Build date: 1782252003 - Tue Jun 23 22:00:03 UTC 2026 Build cvs date: 1782250090 - Tue Jun 23 21:28:10 UTC 2026 Build id: 2026-06-24.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P distrib/sets/lists/comp/clang.amd64 P distrib/sets/lists/comp/clang.arm64 P distrib/sets/lists/comp/clang.armv7 P distrib/sets/lists/comp/clang.i386 P distrib/sets/lists/comp/clang.loongson P distrib/sets/lists/comp/clang.macppc P distrib/sets/lists/comp/clang.octeon P distrib/sets/lists/comp/clang.powerpc64 P distrib/sets/lists/comp/clang.riscv64 P distrib/sets/lists/comp/clang.sparc64 P etc/examples/bgpd.conf P gnu/usr.bin/clang/Makefile U gnu/usr.bin/clang/clang-scan-deps/Makefile U gnu/usr.bin/clang/libclangDependencyScanning/Makefile U gnu/usr.bin/clang/libclangTooling/Makefile P lib/libc/asr/asr.c P lib/libc/asr/getaddrinfo_async.c P lib/libc/asr/gethostnamadr_async.c P lib/libc/asr/getnameinfo_async.c P lib/libc/asr/getrrsetbyname.c P lib/libc/asr/getrrsetbyname_async.c P lib/libc/asr/res_send_async.c P lib/libc/gen/nlist.c P lib/libc/string/memmem.c P lib/libc/string/strstr.c P lib/libcrypto/asn1/x_crl.c P regress/lib/libcrypto/x509/Makefile U regress/lib/libcrypto/x509/x509_crl.c P regress/sys/kern/sysvmsg/msgtest.c P sbin/isakmpd/exchange.c P sbin/isakmpd/ike_phase_1.c P sbin/isakmpd/ipsec.c P sbin/isakmpd/policy.c P sbin/isakmpd/udp_encap.c P sys/arch/amd64/amd64/autoconf.c P sys/arch/arm64/arm64/autoconf.c U sys/arch/arm64/arm64/codepatch.c P sys/arch/arm64/arm64/cpu.c P sys/arch/arm64/arm64/cpufunc_asm.S P sys/arch/arm64/arm64/locore.S P sys/arch/arm64/arm64/locore0.S P sys/arch/arm64/conf/files.arm64 P sys/arch/arm64/conf/kern.ldscript U sys/arch/arm64/include/codepatch.h P sys/arch/sparc64/conf/files.sparc64 P sys/dev/pci/if_bnxt.c P sys/dev/pci/if_em.c P sys/dev/pci/if_iavf.c P sys/dev/pci/if_ice.c P sys/dev/pci/if_igc.c P sys/dev/pci/if_ix.c P sys/dev/pci/if_ixl.c P sys/dev/pci/if_ixv.c P sys/dev/pci/if_mcx.c P sys/dev/pci/if_vmx.c P sys/dev/pci/drm/drm_linux.c P sys/dev/pci/drm/i915/i915_scatterlist.c P sys/dev/pci/drm/include/generated/autoconf.h P sys/dev/pci/drm/include/linux/dma-mapping.h P sys/dev/pci/drm/include/linux/scatterlist.h P sys/dev/pv/if_vio.c M sys/dev/usb/uhidev.c P sys/kern/kern_prot.c P sys/kern/sysv_msg.c P sys/kern/uipc_mbuf.c U sys/lib/libkern/clzdi2.c P sys/net/if.h P sys/net/if_var.h P sys/netinet/ip_mroute.c P sys/netinet6/ip6_forward.c P sys/netinet6/ip6_mroute.c P sys/netinet6/ip6_output.c P sys/netinet6/ip6_var.h P sys/sys/mbuf.h P sys/uvm/uvm_extern.h P sys/uvm/uvm_km.c P usr.bin/cpp/cpp.sh P usr.bin/tmux/arguments.c P usr.bin/tmux/cmd-command-prompt.c P usr.bin/tmux/cmd-confirm-before.c P usr.bin/tmux/cmd-resize-pane.c P usr.bin/tmux/cmd-split-window.c P usr.bin/tmux/format.c P usr.bin/tmux/layout.c P usr.bin/tmux/mode-tree.c P usr.bin/tmux/options.c P usr.bin/tmux/status.c P usr.bin/tmux/tmux.1 P usr.bin/tmux/tmux.h P usr.bin/tmux/window-customize.c P usr.bin/tmux/window-tree.c P usr.bin/tmux/window.c P usr.bin/tsort/tsort.c P usr.sbin/bgpd/Makefile P usr.sbin/bgpd/chash.c P usr.sbin/bgpd/rde_attr.c M usr.sbin/bgpd/session.c P usr.sbin/bgpd/util.c commit iplyV3eHWfVsrLme Author: kirill Date: 2026/06/23 21:28:10 sys/sparc64: add __clzdi2 implementation for clang build OK: deraadt@, claudio@ sys/arch/sparc64/conf/files.sparc64 sys/lib/libkern/clzdi2.c commit MENWEE1x2ZaLiG5B Author: