Build date: 1776204002 - Tue Apr 14 22:00:02 UTC 2026 Build cvs date: 1776202879 - Tue Apr 14 21:41:19 UTC 2026 Build id: 2026-04-15.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-ramdisk-diet.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff M sys/dev/usb/uhidev.c P usr.bin/tmux/control.c P usr.bin/tmux/format.c P usr.bin/tmux/key-bindings.c P usr.bin/tmux/notify.c P usr.bin/tmux/options-table.c P usr.bin/tmux/popup.c M usr.sbin/bgpd/session.c P usr.sbin/tcpdump/privsep.c P usr.sbin/vmd/config.c P usr.sbin/vmd/parse.y P usr.sbin/vmd/vioblk.c P usr.sbin/vmd/virtio.c P usr.sbin/vmd/virtio.h P usr.sbin/vmd/vmd.c P usr.sbin/vmd/vmd.h P usr.sbin/vmd/vmm.c commit cCnXAHyyaWlPPTwa Author: dv Date: 2026/04/14 21:41:19 vmd(8): remove config parsing TOCTOU with disk parsing. When vmd parses vm.conf, it's inspecting any provided disk images to determine the disk format (raw or qcow) if left unspecified. This is a big TOCTOU because nothing prevents these files from changing between vmd startup and vm launch. This change defers detection to vm launch time and tracks the disk format as an enum instead of an int to make things more interpretable. ok hshoexer@ usr.sbin/vmd/config.c usr.sbin/vmd/parse.y usr.sbin/vmd/vioblk.c usr.sbin/vmd/virtio.c usr.sbin/vmd/virtio.h usr.sbin/vmd/vmd.h commit 77Lz6Kqt3TSyTJoJ Author: canacar Date: 2026/04/14 18:19:50 Clear the pointer in tm data structures before passing them to unprivileged side. Prevents address information leak. Reported by Systopia Team, thanks! ok deraadt@ (for the previous version). usr.sbin/tcpdump/privsep.c commit VQLI8d03HotPwzzJ Author: dv Date: 2026/04/14 14:15:10 vmd(8): zero potential heap pointers before IPC. vmd sends two large structs over an ipc socket after fork+exec: vmd_vm and virtio_dev. Both have heap pointers from being put in TAILQs in the parent process and both carry some used for setting up imsg event channels. Zero all these things before send to be safe and not leak deatils on the parent's address space. Issue raised by Systopia Team. ok hshoexer@ usr.sbin/vmd/virtio.c usr.sbin/vmd/vmd.c usr.sbin/vmd/vmm.c commit jsGNE6LzoAzaXoNZ Author: nicm Date: 2026/04/14 11:25:41 Do not leak old time format if it is replaced in same format. usr.bin/tmux/format.c commit udxOVrt37B2cvAfP Author: nicm Date: 2026/04/14 08:39:10 If job_run fails, do not crash but instead free the popup. usr.bin/tmux/popup.c commit NY9prYSF66uLlhAK Author: nicm Date: 2026/04/14 08:32:30 Another check for partially initialized control client, from Matt Koscica in GitHub issue 5004. usr.bin/tmux/control.c commit 5KnVyFav9712Zx8s Author: nicm Date: 2026/04/14 07:35:17 Add detach to default session menu, suggested by Przemyslaw Sztoch. usr.bin/tmux/key-bindings.c commit tHoyXSkt70Wlluyk Author: nicm Date: 2026/04/14 07:28:57 Fix key binding conflict in session menu, from Dane Jensen. usr.bin/tmux/key-bindings.c commit i4BWCERnbRQwtzM8 Author: nicm Date: 2026/04/14 07:26:45 Include window bits for pane notifications, GitHub issue 5007 from Saul Nogueras. usr.bin/tmux/notify.c commit G3Edqx2mabweKjKr Author: nicm Date: 2026/04/14 07:24:23 Limit precision to 100 to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. usr.bin/tmux/format.c commit v4eSbzMqdanWGEN1 Author: nicm Date: 2026/04/14 07:16:02 Add WAYLAND_DISPLAY to default update-environment, GitHub issue 4965 from wgh at torlan dot ru. usr.bin/tmux/options-table.c P MODULES P xserver/miext/sync/misync.c P xserver/xkb/xkb.c commit 07hkFfobCrWsS18D Author: matthieu Date: 2026/04/14 14:27:33 update MODULES commit FmMjbJlhhajsjHeL Author: bluhm Date: 2026/04/14 14:07:07 Merge fixes from upstream for multiple Xserver issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() from matthieu@ this is errata/7.7/034_xserver.patch.sig xserver/miext/sync/misync.c xserver/xkb/xkb.c commit Hz2gKKiyxC2iNmGR Author: bluhm Date: 2026/04/14 14:06:47 Merge fixes from upstream for multiple Xserver issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() from matthieu@ this is errata/7.8/028_xserver.patch.sig xserver/miext/sync/misync.c xserver/xkb/xkb.c commit PCiGqw02JtnEpqCh Author: matthieu Date: 2026/04/14 13:52:41 Merge fixes from upstream for multiple Xserver issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() xserver/miext/sync/misync.c xserver/xkb/xkb.c