Build date: 1779919203 - Wed May 27 22:00:03 UTC 2026 Build cvs date: 1779915473 - Wed May 27 20:57:53 UTC 2026 Build id: 2026-05-28.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P distrib/sets/lists/man/mi P sbin/unwind/libunbound/config.h P sbin/unwind/libunbound/daemon/remote.h P sbin/unwind/libunbound/dns64/dns64.c P sbin/unwind/libunbound/iterator/iter_fwd.c P sbin/unwind/libunbound/iterator/iter_hints.c P sbin/unwind/libunbound/iterator/iter_priv.c P sbin/unwind/libunbound/iterator/iter_scrub.c P sbin/unwind/libunbound/iterator/iter_utils.c P sbin/unwind/libunbound/iterator/iter_utils.h P sbin/unwind/libunbound/iterator/iterator.c P sbin/unwind/libunbound/libunbound/unbound.h P sbin/unwind/libunbound/respip/respip.c P sbin/unwind/libunbound/services/authzone.c P sbin/unwind/libunbound/services/listen_dnsport.c P sbin/unwind/libunbound/services/localzone.c P sbin/unwind/libunbound/services/localzone.h P sbin/unwind/libunbound/services/mesh.c P sbin/unwind/libunbound/services/mesh.h P sbin/unwind/libunbound/services/modstack.c P sbin/unwind/libunbound/services/outside_network.c P sbin/unwind/libunbound/services/outside_network.h P sbin/unwind/libunbound/services/rpz.c P sbin/unwind/libunbound/services/cache/dns.c P sbin/unwind/libunbound/services/cache/dns.h P sbin/unwind/libunbound/services/cache/infra.c P sbin/unwind/libunbound/services/cache/rrset.c P sbin/unwind/libunbound/sldns/rrdef.h P sbin/unwind/libunbound/sldns/wire2str.c P sbin/unwind/libunbound/util/alloc.c P sbin/unwind/libunbound/util/config_file.c P sbin/unwind/libunbound/util/config_file.h P sbin/unwind/libunbound/util/configlexer.c P sbin/unwind/libunbound/util/configlexer.lex P sbin/unwind/libunbound/util/configparser.h P sbin/unwind/libunbound/util/configparser.y P sbin/unwind/libunbound/util/fptr_wlist.c P sbin/unwind/libunbound/util/fptr_wlist.h P sbin/unwind/libunbound/util/iana_ports.inc P sbin/unwind/libunbound/util/locks.h P sbin/unwind/libunbound/util/log.c P sbin/unwind/libunbound/util/module.h P sbin/unwind/libunbound/util/net_help.c P sbin/unwind/libunbound/util/net_help.h P sbin/unwind/libunbound/util/netevent.c P sbin/unwind/libunbound/util/timehist.h P sbin/unwind/libunbound/util/data/msgencode.c P sbin/unwind/libunbound/util/data/msgencode.h P sbin/unwind/libunbound/util/data/msgparse.c P sbin/unwind/libunbound/util/data/msgparse.h P sbin/unwind/libunbound/util/data/msgreply.c P sbin/unwind/libunbound/util/data/msgreply.h P sbin/unwind/libunbound/util/data/packed_rrset.c P sbin/unwind/libunbound/util/data/packed_rrset.h P sbin/unwind/libunbound/validator/autotrust.c P sbin/unwind/libunbound/validator/val_neg.c P sbin/unwind/libunbound/validator/val_nsec3.c P sbin/unwind/libunbound/validator/val_nsec3.h P sbin/unwind/libunbound/validator/val_sigcrypt.c P sbin/unwind/libunbound/validator/val_sigcrypt.h P sbin/unwind/libunbound/validator/val_utils.c P sbin/unwind/libunbound/validator/val_utils.h P sbin/unwind/libunbound/validator/validator.c P share/mk/bsd.prog.mk P sys/dev/ic/nvme.c P sys/dev/ic/nvmevar.h P sys/dev/pci/if_mwx.c P sys/dev/pci/if_mwxreg.h P sys/dev/pci/nvme_pci.c P sys/dev/pci/drm/amd/amdgpu/atom.c M sys/dev/usb/uhidev.c P usr.bin/newsyslog/newsyslog.8 P usr.bin/newsyslog/newsyslog.c P usr.bin/ssh/misc.c P usr.bin/ssh/ssh-agent.1 P usr.bin/ssh/ssh-agent.c P usr.bin/ssh/ssh-agent/Makefile P usr.bin/ssh/sshd/Makefile P usr.bin/ssh/sshd-auth/Makefile P usr.bin/ssh/sshd-session/Makefile P usr.bin/tmux/options-table.c P usr.bin/tmux/screen-redraw.c P usr.bin/tmux/screen-write.c P usr.bin/tmux/sort.c P usr.bin/tmux/tmux.1 P usr.bin/tmux/tmux.h