nicm Date: 2026/06/23 21:00:20 Fix MOVE flag handling and remove key code (not actually needed). usr.bin/tmux/cmd-command-prompt.c usr.bin/tmux/cmd-confirm-before.c usr.bin/tmux/mode-tree.c usr.bin/tmux/status.c usr.bin/tmux/tmux.h usr.bin/tmux/window-customize.c usr.bin/tmux/window-tree.c commit KnFiLYpE021tLRM2 Author: job Date: 2026/06/23 20:51:42 Add route leak prevention (ASPA & RFC 9234) to the bgpd.conf example The local node's own "role" (in relation to the other side) needs to be specified to make ASPA work. Specifying the role also activates the very convenient RFC 9234-based route leak prevention. ASPA & RFC 9234 are complimentary mechanisms. ASPA uses the RPKI to help identify implausible AS_PATHs. RFC 9234 uses an in-band signal (the OTC attribute) to help form appropriate route propagation cones. Just a handful of simple config lines make bgpd do carrier-grade filtering! OK claudio@ etc/examples/bgpd.conf commit kh0VjeVKHYE8vZeK Author: nicm Date: 2026/06/23 20:30:10 Turn off preview if no draw callback and add a function to move to top. usr.bin/tmux/mode-tree.c usr.bin/tmux/tmux.h commit pPmzNmhkyNLbznQM Author: nicm Date: 2026/06/23 20:07:58 Use flags for input callback instead of a single int done so the callback can be told about cursor movement in an incremental prompt. usr.bin/tmux/cmd-command-prompt.c usr.bin/tmux/cmd-confirm-before.c usr.bin/tmux/mode-tree.c usr.bin/tmux/status.c usr.bin/tmux/tmux.h usr.bin/tmux/window-customize.c usr.bin/tmux/window-tree.c commit P4XbWUw1bx5g2dZh Author: cludwig Date: 2026/06/23 20:04:50 sys_getlogin_r: Restore ERANGE behavior Do not silently truncate the buffer, but let copyoutstr() enforce the user-visible namelen size limit. That restores ERANGE. ok mvs@ sys/kern/kern_prot.c commit 5E9Q77CURVdyRg5s Author: kettenis Date: 2026/06/23 19:47:42 N_EXT is supposed to be a flag that indicates global/external symbols. Also make sure that we add it to the type instead of overriding it. This makes pstat -d work for static kernel variables. ok deraadt@, jca@ lib/libc/gen/nlist.c commit Vygtyn4ylCENTg8D Author: bluhm Date: 2026/06/23 19:09:37 Remove global variable from multicast routing. Global variable struct sockaddr_in sin is used to pre-initialize length and family. Changing sin_addr dynamically does not work in a multiprocessor environment. Allocate and initialize sin on the stack. OK claudio@ sys/netinet/ip_mroute.c commit mNShWlnaPFfe42KY Author: bluhm Date: 2026/06/23 18:50:43 Avoid C casts in multicast code by using correct type. Instead of using caddr_t for if_mcast and if_mcast6 in struct ifnet, use the correct pointer type for struct vif and mif6. This allows to remove many casts in multicast routing code. OK florian@ sys/net/if_var.h sys/netinet/ip_mroute.c sys/netinet6/ip6_mroute.c commit DY4q7zLhw1C8PcRp Author: claudio Date: 2026/06/23 18:32:36 Limit log_aspa() to MAX_ASPA_SPAS_COUNT elements more is verboten! Kills a gcc4 warning on sparc64 since the previous check was always false. OK tb@ usr.sbin/bgpd/util.c commit lVe4lUE73sNq2nFy Author: claudio Date: 2026/06/23 18:30:48 Silence gcc4 warning by setting nseg = 0. The dependency on newseg == 0, which can only happen when nseg is also set, is to intranspatent for the compiler to see through. OK tb@ usr.sbin/bgpd/rde_attr.c commit Rbm4t2XELLahE8yH Author: jan Date: 2026/06/23 18:13:32 ix(4): remove