Build date: 1772578803 - Tue Mar 3 23:00:03 UTC 2026 Build cvs date: 1772567501 - Tue Mar 3 19:51:41 UTC 2026 Build id: 2026-03-04.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libc/time/localtime.c P regress/usr.sbin/bgpd/unittests/rde_aspa_test.c P share/man/man4/iwx.4 P sys/dev/pci/if_iwx.c P sys/dev/pci/if_iwxreg.h M sys/dev/usb/uhidev.c P sys/kern/kern_pledge.c P sys/kern/vfs_lookup.c P sys/net80211/ieee80211_input.c P sys/net80211/ieee80211_node.c P usr.bin/mg/file.c P usr.bin/ssh/addr.c P usr.bin/ssh/addr.h P usr.bin/ssh/auth2-chall.c P usr.bin/ssh/auth2-gss.c P usr.bin/ssh/auth2.c P usr.bin/ssh/authfd.c P usr.bin/ssh/channels.c P usr.bin/ssh/channels.h P usr.bin/ssh/clientloop.c P usr.bin/ssh/clientloop.h P usr.bin/ssh/digest-libc.c P usr.bin/ssh/dispatch.c P usr.bin/ssh/dispatch.h P usr.bin/ssh/dns.c P usr.bin/ssh/kex.c P usr.bin/ssh/kex.h P usr.bin/ssh/kexgen.c P usr.bin/ssh/kexgexc.c P usr.bin/ssh/kexgexs.c P usr.bin/ssh/krl.c P usr.bin/ssh/krl.h P usr.bin/ssh/mac.c P usr.bin/ssh/mac.h P usr.bin/ssh/misc.c P usr.bin/ssh/misc.h P usr.bin/ssh/moduli.c P usr.bin/ssh/mux.c P usr.bin/ssh/packet.c P usr.bin/ssh/packet.h P usr.bin/ssh/servconf.h P usr.bin/ssh/serverloop.c P usr.bin/ssh/sftp-client.c P usr.bin/ssh/sftp-client.h P usr.bin/ssh/sftp-common.h P usr.bin/ssh/sftp-server.c P usr.bin/ssh/ssh-keygen.c P usr.bin/ssh/ssh-pkcs11.c P usr.bin/ssh/ssh-pkcs11.h P usr.bin/ssh/ssh.c P usr.bin/ssh/ssh_api.c P usr.bin/ssh/sshbuf-getput-basic.c P usr.bin/ssh/sshbuf.h P usr.bin/ssh/sshconnect2.c P usr.bin/ssh/sshd-session.c P usr.bin/ssh/sshkey.h P usr.bin/ssh/umac.c P usr.bin/tmux/cmd-copy-mode.c P usr.bin/tmux/cmd-send-keys.c P usr.bin/tmux/key-bindings.c P usr.bin/tmux/server-fn.c P usr.bin/tmux/window-copy.c M usr.sbin/bgpd/session.c P usr.sbin/relayd/parse.y commit lFl8aoyAaks8i8eS Author: rsadowski Date: 2026/03/03 19:51:41 Set User-Agent for HTTP healthchecks Joel Carnat (Thanks) notice that GoToSocial does not like it when we sent no User-Agent and returns an HTTP/418. Lloyd pointed to use RELAYD_SERVERNAME instead hardcoded "relayd" OK sthen, claudio (diff without RELAYD_SERVERNAME) usr.sbin/relayd/parse.y commit VACCNqxFfExdfllm Author: bluhm Date: 2026/03/03 17:58:31 Unveil fix for traversing up at a mount point in vfs_lookup. This fixes an issue where we could use the wrong unveil when we had a path starting with a .. starting from a directory that was a mount point, and also was unveiled. The fix ensures we remember traversing the unveil before descending into the underlying filesystem. fix by semarie@ with testing by me and deraadt@ and others from beck@; ok deraadt@ this is errata/7.7/025_unveil_mount.patch.sig sys/kern/vfs_lookup.c commit F81mWRnDWT4mL0oR Author: bluhm Date: 2026/03/03 17:58:12 Unveil fix for traversing up at a mount point in vfs_lookup. This fixes an issue where we could use the wrong unveil when we had a path starting with a .. starting from a directory that was a mount point, and also was unveiled. The fix ensures we remember traversing the unveil before descending into the underlying filesystem. fix by semarie@ with testing by me and deraadt@ and others from beck@; ok deraadt@ this is errata/7.8/019_unveil_mount.patch.sig sys/kern/vfs_lookup.c commit oOTbjHp9jq32P87l Author: millert Date: 2026/03/03 17:52:24 In tzpath_ok(), also reject a path ending in "/..". This replaces strstr() with a loop that matches embedded ".." path elements as well as leading and trailing ones. OK tb@ lib/libc/time/localtime.c commit XmMQTbtbeD19jBOD Author: kirill Date: 2026/03/03 17:46:54 sys/iwx: support powersave This diff enables power save by default for iwx by setting IEEE80211_F_PMGTON (and IEEE80211_C_PMGT), and makes iwx react to SIOCS80211POWER by switching between PM (level 3) and CAM at runtime. OK: stsp@ share/man/man4/iwx.4 sys/dev/pci/if_iwx.c sys/dev/pci/if_iwxreg.h commit igJJ5tcpzCDiqt1r Author: beck Date: 2026/03/03 17:43:40 Unveil fix for traversing up at a mount point in vfs_lookup. This fixes an issue where we could use the wrong unveil when we had a path