P usr.bin/tmux/tty-draw.c P usr.bin/tmux/tty.c P usr.bin/tmux/window.c P usr.sbin/bgpctl/mrtparser.c P usr.sbin/bgpd/kroute.c P usr.sbin/bgpd/mrt.c P usr.sbin/bgpd/parse.y P usr.sbin/bgpd/rde_community.c P usr.sbin/bgpd/rde_rib.c M usr.sbin/bgpd/session.c P usr.sbin/bgplgd/bgplgd.c P usr.sbin/bgplgd/slowcgi.c P usr.sbin/rpki-client/rsync.c P usr.sbin/rpki-client/x509.c P usr.sbin/smtpd/crypto.c P usr.sbin/smtpd/lka.c P usr.sbin/smtpd/mproc.c P usr.sbin/smtpd/queue_backend.c P usr.sbin/smtpd/smtp_session.c commit eGSr2PigjwQr5K10 Author: nicm Date: 2026/05/27 20:57:53 Bring in the single-cell redraw parts for floating panes. usr.bin/tmux/screen-redraw.c usr.bin/tmux/screen-write.c usr.bin/tmux/tty.c commit CfywYacZQud6Voae Author: nicm Date: 2026/05/27 20:47:23 Do not adjust end position when removing partial padding, it does not change. usr.bin/tmux/tty-draw.c commit YoFr276naeSB1xVu Author: sthen Date: 2026/05/27 20:40:23 merge changes from unbound 1.25.1, ok florian sbin/unwind/libunbound/config.h sbin/unwind/libunbound/daemon/remote.h sbin/unwind/libunbound/dns64/dns64.c sbin/unwind/libunbound/iterator/iter_fwd.c sbin/unwind/libunbound/iterator/iter_hints.c sbin/unwind/libunbound/iterator/iter_priv.c sbin/unwind/libunbound/iterator/iter_scrub.c sbin/unwind/libunbound/iterator/iter_utils.c sbin/unwind/libunbound/iterator/iter_utils.h sbin/unwind/libunbound/iterator/iterator.c sbin/unwind/libunbound/libunbound/unbound.h sbin/unwind/libunbound/respip/respip.c sbin/unwind/libunbound/services/authzone.c sbin/unwind/libunbound/services/listen_dnsport.c sbin/unwind/libunbound/services/localzone.c sbin/unwind/libunbound/services/localzone.h sbin/unwind/libunbound/services/mesh.c sbin/unwind/libunbound/services/mesh.h sbin/unwind/libunbound/services/modstack.c sbin/unwind/libunbound/services/outside_network.c sbin/unwind/libunbound/services/outside_network.h sbin/unwind/libunbound/services/rpz.c sbin/unwind/libunbound/services/cache/dns.c sbin/unwind/libunbound/services/cache/dns.h sbin/unwind/libunbound/services/cache/infra.c sbin/unwind/libunbound/services/cache/rrset.c sbin/unwind/libunbound/sldns/rrdef.h sbin/unwind/libunbound/sldns/wire2str.c sbin/unwind/libunbound/util/alloc.c sbin/unwind/libunbound/util/config_file.c sbin/unwind/libunbound/util/config_file.h sbin/unwind/libunbound/util/configlexer.c sbin/unwind/libunbound/util/configlexer.lex sbin/unwind/libunbound/util/configparser.h sbin/unwind/libunbound/util/configparser.y sbin/unwind/libunbound/util/fptr_wlist.c sbin/unwind/libunbound/util/fptr_wlist.h sbin/unwind/libunbound/util/iana_ports.inc sbin/unwind/libunbound/util/locks.h sbin/unwind/libunbound/util/log.c sbin/unwind/libunbound/util/module.h sbin/unwind/libunbound/util/net_help.c sbin/unwind/libunbound/util/net_help.h sbin/unwind/libunbound/util/netevent.c sbin/unwind/libunbound/util/timehist.h sbin/unwind/libunbound/util/data/msgencode.c sbin/unwind/libunbound/util/data/msgencode.h sbin/unwind/libunbound/util/data/msgparse.c sbin/unwind/libunbound/util/data/msgparse.h sbin/unwind/libunbound/util/data/msgreply.c sbin/unwind/libunbound/util/data/msgreply.h sbin/unwind/libunbound/util/data/packed_rrset.c sbin/unwind/libunbound/util/data/packed_rrset.h sbin/unwind/libunbound/validator/autotrust.c sbin/unwind/libunbound/validator/val_neg.c sbin/unwind/libunbound/validator/val_nsec3.c sbin/unwind/libunbound/validator/val_nsec3.h sbin/unwind/libunbound/validator/val_sigcrypt.c sbin/unwind/libunbound/validator/val_sigcrypt.h sbin/unwind/libunbound/validator/val_utils.c sbin/unwind/libunbound/validator/val_utils.h sbin/unwind/libunbound/validator/validator.c