redundant code paylen is already calculated in ether_extract_headers(). ok bluhm@ sys/dev/pci/if_ix.c commit Fanhd5rwXKEwRJ3J Author: florian Date: 2026/06/23 17:49:38 _asr_make_fqdn() indicates error by returning 0; from Andrew Griffiths OK deraadt lib/libc/asr/res_send_async.c commit 9Wnjoz5QgggVaMNc Author: florian Date: 2026/06/23 17:49:09 ttl is u_int32_t; from Andrew Griffiths OK deraadt lib/libc/asr/getrrsetbyname_async.c commit 3UlJynlQ0pwDiQZZ Author: florian Date: 2026/06/23 17:48:36 Avoid a bunch of useless checks, free(NULL) is valid. While here, use a counter of type unsigned int, which is the same type as rri_nrdatas in our termination condition. (In practice there can't be more than 65k RRSets). Andrew Griffiths pointed out that we'd leak memory if rri_rdatas or rri_sigs are sparsely populated. In practice this will not happen but it made me look. OK deraadt lib/libc/asr/getrrsetbyname.c commit jbE3RoHkIQXlsPin Author: florian Date: 2026/06/23 17:48:06 Check for IPv6 scope truncation in getnameinfo(3); from Andrew Griffiths OK deraadt lib/libc/asr/getnameinfo_async.c commit KDD82LCgUK9KtIv6 Author: florian Date: 2026/06/23 17:47:38 Nothing to do if we get a zero length buffer; from Andrew Griffiths OK deraadt lib/libc/asr/asr.c commit lEHxYHk18XyqaToa Author: bluhm Date: 2026/06/23 15:45:00 Remove IPv6 source routing from output path. Routing header type 0 has been deprecated by RFC 5095 and we do not support any other type. While OpenBSD blocks routing header in pf and during the input path, IPv6 output still allowed the user to generate them. Remove the code to set IPV6_RTHDR with setsockopt(2) and return "Protocol not available" error instead. Also delete the code in ip6_output() to insert the routing header. Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using the GLM model from Z.ai. reported that a regular user could attach deprecated routing header. OK claudio@ florian@ sys/netinet6/ip6_forward.c sys/netinet6/ip6_output.c sys/netinet6/ip6_var.h commit XixhY9ulzP1Zt9yX Author: claudio Date: 2026/06/23 15:34:00 Use ffs and slots &= slots - 1 to walk over the slots in a way to only look at matches. Kills another branch in the hot path and reduces the loop form 7 to the number of hits (which is close to 1). On systems without native ffs instruction this can be a tiny bit slower but modern systems have native ffs and there the speedup can be noticable. Even systems without ffs benefit on lookup misses since the loop is skipped. Based on a diff from Rango (kombucha at mm.st) OK tb@ usr.sbin/bgpd/chash.c commit stkeyyILuxfbNN6W Author: bluhm Date: 2026/06/23 14:40:40 Allocate mbufs in high memory if only 64 bit DMA interfaces exist. Mbufs on amd64 were allocated below 4 GB so that devices not capable of 64 bit DMA can access the memory. Interface drivers use BUS_DMA_64BIT to allow the DMA layer doing 64 bit transfers. Now flag interfaces with IFXF_MBUF_64BIT that are capable of 64 bit DMA on all their mbuf rings. If only such interfaces exist in the system during amd64 boot, allocate mbufs and mbuf clusters also in high memory. Other architectures may be limited to 32 bit memory anyway or use an IOMMU. On riscv64 or arm64 busses may exists that support less than 64 bit, this will be handled later. Hotplug devices that do not support 64 bit DMA will use bounce buffering. By changing the flags