starting with a .. starting from a directory that was a mount point, and also was unveiled. The fix ensures we remember traversing the unveil before descending into the underlying filesystem. fix by semarie@ with testing by me and deraadt@ and others ok deraadt@ sys/kern/vfs_lookup.c commit JgInMuwVgfTgQkXA Author: millert Date: 2026/03/03 17:32:56 Revert last change to check "..", it breaks for relative paths. lib/libc/time/localtime.c commit i38Iky9lVof03103 Author: op Date: 2026/03/03 15:17:29 improve the "No changes need to be saved" check Instead of checking for the BFCHG flag in buffsave(), bubble it up to filesave(), which is the interactive function. This avoids prompting for a filepath for e.g. when attempting to save the *scratch* buffer. The only other place where buffsave() is called, anycb in buffer.c is already guarding for a set file name and the BFCHG flag. Initial diff from Han Boetes (hboetes at gmail), tweaked by me. usr.bin/mg/file.c commit ZDlRQGXNbU5Pcqp9 Author: bluhm Date: 2026/03/03 14:59:24 pledge "tmppath" goes away because it sucks. The history is kind of sad: unveil(2) was invented by Bob Beck and myself because a couple of us struggled and couldn't expand the "tmppath" mechanism to general use. unveil(2) ended up being kind of "upside down" different, and so we never deleted "tmppath" because the refactorings seemed complicated. However over the last two weeks, we're removed all the "tmppath" in base pretty easily, and the 18 ports using it have also been fixed. The majority of situations now use unveil "/tmp" "rwc", unveil "/" "r" or similar, and then pledge "rpath wpath cpath", and this is generally needed to satisfy the mkstemp(3) family of functions in libc. Use of "tmppath" will now cause pledge(2) to return EINVAL. There is no backwards compatible way of mimic the behaviour correctly using kernel-internal unveil hackery. Prompted by a report from David Leadbeater; and extensive conversations with beck and semarie. from deraadt@ Stop the canonicalization of the path in pledge_namei() callback since we know is providing strictly normalized paths, and it leads to a subtle problem a little bit like a TOCTOU. However, this pathcode can also be reached by non-libc callers, so we need one validation step: the zoneinfo sub-directory inspections may not attempt walks upwards through "..", we don't need to consider symbolic links because root does not place them there. from deraadt@; From discussions with david leadbeater, ok beck In pledge_namei, improve the scanning for ".." in zoneinfo paths from deraadt@; with millert incorrectly nested break for latest zoneinfo check from deraadt@; spotted by david leadbeater Improve the discussion about "tmppath" feedback from various people based upon my first attempts. from deraadt@ this is errata/7.7/024_pledgepaths.patch.sig sys/kern/kern_pledge.c commit 63c29t2A83jF3EWd Author: bluhm Date: 2026/03/03 14:58:53 pledge "tmppath" goes away because it sucks. The history is kind of sad: unveil(2) was invented by Bob Beck and myself because a couple of us struggled and couldn't expand the "tmppath" mechanism to general use. unveil(2) ended up being kind of "upside down" different, and so we never deleted "tmppath" because the refactorings seemed complicated. However over the last two weeks, we're removed all the "tmppath" in base pretty easily, and the 18 ports using it have also been fixed. The majority of situations now use unveil "/tmp" "rwc", unveil "/" "r" or similar, and then pledge "rpath wpath cpath", and this is generally needed to satisfy the mkstemp(3) family of functions in libc. Use of "tmppath" will now cause pledge(2) to return EINVAL. There is no backwards compatible way of mimic the behaviour correctly using kernel-internal unveil hackery. Prompted by a report from David Leadbeater; and extensive conversations with beck and semarie. from deraadt@ Stop the canonicalization of the path in pledge_namei() callback since we know is providing strictly normalized paths, and it leads to a subtle problem a little bit like a