Build date: 1764889203 - Thu Dec 4 23:00:03 UTC 2025 Build cvs date: 1764886882 - Thu Dec 4 22:21:22 UTC 2025 Build id: 2025-12-05.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libssl/s3_lib.c P lib/libssl/ssl_clnt.c P lib/libssl/ssl_local.h P lib/libssl/ssl_srvr.c P lib/libssl/ssl_tlsext.c P lib/libssl/t1_lib.c P lib/libssl/tls13_client.c P lib/libssl/tls13_server.c P lib/libssl/tls_internal.h P lib/libssl/tls_key_share.c P regress/lib/libssl/client/clienttest.c P regress/lib/libssl/tlsext/tlsexttest.c P regress/usr.bin/openssl/appstest.sh P sys/arch/alpha/include/cpu.h P sys/dev/pci/if_ixl.c P sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c M sys/dev/usb/uhidev.c P sys/net80211/ieee80211_node.c P usr.bin/tmux/format-draw.c P usr.bin/tmux/format.c P usr.bin/tmux/screen-redraw.c P usr.bin/tmux/screen-write.c P usr.bin/tmux/server-client.c P usr.bin/tmux/utf8-combined.c P usr.bin/tmux/window-copy.c M usr.sbin/bgpd/session.c P usr.sbin/ldpd/kroute.c P usr.sbin/rpki-client/ccr.c P usr.sbin/rpki-client/ip.c commit UHHkKFkFzqw0aYJe Author: miod Date: 2025/12/04 22:21:22 In CPU_BUSY_CYCLE, only process IPIs if we are not in an intr_disable/intr_restore block. This will be needed shortly. sys/arch/alpha/include/cpu.h commit Y6pIwlHE8inRGXVm Author: miod Date: 2025/12/04 22:20:20 Use simpler and more effective code for intr_disable and intr_restore. sys/arch/alpha/include/cpu.h commit v6GD2PyLGNozlOfL Author: beck Date: 2025/12/04 21:30:48 Make the openssh test pass after adding mlkem. This has a magic value looking for what happens when we HRR, more or less assuming it might never change. it now has. Commenting it out get us by it, unsure if we should change this or get rid of it. ok tb@ regress/usr.bin/openssl/appstest.sh commit SXGFtJLwKyYLXdHT Author: beck Date: 2025/12/04 21:16:17 Hook up X25519MKLEM768 to the TLS 1.3 handshake This does the following: 1) Adds a second key share prediction to the TLS 1.3 handshake. We only add one as we are unlikely to want to send more than one PQ one, and one classical one and are unlikely to waste bytes on a second PQ algorithm (anything that wants something else that we support can HRR to get it) 2) Adds X25519MLKEM768 (4588) to our list of supported groups. We add this to our preferred client and server key shares for TLS 1.3 and we now have a separate list for TLS 1.2 which does not do this, cleaning up the old "full list" from the comments. 3) Updates the golden magic numbers in the regression tests to allow for the above two things changing the handshake, so the regress tests pass. With this you can successfully hybrid PQ with servers and clients that support it. ok tb@ kenjiro@ lib/libssl/s3_lib.c lib/libssl/ssl_local.h lib/libssl/ssl_tlsext.c lib/libssl/t1_lib.c lib/libssl/tls13_client.c regress/lib/libssl/client/clienttest.c commit KMdSaEDaz1uTcI6B Author: beck Date: 2025/12/04 21:03:42 Add a MLKEM768_X25519 hybrid key share. This implements the currently in use MLKEM768_X25519 hybrid key share as outlined in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ This commit does not yet wire this up to anything, that is done in follow on changes. ok tb@ jsing@ kenjiro@ lib/libssl/ssl_clnt.c lib/libssl/ssl_srvr.c lib/libssl/ssl_tlsext.c lib/libssl/tls13_client.c lib/libssl/tls13_server.c lib/libssl/tls_internal.h lib/libssl/tls_key_share.c regress/lib/libssl/tlsext/tlsexttest.c commit rjrPciJshEAnIjou Author: nicm Date: 2025/12/04 20:49:57 Do not read over buffer if format is a single #, and do not loop forever if UTF-8 is unfinished in a format. Reported by Giorgi Kobakhia im GitHub issue 4735. usr.bin/tmux/format-draw.c usr.bin/tmux/format.c commit clL9zQSHMp8zMZN3 Author: denis Date: 2025/12/04 16:51:29 Revert activation of SoftLRO by default on ixl(4) My ixl(4) are hanging when LRO is active. OK jan@ stsp@ sys/dev/pci/if_ixl.c