Build date: 1780264803 - Sun May 31 22:00:03 UTC 2026 Build cvs date: 1780262981 - Sun May 31 21:29:41 UTC 2026 Build id: 2026-06-01.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libc/time/ctime.3 P lib/libssl/ssl_clnt.c P lib/libssl/ssl_local.h P lib/libssl/ssl_sigalgs.c P lib/libssl/ssl_sigalgs.h P lib/libssl/ssl_srvr.c P regress/usr.bin/ssh/addrmatch.sh P regress/usr.bin/ssh/cfgmatch.sh P regress/usr.bin/ssh/unittests/Makefile P regress/usr.bin/ssh/unittests/match/tests.c U regress/usr.bin/ssh/unittests/servconf/Makefile U regress/usr.bin/ssh/unittests/servconf/tests.c P sys/dev/ic/qwx.c P sys/dev/ic/qwxvar.h M sys/dev/usb/uhidev.c P usr.bin/ssh/channels.c P usr.bin/ssh/cipher.c P usr.bin/ssh/cipher.h P usr.bin/ssh/kex.c P usr.bin/ssh/kex.h P usr.bin/ssh/match.c P usr.bin/ssh/monitor.c P usr.bin/ssh/monitor_wrap.c P usr.bin/ssh/monitor_wrap.h P usr.bin/ssh/packet.c P usr.bin/ssh/servconf.c P usr.bin/ssh/servconf.h P usr.bin/ssh/serverloop.c P usr.bin/ssh/sftp-server.c P usr.bin/ssh/sftp.c P usr.bin/ssh/ssh-agent.c P usr.bin/ssh/ssh.c P usr.bin/ssh/sshd-auth.c P usr.bin/tmux/cmd-display-panes.c P usr.bin/tmux/screen-redraw.c P usr.bin/tmux/window.c M usr.sbin/bgpd/session.c P usr.sbin/relayd/parse.y P usr.sbin/slowcgi/slowcgi.c P usr.sbin/vmd/virtio.c commit DLwaDV6Qc0OXxfgu Author: nicm Date: 2026/05/31 21:29:41 Only draw visible parts of numbers for display-panes. usr.bin/tmux/cmd-display-panes.c commit wdDe1wnlngtLXbxS Author: nicm Date: 2026/05/31 21:08:23 When pane-border-indicators is set to "both" or "arrows", only draw arrows on the active floating pane and no other floating panes. Also there is no need to loop in screen_redraw_cell_border if only checking one pane. usr.bin/tmux/screen-redraw.c commit fgkxFx9X0QV9f3fI Author: nicm Date: 2026/05/31 20:41:07 Move back to starting position when pane is outside the window at all. usr.bin/tmux/window.c commit 0wRh2sMG9UF4prcc Author: bluhm Date: 2026/05/31 20:28:51 Fix vmd(8) emulation for Linux guests. The memory safety checks introduced in previous commit were too strict and broke Linux guests running on top of vmd. Adapt the checks to the variation of virtio 1.x that vmd implements. virtio 1.x doesn't need page alignment. The used area offset needs to just be 4 byte aligned for some sanity, but not really critical. The descriptor table, available area, and used areas must be in guest memory ranges and not spill out allowing guest access to host memory by using hvaddr_mem() to check. from dv@; OK mlarkin@; tested by jmatthew@ and Remi Bougard usr.sbin/vmd/virtio.c commit bvupeSCqhtc7MxLO Author: tb Date: 2026/05/31 15:21:04 ctime.3: remove warning about tm_zone and tm_gmtoff These are standardized in posix 2024 via Austin Group Defect 1533. So they won't go away or change anytime soon. ok job millert lib/libc/time/ctime.3 commit K4RQNcWEf03qy99w Author: jsing Date: 2026/05/31 14:34:44 Clean up signature algorithm handling. Now that we no longer support TLSv1.0 and TLSv1.1, SSL_USE_SIGALGS() is always true - remove all of the code that handles the non-sigalgs path, along with SSL_USE_SIGALGS() and the related flags. Also remove SIGALG_RSA_PKCS1_MD5_SHA1 and references to it, since this is also now unused. ok kenjiro@ tb@ lib/libssl/ssl_clnt.c lib/libssl/ssl_local.h lib/libssl/ssl_sigalgs.c lib/libssl/ssl_sigalgs.h lib/libssl/ssl_srvr.c commit ACYinRahbjxY1BP8 Author: stsp Date: 2026/05/31 13:54:17 in the qwx newstate task, only attempt to reset the device if RUNNING If we are not RUNNING then we are being called from qwx_stop(), and any error recovery the init