Build date: 1781474403 - Sun Jun 14 22:00:03 UTC 2026 Build cvs date: 1781470400 - Sun Jun 14 20:53:20 UTC 2026 Build id: 2026-06-15.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libssl/ssl.h P lib/libssl/ssl_lib.c P lib/libssl/ssl_tlsext.c P lib/libssl/tls13_client.c P lib/libssl/man/SSL_CTX_set_options.3 P regress/lib/libssl/renegotiation/Makefile P regress/lib/libssl/renegotiation/renegotiation_test.c P regress/usr.bin/ssh/agent.sh P regress/usr.bin/ssh/cert-hostkey.sh P regress/usr.bin/ssh/cert-userkey.sh P regress/usr.bin/ssh/keytype.sh P regress/usr.bin/ssh/knownhosts-command.sh P regress/usr.bin/ssh/unittests/Makefile P regress/usr.bin/ssh/unittests/authopt/Makefile U regress/usr.bin/ssh/unittests/crypto/Makefile U regress/usr.bin/ssh/unittests/crypto/test_ed25519.c U regress/usr.bin/ssh/unittests/crypto/test_mldsa.c U regress/usr.bin/ssh/unittests/crypto/test_mldsa_eddsa.c U regress/usr.bin/ssh/unittests/crypto/test_mlkem.c U regress/usr.bin/ssh/unittests/crypto/tests.c U regress/usr.bin/ssh/unittests/crypto/testdata/draft-ietf-lamps-pq-composite-sigs.json U regress/usr.bin/ssh/unittests/crypto/testdata/nistkats-44.json P regress/usr.bin/ssh/unittests/hostkeys/Makefile P regress/usr.bin/ssh/unittests/kex/Makefile P regress/usr.bin/ssh/unittests/servconf/Makefile P regress/usr.bin/ssh/unittests/sshkey/Makefile P regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh P regress/usr.bin/ssh/unittests/sshkey/test_file.c P regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c P regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1 U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1-cert.fp U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1-cert.pub U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.fp U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.fp.bb U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.pub U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1_pw U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2 U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.fp U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.fp.bb U regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.pub P regress/usr.bin/ssh/unittests/sshsig/Makefile P regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh P regress/usr.bin/ssh/unittests/sshsig/tests.c U regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519 U regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519.pub U regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519.sig P share/man/man5/cargo-module.5 M sys/dev/usb/uhidev.c P sys/net/if_spppsubr.c P usr.bin/ssh/Makefile.inc P usr.bin/ssh/authfd.c P usr.bin/ssh/authfile.c P usr.bin/ssh/crypto_api.h P usr.bin/ssh/ed25519-openssl.c P usr.bin/ssh/ed25519.c P usr.bin/ssh/ed25519.sh P usr.bin/ssh/kexmlkem768x25519.c U usr.bin/ssh/libcrux-mlkem-mldsa.c U usr.bin/ssh/libcrux_internal.h cvs server: usr.bin/ssh/libcrux_mlkem768_sha3.h is no longer in the repository cvs server: usr.bin/ssh/mlkem768.sh is no longer in the repository U usr.bin/ssh/mlkem_mldsa.sh P usr.bin/ssh/pathnames.h P usr.bin/ssh/servconf.c P usr.bin/ssh/ssh-keygen.c P usr.bin/ssh/ssh-keyscan.c P usr.bin/ssh/ssh-keysign.c U usr.bin/ssh/ssh-mldsa-eddsa.c P usr.bin/ssh/ssh.c P usr.bin/ssh/sshconnect.c P usr.bin/ssh/sshd-auth.c P usr.bin/ssh/sshd-session.c P usr.bin/ssh/sshd.c P usr.bin/ssh/ssherr.c P usr.bin/ssh/ssherr.h P usr.bin/ssh/sshkey.c P usr.bin/ssh/sshkey.h P usr.bin/tmux/cmd-resize-pane.c P usr.bin/tmux/format.c P usr.bin/tmux/layout-custom.c P usr.bin/tmux/layout.c P usr.bin/tmux/screen-redraw.c P usr.bin/tmux/server-client.c P usr.bin/tmux/tmux.h P usr.bin/tmux/window.c M usr.sbin/bgpd/session.c P usr.sbin/relayd/ca.c P usr.sbin/relayd/config.c P usr.sbin/relayd/control.c P usr.sbin/relayd/hce.c P usr.sbin/relayd/pfe.c P usr.sbin/relayd/proc.c P usr.sbin/relayd/relay.c P usr.sbin/relayd/relayd.c P usr.sbin/relayd/relayd.h P usr.sbin/relayd/ssl.c commit PffNxSuczyKBzhFh Author: nicm Date: 2026/06/14 20:53:20 Fix various errors in redrawing: - Fix the active pane colour when only two panes and scrollbars enabled. - Clip left and right scrollbars the same for floating panes. - Do not subtract scrollbar width twice when