CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2025/10/07 18:06:32 Modified files: sys/net : if_rport.c Log message: implement "checksum offload" between rport pairs. this allows the kernel to skip ip/tcp/udp checksum calculation for packets between rdomains. rport interfaces advertise checksum offload capabilities to the stack, so the stack will set CSUM_OUT mbuf flags rather than do the checksum calculation for packets being transmitted on an port interface. when these packets are sent back into the stack by the partner rport interface, the CSUM_OUT flags get mapped to equivalent CSUM_IN_OK flags. this is modelled on how lo(4) does the same thing. CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2025/10/07 18:28:27 Modified files: sys/net : if_rport.c Log message: use multiple txqs to spread traffic handling over softnet threads. CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/07 18:32:52 Modified files: usr.bin/ssh : version.h Log message: openssh-10.2 The only change since 10.1 is the channels.c fix CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2025/10/07 19:05:47 Modified files: . : 70.html mail.html openbgpd : mail.html faq/ports : guide.html build/mirrors : openssh-portable.html.head openssh : portable.html Log message: correctly capitalise GitHub mentioned by charles19132 on misc ok tb@ op@ schwarze@ CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2025/10/07 19:21:59 Modified files: build/mirrors : openssh-portable.html.head openssh : portable.html Log message: correct html; spotted by schwarze@ CVSROOT: /cvs Module name: src Changes by: stsp@cvs.openbsd.org 2025/10/08 07:15:33 Modified files: sys/net80211 : ieee80211_node.c Log message: Fix association to access points which have all 802.11b rates disabled. When I replaced ieee80211_iserp_sta() with a check for the extended rates information element I wrongly assumed that this information element would always be present if 11g is supported. However, the xrates IE only appears in 11b/g mixed mode. APs which have 802.11b rates completely disabled can announce all rates via the regular rates IE and never send the xrates IE. Ensure that we recognize such APs as 11g-capable regardless of the missing xrates IE. Otherwise assocation can fail due to a mismatch of basic rates. Problem reported by landry@ ok phessler@ sthen@ CVSROOT: /cvs Module name: www Changes by: kirill@cvs.openbsd.org 2025/10/08 13:52:58 Modified files: . : 78.html Log message: 78.html: sync version of jdks OK: tb@ CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/08 15:02:16 Modified files: usr.bin/ssh : ssh-pkcs11.c Log message: fix crash at exit (visible via ssh-keygen -D) when multiple keys loaded. ok markus deraadt dtucker CVSROOT: /cvs Module name: www Changes by: kirill@cvs.openbsd.org 2025/10/08 15:37:51 Modified files: . : 78.html Log message: 78.html: sync version of ports CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/08 15:48:40 Modified files: usr.bin/ssh : sftp.c Log message: When tab-completing a filename, ensure that the completed string does not end up mid-way through a multibyte character, as this will cause a fatal() later on. based on GHPR#587 from @TaoistBrickscarrier; feedback tb@ kevlo@ ok dtucker@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2025/10/08 15:55:19 Modified files: sys/conf : newvers.sh Log message: 7.8-current ok deraadt@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2025/10/08 15:57:15 Modified files: sys/conf : GENERIC Log message: re-enable POOL_DEBUG ok deraadt@ CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2025/10/08 17:28:31 Modified files: . : 78.html Log message: update versions of base and xenocara components CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/08 21:23:33 Modified files: usr.bin/ssh : monitor_wrap.c Log message: silence "mm_log_handler: write: Broken pipe" logspam CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/09 05:18:29 Modified files: sys/arch/arm64/conf: GENERIC RAMDISK Log message: Enable ice(4) on arm64. Works out of the box. OK kettenis@ deraadt@ jca@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/09 05:22:06 Modified files: sys/dev/pci : if_ice.c Log message: Implement SIOCGIFRXR in ice(4) so that systat mbuf shows the queues. OK stsp@ CVSROOT: /cvs Module name: www Changes by: krw@cvs.openbsd.org 2025/10/09 07:29:40 Modified files: . : 