task would try to perform would at best be pointless and might even cause problems. sys/dev/ic/qwx.c commit cg79SBCU8vYXU64G Author: stsp Date: 2026/05/31 13:53:02 do not schedule a qwx_newstate task if the interface is not RUNNING sys/dev/ic/qwx.c commit zNWNXyAnzByZkVux Author: stsp Date: 2026/05/31 13:51:58 do not set IFF_RUNNING if qwx_init() fails to start the MAC sys/dev/ic/qwx.c commit P0bBfyAQ9PzGeBpx Author: stsp Date: 2026/05/31 13:21:55 Implement qwx_dp_rx_h_null_q_desc() test + ok kevlo@ sys/dev/ic/qwx.c sys/dev/ic/qwxvar.h commit 6Aw156y7BcfflS3e Author: stsp Date: 2026/05/31 13:20:20 Fix use of wrong tailq pointers in qwx. Fortunately, this was a non-issue on devices with single radios and there are no multi-radio devices known to us so far. With help from kevlo@ who spotted a case I had missed. sys/dev/ic/qwx.c commit EcW1huIuOmnjzIpz Author: djm Date: 2026/05/31 13:12:07 handle compiled-time unsupported options in servconf.h better; leave a zero placeholder variable so we don't have #ifdef around their absence elsehwere in the tree usr.bin/ssh/servconf.c usr.bin/ssh/servconf.h commit AJC1uylYR7uT6BLJ Author: rsadowski Date: 2026/05/31 12:44:06 Add missing OCSP token Spotted and OK kirill usr.sbin/relayd/parse.y commit X0y5fNmWDQqjPUB7 Author: djm Date: 2026/05/31 11:39:44 unit test for new servconf.[ch] code, including a basic fuzz test for deserialisation regress/usr.bin/ssh/unittests/Makefile regress/usr.bin/ssh/unittests/servconf/Makefile regress/usr.bin/ssh/unittests/servconf/tests.c commit QeN1DFPvniIJT4ve Author: djm Date: 2026/05/31 11:31:57 the new configuration dump code emits configuration directives with capitalisation (previously they were all lowercase), so make the tests that consume them insensitive to case regress/usr.bin/ssh/addrmatch.sh regress/usr.bin/ssh/cfgmatch.sh commit X3P20RbOXyCqBMXE Author: djm Date: 2026/05/31 11:30:50 big refactor of sshd config management code. This generates much of the initialisation, defaults and keyword table code from a set of macros rather than hand coding them. These same macros are also used to generate serialisation and deserialisation code. The macros are admittedly ugly but have the advantage of forcing a good degree of consistency across places that need to stay in sync with each other. The new de/serialisation code is used to pass configurations across the various sshd-* process boundaries. This removes the need to pass around raw text configurations that need to be re-parsed as well as eliminating some raw pointer leakage across the processes where structures were previously clumsily serialised. feedback/ok markus@ usr.bin/ssh/monitor.c usr.bin/ssh/monitor_wrap.c usr.bin/ssh/monitor_wrap.h usr.bin/ssh/servconf.c usr.bin/ssh/servconf.h usr.bin/ssh/sshd-auth.c commit cnrawoC0MTT2RvTO Author: claudio Date: 2026/05/31 11:26:24 Don't fail hard on version mismatch and ignore extra end-of-params messages. Replace the lerrx on version mismatch with a lwarnx and error return. Switch to ssize_t return for that so that slowcgi_request() can properly fail when this happens. Also do not execute multiple commands when extra end-of-params messages are received. Once a command is executed fail to start a 2nd one. Same diff as bgplgd rev. 1.9 Reported by Frank Denis OK florian@ tb@ usr.sbin/slowcgi/slowcgi.c commit cYqx8ZJfbB79jlit Author: djm Date: 2026/05/31 06:14:42 avoid strlen(NULL) crash if an X11 channel was created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent. Reported by Ben Perry via GHPR679 usr.bin/ssh/channels.c commit LtsVauc1gUFooY9A