Build date: 1762902003 - Tue Nov 11 23:00:03 UTC 2025 Build cvs date: 1762899230 - Tue Nov 11 22:13:50 UTC 2025 Build id: 2025-11-12.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P include/pthread.h P lib/libsndio/sio_sun.c P regress/usr.sbin/rpki-client/openssl/build/Makefile P sbin/pfctl/parse.y P sbin/pfctl/pfctl.8 P sbin/pfctl/pfctl.c P sbin/pfctl/pfctl_parser.c P sbin/pfctl/pfctl_parser.h P share/man/man5/pf.conf.5 P sys/conf/files P sys/dev/acpi/acpiec.c P sys/dev/ic/psp.c P sys/dev/pci/if_aq_pci.c P sys/dev/pci/if_bnxt.c P sys/dev/pci/if_iavf.c P sys/dev/pci/if_ice.c P sys/dev/pci/if_igc.c P sys/dev/pci/if_igc.h P sys/dev/pci/if_ix.c P sys/dev/pci/if_ixl.c P sys/dev/pci/if_mcx.c P sys/dev/pci/if_ngbe.c P sys/dev/pci/if_vmx.c M sys/dev/usb/uhidev.c P sys/net/if.c P sys/net/if.h P sys/net/pf.c P sys/net/pf_ioctl.c P sys/net/pf_table.c P sys/net/pfvar.h P sys/net/pfvar_priv.h P sys/netinet/igmp.c P sys/netinet/in_var.h P sys/netinet/ip_output.c P usr.bin/libtool/LT/Mode/Link.pm P usr.bin/sndiod/siofile.c M usr.sbin/bgpd/session.c P usr.sbin/sysupgrade/sysupgrade.8 P usr.sbin/sysupgrade/sysupgrade.sh commit uHYkVtTumZ7rPtOW Author: gkoehler Date: 2025/11/11 22:13:50 Add -shrext to libtool; changes the suffix from ".so" "libtool --mode=link cc -o libexample.la -shrext .what ..." would link "libexample.what.0.0" instead of "libexample.so.0.0". ok jca@ usr.bin/libtool/LT/Mode/Link.pm commit FHIqiSPMgTA05URJ Author: jcs Date: 2025/11/11 19:29:06 Try a short busy-wait in acpiec_wait before falling back to tsleep This greatly speeds up SMBus reading in acpisbs making its periodic acpisbs_read execution go from ~6 seconds to 125 milliseconds, preventing backlog in the ACPI task queue. ok kettenis sys/dev/acpi/acpiec.c commit zX7tv57CX1sv8wpd Author: semarie Date: 2025/11/11 18:54:05 bump PTHREAD_KEYS_MAX to 512 the rust libstd emutls version is using one pthread_key per thread-variable. it means the maximum number of thread-variable at a time is PTHREAD_KEYS_MAX. with recent rustc 1.91.0, we start hiting the limit while compiling some programs (like sysutils/rustic). ok robert@ "Let's go 512 and hope someone eventually does proper TLS" deraadt@ include/pthread.h commit Wq1rkFPKqP4W0AfU Author: mvs Date: 2025/11/11 18:36:26 Fix copyout(9) error path winthin ifconf(). Currently if copyout() of interface address failed we continue with the next interface, override error value and finally we modify `ifc_len' of passed request. Return error value just after fail. Also stop processing if userland buffer is full. No reason for lists iterations null-ops. ok bluhm deraadt sys/net/if.c commit 2QVSiFbBsygbK82o Author: bluhm Date: 2025/11/11 17:43:18 Introduce global interface queue limit. Limit all multiqueue network interfaces to common IF_MAX_VECTORS. Currently it is set to 8. One global limit helps to find an optimal value, stops wasting interrupt vectors, and clarifies what are actual hardware or driver limitations. input jmatthew@; OK jan@ phessler@ kettenis@ sys/dev/pci/if_aq_pci.c sys/dev/pci/if_bnxt.c sys/dev/pci/if_iavf.c sys/dev/pci/if_ice.c sys/dev/pci/if_igc.c sys/dev/pci/if_igc.h sys/dev/pci/if_ix.c sys/dev/pci/if_ixl.c sys/dev/pci/if_mcx.c sys/dev/pci/if_ngbe.c sys/dev/pci/if_vmx.c sys/net/if.h commit E8kN1NmvmbklCZ5e Author: bluhm Date: 2025/11/11 16:57:06 Indent consistently. sys/netinet/ip_output.c commit uFbzaHb4jyp9iSg4 Author: deraadt Date: 2025/11/11 15:18:30 First draft of a PRUNING subsection in the manual page which people will read when sysupgrade prevents a dangerously-failing upgrade because /usr is too full. This explains some of the history and reasons why /usr is too full, and also explains that sysupgrade / installer cannot delete any detritus because it cannot identify it. More imporatntly, users also will have a hard time identifying the detritus -- most of it is older lib*.so.