commit 4s9Zit84kD59TESl Author: nicm Date: 2026/05/27 19:43:46 Check visible ranges when copying screens. usr.bin/tmux/screen-write.c commit MPwFPP9UX0WK9bEY Author: nicm Date: 2026/05/27 19:36:04 Add an accessor function needed for floating panes. usr.bin/tmux/tmux.h usr.bin/tmux/window.c commit Gh130fNbVnySKD93 Author: nicm Date: 2026/05/27 18:57:10 Add window-pane-status-format options and adjust the default second status line to show panes, also change how window-style is checked now it is a pane option. usr.bin/tmux/options-table.c usr.bin/tmux/screen-redraw.c usr.bin/tmux/tmux.1 usr.bin/tmux/tty.c commit QMW97R4lJ0I7Oj2n Author: nicm Date: 2026/05/27 16:25:01 Floating panes clearing bits. usr.bin/tmux/screen-write.c commit C1l2JMKTKtJYhO6y Author: jcs Date: 2026/05/27 15:04:14 use I/O submission queue entry size reported by controller On the Apple T2 NVMe, 128-byte submission queue entries on I/O queues are required instead of the standard 64 bytes. ok jmatthew sys/dev/ic/nvme.c sys/dev/ic/nvmevar.h sys/dev/pci/nvme_pci.c commit t84FHj6YpAHEoF58 Author: deraadt Date: 2026/05/27 13:57:26 Use the new RELINK feature in bsd.prog.mk to build the relink kits. usr.bin/ssh/ssh-agent/Makefile usr.bin/ssh/sshd/Makefile usr.bin/ssh/sshd-auth/Makefile usr.bin/ssh/sshd-session/Makefile commit 0EzneBqH31KV2W0w Author: tb Date: 2026/05/27 13:57:16 rpki-client: use sentinel idiom for timegm(3) error check We currently fail on ASN.1 times before the epoch. There is nothing wrong in principle with those. Both UTCTime and GeneralizedTimes can represent such times and we should be able to accept them. Modern OpenSSL and LibreSSL ensure in ASN1_TIME_to_tm() that the times are well formed according to the DER, so this call is really only a translation step. ok claudio deraadt usr.sbin/rpki-client/x509.c commit 9EU1fFI3lhYJVqSa Author: tb Date: 2026/05/27 13:54:15 ssh: use sentinel idiom for timegm(3) and mktime(3) There is nothing wrong with times before the epoch, even -1, so use the idiom recently added to the CAVEATS section to figure out whether there was an error in the timegm() or mktime() calls. We should sweep the tree for this. If anyone is bored, feel free to beat me to it... ok deraadt djm usr.bin/ssh/misc.c commit hQLceBXN5Jw8Svjl Author: deraadt Date: 2026/05/27 13:48:56 A new variable (RELINK) makes rules for creating a relink tar file and installing it in the correct place. The variable needs to be a test command which verifies the re-linked binary works correctly, which requires it to exit(0). This 1-liner will replace the large adhoc relink tarfile production in the Makefiles of various relinked programs. share/mk/bsd.prog.mk commit PdxRyLyWQe7ghNzI Author: nicm Date: 2026/05/27 13:41:20 Cache border and active border style separately, fixes problem reported by Marcel Partap in GitHub issue 5125. usr.bin/tmux/screen-redraw.c usr.bin/tmux/tmux.h commit 2KK1vRXPvevx87ya Author: nicm Date: 2026/05/27 12:52:47 Remove reference to an option that hasn't been added yet. usr.bin/tmux/screen-redraw.c commit U4JpKAh75KjW2T0e Author: jsg Date: 2026/05/27 12:50:04 add back the local #undef DEBUG lost with last drm update reported by Jan Schreiber sys/dev/pci/drm/amd/amdgpu/atom.c commit NRTiAYOHrtmxEdYX Author: claudio Date: 2026/05/27 12:38:54 Sync the nexthop comperators in rde_rib.c and kroute.c While nexthop_cmp() already looked for the scope_id for link-local IPv6 nexthops, knexthop_compare() did not. Reported by 7Asecurity OK tb@ usr.sbin/bgpd/kroute.c usr.sbin/bgpd/rde_rib.c commit mmgZppfI46wbh17L Author: nicm Date: 2026/05/27 