78.html Log message: Add some fdisk and disklabel items. CVSROOT: /cvs Module name: www Changes by: sthen@cvs.openbsd.org 2025/10/09 08:43:51 Modified files: faq : current.html Log message: add a heads-up about a freetds update that came along earlier in 7.7-current which just showed up an interesting problem after updating a test machine. if you have set "tds version = 8.0" you might want to review and change to "= auto" or a specific version before updating, to avoid connection failure, and your dba getting scary looking emails from mssql ;) CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/09 12:43:26 Modified files: sys/arch/sparc64/dev: viommu.c Log message: Avoid segments greater than maxsegsz during map merging Apply the same fix as done in iommu.c rev 1.83 OK jan@ kettenis@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2025/10/09 13:25:37 Modified files: sys/dev/fdt : rkrng.c Log message: Add RK3588 support. ok dlg@ CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2025/10/09 13:27:04 Modified files: usr.sbin/rpki-client: ccr.c rpki-asn1.h Log message: Clarify CCR file format: the payload is encapsulated inside an OCTET STRING Brought up by William McCall This is a mechanical change. discussed with / OK tb@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2025/10/09 14:08:49 Modified files: sys/arch/riscv64/dev: stfclock.c Log message: Improve JH7110 support: - Round to the nearest achievable clock rate instead of rounding down. - Make sure we don't set a divider to zero. - Fully initialize PLL0 when setting its rate. - Bump PLL0 rate regardless of what the firmware configures it to. This avoids issues with firmware based on upstream U-Boot. ok jca@ CVSROOT: /cvs Module name: www Changes by: sobrado@cvs.openbsd.org 2025/10/09 15:39:26 Modified files: . : 78.html Log message: add two missing closing tags to hyperlinks. CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/09 17:25:23 Modified files: usr.bin/ssh : ssh-pkcs11.c Log message: downgrade a useless error() -> debug() CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/09 17:26:47 Modified files: usr.bin/ssh : ssh-keygen.c Log message: don't abuse SSHKEY_FLAG_EXT to signal that a key is in the agent, as that triggers special handling on sshkey_free() CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2025/10/09 17:57:26 Modified files: . : 78.html Log message: mention kernel drm version CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/09 17:58:27 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: simplify CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2025/10/09 18:31:53 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: clean up more thoroughly between tests CVSROOT: /cvs Module name: www Changes by: djm@cvs.openbsd.org 2025/10/10 02:31:36 Added files: openssh/txt : release-10.2 Log message: openssh-10.2 CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2025/10/10 02:31:55 Modified files: . : 78.html Log message: add new drivers CVSROOT: /cvs Module name: www Changes by: djm@cvs.openbsd.org 2025/10/10 02:32:35 Modified files: . : 78.html build : Makefile build/mirrors : openssh-ftp.html.head openssh : ftp.html index.html openbsd.html releasenotes.html openssh/txt : release-10.2 Log message: openssh-10.2 CVSROOT: /cvs Module name: www Changes by: djm@cvs.openbsd.org 2025/10/10 02:33:48 Modified files: openssh/txt : release-10.2 Log message: typo CVSROOT: /cvs Module name: www Changes by: djm@cvs.openbsd.org 2025/10/10 02:34:05 Modified files: openssh : releasenotes.html Log message: typo CVSROOT: /cvs Module name: www Changes by: kmos@cvs.openbsd.org 2025/10/10 05:10:15 Modified files: . : plus.html Log message: plus covering April to May. A few tricky entries are missing and will be added once I understand them. Most work by pamela@. man page markup by me. CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2025/10/10 05:31:13 Modified files: lib/libcrypto/x509: x509_local.h x509cset.c Log message: Remove unused sequence member from x509_revoked_st To allow binary search for looking up if a cert was revoked in a CRL, the list of revoked serial numbers is sorted in crl_lookup(). On the other hand, to be able to output the DER that was actually signed by the issuer, the original order needs to be remembered. Before the encoding was cached, there was a mechanism that would restore the original