Build date: 1777500003 - Wed Apr 29 22:00:03 UTC 2026
Build cvs date: 1777486061 - Wed Apr 29 18:07:41 UTC 2026
Build id: 2026-04-30.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P lib/libexpat/Changes
P lib/libexpat/lib/internal.h
P lib/libexpat/lib/xmlparse.c
P lib/libssl/d1_both.c
P lib/libssl/dtls_local.h
P sbin/pfctl/parse.y
M sys/dev/usb/uhidev.c
M usr.sbin/bgpd/session.c
P usr.sbin/rpki-client/parser.c

commit 4fUklbylSGWhbbg4
Author: bluhm
Date: 2026/04/29 18:07:41

  Backport fixes from libexpat version 2.8.0.

  Relevant for OpenBSD are security fixes #47 #1183.  Library bump
  is not necessary.  CVE-2026-41080

  OK tb@

  lib/libexpat/Changes
  lib/libexpat/lib/internal.h
  lib/libexpat/lib/xmlparse.c

commit DiCo1RW5T8hZ0rKm
Author: jsing
Date: 2026/04/29 15:13:27

  Split dtls1_do_write() into handshake message and CCS handling.

  dtls1_do_write() is currently a single function that handles both handshake
  messages and CCS. This is a strange mix that only serves to complicate the
  code - handshake messages have their own headers and may need to be
  fragmented, while CCS must be sent verbatim (and only contain a single
  byte). Pull the CCS part out into a separate function, simplifying the
  code. By definition, when sending a CCS message the MTU will already be
  set appropriately.

  ok kenjiro@ tb@

  lib/libssl/d1_both.c

commit oXWqCYFNM5Whop9k
Author: jsing
Date: 2026/04/29 15:04:15

  Avoid unnecessary lookups in dtls1_retransmit_message().

  dtls1_retransmit_buffered_messages() is iterating over the sent_messages
  pqueue, only to pass dtls1_retransmit_message() a sequence number that it
  turns back into a priority, to then do a lookup on the sent_messages pqueue.
  This is pointless given that we already have the message that we need to
  retransmit - just pass that to dtls1_retransmit_message() directly.

  ok kenjiro@ tb@

  lib/libssl/d1_both.c

commit AtFVF4nUtX5kXFS7
Author: jsing
Date: 2026/04/29 15:00:53

  Remove unused frag_off argument from dtls1_retransmit_message().

  ok kenjiro@ tb@

  lib/libssl/d1_both.c

commit RCExth0fIv0qKAbJ
Author: jsing
Date: 2026/04/29 14:59:26

  Make dtls1_retransmit_message() static.

  This function is only called from dtls1_retransmit_buffered_messages().
  Make it static and move it above the caller.

  ok kenjiro@ tb@

  lib/libssl/d1_both.c
  lib/libssl/dtls_local.h

commit O05VCFuKM8nCl91O
Author: jsing
Date: 2026/04/29 14:57:29

  Inline dtls1_fix_message_header().

  This is only used in one place and it makes no sense to have it as a
  separate function. Furthermore, pull up an assertion so that we check
  before assigning frag_len.

  ok kenjiro@ tb@

  lib/libssl/d1_both.c

commit u4mnbGM9blPVACov
Author: jsing
Date: 2026/04/29 14:55:21

  Convert DTLS code to ssl_msg_callback().

  ok kenjiro@ tb@

  lib/libssl/d1_both.c

commit lZNVFK484MIgv4Hh
Author: tb
Date: 2026/04/29 11:14:11

  rpki-client: properly ignore missing unsupported files in -n mode

  RFC 9286 section 6.5 mandates that we fetch all the files in a manifest
  fileList and validate their hashes. By design, RRDP will ship all the
  available files whereas in rsync we decided to fetch only the files of
  types we explicitly support. While we check the hashes of unsupported
  files, they won't be copied into the cache of validated files.

  Since unsupported files are not in the validated cache and may or may
  not be present in the temporary directory of fetched objects, there is
  logic that ensures that the hashes of all available files are correct
  and attempts to avoid an error for files absent from both directories.

  Whether all the above decisions in both, standards and our code, are
  fully sound is not entirely clear.

  Be that as it may, Job observed that this logic was incorrect in noop mode
  where no temporary directory is available. This resulted in rejecting the
  one manifest that still lists a Ghostbuster's record (RFC 6493) and as a
  consequence marking the corresponding CA incorrectly non-functional. This
  is a clear bug and this is fixed in this commit by adding a special case
  for noop mode.

  Further refinements may follow.

  ok claudio job

  usr.sbin/rpki-client/parser.c

commit quIaNYrUwYVm8xeI
Author: renaud
Date: 2026/04/29 08:18:55

  The dual-pool form of the af-to action, af-to af FROM redirpool pool_opts
  TO redirpool pool_opts was writing the TO side options in the FROM side.

  OK sashan@

  sbin/pfctl/parse.y