11:54:28 Bring in some more floating panes changes - obscured panes need to be handled specially in screen_write_* rather than dropping into the client redraw (tty.c). usr.bin/tmux/screen-write.c usr.bin/tmux/tty.c commit WNqADiYsFA2HkxHO Author: claudio Date: 2026/05/27 11:17:42 Add some extra checks to the mrtparser Fail if the mrt message length is larger than MRT_MAX_LEN (1MB). No message should have such a large size. Ensure the dump callback is never called with a mrt peer table that is NULL. Reported by 7Asecurity OK tb@ usr.sbin/bgpctl/mrtparser.c commit nf1OhqYbbPxaJe2P Author: claudio Date: 2026/05/27 09:42:19 Add an explict "--" argument for portable. GNU libc getopt allows options out of order with other arguments so force getopt to stop option parsing using "--". OK tb@ usr.sbin/rpki-client/rsync.c commit VqWeSdJT4yBKRkcv Author: claudio Date: 2026/05/27 09:39:25 Add a "--" argv to the execvp of bgpctl for portable. GNU libc has this stupid behaviour of allowing options in any order and so one needs to terminate the option parsing to be sure none of the later user supplied arguments could be interpreted as an option. Reported by 7Asecurity OK tb@ usr.sbin/bgplgd/bgplgd.c commit 3RlBDhOvxpAZomGN Author: claudio Date: 2026/05/27 08:48:43 Don't fail hard on version mismatch and ignore extra end-of-params messages. Replace the lerrx on version mismatch with a lwarnx and error return. Switch to ssize_t return for that so that slowcgi_request() can properly fail when this happens. Also do not execute multiple bgplgd commands when extra end-of-params messages are received. Once a command is executed fail to start a 2nd one. Reported by Frank Denis OK tb@ usr.sbin/bgplgd/slowcgi.c commit douaM8UTffix9JiI Author: claudio Date: 2026/05/27 08:38:43 Improve handling of unknown extended communities Ext communities are split over the 3 data fields of struct community. All ext communities put the first 2 bytes (type and subtype) into data3. For EXT_COMMUNITY_TRANS_IPV4 and EXT_COMMUNITY_TRANS_FOUR_AS a 2-4-2 split is used. All other types use a 2-2-4 split this should include all unknown types. So add default cases into the various switch statements to make this happen. Reported by 7Asecurity OK tb@ usr.sbin/bgpd/rde_community.c commit IzxgO8HTVfhm2gGR Author: claudio Date: 2026/05/27 08:34:34 Increase the MRT attribute buffer to MAX_EXT_PKTSIZE so it works in all cases. Dumping messages from peers with extended message capability would fail since the MRT code was still limited to the old 4096byte size. Reported by 7Asecurity OK tb@ usr.sbin/bgpd/mrt.c commit csKnHRqJuRA4pOW7 Author: claudio Date: 2026/05/27 08:32:20 Fix use-after-free problems in parse.y In error cases using YYERROR data is freed but the global pointer is not reset (to NULL or in the case of curpeer to curgroup). On YYERROR yacc still moves on and so any rules using e.g. curpeer do a use-after-free. Reported by 7Asecurity OK tb@ usr.sbin/bgpd/parse.y commit Fa7t1BOogGDwOFmS Author: claudio Date: 2026/05/27 08:28:35 Move pt_unref() after the RB_REMOVE() call in rib_remove() to prevent use-after-free. rib_remove calls pt_unref() before the RB_REMOVE() call which also uses re_rib(). re_rib() evaluates re->prefix but pt_unref() could free the prefix if the refcount drops to 0. Reported by 7Asecurity OK tb@ usr.sbin/bgpd/rde_rib.c commit EjNVoPxZOtz4wSbs Author: jsg Date: 2026/05/27 07:05:20 fix sort_get_clients() indentation; ok nicm@ usr.bin/tmux/sort.c commit FLoKJzv7sV6uwrcF Author: nicm Date: 2026/05/27 07:01:36 Check error result correctly (*cause not cause), pointed out by