Build date: 1773874803 - Wed Mar 18 23:00:03 UTC 2026
Build cvs date: 1773870624 - Wed Mar 18 21:50:24 UTC 2026
Build id: 2026-03-19.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P lib/libcrypto/cert.pem
P lib/libcrypto/ec/ec_key.c
P lib/libcrypto/ec/ec_local.h
P lib/libcrypto/ecdh/ecdh.c
P lib/libcrypto/ecdsa/ecdsa.c
cvs server: lib/libcrypto/ecdsa/ecdsa_local.h is no longer in the repository
P lib/libexpat/Changes
P lib/libexpat/README.md
P lib/libexpat/doc/reference.html
P lib/libexpat/lib/expat.h
P lib/libexpat/lib/expat_external.h
P lib/libexpat/lib/xmlparse.c
P lib/libexpat/lib/xmlrole.c
P lib/libexpat/lib/xmltok.c
P lib/libexpat/lib/xmltok_ns.c
P lib/libexpat/tests/basic_tests.c
P lib/libexpat/tests/misc_tests.c
P lib/libexpat/tests/nsalloc_tests.c
M sys/dev/usb/uhidev.c
P usr.bin/openssl/speed.c
P usr.bin/tmux/popup.c
P usr.bin/tmux/tmux.1
P usr.bin/tmux/utf8.c
M usr.sbin/bgpd/session.c
P usr.sbin/bgpd/session_bgp.c
P usr.sbin/bgpd/util.c

commit N7BE39O7KAibSLPy
Author: kenjiro
Date: 2026/03/18 21:50:24

  openssl speed: add benchmarking support for ML-KEM

  Add support for benchmarking ML-KEM key encapsulation mechanisms to
  openssl speed.  The following operations are measured:

  - key generation
  - encapsulation
  - decapsulation

  Two parameter sets are supported:

  mlkem768
  mlkem1024

  The benchmark can be invoked using the following options:

  mlkem       run all ML-KEM benchmarks
  mlkem768    run ML-KEM-768 benchmarks
  mlkem1024   run ML-KEM-1024 benchmarks

  Results are reported similarly to other public key algorithms, showing
  time per operation and operations per second.  Machine-readable output
  (-mr) support is also added for ML-KEM.

  ok tb

  usr.bin/openssl/speed.c

commit fEnV2hwEG0KCE2eo
Author: sthen
Date: 2026/03/18 21:50:06

  sync with Mozilla root CA store, ok tb@

  - remove CommScope CA (they requested it themselves;
  https://bugzilla.mozilla.org/show_bug.cgi?id=1994866)

  - add new cert:
  /C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno TLS Root CA 2023

  lib/libcrypto/cert.pem

commit kBaRI1RSn0IQOG06
Author: sthen
Date: 2026/03/18 15:16:29

  remove extra spaces in logs, ok claudio

  usr.sbin/bgpd/session_bgp.c

commit OikH7AhE1mxgVyfX
Author: sthen
Date: 2026/03/18 15:00:20

  typo: Extended Nexhop Encoding (Nexthop)

  usr.sbin/bgpd/util.c

commit r6NHhMT8oKMwBc8A
Author: bluhm
Date: 2026/03/18 11:50:19

  Update libexpat to version 2.7.5.

  Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
  other changes #1156 #1153.  Library bump is not necessary.
  CVE-2026-32776 CVE-2026-32777 CVE-2026-32778

  tested and OK tb@

  lib/libexpat/Changes
  lib/libexpat/README.md
  lib/libexpat/doc/reference.html
  lib/libexpat/lib/expat.h
  lib/libexpat/lib/expat_external.h
  lib/libexpat/lib/xmlparse.c
  lib/libexpat/lib/xmlrole.c
  lib/libexpat/lib/xmltok.c
  lib/libexpat/lib/xmltok_ns.c
  lib/libexpat/tests/basic_tests.c
  lib/libexpat/tests/misc_tests.c
  lib/libexpat/tests/nsalloc_tests.c

commit Uz9LYNQyoNdUgV7h
Author: nicm
Date: 2026/03/18 08:49:27

  Copy hyperlinks when redrawing popup so they do not vanish, from Antoine
  Gaudreau Simard in GitHub issue 4925.

  usr.bin/tmux/popup.c

commit 4erlMkJahoBiuSZx
Author: nicm
Date: 2026/03/18 08:41:20

  Fix buffer to both for get-clipboard, from Seth Girvan.

  usr.bin/tmux/tmux.1

commit iNzvDQYodkNsGDfV
Author: nicm
Date: 2026/03/18 08:38:54

  Allow codepoint-widths to accept ranges, from san65384 at gmail dot com
  in GitHub issue 4930.

  usr.bin/tmux/tmux.1
  usr.bin/tmux/utf8.c

commit 4rkulIXwdQmGkWKE
Author: tb
Date: 2026/03/18 08:02:40

  libcrypto: prefix EC_KEY methods with ec_key_

  We received reports that the too generic internal ecdsa_{sign,verify}()
  symbol names clash in some static links. The naming here is annoying
  because the EC_KEY_METHOD amalgamated the no longer existing ECDH and
  ECDSA methods which themselves had poorly chosen method names, still
  reflected in public API.

  There are various messes here. The ECDSA verify methods are declared
  in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h
  (which is itself pretty useless and really only about EC_KEY_METHOD).
  I therefore merged the ECDSA method declarations into ec_local.h and
  deleted ecdsa_local.h since I see no real benefit to the latter.
  ecdsa.c needs ec_local.h anyway. Having the method declarations next
  to EC_KEY_METHOD seems sensible. I left the order as it was, matching
  ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved
  down.

  With one exception I just added an ec_key_ prefix. This leads to a
  a repetition of 'key' in ec_key_ecdh_compute_key() which I chose to
  live with because it matches the public ECDH_compute_key() (mostly
  used by SSH implementations). The exception is ec_key_generate_key()
  where I expanded the gen() leading to another _key repetition but
  this then matches EC_KEY_generate_key().

  Thanks to Rosen Penev for reporting and sending an initial diff.
  See also https://github.com/gsliepen/tinc/issues/478

  ok jsing

  lib/libcrypto/ec/ec_key.c
  lib/libcrypto/ec/ec_local.h
  lib/libcrypto/ecdh/ecdh.c
  lib/libcrypto/ecdsa/ecdsa.c