in device drivers we can force bounce buffering and find missing calls to bus_dmamap_sync(). OK kettenis@ deraadt@ sys/arch/amd64/amd64/autoconf.c sys/dev/pci/if_bnxt.c sys/dev/pci/if_em.c sys/dev/pci/if_iavf.c sys/dev/pci/if_ice.c sys/dev/pci/if_igc.c sys/dev/pci/if_ix.c sys/dev/pci/if_ixl.c sys/dev/pci/if_ixv.c sys/dev/pci/if_mcx.c sys/dev/pci/if_vmx.c sys/dev/pv/if_vio.c sys/kern/uipc_mbuf.c sys/net/if.h sys/sys/mbuf.h sys/uvm/uvm_extern.h sys/uvm/uvm_km.c commit DeoY3E1trXF6FXmW Author: hshoexer Date: 2026/06/23 13:56:58 isakmpd: Do not leak transport in error paths of udp_encap_handle_message() This is simiar to what we do in udp_handle_message() in udp.c. ok markus sbin/isakmpd/udp_encap.c commit E6vMantVdwjSGf98 Author: hshoexer Date: 2026/06/23 13:40:16 isakmpd: Enforce per-type ID payload size in ipsec_validate_id_information() ok markus@ sbin/isakmpd/ipsec.c commit zBd0BbxQ0jTpR01A Author: hshoexer Date: 2026/06/23 13:36:28 isakmpd: Bound check ID-payload memcmp() Make sure the ID supplied by the peer is the size anticipated from the configuration. Only apply memcmp() if the size matches. Otherwise, reject the ID right away. ok markus@ sbin/isakmpd/ike_phase_1.c commit BIy49xpJeCWoopPj Author: hshoexer Date: 2026/06/23 13:31:24 isakmpd: Bound check decode_* in policy_callback() and attribute_unacceptable() Before decoding 16-bit or 32-bit TLV values, verify that the provided values have proper minimum size. ok markus@ sbin/isakmpd/ike_phase_1.c sbin/isakmpd/policy.c commit CyFU6HqcF0L63dhN Author: hshoexer Date: 2026/06/23 13:18:24 isakmpd: Bound check decode_16() in ipsec_decode_attribute() Before decoding a 16 bit TLV value verify that the provided value is at least 16 bit in size. The LIFE_DURATION attributes will already be validated individually, so just pass them on. ok markus@ sbin/isakmpd/ipsec.c commit nedMwewCSBWtIjLW Author: tim Date: 2026/06/23 13:10:40 Fix misleading comment in strstr(3) From upstream musl: https://git.musl-libc.org/cgit/musl/commit?id=c53e9b239418eb3e0e8be256abd0f6ad7608bbcf OK tb@ lib/libc/string/strstr.c commit pQbFCfnXULtwlt9G Author: tim Date: 2026/06/23 13:09:11 Avoid shift overflow in memmem(3) and strstr(3) Fix from upstream musl: https://git.musl-libc.org/cgit/musl/commit?id=593caa456309714402ca4cb77c3770f4c24da9da OK tb@ lib/libc/string/memmem.c lib/libc/string/strstr.c commit FGmNRxyY2Vgp2phj Author: hshoexer Date: 2026/06/23 13:09:08 isakmpd: Bound check decode_16() in ipsec_is_attribute_incompatible() Before decoding a 16 bit TLV value verify that the provided value is at least 16 bit in size. ok markus@ sbin/isakmpd/ipsec.c commit 0k7I4ZtAhonceo2H Author: claudio Date: 2026/06/23 12:13:08 Implement ch_meta_locate() using some bit tricks to avoid branches and loops. ch_haszero() first sets the high bit for every byte in lookup that is 0 and then uses a multiplaction plus shift to compact this bits into the output. Also use a multiplication with 0x0101010101010101 instead of the memset(). Modern compilers produce the same code but older ones produce a bit simpler code this way. Based on a diff from Rango (kombucha at mm.st) OK tb@ usr.sbin/bgpd/Makefile usr.sbin/bgpd/chash.c commit VemJKDe6XBb3dfkk Author: hshoexer Date: 2026/06/23 11:57:58 isakmpd: Only call sa_isakmp_upgrade() when ISAKMP SAs actually exist Informational and transactional exchanges do not have