Author: djm Date: 2026/05/31 05:55:21 DNS0x20[1] can randomise the case of domain names returned by lookup to force some more uniqueness in queries to reduce the likelihood of spoofing attacks succeeding. Normally this should be hidden from the user by the resolver, but in some cases it can leak through. When it does, it can mess up ssh's CanonicalizePermittedCNAMEs. Fix this by forcing the name we received from the system resolver to lowercase. bz3966, report and fix by Martin D Kealey [1] https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 usr.bin/ssh/ssh.c commit QYwYpvbA5pXZKY4N Author: djm Date: 2026/05/31 04:59:51 disallow use of the copy-data extension to read and write to the same inode simultaneously; reported by Qifan Zhang of Palo Alto Networks; ok markus@ usr.bin/ssh/sftp-server.c commit S00iz5MZjTmnvfD2 Author: djm Date: 2026/05/31 04:51:45 Fix two separate one-byte out-of-cound reads 1) if a server sent an empty reply to a SSH2_FXP_REALPATH request 2) if a batch command used the full 2048 byte buffer but ended in a literal backslash character Both reported by Zhenpeng (Leo) Lin from depthfirst ok markus@ usr.bin/ssh/sftp.c commit iqoIWsDvoMXITeAR Author: djm Date: 2026/05/31 04:47:29 DisableForwarding=yes didn't override PermitTunnel=yes Reported independently by Huzaifa Sidhpurwala of Redhat and Marko Jevtic; ok markus@ usr.bin/ssh/serverloop.c commit zHIUyZE3IMTyKcfV Author: djm Date: 2026/05/31 04:44:38 make the transport protocol stricter by disconnecting if the peer sends non-KEX messages during a key re-exchange. Previously an evil peer could continue sending non-KEX messages without penalty, causing memory to be wasted up until the connection terminated or the server/client hit a OOM limit. reported by Marko Jevtic; ok markus@ usr.bin/ssh/kex.c usr.bin/ssh/kex.h usr.bin/ssh/packet.c commit uV7VG10ABSkHUAWP Author: djm Date: 2026/05/31 04:37:56 stricter validation of the transport state passed from the unprivileged preauth sshd-auth process to the user-privileged postauth sshd-session process. These are harmless unless an attacker had an exploit for sshd-auth in which case they could be used for post-auth memory DoS or to crash you own session in a new and exciting way. Reported by bylee3 and Kayky Vinicius ok markus usr.bin/ssh/cipher.c usr.bin/ssh/cipher.h usr.bin/ssh/packet.c commit LkOOsJPDl3I1J1KX Author: djm Date: 2026/05/31 04:31:04 Enforce a maximum size for usernames in agent key use constraints Along with the match_pattern() performance change that was just committed this avoids a denial-of-service where an agent client could waste CPU on an agent by sending user constraints with lots of wildcards. Reported by Huzaifa Sidhpurwala of Redhat ok markus usr.bin/ssh/ssh-agent.c commit VIQ2UZr8AiOTZBK9 Author: djm Date: 2026/05/31 04:24:39 fix client use-after-free on error path if cipher_init() fails; reported by Qualys Security Advisory Team, ok markus@ usr.bin/ssh/packet.c usr.bin/ssh/ssh.c commit VjWINgQ3MNC67Adx Author: djm Date: 2026/05/31 04:20:58 flesh out match_pattern() tests, including a new comparison test of the new NFA-based implementation against the original one for all possible combinations of short inputs and patterns constructed from a small dictionary of possibilities. regress/usr.bin/ssh/unittests/match/tests.c commit XMxH9Zclzj1AKuYz Author: djm Date: 2026/05/31 04:19:16 Replace the old recursive match_pattern() with an implementation that uses a NFA for matching. This avoids the exponential worst- case behaviour for the old implementation. ok markus@ usr.bin/ssh/match.c