order on serialization using the .sequence member. This was done without a lock and was thus racy (hilarity would ensue if one thread performed a CRL lookup while another thread serialized the same CRL). When the racy mechanism was removed in 2004, the only reader of .sequence, X509_REVOKED_seq_cmp(), was also removed, and this piece of dead code was left behind. Garbage collect it. ok kenjiro CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/10 05:56:48 Modified files: sys/dev/pci : if_ice.c Log message: Fix various errors on big-endian systems. With this ice(4) works on sparc64. In ice_copy_rxq_ctx_to_hw() the buffer passed in is already in little endian and so one needs to call bus_space_write_raw_4(). Wrap that into ICE_WRITE_RAW() to be consistent. In ice_txeof() the calculation of dtype was all messed up. The 64bit descriptor word cmd_type_offset_bsz needs to be converted to host byte order and then all the masking and shifting can happen. Also there is no need to byte swap ICE_TX_DESC_DTYPE_DESC_DONE since dtype is already in host byte order. On code inspection another unneeded byte swap was found in ice_tx_setup_offload(). The vlan tag needs to be shifted into position unswapped and the full word is swapped at the end. OK stsp@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/10 05:58:24 Modified files: sys/dev/pci : if_ice.c Log message: Disable ICE_DBG_TRACE in the default ice_debug value. It is way to noisy and adds little real value. OK stsp@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2025/10/10 10:12:58 Modified files: sys/dev/acpi : amdpmc.c Log message: Add SMU support to amdpmc(4). The SMU is a microcontroller buried deep in the bowels of AMD SoCs and needs to be tickled in order to reach the lowest power states in suspend. It also provides some information on whether we actually reached those lower states. On most machines we will need to tell the USB4 controllers to go to sleep to reach these states. So it is likely that we won't reach S0i3 yet on those machines. ok mlarkin@, deraadt@ CVSROOT: /cvs Module name: www Changes by: hshoexer@cvs.openbsd.org 2025/10/10 15:23:54 Modified files: . : events.html Added files: papers : eurobsdcon2025-hshoexer-confidential-computing.pdf Log message: I gave a presentation at EuroBSDCon 2025 CVSROOT: /cvs Module name: www Changes by: hshoexer@cvs.openbsd.org 2025/10/10 15:41:24 Modified files: . : events.html Added files: papers : bsdcan2025-hshoexer-confidential-computing.pdf Log message: I gave a presentation at BSDCan 2025 CVSROOT: /cvs Module name: www Changes by: hshoexer@cvs.openbsd.org 2025/10/10 15:56:42 Modified files: . : events.html Log message: Adjust BSDCan 2025 entry to follow style guide for dates. CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2025/10/10 17:07:40 Modified files: lib/libcrypto/x509: x509_vpm.c regress/lib/libssl/unit: ssl_verify_param.c Log message: const correct X509_VERIFY_PARAM_get_hostflags() This is currently an internal helper only used by a regress test. We'll have to expose in the public API for Python 3.14: https://github.com/libressl/portable/issues/1202 CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2025/10/10 18:54:56 Modified files: share/man/man4 : dt.4 Log message: mdoc fixes. FA -> Fa, remove extra El. CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2025/10/11 09:46:06 Modified files: usr.bin/nc : netcat.c Log message: use strtonum() instead of atoi(), and error out for bad numbers This generates a host-order number, so the ntohs() for getservbyport() was wrong, that should always have been htons(). The transform is the same, but misleading. ok tb CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2025/10/11 12:34:24 Modified files: sys/dev/pci : if_ixl.c Log message: Revert rev 1.109: | ixl/ice(4): use 128 segments for DMA maps of TSO packets | | This avoids unnecessary m_defrag() calls and gain some performance. | | with tweaks for kettenis and bluhm | | ok kettenis, bluhm This seems to cause oactive stalls and ixl is too common to have it broken like this. I prefer unnecessary m_defrag() calls over hanging interfaces. CVSROOT: /cvs Module name: src Changes by: dtucker@cvs.openbsd.org 2025/10/11 17:39:14 Modified files: usr.bin/ssh/moduli-gen: moduli.2048 moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192 etc : moduli Log message: Import regenerate moduli.