Build date: 1731484479 - Wed Nov 13 07:54:39 UTC 2024
Build cvs date: 1731452416 - Tue Nov 12 23:00:16 UTC 2024
Build id: 2024-11-13.2
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-ptrace-xstate.diff
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-newvers.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff
/home/anton/tmp/robsd/src-tftpd-quirk.diff

? regress/sys/kern/ptrace/xstate
P distrib/sets/lists/base/mi
P distrib/sets/lists/comp/mi
P lib/libtls/tls_verify.c

commit j7i5iKe1eLXijTYV
Author: deraadt
Date: 2024/11/13 00:00:16

  sync

  distrib/sets/lists/base/mi
  distrib/sets/lists/comp/mi

commit aEdAvE35W1N2yrFC
Author: tb
Date: 2024/11/12 22:50:06

  The subject of a certificate is not optional

  A certificate must have a subject, so X509_get_subject_name() cannot
  return NULL on a correctly parsed certificate, even if the subject is
  empty (which is allowed). So if X509_get_subject_name() returns NULL,
  error instead of silently ignoring it in tls_check_common_name().

  This is currently no issue. Where it matters, the match against the
  common name will fail later, so we fail closed anyway.

  ok jsing

  lib/libtls/tls_verify.c