Date: 2025/02/14 13:14:13 add tunneldf support to sec(4) sec(4) is a very thin wrapper around the existing ipsec output processing for encapsulating packets, and inherited the behaviour that the DF flag was propagated from the encapsulated packet to the outer ip header. this means if the sec(4) interface has a large mtu and is carrying packets with DF set over a network that can't transport large(r) packets, these packets are effectively dropped. ipsec applied via the SPD copes with this by having SAs figure out the path mtu and using that when applying policy, but sec(4) is an interface, so the network stack uses the interface mtu rather than the associated SA path mtu. rfc4459 discusses this kind of problem has offers a variety of solutions. this implements one of the simpler options, which is to allow the tunnel endpoints to manage the DF regardless of the payload and reassemble the encapsulated packets. to actually do this, ipsec output packet processing has to be able to take an argument that says how you want DF to be handled. in the future we're going to look at how we can use the path mtu determined by the ipsec SA to try and implement one of the other solutions from the RFC, which is to signal the lower mtu to the sources of tunnelled packets. tested by and ok claudio@ sys/net/if_bridge.c sys/net/if_sec.c sys/netinet/ip_ipsp.h sys/netinet/ip_output.c sys/netinet/ipsec_output.c sys/netinet6/ip6_output.c commit MvDo1j3c0VztWGBn Author: jsing Date: 2025/02/14 12:01:58 Replace Makefile based SHA*_ASM defines with HAVE_SHA_* defines. Currently, SHA{1,256,512}_ASM defines are used to remove the C implementation of sha{1,256,512}_block_data_order() when it is provided by assembly. However, this prevents the C implementation from being used as a fallback. Rename the C sha*_block_data_order() to sha*_block_generic() and provide a sha*_block_data_order() that calls sha*_block_generic(). Replace the Makefile based SHA*_ASM defines with two HAVE_SHA_* defines that allow these functions to be compiled in or removed, such that machine specific verisons can be provided. This should effectively be a no-op on any platform that defined SHA{1,256,512}_ASM. ok tb@ lib/libcrypto/arch/alpha/Makefile.inc lib/libcrypto/arch/alpha/crypto_arch.h lib/libcrypto/arch/amd64/Makefile.inc lib/libcrypto/arch/amd64/crypto_arch.h lib/libcrypto/arch/arm/Makefile.inc lib/libcrypto/arch/arm/crypto_arch.h lib/libcrypto/arch/hppa/Makefile.inc lib/libcrypto/arch/hppa/crypto_arch.h lib/libcrypto/arch/i386/Makefile.inc lib/libcrypto/arch/i386/crypto_arch.h lib/libcrypto/arch/mips64/Makefile.inc lib/libcrypto/arch/mips64/crypto_arch.h lib/libcrypto/arch/powerpc/Makefile.inc lib/libcrypto/arch/powerpc/crypto_arch.h lib/libcrypto/arch/powerpc64/Makefile.inc lib/libcrypto/arch/sparc64/Makefile.inc lib/libcrypto/arch/sparc64/crypto_arch.h lib/libcrypto/sha/sha1.c lib/libcrypto/sha/sha256.c lib/libcrypto/sha/sha512.c commit pPRzsgGrFSF6fMuH Author: kn Date: 2025/02/14 08:08:05 With ACPI >= 5, assume UEFI and default to GPT Add another criteria besides efifb(4) attaching to determine whether the installer booted in UEFI mode and not stick with MBR in such cases. This at least avoids "An EFI/GPT disk may not boot. Proceed?" on some boxes. With deraadt kettenis beck distrib/amd64/common/install.md commit PT2J7FtyhBP60WZs Author: anton Date: 2025/02/14 06:25:00 Cope with recent changes and pull in sys/rwlock.h. regress/sys/net/rtable/util.c commit ugac0r15jOcONFA4 Author: hastings Date: 2025/02/14 04:56:34 Enable mtrng(4). ok kettenis@ sys/arch/arm64/conf/GENERIC sys/arch/arm64/conf/RAMDISK sys/arch/armv7/conf/GENERIC sys/arch/armv7/conf/RAMDISK commit bq0XnmebI1ur8MqD Author: hastings Date: 2025/02/14 03:15:06 Add manual page for mtrng(4). ok kettenis@ share/man/man4/Makefile share/man/man4/mtrng.4 commit a0g9IpXpg7ufeN9Q Author: hastings Date: 2025/02/14 03:11:05 Add mtrng(4), supporting the 32-bit random number generator on MediaTek SoCs. ok kettenis@ sys/dev/fdt/files.fdt sys/dev/fdt/mtrng.c