Build date: 1754517602 - Wed Aug 6 22:00:02 UTC 2025 Build cvs date: 1754507127 - Wed Aug 6 19:05:27 UTC 2025 Build id: 2025-08-07.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P distrib/miniroot/install.sub P distrib/sets/lists/comp/md.arm64 P distrib/sets/lists/man/mi P distrib/special/sysctl/sysctl.c P etc/netstart P etc/rc P gnu/gcc/gcc/config/m88k/m88k.c P gnu/gcc/gcc/config/m88k/m88k.md P lib/libc/sys/mount.2 P lib/libc/sys/sysctl.2 P lib/libc/thread/rthread_tls.c P lib/libcrypto/cert.pem P sbin/slaacd/slaacd.c P sbin/sysctl/sysctl.c P sys/conf/param.c P sys/kern/kern_sysctl.c P sys/kern/uipc_mbuf.c P sys/net/pf_ioctl.c P usr.bin/ssh/PROTOCOL P usr.bin/ssh/auth2-hostbased.c P usr.bin/ssh/auth2-pubkey.c P usr.bin/ssh/auth2-pubkeyfile.c M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/main.c P usr.sbin/rpki-client/parser.c commit 99CXkD8udhQl8ZJM Author: miod Date: 2025/08/06 19:05:27 Always emit barrier after tcnd instructions. This is necessary for basic block boundaries to be correctly identified and avoid several ICEs in the Haifa scheduler. gnu/gcc/gcc/config/m88k/m88k.md commit EUfR67wNgPx8Bah5 Author: miod Date: 2025/08/06 19:01:35 Correctly set up default target options. Missed during the gcc3 -> gcc4 conversion. gnu/gcc/gcc/config/m88k/m88k.c commit vbGbH9HIYjezN1Oa Author: florian Date: 2025/08/06 16:50:53 Remove net.inet6.ip6.soiikey sysctl When we implemented RFC 7217 - "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)" we added support for global addresses as well as link local addresses. We quickly learned that some hosting providers insisted on link-local addresses derived from mac-addresses (eui64). They would only route IPv6 traffic to those. So we disabled RFC 7217 for link-local addresses. This means that we no longer need the sysctl, slaacd(8) can just read /etc/soii.key directly instead of bothering the kernel. These are the userland bits, I'll commit the kernel part in a week or so, not everybody keeps kernel and userland in sync. Input & OK bluhm distrib/miniroot/install.sub distrib/special/sysctl/sysctl.c etc/netstart etc/rc lib/libc/sys/sysctl.2 sbin/slaacd/slaacd.c sbin/sysctl/sysctl.c commit iFul33xn376uIn6O Author: claudio Date: 2025/08/06 15:17:56 Improve comments around the entity read and write functions. Requested by and OK tb@ usr.sbin/rpki-client/main.c commit YcvXS01GkUkZdpXX Author: mvs Date: 2025/08/06 14:00:33 Unlock the KERN_MAXCLUSTERS case of kern_sysctl(). The `nmbclust' and `mbuf_mem_limit' modified by KERN_MAXCLUSTERS case belong to the non intersecting paths. The only `nmbclust' user is the DIOCSETLIMIT case of pfioctl(), which only checks is against passed fragments reference count sets the hard limit on corresponding pf(4) pool. Meanwhile the kern_sysctl() does the `nmbclust' update, the `nmbclust' based `mbuf_mem_limit' calculation and mbuf(9) and mbuf(9) clusters pools wakeup. So only update path of kern_sysctl() should be serialized. ok bluhm sys/conf/param.c sys/kern/kern_sysctl.c sys/kern/uipc_mbuf.c sys/net/pf_ioctl.c commit bTatrQa1JoSV4Lcd Author: deraadt Date: 2025/08/06 13:28:27 sync distrib/sets/lists/comp/md.arm64 distrib/sets/lists/man/mi commit gqHnFuSjvv12Nl1z Author: schwarze Date: 2025/08/06 13:23:27 Fix an obvious documentation bug introduced by Marshall Kirk McKusick in SCCS commit 6.4 on August 16, 1989, commit message "update for vnode interface". Among larger changes, he renamed function arguments: name -> dir and special -> fspec but forgot the mount(2) [ENOTDIR] case. A decade later, in rev. 1.16 on July 5, 1999, aaron@ also forgot to include the two misnamed arguments in his .Ar -> .Fa markup modernization, possibly because he did not find them due to the wrong names. lib/libc/sys/mount.2 commit bvCDpa8BfE3UBTtM Author: dtucker Date: 2025/08/06 11:22:53 Improve sentence. ok djm@ usr.bin/ssh/PROTOCOL commit 49qJ7jzOPGYzxKKZ Author: sthen Date: 2025/08/06 09:45:53 sync CA certificates from newer mozilla list, ok tb@ https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt SHA256 (certdata.txt) = 579f336ace2e5717b8ecc06002ce0cce96f70623d188e1999c34b0f77696d3e9 Removals: - /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root - /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services - /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) - /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA - /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority - /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority - /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority Addition: + /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2 lib/libcrypto/cert.pem commit V5N7K4OWMWw8P1f7 Author: claudio Date: 2025/08/06 05:23:06 Make struct entity passing more strict by checking the type. For repositories only pass the fields we care. The path attribute is optional since that is the temporary file path which is not used in -n mode. For all other object types pass everything as before but now some fileds become non-optional. OK tb@ job@ usr.sbin/rpki-client/main.c usr.sbin/rpki-client/parser.c commit vjMzjdHQRf7GRfgK Author: djm Date: 2025/08/06 04:53:04 when refusing a certificate for user authentication, log enough information to identify the certificate in addition to the reason why it was being denied. Makes debugging certificate authz problems a bit easier. ok dlg@ usr.bin/ssh/auth2-hostbased.c usr.bin/ssh/auth2-pubkey.c usr.bin/ssh/auth2-pubkeyfile.c commit AvTUOfp7JKIUMpi6 Author: dlg Date: 2025/08/06 04:11:22 use a cmtx instead of a spinlock. lib/libc/thread/rthread_tls.c