working out width of status line. - Check if a character is inside a visible range correctly (do not include the next position outside the range). usr.bin/tmux/screen-redraw.c commit Nt2XU7t8pCnGVfV1 Author: nicm Date: 2026/06/14 20:37:57 Skip floating panes when working out the top or bottom cell. Fixes missing bottom status pane status line when floating panes exist. usr.bin/tmux/layout.c commit Vu9eE4zjpcVmwDEw Author: nicm Date: 2026/06/14 19:31:37 Add a helper to get pane-border-status for a window for some other changes to come. usr.bin/tmux/cmd-resize-pane.c usr.bin/tmux/format.c usr.bin/tmux/layout.c usr.bin/tmux/screen-redraw.c usr.bin/tmux/server-client.c usr.bin/tmux/tmux.h usr.bin/tmux/window.c commit 8KKVLKEQKrYc5LnO Author: nicm Date: 2026/06/14 18:59:15 Take account of borders when resizing floating panes. usr.bin/tmux/layout.c commit Ux5H6BuGE4kyE2qk Author: jsing Date: 2026/06/14 15:51:17 Correct secondary key share handling for HelloRetryRequests. With the introduction of a secondary key share, we fail to ensure that the HelloRetryRequest does not specify the group that was used for the secondary key share. We also fail to free the secondary key share early in this case, meaning that it lingers in memory until the SSL is reset or freed. Fix both of these issues. ok tb@ lib/libssl/tls13_client.c commit KzBRfOVJMA0ZrS8N Author: jsing Date: 2026/06/14 15:47:49 Improve TLSv1.3 server handling of no shared groups. While we currently correctly handle the no-shared-group case, it currently fails late when we try to create the key share. Improve detection and handling so that we fail sooner and send an alert to the client when processing client key shares. While here rename preferred_group_found to shared_group_found - we look for the client preferred group, but any group that we select will always be in the client list (even if it's the last one). Reported by the tlspuffin team. ok tb@ lib/libssl/ssl_tlsext.c commit GyCKF5uUIZL2c9MP Author: jsing Date: 2026/06/14 14:53:07 Send illegal parameter alerts for various HelloRetryRequest violations. Be more RFC compliant and send illegal parameter alerts when the client receives a HelloRetryRequest that requests a group that we did not offer or a group that we sent a key share for in the ClientHello. These were annotated as missing, but not previously implemented. Prompted by a report from the tlspuffin team. ok tb@ lib/libssl/tls13_client.c commit rrFF8chyQzO2KeD7 Author: jsing Date: 2026/06/14 14:33:36 Improve renegotation regress. Include coverage of Renegotiation Indication and legacy connection handling. regress/lib/libssl/renegotiation/Makefile regress/lib/libssl/renegotiation/renegotiation_test.c commit d9ZIpEyxEvQ8BUrw Author: jsing Date: 2026/06/14 14:30:52 Mop up SSL_CTX_set_options(3). SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is now a no-op, tidy up SSL_OP_LEGACY_SERVER_CONNECT and reflect the current state of SSL_OP_ALL Delete the entire "SECURE RENEGOTIATION" section that contained ancient ramblings. ok beck@ tb@ lib/libssl/man/SSL_CTX_set_options.3 commit 2yaCHYC1UrFs3ML3 Author: jsing Date: 2026/06/14 14:25:55 Remove SSL_OP_LEGACY_SERVER_CONNECT from default options. Remove SSL_OP_LEGACY_SERVER_CONNECT from the default SSL options and the SSL_OP_ALL define. This means that we will now refuse to connect to a TLSv1.2 server if it does not support the Renegotiation Indication (RI) extension. This prevents a class of attacks against TLS clients that are talking to TLSv1.2-only servers that permit client initiated renegotiation. Raised by Lucca Hirschi et al from Inria. ok beck@ tb@ lib/libssl/ssl.h lib/libssl/ssl_lib.c commit duRZSlmpqnPjPnfe Author: semarie Date: 2026/06/14 14:02:44 cargo-module.5: document more variables From Andrew Kloet andrew kloet.net share/man/man5/cargo-module.5 commit x1Yx9L4nAq6yOMFs Author: rsadowski Date: 2026/06/14 08:57:43 relayd: drain OpenSSL error queue on TLS failures Borrowed from smtpd. Without draining we just log "RSA_meth_dup failed" and lose the actual reason. Wire ssl_error() into ca_engine_init(), which also kills a dead RSA_meth_free() on a NULL pointer there, and into ssl_load_key()s fail path. Tweaks and OK tb usr.sbin/relayd/ca.c