Build date: 1780178402 - Sat May 30 22:00:02 UTC 2026 Build cvs date: 1780160769 - Sat May 30 17:06:09 UTC 2026 Build id: 2026-05-31.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P distrib/sets/lists/comp/clang.macppc P lib/libtls/tls_verify.c P regress/lib/libc/strlcpy/Makefile P regress/lib/libtls/verify/verifytest.c P sys/arch/arm64/dev/aplintc.c M sys/dev/usb/uhidev.c P sys/kern/exec_elf.c P sys/kern/subr_hibernate.c P usr.bin/rs/rs.c P usr.bin/tmux/screen-redraw.c P usr.bin/tmux/screen-write.c P usr.bin/tmux/tmux.h P usr.bin/tmux/tty.c M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/rpki-client.8 commit cVMA04OqPZgnke2E Author: jsing Date: 2026/05/30 17:06:09 Disallow wildcard matching of a TLD specified as a FQDN. Found by Frank Denis. ok tb@ lib/libtls/tls_verify.c commit NgFVjHltrdXmBD7t Author: jsing Date: 2026/05/30 17:04:48 Add a regress test that matches a wildcard for a TLD specified as a FQDN. This currently matches when we should reject it. regress/lib/libtls/verify/verifytest.c commit XsNeQyUAm81oAFDF Author: jsing Date: 2026/05/30 16:55:09 Improve test failure message. The test may have matched when it should not have. regress/lib/libtls/verify/verifytest.c commit sF8mX84PuAkVqrrv Author: nicm Date: 2026/05/30 16:10:13 Return empty ranges if line is below window. usr.bin/tmux/screen-redraw.c commit giXalyvDasvnc4GP Author: renaud Date: 2026/05/30 15:18:44 Fix heap buffer overread in column counting loop OK millert@ usr.bin/rs/rs.c commit zYPZeiP0xc6QZ7Zn Author: nicm Date: 2026/05/30 11:20:03 Missed this file from previous. usr.bin/tmux/screen-redraw.c commit d3mFj8fXoZ4tdO4d Author: nicm Date: 2026/05/30 11:19:39 Handle ranges for panes which are outside the window to the left. usr.bin/tmux/screen-write.c usr.bin/tmux/tmux.h usr.bin/tmux/tty.c commit mlaVyZs6mEPTxNfT Author: kettenis Date: 2026/05/30 11:17:43 Add support for version 3 of Apple's AIC interript controller that can be found on M3 and later SoCs. ok jsg@ sys/arch/arm64/dev/aplintc.c commit b9ahuiMlYa6RARU4 Author: nicm Date: 2026/05/30 09:48:30 Do not crash when a pane offset is negative. usr.bin/tmux/screen-write.c commit J1WJ8jNz0Rl4evyk Author: nicm Date: 2026/05/30 08:58:29 Check if the range is invalid using start,end rather than length since it will never be negative. usr.bin/tmux/screen-write.c commit 56YFuheDc1QWHJ2U Author: kettenis Date: 2026/05/30 08:54:30 Handle sections that specify alignment as 0 when loading an ELF interpreter (i.e. ld.so). Since the smallest possible alignment actually is a the page size just start with that and only increase it if a larger alignment is requested. Also reject interpreters without loadable segments, just like we did for ld.so a few weeks ago. Distilled from a report by Andrew Griffiths. ok jsg@, deraadt@ sys/kern/exec_elf.c commit ue2746AXHAWuCvBI Author: nicm Date: 2026/05/30 08:50:09 Correct calculation of start and end. usr.bin/tmux/screen-write.c commit klRJWgus0ZqPTH9T Author: mlarkin Date: 2026/05/30 08:06:09 Validate size of chunks copied to piglet during hibernate unpack Ensure that the compressed size of the chunk read from the hibernate image will fit into the reserved space in the piglet for such chunks. Prevents chunks with invalid sizes from overrunning the piglet. Such corrupted chunks could be present in tampered or corrupt on-disk hibernate images. Reported by Frank Denis sys/kern/subr_hibernate.c commit nCoAoHf2EtrWLyBY Author: mlarkin Date: 2026/05/30 07:53:05 Validate sizes against integer overflow when reading chunks in unhibernate Validate that chunk sizes stored in the chunktable don't result in integer overflow. Such invalid chunk sizes could be present in tampered or corrupt on-disk hibernate images. Reported by Frank Denis sys/kern/subr_hibernate.c commit Vtr8A5TtdjYOHHbY Author: mlarkin Date: 2026/05/30 07:24:46 Prevent overread when reading the chunktable in unhibernate Ensure we don't read past the end of the chunktable, which could happen with a tampered or corrupted on-disk hibernate image. Reported by Frank Denis sys/kern/subr_hibernate.c commit 5gMrSzuP8fWwpjPR Author: anton Date: 2026/05/30 05:07:03 Disable builtins in strlcpytest.c. Otherwise, clang w/ optimizations enabled will treat strlcpy(NULL, ...) as undefined behavior and optimize the invocation away. Regression introduced after the llvm 22 upgrade. regress/lib/libc/strlcpy/Makefile commit LnVyIcslycNVk9sX Author: tb Date: 2026/05/30 02:09:04 rpki-client: rfc 9981 usr.sbin/rpki-client/rpki-client.8 commit OjlOlFBsQEVwtoqy Author: deraadt Date: 2026/05/29 23:32:52 Disable kbind() and pinsyscalls() for static binaries at the correct time, which is inside exec_elf_makecmds(). Amusingly, it looks like these protection mechanisms are not needed because other process state protects against kbind use since we completed the switch to static pie. Also any priviledged static binary (which we ship, setuid or daemon) is not going to contain a pinsyscall or kbind slot in the loaded pinsyscalls table, so they cannot perform those. Only synthetic binaries with their own pinsyscalls table could play, but of course they won't run with priviledge.. from Andrew Griffiths at Calif ok kettenis, andrew also approves of this approach sys/kern/exec_elf.c commit eux8N9SgLr73xiA6 Author: gkoehler Date: 2026/05/29 23:24:34 sync distrib/sets/lists/comp/clang.macppc P lib/pixman/mk/Makefile P lib/pixman/mk/pixman-config.h commit wcAwc7x1vNYYsqc7 Author: naddy Date: 2026/05/30 10:15:23 pixman: drop support for MMX on x86 LLVM has dropped the ability to generate vectorized code using compiler intrinsics for chips with MMX but without SSE2. The pixman library detects available CPU features at runtime and will either fall back to the generic implementation or use the SSE2 or SSSE3 code paths. ok kettenis@ matthieu@ jsg@ lib/pixman/mk/Makefile lib/pixman/mk/pixman-config.h