Build date: 1778018403 - Tue May 5 22:00:03 UTC 2026 Build cvs date: 1777989716 - Tue May 5 14:01:56 UTC 2026 Build id: 2026-05-06.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-mandoc-unveil.diff /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P regress/lib/libcrypto/wycheproof/Makefile P sbin/iked/ikev2.c P sys/dev/fdt/rkclock.c P sys/dev/fdt/rkclock_clocks.h P sys/dev/fdt/rkrng.c P sys/dev/pci/drm/include/linux/xarray.h M sys/dev/usb/uhidev.c P sys/kern/kern_pledge.c P sys/kern/kern_time.c P sys/kern/vfs_syscalls.c P usr.bin/openssl/speed.c P usr.bin/rdistd/server.c P usr.bin/ssh/channels.h P usr.bin/tmux/control.c P usr.bin/tmux/screen.c P usr.bin/tmux/tmux.h P usr.sbin/bgpd/bgpd.h P usr.sbin/bgpd/rde_attr.c P usr.sbin/bgpd/rde_rib.c M usr.sbin/bgpd/session.c P usr.sbin/bgpd/util.c U usr.sbin/bgpd/version.h P usr.sbin/eigrpd/packet.c P usr.sbin/ldpd/address.c P usr.sbin/ldpd/labelmapping.c P usr.sbin/ldpd/notification.c P usr.sbin/rpki-client/ccr.c P usr.sbin/rpki-client/ip.c P usr.sbin/rpki-client/mft.c commit 4w5kkikczUDvE4AM Author: deraadt Date: 2026/05/05 14:01:56 When I added UF_PLEDGEOPEN in the sys_fchflags() chunk I mistakenly used the wrong vnode operation. spotted by Frank Denis using the Swival Security Scanner ok claudio sys/kern/vfs_syscalls.c commit nwzjDYrQOcpKV950 Author: nicm Date: 2026/05/05 13:18:46 Do not sanitize title when popping it from stack, also add a limit to number of pushed titles. usr.bin/tmux/screen.c usr.bin/tmux/tmux.h commit sfgq96J5duZKyGP7 Author: jsg Date: 2026/05/05 13:01:42 correct bounds test found with smatch, ok tb@ deraadt@ usr.bin/rdistd/server.c commit UE6rwrmkqo6KAmIU Author: deraadt Date: 2026/05/05 13:00:00 Frank Denis using the Swival Security Scanner concludes that kill(0,sig) should not be allowed because of a source code comment. Actually, kill of the default pgid 0 MUST be allowed or large amounts of userland software won't work. What pledge prevents is playing with other process groups (ie. -pid where pid is not 0) which require permission from the "proc" pledge. Killing the default pgrp 0 is a common way for privsep (and other) software to tear itself down it's process trees, for cases where a pipe read of 0 doesn't work. The current behaviour is intentional, and the proposed diff was not considered nor tested for consequences. Change the comment very subtly to see which AI/human collaboration fails next. sys/kern/kern_pledge.c commit BqNeZjklMoNxRsVJ Author: tb Date: 2026/05/05 12:56:12 wycheproof: add regress target to ensure proper go formatting regress/lib/libcrypto/wycheproof/Makefile commit lcnEFwTXZP9GDmLa Author: kettenis Date: 2026/05/05 12:28:59 Use the correct struct itemerval when recording the old value for ktrace. This fixes a potential information leak from an uninitializes stack variable. Found by Frank Denis using the Swival Security Scanner. ok deraadt@ sys/kern/kern_time.c commit jUvmONHyvYRDuItp Author: nicm Date: 2026/05/05 12:06:52 Add missing flags to screen_mode_to_string and do not write before before if any are missed, second bit from qingliu at alauda dot io. usr.bin/tmux/screen.c commit 3feVztmh7n4Q9zNV Author: nicm Date: 2026/05/05 12:02:12 Discard queued data and clear offsets when turning pane off to prevent later read of data that has been removed. From Aaron Campbell in GitHub issue 5054. usr.bin/tmux/control.c commit LSNbksxJbzCM869B Author: claudio Date: 2026/05/05 11:46:18 In eigrp the TLV encoding includes the header length in the length encoding. So check that the minimal length is at least that of the TLV header. OK renato@ usr.sbin/eigrpd/packet.c commit ZwBiQ7NOGOunuJKK Author: claudio Date: 2026/05/05 11:44:27 Fix minimal length check for notification status messages. Found while reviewing all the length checks in ldpd. OK renato@ usr.sbin/ldpd/notification.c commit kMqu512AZIRnfzhJ Author: claudio Date: 2026/05/05 11:42:56 Unlike all other TLV encodings in ldp the sub-tlv includes the header size in its length. Therefore check that the size is at least that of the header. OK renato@ usr.sbin/ldpd/labelmapping.c commit uG3wpFTvyHmpezmJ Author: claudio Date: 2026/05/05 11:40:02 Ensure that alt_len includes at least the size of alt.family member to ensure that the parser is not going off the rails. OK renato@ usr.sbin/ldpd/address.c commit FVh1eoQuSPNjQ7WW Author: kettenis Date: 2026/05/05 10:23:27 Add RK3576 support. ok dlg@ sys/dev/fdt/rkclock.c sys/dev/fdt/rkclock_clocks.h sys/dev/fdt/rkrng.c commit t3Uyo1dOvLaoaIJq Author: jsg Date: 2026/05/05 10:23:06 add parentheses around use of a macro argument sys/dev/pci/drm/include/linux/xarray.h commit 3AtEbwI48xRR5MQM Author: tb Date: 2026/05/05 09:33:15 rpki-client: convert ip.c and mft.c to ASN1_BIT_STRING_get_length() This isn't the greatest of APIs, but we're going to be stuck with it since better APIs depend on libcrypto not doing the implicit truncation nonsense, which only OpenSSL 4 and BoringSSL dropped by now. Some of the error checks become now unreachable. This will be cleaned up another time. ok claudio job usr.sbin/rpki-client/ip.c usr.sbin/rpki-client/mft.c commit KXcbsSxd9obNCfJh Author: tb Date: 2026/05/05 09:29:16 rpki-client: convert ccr.c to ASN1_BIT_STRING_set1() This becomes slightly simpler and more correct with this change. In particular, this now makes sure that the unused bits are set to 0 as required by the DER. ok claudio job usr.sbin/rpki-client/ccr.c commit eap5xTFfV7OcpN3F Author: deraadt Date: 2026/05/05 09:23:06 check address size; from markus via millert sbin/iked/ikev2.c commit pjtVplr27zLk8lWZ Author: claudio Date: 2026/05/05 09:12:41 Bump version to 9.2 usr.sbin/bgpd/version.h commit ljktycQbmLNC9uRC Author: claudio Date: 2026/05/05 09:12:04 Limit all from of ASPATH attributes to 750 elements Having super long ASPATH attributes can lead to various issues including attribute length overflows. Especially the transformation of 2-byte ASPATH attributes to 4-byte ones can trigger overflows. Because of this limit the number and therefor the maximum size of an ASPATH. Our default config has a limit of 100 elements on paths. That limit is already much larger then what is seen in the DFZ (max ~20). The limit of 750 is again much larger and is really just a safeguard. OK tb@ usr.sbin/bgpd/bgpd.h usr.sbin/bgpd/util.c commit A0vVazbd7wGxJqT8 Author: claudio Date: 2026/05/05 08:37:45 Prevent overflow of the uint8_t length value in attr_optadd. bin_of_attrs() jumps from 240 to 256 elements but the length of the others attributes array is limited to a uint8_t type and overflows. Switch type of the local length value to int and make sure that the maximum length of UCHAR_MAX is not exceeded. OK tb@ usr.sbin/bgpd/rde_attr.c commit NtcYbpKOzWxbnlJ3 Author: claudio Date: 2026/05/05 08:26:50 Re-evaluate prefixes if just PREFIX_FLAG_FILTERED changed With the introduction of 'rde rib Loc-RIB include filtered' it is possible that prefixes change from filtered to unfiltered state during a filter reload. In that case prefix_update() takes a shortcut path since no other attributes change and that path is missing a call to prefix_evaluate(). Add the missing prefix_evaluate() call in this codepath so that prefixes are correctly redistributed in that case. OK tb@ usr.sbin/bgpd/rde_rib.c commit cmEHmAZjQ04PQbxO Author: djm Date: 2026/05/05 06:21:14 unbreak; spotted by Darren's test army usr.bin/ssh/channels.h commit 7tci0sskDMVn8ZDk Author: djm Date: 2026/05/05 05:34:27 classify dynamic-tcpip channels as bulk, not interactive; bz3958, ok markus@ usr.bin/ssh/channels.h commit nGuTtSmijey6xDSE Author: kenjiro Date: 2026/05/05 03:32:46 openssl: centralize speed benchmark timer handling The speed benchmark currently arms alarm() from print_message() and pkey_print_message(), making the output helpers also control benchmark lifetime. This hidden coupling makes the code harder to maintain and led to missing alarm cleanup on Windows, as reported in #1245. Move alarm setup and run-state initialization into speed-specific timer helpers so benchmark timing is controlled explicitly at the start and stop points. ok tb joshua usr.bin/openssl/speed.c