ISAKMP SAs. Therefore only upgrade ISAKMP SAs when these actually exist. ok markus@ sbin/isakmpd/exchange.c commit DyOJ9yGF6RfwTCts Author: kettenis Date: 2026/06/23 11:45:54 Address CVE-2025-10263. This requires doing the TLB invalidation twice. However, this has a considerable cost on some CPU cores (such as Apple's M1/M2 and Qualcomm Snapdragon X) that aren't vulnerable. So bring over the code patching infrastructure from amd64 and use it to NOP out the additional TLB invalidation on CPUs that aren't vulnerable. This also addresses errata on some older ARM CPU cores (that are classified as unlikely to happen) on some cores that aren't vulnerable to this particular CVE. ok jca@, deraadt@ sys/arch/arm64/arm64/autoconf.c sys/arch/arm64/arm64/codepatch.c sys/arch/arm64/arm64/cpu.c sys/arch/arm64/arm64/cpufunc_asm.S sys/arch/arm64/arm64/locore.S sys/arch/arm64/arm64/locore0.S sys/arch/arm64/conf/files.arm64 sys/arch/arm64/conf/kern.ldscript sys/arch/arm64/include/codepatch.h commit c5TA0S2vaym9DPEl Author: florian Date: 2026/06/23 11:36:36 Check for errors returned by _asr_unpack_{header,query,rr} dname_expand() is the main parsing function for DNS labels. Its errors are propagated via unpack_dname() to _asr_unpack_query() and _asr_unpack_rr(). Those two functions would also propagate the errors, but they were then ignored by the callers which would continue parsing invalid DNS data. _asr_unpack_header has the same issue but the call chain is shorter. input & OK deraadt lib/libc/asr/getaddrinfo_async.c lib/libc/asr/gethostnamadr_async.c lib/libc/asr/res_send_async.c commit 6SP5kzyjjeG4i9uY Author: nicm Date: 2026/06/23 11:29:27 Fix an infinite loop in customize mode when a filter does not match, and tweak a tmux.1 example. usr.bin/tmux/tmux.1 usr.bin/tmux/window-customize.c usr.bin/tmux/window.c commit XGnZh8wsyUiHbfRr Author: jca Date: 2026/06/23 10:51:03 Add clang-scan-deps distrib/sets/lists/comp/clang.amd64 distrib/sets/lists/comp/clang.arm64 distrib/sets/lists/comp/clang.armv7 distrib/sets/lists/comp/clang.i386 distrib/sets/lists/comp/clang.loongson distrib/sets/lists/comp/clang.macppc distrib/sets/lists/comp/clang.octeon distrib/sets/lists/comp/clang.powerpc64 distrib/sets/lists/comp/clang.riscv64 distrib/sets/lists/comp/clang.sparc64 commit kLSxIP5Bt3zIc7jR Author: jca Date: 2026/06/23 10:50:23 Import clang-scan-deps Computes deps so that build systems may rebuild only what's needed after changing a C++20 module. Needed by a small (4) but growing number of ports and expected to be needed by a lot more in the future. Working around the lack of it in base is especially awkward. ok tb@ sthen@ gnu/usr.bin/clang/Makefile gnu/usr.bin/clang/clang-scan-deps/Makefile gnu/usr.bin/clang/libclangDependencyScanning/Makefile gnu/usr.bin/clang/libclangTooling/Makefile commit uCbtT8dNdplWzwq3 Author: nicm Date: 2026/06/23 09:29:26 Allow -p more than 100%, and account for borders when sizing new panes. From Dane Jensen. usr.bin/tmux/arguments.c usr.bin/tmux/cmd-resize-pane.c usr.bin/tmux/cmd-split-window.c usr.bin/tmux/layout.c usr.bin/tmux/options.c usr.bin/tmux/tmux.h usr.bin/tmux/window.c commit 9xKBYCD7tbZqrUfU Author: nicm Date: 2026/06/23 09:13:30 Do not leak error message, use it instead. From Dane Jensen. usr.bin/tmux/layout.c commit yvyNp1P9ldNq6j3v Author: mvs Date: 2026/06/23 08:49:48 Fix transfer size in