Build date: 1757023203 - Thu Sep  4 22:00:03 UTC 2025
Build cvs date: 1757021143 - Thu Sep  4 21:25:43 UTC 2025
Build id: 2025-09-05.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P regress/lib/libcrypto/wycheproof/wycheproof.go
P regress/usr.bin/ssh/percent.sh
P regress/usr.bin/ssh/unittests/misc/Makefile
U regress/usr.bin/ssh/unittests/misc/test_misc.c
P regress/usr.bin/ssh/unittests/misc/tests.c
P regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_misc.c
P sbin/iked/ca.c
P sys/dev/pci/if_bce.c
P sys/dev/usb/usbdevs
P sys/dev/usb/usbdevs.h
P sys/dev/usb/usbdevs_data.h
P sys/dev/usb/uvideo.c
P sys/dev/usb/uvideo.h
P usr.bin/ssh/misc.c
P usr.bin/ssh/ssh.c
P usr.bin/ssh/sshbuf-misc.c
M usr.sbin/bgpd/session.c

commit 9TUkZNaeiBZ5pOvQ
Author: bmercer
Date: 2025/09/04 21:25:43

  regen

  sys/dev/usb/usbdevs.h
  sys/dev/usb/usbdevs_data.h

commit CCsntKHp46efPTQP
Author: bmercer
Date: 2025/09/04 21:24:51

  Add device id for Mediatek MT7612. OK miod

  sys/dev/usb/usbdevs

commit YPuCYZYrIdijtHXr
Author: tb
Date: 2025/09/04 17:06:34

  wycheproof: go fmt

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit 0mPQBHrM5bgSo9Co
Author: tb
Date: 2025/09/04 17:03:38

  wycheproof: move HKDF to v1

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit BifWMyEoYn8cwscC
Author: tb
Date: 2025/09/04 16:59:37

  wycheproof: move EdDSA to v1

  eddsa_test.json is now ed25519_test.json and again key* was renamed to
  PublicKey*.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit VFcmWfLYdD3qEDVR
Author: tb
Date: 2025/09/04 16:56:42

  wycheproof: move DSA to v1

  key* are now called PublicKey*, so change teh json tags accordingly.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit 3MZfNCBW7DvGDgn4
Author: tb
Date: 2025/09/04 16:54:17

  wycheproof: move x25519 to v1

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit rmTYDrMMu7p1saHc
Author: tb
Date: 2025/09/04 16:53:06

  wycheproof: migrate {,X}ChaCha20-Poly1305 to v1

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit 5gkJNzdFiNZCVESn
Author: tb
Date: 2025/09/04 16:51:31

  wycheproof: migrate HMAC to v1

  This is straightforward since the schema did not change. This adds
  coverage for HMAC-SHA512/224 and HMAC-SHA512/256.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit luQvbDZCc4k8cksx
Author: tb
Date: 2025/09/04 16:48:42

  wycheproof: add struct to support the testvector_v1 schema

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit 9hGC2MnYbvjMwFdk
Author: tb
Date: 2025/09/04 16:44:14

  wycheproof: add version sum type and annotate all tests as v0

  The version is passed to the test runner, so it can unmarshal the v0
  and v1 JSON as appropriate later on.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit wlwjOjwcirLFcO65
Author: tb
Date: 2025/09/04 16:40:12

  wycheproof: use local variables for testGroups and algorithm

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit wcuDVfY50LG3ZHlv
Author: tb
Date: 2025/09/04 16:38:40

  wycheproof: start migrating to testvectors_v1

  In https://github.com/C2SP/wycheproof/pull/169, upstream removed the
  testvector/ path, thereby creating the need to migrate if we want to
  benefit from future changes and tests. While this has been around for
  a very long time and generally provided more and better coverage, there
  never was sufficient motivation to do so.

  As a first step, change use of the testVectorPath constant to use of
  a path variable so we can switch the tests one by one by appending _v1
  when appropriate.

  regress/lib/libcrypto/wycheproof/wycheproof.go

commit A1Gcuz9luqPhETwc
Author: mpi
Date: 2025/09/04 15:45:56

  Missing uvm_km_free() -> bus_dmamem_free() conversions in error paths.

  ok kettenis@

  sys/dev/pci/if_bce.c

commit kC3ITK2PoxZwnfy0
Author: yasuoka
Date: 2025/09/04 10:55:19

  Load multiple certificates as a certificate chain from a file.  It
  contains the server and its intermediate ca's certificates.
  Previously, if a file had multiple certificates, all of them were
  treated as a server certificate.  diff from IIJ and Lexi Wilson

  ok jmatthew

  sbin/iked/ca.c

commit 1fdldqTco7TPJsy4
Author: kirill
Date: 2025/09/04 07:43:29

  sys/uvideo: drop duplicated usb_video_format_XXX_desc

  OK: mglocker@

  sys/dev/usb/uvideo.c
  sys/dev/usb/uvideo.h

commit WIMWECLe1CHZT3wy
Author: djm
Date: 2025/09/04 03:04:44

  repair test after changes to percent expansion of usernames on the
  commandline.

  Test more cases that should/shouldn't expand and lightly test
  username validity checks.

  regress/usr.bin/ssh/percent.sh

commit yfJbWPQRkmAF3TtG
Author: djm
Date: 2025/09/04 00:37:10

  unit tests for sshbuf_equals and sshbuf_dtourlb64; ok deraadt@

  regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_misc.c

commit oQ5fjsCbsHAirzDD
Author: djm
Date: 2025/09/04 00:34:17

  unit tests for a bunch of misc.c functions; ok deraadt@

  regress/usr.bin/ssh/unittests/misc/Makefile
  regress/usr.bin/ssh/unittests/misc/test_misc.c
  regress/usr.bin/ssh/unittests/misc/tests.c

commit cugpMlrnk5ekZ25H
Author: djm
Date: 2025/09/04 00:32:31

  fix sshbuf_dtourlb64() to not choke on empty buffers; previously
  it incorrectly returned an error in this situation; ok deraadt

  usr.bin/ssh/sshbuf-misc.c

commit d45pJxEXHJm4rMUC
Author: djm
Date: 2025/09/04 00:31:49

  fix rtrim() function to not attempt to delete whitespace inside
  a string, just at the end. ok deraadt@

  usr.bin/ssh/misc.c

commit CIYuvbKJzW42r6q2
Author: djm
Date: 2025/09/04 00:30:06

  don't allow \^@ characters in url-encoded strings.

  Suggested by David Leadbeater, ok deraadt@

  usr.bin/ssh/misc.c

commit 2RpuvS5iPJ6Q6jGl
Author: djm
Date: 2025/09/04 00:29:09

  Improve rules for %-expansion of username.

  Usernames passed on the commandline will no longer be subject to
  % expansion. Some tools invoke ssh with connection information
  (i.e. usernames and host names) supplied from untrusted sources.
  These may contain % expansion sequences which could yield
  unexpected results.

  Since openssh-9.6, all usernames have been subject to validity
  checking. This change tightens the validity checks by refusing
  usernames that include control characters (again, these can cause
  surprises when supplied adversarially).

  This change also relaxes the validity checks in one small way:
  usernames supplied via the configuration file as literals (i.e.
  include no % expansion characters) are not subject to these
  validity checks. This allows usernames that contain arbitrary
  characters to be used, but only via configuration files. This
  is done on the basis that ssh's configuration is trusted.

  Pointed out by David Leadbeater, ok deraadt@

  usr.bin/ssh/ssh.c