usr.sbin/relayd/relayd.h usr.sbin/relayd/ssl.c commit 34r7bgBIQEJpXgj5 Author: rsadowski Date: 2026/06/14 08:55:54 relayd: remove from and toptr to simplify feedback and OK claudio usr.sbin/relayd/ca.c commit cJgMLlODUovAJwFh Author: rsadowski Date: 2026/06/14 08:54:21 relayd: use ibuf_get_string() and ibuf_get_data() to read imsg payloads Drop the local get_string() and read variable-length string and binary payloads through the ibuf getters instead of the raw imsg->data pointer. ibuf_get_string() no longer trims the input at the first non-printable byte like the old get_string() did; the payloads come from the parent over privsep imsg. idea and ok claudio usr.sbin/relayd/config.c usr.sbin/relayd/relayd.c usr.sbin/relayd/relayd.h commit 8oEyL01rtvPGDybQ Author: rsadowski Date: 2026/06/14 08:53:06 fix knfmt usr.sbin/relayd/control.c commit 5HQcdhGkDdieo5kD Author: rsadowski Date: 2026/06/14 08:52:16 Check error in proc_forward_imsg usr.sbin/relayd/proc.c usr.sbin/relayd/relayd.h commit YpPwkICGp2R1nwDh Author: rsadowski Date: 2026/06/14 08:51:11 relayd: read parent_dispatch_pfe() payloads via the imsg getters Use imsg_get_data() for the fixed-size messages and imsg_get_ibuf() for the variable-length IMSG_CTL_RELOAD path, taking the config name from the ibuf via ibuf_data()/ibuf_size(). Remove IMSG_SIZE_CHECK and IMSG_DATA_SIZE, no consumer left. OK claudio usr.sbin/relayd/relayd.c usr.sbin/relayd/relayd.h commit EFy1aSs1kuHvfc3q Author: rsadowski Date: 2026/06/14 08:50:26 relayd: use imsg_get_ibuf() for variable-length CA key operations The IMSG_CA_PRIVENC/PRIVDEC messages carry a ctl_keyop header followed by cko_flen (request) or cko_tlen (response) trailing bytes, so the exact-size imsg_get_data() cannot be used. Read the header with imsg_get_ibuf() + ibuf_get() and take the payload from the same ibuf via ibuf_data()/ibuf_size(). Tweaks (in a different commit) and OK claudio usr.sbin/relayd/ca.c commit c1DcgJ2zhVUcfPjg Author: rsadowski Date: 2026/06/14 08:48:04 relayd: read imsg payloads via the new imsg/ibuf getters Convert the config_get* handlers from IMSG_SIZE_CHECK() + memcpy() to the new imsg API. Fixed-size payloads use imsg_get_data(). Functions with a fixed header followed by variable-length data use imsg_get_ibuf() + ibuf_get() and read the remainder from the same ibuf cursor, since imsg_get_data() requires the payload to match the requested size exactly. Feedback and OK claudio usr.sbin/relayd/config.c commit 8WA2KFZsaURiWYTS Author: nicm Date: 2026/06/14 08:47:44 Return early if connect construct cell, reported by Jere Viikari. usr.bin/tmux/layout-custom.c commit dlbfYui1ACZm68Yd Author: rsadowski Date: 2026/06/14 08:45:02 relayd: convert control imsg forwarding to imsg_forward() Rework control_imsg_forward() to forward the message unaltered via imsg_forward() instead of rebuilding it with imsg_compose_event(). read the type via imsg_get_type(), dropping the manual header-length Switch to use read the payload with imsg_get_data() and checks and the memcpy() that wrote the data back into the imsg before forwarding. OK claudio usr.sbin/relayd/control.c usr.sbin/relayd/pfe.c usr.sbin/relayd/relayd.h commit kNIAQ4At4ZpVmjCh Author: rsadowski Date: 2026/06/14 08:41:08 relayd: use imsg_get_data() and imsg_get_type() Replace IMSG_SIZE_CHECK() + memcpy()/bcopy() with imsg_get_data(), which does the length check and copy in one call, and read the message type via imsg_get_type() instead of imsg->hdr.type. OK claudio usr.sbin/relayd/ca.c usr.sbin/relayd/hce.c usr.sbin/relayd/pfe.c usr.sbin/relayd/relay.c commit Cq2wbxv3lh4mR0cu Author: rsadowski Date: 2026/06/14 08:37:00 relayd: convert proc.c to new imsg API Replace IMSG_SIZE_CHECK() + memcpy() with imsg_get_data(), which does the length check and copy in one call. Use the imsg accessors (imsg_get_*) instead of touching imsg.hdr directly and imsgbuf_get()/imsgbuf_read() instead of imsg_get(). Rewrite proc_forward_imsg() to use imsg_forward() per target imsgbuf instead of re-composing via proc_compose_imsg(); arm the write event with imsg_event_add() after each forward. proc_forward_imsg() never forwarded an fd, and imsg_forward() rewinds the buffer internally, so multiple forwards per message