regress/sys/kern/sysvmsg/msgtest.c According POSIX (see [1] and [2] EXAMPLES) the `msgsz' argument of msgsnd() and msgrcv() should *NOT* include the size of msg.mtype, it should be the size of msg.mtext only. Also msgrcv() return value does *NOT* include the size of msg.mtype, but only the size of msg.mtext. Our test expects the size of the whole msg. 1. https://pubs.opengroup.org/onlinepubs/000095399/functions/msgsnd.html 2. https://pubs.opengroup.org/onlinepubs/000095399/functions/msgrcv.html ok millert regress/sys/kern/sysvmsg/msgtest.c commit AbCUwqsHfA4QHxW7 Author: mvs Date: 2026/06/23 08:36:45 Make msg_copyout() to check the remaining space within userland buffer. Otherwise, if the userland buffer size is smaller than the message size, we write data beyond its end. Use `xfer' for chunk size like msg_copyin() does. ok cludwig sys/kern/sysv_msg.c commit kesgepq5OucVRSlv Author: nicm Date: 2026/06/23 08:35:28 Extend match to do multiple terms. usr.bin/tmux/format.c usr.bin/tmux/tmux.1 commit sL8lMygX0D2PPjtP Author: tb Date: 2026/06/23 08:32:55 With x_crl.c r1.52 the x509_crl regress passes regress/lib/libcrypto/x509/Makefile commit ZMaBOnT4C4qcUWfU Author: tb Date: 2026/06/23 08:28:06 crl_cb(): fix EXFLAG_CRITICAL mishandling The EXFLAG_CRITICAL should be set on encountering a critical CRL extension unsupported by the library. The current loop does the opposite: it stops looking as soon as it finds the first critical extension the library supports... ok kenjiro lib/libcrypto/asn1/x_crl.c commit zqoC2PcxKEwve329 Author: renaud Date: 2026/06/23 08:27:37 Fix heap buffer overread with embedded null bytes in input usr.bin/tsort/tsort.c commit rEjVb9WxfwzbmZOy Author: tb Date: 2026/06/23 08:24:49 libcrypto/x509 regress: x509_crl regress from Boring via OpenSSL #1775 Currently expected to fail due to mishandling of unknown critical extensions in x_crl.c, to be fixed shortly. regress/lib/libcrypto/x509/Makefile regress/lib/libcrypto/x509/x509_crl.c commit otdbzWP0vKEWEXZr Author: nicm Date: 2026/06/23 08:20:15 Add c key to clear filter. usr.bin/tmux/mode-tree.c usr.bin/tmux/tmux.1 commit cJnBI5cDwt6Njn4y Author: jsg Date: 2026/06/23 06:13:48 fix vmap_pfn() by using ptoa() to get the physical address sys/dev/pci/drm/drm_linux.c commit xq6WM2C9UJiYg1xP Author: jsg Date: 2026/06/23 01:39:39 don't increment scatterlist length twice this occurs as sg_dma_len() returns the length member of struct scatterlist where as on x86 linux it returns a dma_length member of the struct Problem reported by Ryan Fahy in FreeBSD drm-kmod PR 468. Avoids a 'Data modified on freelist' panic on boot when using discrete Intel cards (DG2). DG2 has other issues, so remains disabled for now. sys/dev/pci/drm/i915/i915_scatterlist.c commit rVXzsoMBjgULKcfO Author: jsg Date: 2026/06/22 23:55:10 revert scatterlist dma_length changes deraadt reports this caused 'flip_done timed out', 'commit wait timed out' and a black screen when starting X on meteor lake sys/dev/pci/drm/drm_linux.c sys/dev/pci/drm/include/generated/autoconf.h sys/dev/pci/drm/include/linux/dma-mapping.h sys/dev/pci/drm/include/linux/scatterlist.h commit 8vjaBMxshtcDmhGv Author: naddy Date: 2026/06/22 22:09:13 cpp: no longer default to -traditional calendar(1) and xrdb(1) that use cpp as a generic macro processor already call "/usr/libexec/cpp -traditional". ok jsg@ deraadt@ usr.bin/cpp/cpp.sh