Build date: 1776463203 - Fri Apr 17 22:00:03 UTC 2026
Build cvs date: 1776460122 - Fri Apr 17 21:08:42 UTC 2026
Build id: 2026-04-18.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P lib/libc/gen/getcap.c
P libexec/ftpd/ftpd.c
P sys/arch/amd64/conf/RAMDISK
P sys/arch/i386/conf/RAMDISK
P sys/arch/riscv64/stand/efiboot/conf.c
P sys/arch/riscv64/stand/efiboot/efiboot.c
M sys/dev/usb/uhidev.c
P sys/dev/wscons/wsdisplay.c
P sys/net/rtsock.c
P usr.bin/ipcs/ipcs.c
P usr.bin/mandoc/main.c
P usr.bin/mandoc/manconf.h
P usr.bin/mandoc/mandoc.h
P usr.bin/mandoc/mandoc_msg.c
P usr.bin/mandoc/manpath.c
P usr.bin/mandoc/mansearch.c
P usr.bin/rpcgen/rpc_util.c
M usr.sbin/bgpd/session.c
P usr.sbin/vmd/vionet.c
P usr.sbin/vmd/virtio.h
P usr.sbin/vmd/vmd.h

commit AlHT2nVHNpmnQO6N
Author: dv
Date: 2026/04/17 21:08:42

  Fix vmd(8) vionet reset race leading to broken networking.

  A driver reset races with the device asynchronously notifying tx
  and rx threads. The current design finishes the reset after the
  threads pause and acknowledge the reset. This can clobber device
  state because a driver doesn't need to wait before reconfiguring
  the device. End result is device thinks it's in a blank slate while
  driver thinks device is configured and device refuses to pass packets
  thinking the driver isn't ready.

  This removes that async reset design and ack message from the
  threads. Reset occurs immediately while emulating the write to the
  register. A generation counter is used to signal to tx and rx
  threads that a reset occurred between they time they finished
  processing virtqueues and the time they grabbed the write lock to
  change interrupt state on the device so they can safely skip
  raising irq lines.

  Original bug reports by mbuhl@ and stsp@.

  Tested with help from stsp@, hshoexer@, and Mischa Peters.

  ok mlarkin@

  usr.sbin/vmd/vionet.c
  usr.sbin/vmd/virtio.h
  usr.sbin/vmd/vmd.h

commit REP6UdhVNW3w3QU9
Author: millert
Date: 2026/04/17 20:17:53

  Avoid potential undefined behavior on write error while sending data.
  From Dhiraj Mishra
  OK deraadt@ tb@

  libexec/ftpd/ftpd.c

commit tGFYYzvOu0ZREBhT
Author: kettenis
Date: 2026/04/17 19:41:31

  Attempt to load the right device tree from the riscv64-specmit-dtb
  firmware package on SpacemiT K1 boards.  The only viable way to do this
  seems to be basing this on the "model" property of the root node of
  the device tree provided by the device.  This is still a bit of a guess
  since the Milk-V Jupiter advertises itself as "spacemit k1-x evb board"
  and the Banana Pi BPI-F3 seems to say it is a "spacemit k1-x deb1 board".

  ok jca@

  sys/arch/riscv64/stand/efiboot/conf.c
  sys/arch/riscv64/stand/efiboot/efiboot.c

commit Ckmknd0cN2uHPNkI
Author: deraadt
Date: 2026/04/17 19:35:22

  If you use the floppy, fw_update for some drivers will not work, you will
  have to figure out the names of the missing firmwares and request them
  manually.

  The pci strings in the kernel have become too large, and I'm being told I
  may not shorten them.

  sys/arch/i386/conf/RAMDISK

commit 8tWMEywYYNb1SIPS
Author: deraadt
Date: 2026/04/17 19:34:37

  If you use the floppy, fw_update for some drivers will not work, you will
  have to figure out the names of the missing firmwares and request them
  manually.

