Build date: 1779400803 - Thu May 21 22:00:03 UTC 2026
Build cvs date: 1779397924 - Thu May 21 21:12:04 UTC 2026
Build id: 2026-05-22.1
Build tags: amd64-regress ports sysupgrade

Applied the following diff(s):
/home/anton/tmp/robsd/src-sys-em.diff
/home/anton/tmp/robsd/src-sys-uhidev-sispm.diff
/home/anton/tmp/robsd/src-sysupgrade.diff

P lib/libagentx/ax.c
P lib/libc/sys/open.2
P regress/lib/libcrypto/x509/rfc3779/rfc3779.c
P regress/usr.sbin/bgpd/integrationtests/l3vpn.sh
P sys/dev/fdt/fanpwr.c
M sys/dev/usb/uhidev.c
P sys/kern/vfs_lookup.c
P usr.bin/ssh/sftp-server.8
P usr.bin/ssh/ssh_config.5
P usr.bin/ssh/sshd_config.5
P usr.bin/tmux/cmd-resize-pane.c
P usr.bin/tmux/server-client.c
P usr.bin/tmux/tmux.h
P usr.sbin/bgpctl/bgpctl.c
P usr.sbin/bgpctl/output.c
P usr.sbin/bgpd/rde.c
P usr.sbin/bgpd/rde.h
P usr.sbin/bgpd/rde_decide.c
P usr.sbin/bgpd/rde_peer.c
P usr.sbin/bgpd/rde_prefix.c
P usr.sbin/bgpd/rde_rib.c
M usr.sbin/bgpd/session.c
P usr.sbin/relayd/ssl.c
P usr.sbin/rpki-client/http.c
P usr.sbin/snmpd/ax.c

commit f6smpFjLckbZx70i
Author: claudio
Date: 2026/05/21 21:12:04

  Replace assert() with a graceful failure by aborting the http request.

  An overlong HTTP line can fill the receive buffer to its max but then
  http_get_line() would still return NULL trying to read more data.
  Since the buffer is full the assert would trigger. Now the http request
  is terminated.

  Reported by Frank Denis
  OK tb@

  usr.sbin/rpki-client/http.c

commit LN3zVzCXzVD8X9rg
Author: claudio
Date: 2026/05/21 18:51:06

  Add the proper mpe interfaces to IFACES so the initial check actually works

  regress/usr.sbin/bgpd/integrationtests/l3vpn.sh

commit THwi85rKok2CTDVk
Author: claudio
Date: 2026/05/21 15:20:27

  Rename rde_generate_updates() to rde_enqueue_updates().

  OK tb@

  usr.sbin/bgpd/rde.c
  usr.sbin/bgpd/rde.h
  usr.sbin/bgpd/rde_decide.c
  usr.sbin/bgpd/rde_peer.c
  usr.sbin/bgpd/rde_rib.c

commit rG9zhsG6gPBlsUu4
Author: tb
Date: 2026/05/21 14:56:34

  relayd: remove X509_dup() call that leaks memory

  While there, add error checks for X509_set_{pubkey,issuer_name}().

  From Marc Jorge

  usr.sbin/relayd/ssl.c

commit MAFkmKNYIHGmlTAG
Author: claudio
Date: 2026/05/21 14:48:58

  For bgpctl show mrt detail print the last change time as an ISO format time.

  If abs_time is set then switch fmt_monotime() to absolute timestamps.
  This uses monotime_to_time, gmtime and strftime("%FT%TZ") to get an
  ISO format timestamp string.

  While there also adjust get_rel_monotime() to be more like
  monotime_to_time() and stop treating negative numbers as error.
  In fmt_monotime() check the monotime against 0 to print 'Never' for timers
  that are not running.

  With this bgpctl show mrt detail prints:
  Last update: 2019-05-08T20:03:06Z

  OK tb@

  usr.sbin/bgpctl/bgpctl.c
  usr.sbin/bgpctl/output.c

commit BVjqXxURcCAEt99B
Author: claudio
Date: 2026/05/21 13:28:17

  Cleanup log messages in rde_prefix.c

  Try to not use function name in log messages and make them less developer
  focused.

  OK tb@

  usr.sbin/bgpd/rde_prefix.c

commit XoZwdHa9AqvDT32U
Author: tb
Date: 2026/05/21 13:14:57

  rfc3779 test: exercise IPAddressFamily_cmp a bit more

  This populates an IPAddrBlocks object with not all that sensible data and
  tests behavior of serialization and deserialization of this thing. Prior
  to x509_addr.c rev 1.96 this would call memcmp() on NULL.

  regress/lib/libcrypto/x509/rfc3779/rfc3779.c

commit W4zqWG0pht12TqDB
Author: jmatthew
Date: 2026/05/21 10:53:34

  Add support for the RK8600 regulator used for cpu voltage on Radxa Zero 3
  boards.

  ok kettenis@

  sys/dev/fdt/fanpwr.c

commit HNNo9OjbCZZCtRWf
Author: nicm
Date: 2026/05/21 07:28:51

  Pane resizing code for floating panes, mostly by Michael Grant.

  usr.bin/tmux/cmd-resize-pane.c
  usr.bin/tmux/server-client.c
  usr.bin/tmux/tmux.h

commit qUCIkOkw757jAyTL
Author: martijn
Date: 2026/05/21 05:33:20

  Implement a better fix. The previous fix allowed to overflow in a
  different spot. This would still only lead to a crash, and would only be
  reachable by arbitrary users if the admin enabled the agentx socket, and
  set custom permissions.

  OK deraadt@, mvs@

  lib/libagentx/ax.c
  usr.sbin/snmpd/ax.c

commit iyyVaDbiYvRH60N7
Author: djm
Date: 2026/05/21 04:04:57

  mention that compression could potentially leak information about session
  contents (cf. the CRIME attack on TLS) if a connection allows attacker-
  controlled traffic over it alongside trused traffic. This might occur
  in some forwarding scenarios.

  with deraadt@

  usr.bin/ssh/ssh_config.5
  usr.bin/ssh/sshd_config.5

commit wJGiFVZsC4RFGaac
Author: djm
Date: 2026/05/21 02:50:59

  mention usefulness of request type allow/denylisting for servers
  accepting untrusted clients

  usr.bin/ssh/sftp-server.8

commit rUiyE8aWdIHHwiIi
Author: deraadt
Date: 2026/05/21 02:22:18

  document EACESS if __pledge_open() in /usr/share/zoneinfo terminates
  on a non-regular file
  ok dgl

  lib/libc/sys/open.2

commit P230JeHX7TrdnLwT
Author: deraadt
Date: 2026/05/21 02:20:53

  only allow __pledge_open(2) to open regular files in the /usr/share/zoneinfo
  directory.  other file types return EACCES.
  ok dgl

  sys/kern/vfs_lookup.c