Build date: 1780783203 - Sat Jun 6 22:00:03 UTC 2026 Build cvs date: 1780767330 - Sat Jun 6 17:35:30 UTC 2026 Build id: 2026-06-07.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libssl/d1_both.c P lib/libssl/dtls_local.h P lib/libssl/s3_lib.c P lib/libssl/ssl_clnt.c P lib/libssl/ssl_local.h P lib/libssl/ssl_srvr.c P lib/libssl/ssl_tlsext.c P lib/libssl/t1_lib.c P lib/libtls/tls_internal.h P lib/libtls/man/tls_config_set_protocols.3 P regress/lib/libssl/dtls/Makefile U regress/lib/libssl/dtls/dtls_handshake_msg_test.c P sys/dev/ic/ufshci.c M sys/dev/usb/uhidev.c P usr.bin/tmux/cmd-split-window.c P usr.bin/tmux/layout.c P usr.bin/tmux/screen-write.c P usr.bin/tmux/tmux.h M usr.sbin/bgpd/session.c commit pyrMVTfgo34imobw Author: nicm Date: 2026/06/06 17:35:30 Use correct X position for visible range checks in screen_write_fast_copy, GitHub issue 5164 from Barrett Ruth. usr.bin/tmux/screen-write.c commit ICEa14dRK2YMwDsg Author: nicm Date: 2026/06/06 17:30:48 Change so that floating panes are always part of the root layout. From Dane Jensen. usr.bin/tmux/cmd-split-window.c usr.bin/tmux/layout.c usr.bin/tmux/tmux.h commit Cqdbcov0nOQMfZdd Author: sthen Date: 2026/06/06 16:23:30 add X25519MLKEM768 to the start of the default ECDHE curves list, allowing libtls clients to connect to servers which don't offer any other curves (this has been seen in the wild with got, reported by stsp). ok tb@ depends on recent libssl changes (ssl_tlsext.c r1.161, t1_lib.c r1.209). lib/libtls/tls_internal.h lib/libtls/man/tls_config_set_protocols.3 commit lTqmUV4QMqH0GPgJ Author: mglocker Date: 2026/06/06 16:12:18 Increase register status polling busy-wait from 250 to 500ms. This makes ufshci(4) survive a suspend on the Samsung Galaxy Book4 Edge. sys/dev/ic/ufshci.c commit 8aONmaNCAbnpWT2P Author: jsing Date: 2026/06/06 15:28:14 Correctly handle failure to buffer DTLS messages. If we fail to buffer an outgoing DTLS message, we're not going to be able to retransmit it. Correctly propagate the failure. ok kenjiro@ tb@ lib/libssl/d1_both.c commit qdNamIBVsULM0X4q Author: jsing Date: 2026/06/06 15:24:26 Move DTLS change cipher spec handling to its own function. When a TLSv1.2 change cipher spec message has been built, call a separate function that can handle the DTLS specific processing rather than including this in the TLS code. ok kenjiro@ tb@ lib/libssl/d1_both.c lib/libssl/dtls_local.h lib/libssl/ssl_clnt.c lib/libssl/ssl_srvr.c commit dqxhWrNJFbHe3RRx Author: jsing Date: 2026/06/06 15:22:25 Move DTLS handshake message handling to its own function. When a TLSv1.2 handshake message has been built, call a separate function that can handle the DTLS specific processing rather than including this in the TLS code. ok kenjiro@ tb@ lib/libssl/d1_both.c lib/libssl/dtls_local.h lib/libssl/s3_lib.c commit ObNllWqodHH0L1PX Author: jsing Date: 2026/06/06 15:08:15 Remove ssl3_handshake_msg_hdr_len() This function is only called in one location, which is always a DTLS context - use DTLS1_HM_HEADER_LENGTH directly instead. ok kenjiro@ tb@ lib/libssl/s3_lib.c lib/libssl/ssl_local.h commit YW5mDLqCeXnQNH9J Author: tb Date: 2026/06/06 08:45:41 libssl: don't break TLSv1.2 with X25519MLKEM768 If the list of 'groups' starts with X25519MLKEM768 for a TLSv1.2 server, ssl3_send_server_kex_ecdhe() attempts to use NID_X25519MLKEM768, which it receives from tls1_get_supported_groups(). This does not work because it never received the peer's public keys, which causes an error return from tls_key_share_server_generate_mlkem768x25519(). For a TLSv1.2-only client with custom supported group list we will currently send ML-KEM if configured. We should not do this. There is more to fix here: if a TLSv1.2 client is misconfigured with only X25519MLKEM768, we should not send a supported groups extension (with this commit we'll send an empty one, which is an RFC violation). This commit simply filters X25519MLKEM768 out of the supported groups list if we're configured to be TLSv1.2-only. feedback/ok jsing kenjiro (on an earlier version) lib/libssl/ssl_tlsext.c lib/libssl/t1_lib.c commit Dc9zfdHbVzPATu8X Author: jsing Date: 2026/06/06 08:13:50 Add regress tests for DTLS handshake messages. regress/lib/libssl/dtls/Makefile regress/lib/libssl/dtls/dtls_handshake_msg_test.c