Build date: 1778709603 - Wed May 13 22:00:03 UTC 2026 Build cvs date: 1778706323 - Wed May 13 21:05:23 UTC 2026 Build id: 2026-05-14.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libc/sys/pledge.2 P sbin/pfctl/pfctl.c P sys/dev/sbus/stp4020.c M sys/dev/usb/uhidev.c P sys/kern/kern_ktrace.c P sys/kern/subr_disk.c P sys/kern/sysv_shm.c P usr.bin/sed/compile.c P usr.bin/ssh/cipher.c P usr.bin/ssh/mac.c P usr.bin/ssh/sshconnect2.c P usr.bin/tmux/server-client.c P usr.bin/tmux/tty-draw.c P usr.bin/tmux/tty-features.c P usr.sbin/bgpctl/output.c P usr.sbin/bgpctl/output_json.c P usr.sbin/bgpd/bgpd.c P usr.sbin/bgpd/chash.c P usr.sbin/bgpd/chash.h P usr.sbin/bgpd/parse.y P usr.sbin/bgpd/rde.c P usr.sbin/bgpd/rde.h P usr.sbin/bgpd/rde_attr.c P usr.sbin/bgpd/rde_prefix.c P usr.sbin/bgpd/rde_rib.c M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/repo.c commit UddTljbNQdCnaBbn Author: mvs Date: 2026/05/13 21:05:23 Limit the maximum value of shminfo.shmseg to prevent `size' overflow in sys_shmat(). The default value of 128 is safe, but overflow could happen on 32 bits machine while the value of shminfo.shmseg was raised too high. Discussed with deraadt. sys/kern/sysv_shm.c commit t4YtPNr3d0gSDvjm Author: claudio Date: 2026/05/13 18:50:09 Add const void *data to attr_optadd() Doing this requires that attr_alloc() and attr_lookup() also use const. For attr_alloc() this is no problem but attr_lookup() is a bit more tricky since the data field in sturct attr is deliberatly not const. So instead use CH_LOCATE and a new attr_match() function to do the lookup with a helper type that uses const. OK tb@ usr.sbin/bgpd/rde.h usr.sbin/bgpd/rde_attr.c commit 1hkt9Hyq6Szcsd9m Author: claudio Date: 2026/05/13 15:51:49 Add the extended message capability to the if statement that checks if the peer has anything enabled. Missed when adding ext_msg support. OK tb@ usr.sbin/bgpctl/output.c usr.sbin/bgpctl/output_json.c commit 72WDOGzjqmC1Z6J4 Author: claudio Date: 2026/05/13 15:19:07 Introduce ch_ext a struct holding the table an meta data pointers for the extendible hash. Doing this removes the need for handling two arrays in resize operations and also keeps the two pointers together. The code becomes simpler and with some reshuffling ch_table_resize() is now less problematic. The initial allocation of the extendible table is increased from one entry to two. OK tb@ usr.sbin/bgpd/chash.c usr.sbin/bgpd/chash.h commit wxJ6n5WkSEynBuEb Author: deraadt Date: 2026/05/13 15:14:51 In the disklabel check for specific fields with value 0, and return early before trying to check for a byte-swapped label. This avoids a /0 in the byte-swapped partition check. ok krw, also discussed with krw sys/kern/subr_disk.c commit 7zqtlytxVwUBUgtp Author: renaud Date: 2026/05/13 15:12:54 Fix heap buffer overread in compile_delimited() OK deraadt usr.bin/sed/compile.c commit zg1DqWxMWechHi0t Author: claudio Date: 2026/05/13 15:12:14 Do not fatal in pt_fill() instead return an error object that can never exist. pt_fill() is in some cases used by semi-trusted content (e.g. from bgpctl). The fatalx calls in that function are therefor a problem. This alters pt_fill to instead return a pt_entry object that can not exist in the tree. This error object is simply initalised with 0xff. Also if the prefixlen is too large for the address family just clip it down to the maximum (with a log message). In pt_add(), the only place a pt_fill() object would be added to the tree, check if the returned object is valid. There it is ok to fatal (at least for now) since the code previous to pt_add() should validate the prefix. Uniform some error messages and switch the prefixlen argument to u_int. OK tb@ usr.sbin/bgpd/rde.h usr.sbin/bgpd/rde_prefix.c commit wpUl1FdIfrAFIsOD Author: deraadt