jsg. usr.bin/tmux/window.c commit iQqWIxQCjdYLigQy Author: deraadt Date: 2026/05/27 06:32:32 sync distrib/sets/lists/man/mi commit x2sxek7oO2AMpO22 Author: rsadowski Date: 2026/05/27 05:56:57 newsyslog: add glob(3) support for logfile names Allow glob patterns in the logfile_name field of newsyslog.conf(5), so that entries like /var/log/app/*.log are expanded at parse time. From Alvar Penning, feedback and OK jan@ usr.bin/newsyslog/newsyslog.8 usr.bin/newsyslog/newsyslog.c commit bvG9qowCgwrDj71x Author: tb Date: 2026/05/27 03:28:07 ssh-agent: add -V to usage() ok djm usr.bin/ssh/ssh-agent.c commit 55WGWtjHFoHggwb4 Author: kevlo Date: 2026/05/27 03:13:13 add RCS id ok claudio@ sys/dev/pci/if_mwxreg.h commit 37u2imi095a2vsg5 Author: kevlo Date: 2026/05/27 03:12:22 In mt7921_e_mcu_fw_pmctrl(), val and mask were swapped. Use PCIE_LPCR_HOST_OWN_SYNC for both to make the intent clear. ok claudio@ sys/dev/pci/if_mwx.c commit mt7HRSNM7yKsCAVu Author: djm Date: 2026/05/27 03:05:21 use "ssh-agent -V" to test the binary is functional after relinking requested deraadt@ usr.bin/ssh/ssh-agent/Makefile commit BgejGxaGDQ4Awail Author: djm Date: 2026/05/27 03:04:30 add a -V flag to print the version, but mostly as a way to check the binary is functional; ok deraadt@ usr.bin/ssh/ssh-agent.1 usr.bin/ssh/ssh-agent.c commit g91CPCilyRrhgvb1 Author: gilles Date: 2026/05/26 22:49:18 clear userinfo before sending over imsg. This is not an issue by itself but it weakens compartmentalization and may assist lateral movement inside the privsep environment after another bug. diff by Stuart Thomas usr.sbin/smtpd/lka.c commit dDmLO4ov4IRO7mRH Author: gilles Date: 2026/05/26 22:48:13 Reject oversized sockaddr payloads received over privsep IPC. This is not an issue on its own but may permit lateral movement or memory corruption inside the privsep environment after another bug. diff by Stuart Thomas usr.sbin/smtpd/mproc.c commit QCkwGbQBhmGE5Tdd Author: gilles Date: 2026/05/26 22:44:17 Zero the temporary envelope parsing buffers before use. While current parsing paths do not expose uninitialized data, keeping stack residue in these transient buffers unnecessarily weakens compartmentalization and may aid lateral movement inside the privsep environment after another bug. The diff also fixes a theoretical double close race bug which can't really happen in smtpd due to requiring concurrency in our single threaded event loop, and which would have very limited reliability impact if it was triggered (forcing a mail to fail on a schedule tick and be retried at next tick). This is still incorrect so let's avoid a copy of this code in more problematic places. diff by Stuart Thomas usr.sbin/smtpd/queue_backend.c commit KHp6LrOkLX8Y7ttp Author: gilles Date: 2026/05/26 22:43:32 Ensure pending asynchronous lookups do not retain dangling smtp_session references after teardown. This is mainly a robustness fix inside the privsep model: stale references may permit lateral effects between smtpd processes after another compromise. diff by Stuart Thomas usr.sbin/smtpd/smtp_session.c commit QAY3qAJuBtAFB3Lg Author: gilles Date: 2026/05/26 22:39:33 validate encrypted queue buffer sizes before processing auth tag and IV data: current callers already treat malformed input as a decrypt failure but rejecting truncated buffers earlier makes boundary conditions more explicit. diff by Stuart Thomas usr.sbin/smtpd/crypto.c P lib/libXfont2/Makefile.bsd-wrapper commit HdQSGtl5yCkzDFRB Author: visa Date: 2026/05/27 15:59:36 Reduce optimization to avoid clang 22 segfault on mips64. lib/libXfont2/Makefile.bsd-wrapper