* libraries but there's no reasonable mechanism to traverse all possible filesystems and ensure no binaries remain which use those libraries. rather than telling people hacky choices that might get them through this sysupgrade, and fail next time, we choose to provide no hacky advice. A bigger /usr is their best choice, which implies that it is time for a reinstall. ok florian, sthen usr.sbin/sysupgrade/sysupgrade.8 commit VfhdEEVVC5gP3qd7 Author: deraadt Date: 2025/11/11 15:14:17 If "df /usr" says the filesystem is over 90% full, rather than potentially completely breaking the system, fail the sysupgrade. This comes with a message pointing people to read a new Sub-Section PRUNING in the manual page which will softly lead them to understand all the nuances involved and that their best choice is to reinstall with a bigger /usr. script diff from florian usr.sbin/sysupgrade/sysupgrade.sh commit jsCPmyopIzPdy45p Author: bluhm Date: 2025/11/11 13:05:35 Remove struct router_info from global header file. Do not expose struct router_info globally as is only used in igmp.c. Remove it from netinet/in_var.h header to avoid visibility. Also sort pointer before integer fields within struct. OK tb@ mvs@ sys/netinet/igmp.c sys/netinet/in_var.h commit Tevk1OC3DDFzF4AG Author: ratchov Date: 2025/11/11 11:48:03 sndiod: Turn the watchdog timer into a simple debug warning After an underrun (ex. during high system load), the audio device is reset to a known working state. Then, once the system load allows it, audio will make progress again. Consequently, closing the device and disconnecting clients is not necessary anymore. ok kirill usr.bin/sndiod/siofile.c commit ua6WWBaMF2hZQhCV Author: hshoexer Date: 2025/11/11 11:33:25 psp(4): Replace wbinvd_on_all_cpus_acked() with cpu_xcall(9) ok dlg@ sys/conf/files sys/dev/ic/psp.c commit d5vINZku6VQ2LhFM Author: ratchov Date: 2025/11/11 11:08:10 libsndio: Restart the audio(4) device upon underrun. At the expense of slightly more audible underruns (restarting inserts extra silence), this fixes the main cause of audio disconnects on high system load and/or after a resume. Attemting to compensate for the inserted silence without stopping DMA is unreliable and too complex to get right. ok kirill, tested by many lib/libsndio/sio_sun.c commit I5dDnHO8t4qadMEm Author: anton Date: 2025/11/11 09:15:53 Add missing regress target. ok tb@ regress/usr.sbin/rpki-client/openssl/build/Makefile commit oq6EangfMMQdeEoQ Author: mvs Date: 2025/11/11 07:56:50 Replace bzero(3) and bcopy(3) with memset(3) and memcopy(3) within ifconf(). Only for consistency reason. sys/net/if.c commit RknxPqUoXqUISb6q Author: dlg Date: 2025/11/11 04:06:20 introduce source and state limiters in pf. both source and state limiters can provide constraints on the number of states that a set of rules can create, and optionally the rate at which they are created. state limiters have a single limit, but source limiters apply limits against a source address (or network). the source address entries are dynamically created and destroyed, and are also limited. this started out because i was struggling to understand the source and state tracking options in pf.conf, and looking at the code made it worse. it looked like some functionality was missing, and the code also did some things that surprised me. taking a step back from it, even it if did work, what is described doesn't work well outside very simple environments. the functionality i'm talking about is most of the stuff in the Stateful Tracking Options section of pf.conf(4). some of the problems are illustrated one of the simplest options: the "max number" option that limits the number of states that a