  The pci strings in the kernel have become too large, and I'm being told I
  may not shorten them.

  sys/arch/amd64/conf/RAMDISK

commit mQnjuf2PDYXsI7CZ
Author: claudio
Date: 2026/04/17 18:30:45

  route_output() can not use the info struct late in its function
  since the rtm struct that populated it was freed around the
  rtm_report() call. In that case access to info.rti_info[RTAX_DST]
  is a use-after-free.  Cache the address family before handling the
  route message so that the route_input call can use this value instead.

  Report from Bruce Dang of Calif.io
  OK deraadt@

  sys/net/rtsock.c

commit DRnhoQTIFBGX1QoF
Author: schwarze
Date: 2026/04/17 17:30:50

  oops, fix a one-byte mishap in the previous commit

  usr.bin/mandoc/main.c

commit TZo2qLK7CZ7fCnt2
Author: schwarze
Date: 2026/04/17 17:27:35

  Refine unveil(2) usage.

  * Process man.conf(5) early before unveil(2) because it needs realpath(3).
  * Rather than unveiling the whole file system for reading and execution,
  only reveal the manpaths actually needed for reading, and /usr/share/locale/
  if needed, and only reveal the pager binary for execution.
  * Only reveal the whole file system for reading if input file names
  are listed individually on the command line.
  * Rather than unveiling /tmp unconditionally, only do so when it is
  actually needed for the pager.
  * When -O outfilename or -O tagfilename is specified, rather than
  unveiling the current working directory for writing, only unveil
  the specific filenames needed.

  Using some feedback from deraadt@, in particular reducing the number
  of vnodes that are held, and avoiding use of the "unveil" pledge(2).

  usr.bin/mandoc/main.c

commit xTcc3nD9WoqWJDqJ
Author: schwarze
Date: 2026/04/17 15:30:27

  Prepare for refining unveil(2) usage by providing a function manpath_unveil()
  that makes the manpath directories accessible.  Soon to be used by man(1),
  spropos(1), and makewhatis(8).

  usr.bin/mandoc/manconf.h
  usr.bin/mandoc/mandoc.h
  usr.bin/mandoc/mandoc_msg.c
  usr.bin/mandoc/manpath.c

commit bMgNbJE4FcA34DIt
Author: schwarze
Date: 2026/04/17 14:07:48

  Delete the pointless logic that remembers the original working directory.
  It was never needed because manpath_add() in manpath.c has always been
  using realpath(3) since the very beginning in 2011, so struct manpaths
  only ever contains absolute paths.
  The only exception is man.cgi(8), but that chdir(2)s to the right
  directory beforehand and only ever uses one single manpath, ".".

  This simplifies the code with no functional change.

  usr.bin/mandoc/mansearch.c

commit 9sGDTW35QioXO8fH
Author: renaud
Date: 2026/04/17 06:24:34

  locase() in usr.bin/rpcgen/rpc_util.c copies an identifier into
  a static buffer without bounds checking

  OK deraadt@

  usr.bin/rpcgen/rpc_util.c

commit tu8NutHssVD4YLVY
Author: renaud
Date: 2026/04/17 06:23:09

  cgetnext() in lib/libc/gen/getcap.c copies a record name into a
  stack buffer without bounds checking

  OK deraadt@

  lib/libc/gen/getcap.c

commit GJJIiHB72OY5yvdj
Author: deraadt
Date: 2026/04/17 06:18:19

  Some mapchar emulops require a question mark character, so don't permit
  loading if that is missing (bounded by firstchar and numchars).
  An AI triage report made a hastly conclusion there were bigger problems
  here but Miod figures it is just this ? problem.
  diff from miod
  report from Bruce Dang of Calif.io

  sys/dev/wscons/wsdisplay.c

commit XXNmJh4eunfNYNz9
Author: dgl
Date: 2026/04/17 02:01:29

  In ipcs(1) use shm_cpid to determine whether a shared memory segment is in use.
  As since kern_sysctl.c r1.490 shm_internal is always NULL.

  ok deraadt

  usr.bin/ipcs/ipcs.c