Build date: 1764370803 - Fri Nov 28 23:00:03 UTC 2025 Build cvs date: 1764354336 - Fri Nov 28 18:25:36 UTC 2025 Build id: 2025-11-29.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libcrypto/cms/cms_smime.c P lib/libcrypto/x509/x509_cpols.c P sbin/unwind/libunbound/config.h P sbin/unwind/libunbound/iterator/iter_scrub.c P sbin/unwind/libunbound/util/config_file.c P sbin/unwind/libunbound/util/config_file.h P sbin/unwind/libunbound/util/configlexer.c P sbin/unwind/libunbound/util/configlexer.lex P sbin/unwind/libunbound/util/configparser.h P sbin/unwind/libunbound/util/configparser.y M sys/dev/usb/uhidev.c P usr.bin/tmux/environ.c P usr.bin/tmux/tmux.1 M usr.sbin/bgpd/session.c P usr.sbin/httpd/config.c P usr.sbin/httpd/httpd.conf.5 P usr.sbin/httpd/httpd.h P usr.sbin/httpd/parse.y P usr.sbin/httpd/server_fcgi.c P usr.sbin/httpd/server_http.c commit 97H3oFi0tIiwY3Il Author: bluhm Date: 2025/11/28 18:25:36 Fix incomplete mitigation of CVE-2025-11411 in unbound and unwind. https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff This extends the previous fix by also scrubbing unsolicited NS RRSets (and their respective address records) for YXDOMAIN and nodata non-referral answers. from sthen@ florian@ this is errata/7.8/010_unbound.patch.sig sbin/unwind/libunbound/iterator/iter_scrub.c commit 5PP0t60TKQ40Ea0a Author: bluhm Date: 2025/11/28 18:25:19 Fix incomplete mitigation of CVE-2025-11411 in unbound and unwind. https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff This extends the previous fix by also scrubbing unsolicited NS RRSets (and their respective address records) for YXDOMAIN and nodata non-referral answers. from sthen@ florian@ this is errata/7.7/017_unbound.patch.sig sbin/unwind/libunbound/iterator/iter_scrub.c commit ZFmTelUhXxIHJaYv Author: rsadowski Date: 2025/11/28 16:10:00 Add "no banner" option to suppress Server header Introduces a global and per-server "[no] banner" directive that prevents httpd from sending the Server HTTP response header and removes server identification from error documents. The SERVER_SOFTWARE CGI environment variable remains set as required by RFC 3875. Diff by Lloyd (thanks), ok kirill@ usr.sbin/httpd/config.c usr.sbin/httpd/httpd.conf.5 usr.sbin/httpd/httpd.h usr.sbin/httpd/parse.y usr.sbin/httpd/server_fcgi.c usr.sbin/httpd/server_http.c commit k3kvecGO7V14J7AS Author: nicm Date: 2025/11/28 09:42:48 Do not remove TERM etc for commands run from config file, reported by Dennis Eriksen. usr.bin/tmux/environ.c commit FEXDhwo4IT68ITIi Author: nicm Date: 2025/11/28 09:14:17 session_index was never actually implemented, remove from man page. usr.bin/tmux/tmux.1 commit ICqWqv3zr5o3tjQf Author: florian Date: 2025/11/28 07:38:36 Sync to unbound sbin/unwind/libunbound/iterator/iter_scrub.c commit 9Ysgm8Z5DUToh5il Author: florian Date: 2025/11/28 07:37:51 Sync to unbound 1.24.1; heavy lifting by sthen (some time ago) sbin/unwind/libunbound/config.h sbin/unwind/libunbound/iterator/iter_scrub.c sbin/unwind/libunbound/util/config_file.c sbin/unwind/libunbound/util/config_file.h sbin/unwind/libunbound/util/configlexer.c sbin/unwind/libunbound/util/configlexer.lex sbin/unwind/libunbound/util/configparser.h sbin/unwind/libunbound/util/configparser.y commit ghgoH3EPX4ANpWwQ Author: tb Date: 2025/11/28 06:07:09 Clean up confusing logic in CMS_EncryptedData_encrypt() This makes it easier to read and more in line with other code in libcrypto. Also add a missing error check for the CMS_set_detached() call. ok jsing kenjiro lib/libcrypto/cms/cms_smime.c commit NptO5510xGxGQLCn Author: tb Date: 2025/11/28 06:03:40 Fix double free in certificate policies configuration In nref_nos(), nnums must not be freed on error because in the caller it is not->noticeref->noticenos and hangs off the POLICYQUALINFO qual which is freed as part of POLICYQUALINFO_free() in the error path. ok jsing kenjiro lib/libcrypto/x509/x509_cpols.c