rule is allowed to create: - wiring limits up to rules is a problem because when you load a new ruleset the limit is reset, allowing more states to be created than you intended. - a single "rule" in pf.conf can expand to multiple rules in the kernel thanks to things like macro expansion for multiple ports. "max 1000" on a line in pf.conf could end up being many times that in effect. - when a state limit on a rule is reached, the packet is dropped. this makes it difficult to do other things with the packet, such a redirect it to a tarpit or another server that replies with an outage notices or such. a state limiter solves these problems. the example from the pf.conf.5 change demonstrates this: An example use case for a state limiter is to restrict the number of connections allowed to a service that is accessible via multiple protocols, e.g. a DNS server that can be accessed by both TCP and UDP on port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443 can be limited to 1000 concurrent connections: state limiter "dns-server" id 1 limit 1000 pass in proto { tcp udp } to port domain state limiter "dns-server" pass in proto tcp to port { 853 443 } state limiter "dns-server" a single limit across all these protocols can't be implemented with per rule state limits, and any limits that were applied are reset if the ruleset is reloaded. the existing source-track implementation appears to be incomplete, i could only see code for "source-track global", but not "source-track rule". source-track global is too heavy and unweildy a hammer, and source-track rule would suffer the same issues around rule lifetimes and expansions that the "max number" state tracking config above has. a slightly expanded example from the pf.conf.5 change for source limiters: An example use for a source limiter is the mitigation of denial of service caused by the exhaustion of firewall resources by network or port scans from outside the network. The states created by any one scanner from any one source address can be limited to avoid impacting other sources. Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the external network are each limited to a maximum of 1000 connections, and are rate limited to creating 100 states over a 10 second interval: source limiter "internet" id 1 entries 10000 \\ limit 1000 rate 100/10 \\ inet6 mask 64 block in on egress pass in quick on egress source limiter "internet" pass in on egress proto tcp probability 20% rdr-to $tarpit the extra bit is if the source limiter doesn't have "space" for the state, the rule doesn't match and you can fall through to tarpitting 20% of the tcp connections for fun. i've been using this in anger in production for over 3 years now. sashan@ has been poking me along (slowly) to get it in a good enough shape for the tree for a long time. it's been one of those years. bluhm@ says this doesnt break the regress tests. ok sashan@ sbin/pfctl/parse.y sbin/pfctl/pfctl.8 sbin/pfctl/pfctl.c sbin/pfctl/pfctl_parser.c sbin/pfctl/pfctl_parser.h share/man/man5/pf.conf.5 sys/net/pf.c sys/net/pf_ioctl.c sys/net/pf_table.c sys/net/pfvar.h sys/net/pfvar_priv.h P lib/mesa/src/egl/main/egldisplay.c P xserver/configure P xserver/configure.ac commit pIlwRRMv6kM23JED Author: matthieu Date: 2025/11/11 17:39:11 Add -lpthread to GLX_SYS_LIBS (fix build with CFLAGS=-O0) xserver/configure xserver/configure.ac commit 5tl6c10V7te9fIhA Author: jsg Date: 2025/11/11 10:58:10 detect wayland platform when not built with HAVE_WAYLAND_PLATFORM Otherwise the default platform type of x11 is used and a pointer is wrongly cast to an X11 Display type when using wayland. Mesa can't be built with HAVE_WAYLAND_PLATFORM as the wayland libraries are not in xenocara. initial diff from and ok landry@ lib/mesa/src/egl/main/egldisplay.c