Date: 2026/05/13 14:45:38 strict localtime / zoneinfo __pledge_open() behaviours coming soon lib/libc/sys/pledge.2 commit MOwmcOUUIfK0Yfq9 Author: deraadt Date: 2026/05/13 14:18:20 The ktrace signal structure ktr_psig needs to be zero'd before filling in for providing to userland. from Stuart Thomas sys/kern/kern_ktrace.c commit 5oolTe3aDzuZ9Xu9 Author: claudio Date: 2026/05/13 14:06:24 Link-local addresses for nexthops also need to check scope_id. scope_id, the gift that keeps on giving. OK tb@ usr.sbin/bgpd/rde_rib.c commit XY8EJwGAoEU2S1hw Author: claudio Date: 2026/05/13 14:01:29 Return error on unhandled imsg types in the adj-rib-out case. In rde_dump_ctx_new() the adj-rib-out case only covers some of the possible imsg types rde_dump_ctx_new() can be called with. So ship back an error instead of the fatalx() call. OK tb@ usr.sbin/bgpd/rde.c commit 5Urk0kJuNztYzzUf Author: claudio Date: 2026/05/13 13:49:55 Add missing pfkey_remove() calls in error paths for RTR socket establishment. OK tb@ usr.sbin/bgpd/bgpd.c commit jaYJvxy0E98ogOkI Author: nicm Date: 2026/05/13 13:12:23 Fix a couple of bugs in tty_draw_line: do not loop forever if orphan padding appears, or if a wide character is trimmed at the right of the region. Much help with testing from qingliu at alauda dot io in GitHub issue 5024. usr.bin/tmux/tty-draw.c commit QmQZneoBtmsJvH6K Author: jsg Date: 2026/05/13 12:07:10 avoid calling free() on an uninitialised pointer from an error path ok sashan@ henning@ sbin/pfctl/pfctl.c commit UeYhgO3Ppezospv2 Author: nicm Date: 2026/05/13 10:24:57 Update supported features for Foot, from Meriel Luna Mittelbach in GutHub issue 5079. usr.bin/tmux/tty-features.c commit ZbNKqRrQ33J29fyR Author: claudio Date: 2026/05/13 09:25:11 Add missing memcpy calls for auth_key_in / out in merge_auth_conf() This was broken when refactoring the code for RTR and only affects manual IPSec setups which are very uncommon. OK tb@ usr.sbin/bgpd/parse.y commit BibPA1RDhQulNXOB Author: claudio Date: 2026/05/13 08:57:39 Error handling the double reallocarray in ch_table_resize() is tricky. In case of a realloc failure for the meta tables the ch_tables arrays was already successfully reallocated. Doing the free(tables) in the error path results in a use-after-free scenario and instead on error ch_tables just needs to be updated to this new table. Since the ch_level is not adjusted the next time, reallocarray will be called on a memory block that is already big enough which is a NOP and so this is safe. Further cleanup will follow. OK tb@ usr.sbin/bgpd/chash.c commit VjhOP798PYm0FFTG Author: nicm Date: 2026/05/13 08:25:05 Do not crash if set progress bar with no pane, from Dane Jensen. usr.bin/tmux/server-client.c commit izsbCXH3XRRJ3ITD Author: jsg Date: 2026/05/13 06:24:20 use nowake for sleep wait channel instead of an uninitialised stack variable avoids a -Wuninitialized-const-pointer warning with clang 22 ok jca@ sys/dev/sbus/stp4020.c commit lczmFAXrzxSW807Y Author: djm Date: 2026/05/13 05:58:58 avoid validating bad cipher or mac lists in config files / commandline arguments as valid. Identified by SUSE and reported by Camila Camargo de Matos ok deraadt@ tb@ usr.bin/ssh/cipher.c usr.bin/ssh/mac.c commit IqfZg0P3NsiB2lD9 Author: djm Date: 2026/05/13 05:11:02 fix hard-to-reach NULL deref during pubkey auth To hit this, the user must be using a PEM style private key with no corresponding .pub key adjacent to it. usr.bin/ssh/sshconnect2.c commit UF96fh1SuEMUeuDm Author: tb Date: 2026/05/13 04:38:42 rpki-client: fix incomplete strncmp() check The directory path in rp->repouri doesn't end in a '/' itself, so check that the uri containing an unused file points at something below it. Pointed out by Frank Denis ok claudio job usr.sbin/rpki-client/repo.c