TOCTOU. However, this pathcode can also be reached by non-libc callers, so we need one validation step: the zoneinfo sub-directory inspections may not attempt walks upwards through "..", we don't need to consider symbolic links because root does not place them there. from deraadt@; From discussions with david leadbeater, ok beck In pledge_namei, improve the scanning for ".." in zoneinfo paths from deraadt@; with millert incorrectly nested break for latest zoneinfo check from deraadt@; spotted by david leadbeater Improve the discussion about "tmppath" feedback from various people based upon my first attempts. from deraadt@ this is errata/7.8/018_pledgepaths.patch.sig sys/kern/kern_pledge.c commit SbsZx1U566uCQqZG Author: stsp Date: 2026/03/03 14:10:50 make iwx_read_firmware() error out if IWX_NUM_UCODE_TLV_CAPA is too small The driver would attempt to load an incomplete firmware image if this check failed. Make the driver report a proper error instead. ok tb@ phessler@ sys/dev/pci/if_iwx.c commit u64MJepEkenFJtGh Author: claudio Date: 2026/03/03 14:05:20 The refcnt DPRINTF in ieee80211_release_node() is too verbose put it behind a ieee80211_debug > 1 check. OK stsp@ sys/net80211/ieee80211_node.c commit dgCxGGGysi60dbLV Author: claudio Date: 2026/03/03 14:03:44 Unbreak compiles with IEEE80211_DEBUG defined. In ieee80211_recv_probe_resp() the code to print probe responses should be called after ieee80211_find_node() and is_new should be used instead of checking for ni == NULL. OK stsp@ sys/net80211/ieee80211_input.c commit cXtuWluGr4J6VjbR Author: nicm Date: 2026/03/03 12:26:14 Allow copy mode to work for readonly clients, except for copy commands, from Dane Jensen. usr.bin/tmux/cmd-copy-mode.c usr.bin/tmux/cmd-send-keys.c usr.bin/tmux/key-bindings.c usr.bin/tmux/window-copy.c commit ZtOWhqElKmvbf4F8 Author: nicm Date: 2026/03/03 12:24:18 Check window is not NULL, from Chema Gonzalez in GitHub issue 4908. usr.bin/tmux/server-fn.c commit mTO9HF4F59iXAMj2 Author: claudio Date: 2026/03/03 10:10:11 Define rdemem for this test too since we now account for aspa objects as well. As usual noticed by anton@ regress/usr.sbin/bgpd/unittests/rde_aspa_test.c commit mhXrq6k1hvUTIMAL Author: stsp Date: 2026/03/03 09:58:52 Add support for MCC update firmware response v4 to iwx(4). This will be needed to support BZ devices. ok kettenis@ phessler@ Tested: AX210 (MA): kettenis AX211: phessler AX211 (BZ): stsp sys/dev/pci/if_iwx.c sys/dev/pci/if_iwxreg.h commit Uwmskpj7ZaNlWqfT Author: dtucker Date: 2026/03/03 09:57:26 Replace all remaining instances of u_intXX_t types with the C99 equivalent uintXX_t types. ok djm@ usr.bin/ssh/addr.c usr.bin/ssh/addr.h usr.bin/ssh/auth2-chall.c usr.bin/ssh/auth2-gss.c usr.bin/ssh/auth2.c usr.bin/ssh/authfd.c usr.bin/ssh/channels.c usr.bin/ssh/channels.h usr.bin/ssh/clientloop.c usr.bin/ssh/clientloop.h usr.bin/ssh/digest-libc.c usr.bin/ssh/dispatch.c usr.bin/ssh/dispatch.h usr.bin/ssh/dns.c usr.bin/ssh/kex.c usr.bin/ssh/kex.h usr.bin/ssh/kexgen.c usr.bin/ssh/kexgexc.c usr.bin/ssh/kexgexs.c usr.bin/ssh/krl.c usr.bin/ssh/krl.h usr.bin/ssh/mac.c usr.bin/ssh/mac.h usr.bin/ssh/misc.c usr.bin/ssh/misc.h usr.bin/ssh/moduli.c usr.bin/ssh/mux.c usr.bin/ssh/packet.c usr.bin/ssh/packet.h usr.bin/ssh/servconf.h usr.bin/ssh/serverloop.c usr.bin/ssh/sftp-client.c usr.bin/ssh/sftp-client.h usr.bin/ssh/sftp-common.h usr.bin/ssh/sftp-server.c usr.bin/ssh/ssh-keygen.c usr.bin/ssh/ssh-pkcs11.c usr.bin/ssh/ssh-pkcs11.h usr.bin/ssh/ssh.c usr.bin/ssh/ssh_api.c usr.bin/ssh/sshbuf-getput-basic.c usr.bin/ssh/sshbuf.h usr.bin/ssh/sshconnect2.c usr.bin/ssh/sshd-session.c usr.bin/ssh/sshkey.h usr.bin/ssh/umac.c commit F8WFGCxl7QteQ83r Author: deraadt Date: 2026/03/03 05:04:37 incorrectly nested break for latest zoneinfo check spotted by david leadbeater sys/kern/kern_pledge.c commit 3SEd1bZwaELWBsFZ Author: millert Date: 2026/03/03 03:01:25 In tzpath_ok(), also reject a path ending in "/..". This replaces strstr() with a loop that matches "/../" in the name as well as "/.." at the end. OK deraadt@ lib/libc/time/localtime.c