Build date: 1769209201 - Fri Jan 23 23:00:01 UTC 2026
Build cvs date: 1769165153 - Fri Jan 23 10:45:53 UTC 2026
Build id: 2026-01-24.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P distrib/sets/lists/base/mi
P lib/libcrypto/bn/bn_const.c
P lib/libcrypto/bn/bn_local.h
P lib/libcrypto/dh/dh_check.c
P regress/lib/libcrypto/bn/Makefile
U regress/lib/libcrypto/bn/bn_ffdh.c
P regress/lib/libcrypto/mlkem/mlkem1024_decap_tests.txt
P regress/lib/libcrypto/mlkem/mlkem1024_encap_tests.txt
P regress/lib/libcrypto/mlkem/mlkem768_decap_tests.txt
M sys/dev/usb/uhidev.c
P usr.bin/tmux/Makefile
P usr.bin/tmux/grid.c
P usr.bin/tmux/menu.c
P usr.bin/tmux/popup.c
P usr.bin/tmux/screen-redraw.c
P usr.bin/tmux/screen.c
P usr.bin/tmux/server-client.c
P usr.bin/tmux/tmux.h
U usr.bin/tmux/tty-draw.c
P usr.bin/tmux/tty.c
M usr.sbin/bgpd/session.c

commit eYZZ2hrYixQccQPa
Author: nicm
Date: 2026/01/23 10:45:53

  Replace overlay_ranges with visible_ranges which can hold more than
  three ranges (will be needed for floating panes); move the visible
  ranges checks outside of tty_draw_line and rewrite it to fix issues with
  partially-obscured wide characters. With Michael Grant.

  usr.bin/tmux/Makefile
  usr.bin/tmux/grid.c
  usr.bin/tmux/menu.c
  usr.bin/tmux/popup.c
  usr.bin/tmux/screen-redraw.c
  usr.bin/tmux/screen.c
  usr.bin/tmux/server-client.c
  usr.bin/tmux/tmux.h
  usr.bin/tmux/tty-draw.c
  usr.bin/tmux/tty.c

commit sn1zghjs5bXEX0rd
Author: tb
Date: 2026/01/23 10:39:13

  unusally -> unusually

  regress/lib/libcrypto/mlkem/mlkem1024_decap_tests.txt
  regress/lib/libcrypto/mlkem/mlkem1024_encap_tests.txt
  regress/lib/libcrypto/mlkem/mlkem768_decap_tests.txt

commit 410YmTy55r79eUf8
Author: tb
Date: 2026/01/23 08:34:08

  bn_ffdh: unifdef HAVE_SCAPY_SPECIAL

  regress/lib/libcrypto/bn/bn_ffdh.c

commit pJ3ZoeuSNi7W32vO
Author: tb
Date: 2026/01/23 08:32:22

  DH_check: teach this DoS vector about RFC 7919 primes

  ok beck

  lib/libcrypto/dh/dh_check.c

commit UBezA0fVe34yY3Ui
Author: tb
Date: 2026/01/23 08:31:20

  bn_ffdh: unifdef HAVE_RFC7919_PRIMES

  regress/lib/libcrypto/bn/bn_ffdh.c

commit fPcQc3smcsn7ut4s
Author: tb
Date: 2026/01/23 08:29:04

  bn_const: add RFC 7919 primes

  There is no intention to expose these via public API or to use them in TLS.
  For now these will only be used for short-circuiting pointless expensive
  computations in DH_check().

  ok beck

  lib/libcrypto/bn/bn_const.c
  lib/libcrypto/bn/bn_local.h

commit ODlOHjH9WDZ4t1hd
Author: tb
Date: 2026/01/23 08:21:52

  Scapy special for DH_check()

  The latest release of Scapy calls DH_check() on all the well-known
  Diffie-Hellman parameters for RFCs 2409, 3526, and 7919. It does this
  via pyca/cryptography at startup. Every single time. This is obviously
  very expensive, due to our 64 MR rounds (which are complete overkill
  now that we have BPSW). Instead of pondering the ideal number of rounds
  for BPSW with FFDH, simply skip the check if the parameter matches a
  well-known prime. These are known to be safe primes, so we can skip
  those super-expensive and pointless checks without any risk.

  This is only done for the public dh->p parameter. It could be further
  optimized, but with the follow-up commit adding the RFC 7919 primes this
  reduces the startup time to what it was before Scapy 2.7.0: < 1s.

  Reverting from 64 MR rounds to BN_check_primes rounds, we would still
  have ~8s startup time without this optimization, which isn't great for
  an interactive tool.

  Clearly, it's not entirely our fault, it's also Scapy and cryptography
  that do something ... suboptimal, but I think we're better off if
  DH_check() isn't a complete DoS vector. If you're using non-standard
  parameters with FFDH, you deserve it.

  We could consider adding a flag for non-well-known p and thus making
  DH_check() indicate failure for candidate primes larger than, say, 4k.

  https://github.com/pyca/cryptography/issues/14048

  ok beck kenjiro

  lib/libcrypto/dh/dh_check.c

commit zlB24Gt6pK4cEvjw
Author: tb
Date: 2026/01/23 07:24:48

  bn regress: add test that double checks the RFC 2409 and 3526 primes

  Also has code to check the RFC 7919 primes and run DH_check() once that
  knows about these.

  regress/lib/libcrypto/bn/Makefile
  regress/lib/libcrypto/bn/bn_ffdh.c

commit TACs3q4imGzNfzF4
Author: deraadt
Date: 2026/01/23 04:08:14

  sync

  distrib/sets/lists/base/mi