keep working. Drop the now-unused n parameter (all callers passed -1). ok claudio@ usr.sbin/relayd/control.c usr.sbin/relayd/proc.c usr.sbin/relayd/relayd.h commit GSAjn3R5XSxORgrp Author: mvs Date: 2026/06/14 05:39:23 sppp_pap_input(): do not compare credentials if the lengths of received ones is not the same of configured. ok renaud bluhm sys/net/if_spppsubr.c commit d8vbYA1hloRCC9VR Author: djm Date: 2026/06/14 04:16:19 make crypto_sign_ed25519_keypair_from_seed non-static. The new ML-DSA/ed25519 code needs it usr.bin/ssh/ed25519.c usr.bin/ssh/ed25519.sh commit uHNpk3rGjuUMaUFh Author: djm Date: 2026/06/14 04:08:06 unit and regression tests for composite PQ ML-DSA44/Ed25519 keys. Includes a new unittests/crypto test that tests basic functionality of the underlying crypto primitives against public test vectors regress/usr.bin/ssh/agent.sh regress/usr.bin/ssh/cert-hostkey.sh regress/usr.bin/ssh/cert-userkey.sh regress/usr.bin/ssh/keytype.sh regress/usr.bin/ssh/knownhosts-command.sh regress/usr.bin/ssh/unittests/Makefile regress/usr.bin/ssh/unittests/authopt/Makefile regress/usr.bin/ssh/unittests/crypto/Makefile regress/usr.bin/ssh/unittests/crypto/test_ed25519.c regress/usr.bin/ssh/unittests/crypto/test_mldsa.c regress/usr.bin/ssh/unittests/crypto/test_mldsa_eddsa.c regress/usr.bin/ssh/unittests/crypto/test_mlkem.c regress/usr.bin/ssh/unittests/crypto/tests.c regress/usr.bin/ssh/unittests/crypto/testdata/draft-ietf-lamps-pq-composite-sigs.json regress/usr.bin/ssh/unittests/crypto/testdata/nistkats-44.json regress/usr.bin/ssh/unittests/hostkeys/Makefile regress/usr.bin/ssh/unittests/kex/Makefile regress/usr.bin/ssh/unittests/servconf/Makefile regress/usr.bin/ssh/unittests/sshkey/Makefile regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh regress/usr.bin/ssh/unittests/sshkey/test_file.c regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1 regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1-cert.fp regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1-cert.pub regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.fp regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.fp.bb regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1.pub regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_1_pw regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2 regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.fp regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.fp.bb regress/usr.bin/ssh/unittests/sshkey/testdata/mldsa44_ed25519_2.pub regress/usr.bin/ssh/unittests/sshsig/Makefile regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh regress/usr.bin/ssh/unittests/sshsig/tests.c regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519 regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519.pub regress/usr.bin/ssh/unittests/sshsig/testdata/mldsa44-ed25519.sig commit raXaJ7Pd6H0s2Y4O Author: djm Date: 2026/06/14 03:59:34 Add experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519 using the construction specified in draft-ietf-lamps-pq-composite-sigs. There's also an early draft documenting use of the integration of this scheme into SSH as draft-miller-sshm-mldsa44-ed25519-composite-sigs This scheme is not enabled by default. To you use, you'll need to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc. Keys may be generated using "ssh-keygen -t mldsa44-ed25519". The ML-DSA implementation comes from libcrux. Thanks to Jonas Schneider-Bensch and Jonathan Protzenko for their work to make this available. Consensus is that it's time to get this in to allow people to experiment with it. feedback markus@ tb@ logan@ deraadt@ usr.bin/ssh/Makefile.inc usr.bin/ssh/authfd.c usr.bin/ssh/authfile.c usr.bin/ssh/crypto_api.h usr.bin/ssh/ed25519-openssl.c usr.bin/ssh/kexmlkem768x25519.c usr.bin/ssh/libcrux-mlkem-mldsa.c usr.bin/ssh/libcrux_internal.h usr.bin/ssh/mlkem_mldsa.sh usr.bin/ssh/pathnames.h usr.bin/ssh/servconf.c usr.bin/ssh/ssh-keygen.c usr.bin/ssh/ssh-keyscan.c usr.bin/ssh/ssh-keysign.c usr.bin/ssh/ssh-mldsa-eddsa.c usr.bin/ssh/ssh.c usr.bin/ssh/sshconnect.c usr.bin/ssh/sshd-auth.c usr.bin/ssh/sshd-session.c usr.bin/ssh/sshd.c usr.bin/ssh/ssherr.c usr.bin/ssh/ssherr.h usr.bin/ssh/sshkey.c usr.bin/ssh/sshkey.h