commit JcBt9A9FCbXmncZp Author: nicm Date: 2025/12/04 14:45:32 Fix y offset of mouse if status at top. GitHub issue 4738 from Michael Grant. usr.bin/tmux/screen-redraw.c usr.bin/tmux/server-client.c usr.bin/tmux/window-copy.c commit lthuOzQPAGs65BrY Author: claudio Date: 2025/12/04 14:13:51 kr_shutdown() and the functions called by it should not try to enqueue any imsgs. This code is called late in the parent before exit. There is no need to enqueue any imsgs since nothing will send them out and the childs are probably gone as well. Fixes a crash on shutdown. Reported by Alexander Mukhin alexander.i.mukhin (at) gmail.com OK tb@ deraadt@ usr.sbin/ldpd/kroute.c commit 8BZ3iYoRFmDtCXSJ Author: tb Date: 2025/12/04 12:07:01 rpki-client: convert CCR to opaque ASN1_STRINGs as far as possible Add wrappers for hex encoding and copying an ASN.1 string similar to the already existing base64 encoding API. Make these and the rest of the file use accessors so that it keeps compiling with opaque ASN1_STRING. To complete the conversion of rpki-client, which needs to know and set unused bits in a BIT STRING, we will need to provide ASN1_BIT_STRING_set1() and ASN1_BIT_STRING_get_length() both in libcrypto and in the portable compat layer. looks good to claudio https://github.com/openssl/openssl/issues/29117 https://github.com/openssl/openssl/issues/29184 https://github.com/openssl/openssl/issues/29185 usr.sbin/rpki-client/ccr.c commit Nd1Lgiep8wvxpP9x Author: phessler Date: 2025/12/04 09:38:15 Fold in support for sha256-psk in addition to psk when PMF is in use on a network that uses the default WPA settings in join. Fixes my home network and kirill@'s network OK stsp@ sys/net80211/ieee80211_node.c commit K7dMS29ScfTZY9T0 Author: tb Date: 2025/12/04 06:11:44 rpki-client: zap extra blank line in ip.c usr.sbin/rpki-client/ip.c commit KJuJYasiJO2KGhAS Author: nicm Date: 2025/12/04 06:04:21 Add a missing skin tone, from Jake Stewart in GitHub issue 4736. usr.bin/tmux/utf8-combined.c commit z0jrgYtwIVpZQNG7 Author: nicm Date: 2025/12/04 06:02:27 Allow characters to be combined in either order, reported by Jake Stewart in GitHub issue 4726. usr.bin/tmux/screen-write.c commit HncjlSajOGxpT6XB Author: jsg Date: 2025/12/03 23:56:11 disable PSR on virtual connectors shouldn't have been part of the writeback connector ifdef sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c P 3RDPARTY P lib/libpng/ANNOUNCE P lib/libpng/AUTHORS P lib/libpng/CHANGES P lib/libpng/CMakeLists.txt P lib/libpng/README P lib/libpng/configure P lib/libpng/configure.ac P lib/libpng/libpng-manual.txt P lib/libpng/libpng.3 P lib/libpng/libpngpf.3 P lib/libpng/png.5 P lib/libpng/png.c P lib/libpng/png.h P lib/libpng/pngconf.h P lib/libpng/pngread.c P lib/libpng/pngrtran.c P lib/libpng/pngtest.c P lib/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc U lib/libpng/contrib/oss-fuzz/nalloc.h P lib/libpng/riscv/filter_rvv_intrinsics.c P lib/libpng/scripts/libpng-config-head.in P lib/libpng/scripts/libpng.pc.in P lib/libpng/scripts/pnglibconf.h.prebuilt commit vV2bYxyhogFaK56l Author: matthieu Date: 2025/12/04 16:11:37 update 3RDPARTY commit lTK51v0MStfWJc97 Author: matthieu Date: 2025/12/04 15:51:18 Update to libpng 1.6.52. Fixes CVE-2025-66293. lib/libpng/ANNOUNCE lib/libpng/AUTHORS lib/libpng/CHANGES lib/libpng/CMakeLists.txt lib/libpng/README lib/libpng/configure lib/libpng/configure.ac lib/libpng/libpng-manual.txt lib/libpng/libpng.3 lib/libpng/libpngpf.3 lib/libpng/png.5 lib/libpng/png.c lib/libpng/png.h lib/libpng/pngconf.h lib/libpng/pngread.c lib/libpng/pngrtran.c lib/libpng/pngtest.c lib/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc lib/libpng/contrib/oss-fuzz/nalloc.h lib/libpng/riscv/filter_rvv_intrinsics.c lib/libpng/scripts/libpng-config-head.in lib/libpng/scripts/libpng.pc.in lib/libpng/scripts/pnglibconf.h.prebuilt