Build date: 1774908003 - Mon Mar 30 22:00:03 UTC 2026 Build cvs date: 1774879159 - Mon Mar 30 13:59:19 UTC 2026 Build id: 2026-03-31.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm P lib/libssl/ssl_sigalgs.c P regress/lib/libssl/client/clienttest.c P regress/lib/libssl/tlsext/tlsexttest.c P regress/usr.bin/ssh/Makefile U regress/usr.bin/ssh/proxyjump.sh M sys/dev/usb/uhidev.c P sys/net80211/ieee80211_node.c P usr.bin/ssh/readconf.c P usr.bin/ssh/readconf.h P usr.bin/ssh/ssh.c P usr.bin/tmux/window-copy.c M usr.sbin/bgpd/session.c commit 5b9zvc0wR4NqgcRd Author: kirill Date: 2026/03/30 13:59:19 sys/net80211: announce 160MHz channels only when driver supports it Support of 160Mhz window brings a regression for drivers which do not supprot 160MHz window which leads to the wrong channel center. It was tested on iwx with and without 160Mhz window support in the code agaisnt 2.4Ghz network with 20Mhz and 40Mhz, and 5Ghz with 40Mhz, 60Mhz, 80Mhz and 160Mhz window. Reported as iwm issue by martijn@ OK: stsp@ sys/net80211/ieee80211_node.c commit 2GW21ijEF70IOgJU Author: nicm Date: 2026/03/30 09:23:40 When in copy mode with a large scroll offset and the window is resized so that history shrinks, data->oy can exceed screen_hsize causing an unsigned integer underflow in the py computation. Clamp data->oy in window_copy_resize and window_copy_cmd_refresh_from_pane before the subtraction. From futpib at gmail dot com in GitHub issue 4958. usr.bin/tmux/window-copy.c commit kJQffhs7HAxe2pZZ Author: djm Date: 2026/03/30 07:19:02 add a regression test for ProxyJump/-J; ok dtucker regress/usr.bin/ssh/Makefile regress/usr.bin/ssh/proxyjump.sh commit VVZEowEzSYyWIGf1 Author: djm Date: 2026/03/30 07:18:24 apply the same validity rules to usernames and hostnames set for ProxyJump/-J on the commandline as we do for destination user/host names. Specifically, they are no longer allowed to contain most characters that have special meaning for common shells. Special characters are still allowed in ProxyJump commands that are specified in the config files. This _reduces_ the chance that shell characters from a hostile -J option from ending up in a shell execution context. Don't pass untrusted stuff to the ssh commandline, it's not intended to be a security boundary. We try to make it safe where we can, but we can't make guarantees, because we can't know the parsing rules and special characters for all the shells in the world, nor can we know what the user does with this data in their ssh_config wrt percent expansion, LocalCommand, match exec, etc. While I'm in there, make ProxyJump and ProxyCommand first-match-wins between each other. reported by rabbit; ok dtucker@ usr.bin/ssh/readconf.c usr.bin/ssh/readconf.h usr.bin/ssh/ssh.c commit KqJAZduyw00Xoek0 Author: tb Date: 2026/03/30 06:23:33 libssl regress: adjust golden numbers for RSASSA-PSS Add the three RSASSA-PSS SignatureScheme 0x080b, 0x080a, 0x0809 in the appropriate spots in (components of) the ClientHello and adjust various length octets by adding 6. regress/lib/libssl/client/clienttest.c regress/lib/libssl/tlsext/tlsexttest.c commit 0ueWZ2RP3bSims4C Author: tb Date: 2026/03/30 06:20:08 libssl: announce support for RSASSA-PSS signature schemes Announce the signature schemes for RSASSA-PSS with pubkey OID RSASSA-PSS between RSASSA-PSS with pubkey OID rsaEncryption and RSASSA-PKCS1-v1_5. This is the last step in the everlasting saga for making these signature schemes and certificates with RSASSA-PSS OID work. Fortunately, these are rarely used since they are extremely complex and inefficient also due to the large size of the parameters. This addresses bug reports by Steffen Ullrich and Tom Lane. Tested by bluhm. ok djm jsing kenjiro lib/libssl/ssl_sigalgs.c commit XZZzxG9lOgiF2xGX Author: tb Date: 2026/03/30 06:02:21 ssl_sigalg_pkey_ok: allow RSASSA-PSS with pubkey OID RSASSA-PSS This fixes a long-standing logic error that hasn't been noticed because we never announced the rsa_pss_pss_sha{256,384,512} SignatureScheme. The EVP_PKEY_id() of a RSA-PSS pubkey is EVP_PKEY_RSA_PSS, not EVP_PKEY_RSA. Thanks to beck for helping me figure out how to fix this correctly. It drove me nuts for a very long time. Problem also noticed by Tom Lane due to some PostgreSQL regress failures. ok djm jsing kenjiro lib/libssl/ssl_sigalgs.c commit GDzAGkDQFrLOs6Jr Author: tb Date: 2026/03/30 05:49:31 ssl_sigalgs: whitespace tweak lib/libssl/ssl_sigalgs.c commit kqqepaK7POc6Gakl Author: afresh1 Date: 2026/03/30 00:00:04 Improve OpenBSD::Unveil POD The choice of variable names made it somewhat unclear what arguments to pass and made it seem the interface might differ from unveil(2). ok dgl@ gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm P distrib/sets/lists/xbase/md.amd64 P distrib/sets/lists/xbase/md.arm64 P distrib/sets/lists/xbase/md.armv7 P distrib/sets/lists/xbase/md.i386 P distrib/sets/lists/xbase/md.loongson P distrib/sets/lists/xbase/md.macppc P distrib/sets/lists/xbase/md.octeon P distrib/sets/lists/xbase/md.powerpc64 P distrib/sets/lists/xbase/md.riscv64 P distrib/sets/lists/xbase/md.sparc64 P lib/mesa/mk/libgbm/Makefile commit lRcta87Sjin5N0bz Author: jsg Date: 2026/03/30 05:33:49 sync distrib/sets/lists/xbase/md.amd64 distrib/sets/lists/xbase/md.arm64 distrib/sets/lists/xbase/md.armv7 distrib/sets/lists/xbase/md.i386 distrib/sets/lists/xbase/md.loongson distrib/sets/lists/xbase/md.macppc distrib/sets/lists/xbase/md.octeon distrib/sets/lists/xbase/md.powerpc64 distrib/sets/lists/xbase/md.riscv64 distrib/sets/lists/xbase/md.sparc64 commit rJElnQyD1qekPMmW Author: jsg Date: 2026/03/30 05:32:02 stop installing libgbm.a everything should be using libgbm.so ok tb@ matthieu@ lib/mesa/mk/libgbm/Makefile