Build date: 1782684003 - Sun Jun 28 22:00:03 UTC 2026 Build cvs date: 1782679613 - Sun Jun 28 20:46:53 UTC 2026 Build id: 2026-06-29.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-ptrace-revert.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P sbin/iked/proc.c M sys/dev/usb/uhidev.c P usr.bin/cal/cal.c P usr.bin/tmux/tmux.c M usr.sbin/bgpd/session.c P usr.sbin/httpd/httpd.conf.5 P usr.sbin/httpd/httpd.h P usr.sbin/httpd/proc.c P usr.sbin/relayd/proc.c P usr.sbin/relayd/relayd.conf.5 P usr.sbin/relayd/relayd.h P usr.sbin/snmpd/proc.c commit noxKfa3fyDgRdJwY Author: tb Date: 2026/06/28 20:46:53 cal: trim whitespace usr.bin/cal/cal.c commit aS8nwieU8yqQbIRC Author: tb Date: 2026/06/28 20:26:51 Update link to ISO week calculation From Biarder (I used the more specific #calcweekno anchor) usr.bin/cal/cal.c commit q4KwHfTyRxoz4t36 Author: nicm Date: 2026/06/28 15:53:18 Only forbid #( in names and titles (styles are #[ and are useful). usr.bin/tmux/tmux.c commit Y6le0QAC6tFoUOux Author: rsadowski Date: 2026/06/28 05:33:20 restrict IMSG_CTL_PROCFD to parent and check process id/instance IMSG_CTL_PROCFD messages contain a destination process id and instance number that were used to index internal arrays before being checked. A child sending bad imsgs could cause out-of-bounds reads or writes. Check for a missing fd, a bad process id, or an out-of-range instance before any array is indexed. Also reject IMSG_CTL_PROCFD that does not come from the parent. from Andrew Griffiths, diff by martijn@ and myself, ok martijn@ sbin/iked/proc.c usr.sbin/httpd/proc.c usr.sbin/relayd/proc.c usr.sbin/snmpd/proc.c commit LEdIrS52FQ4QFUa0 Author: rsadowski Date: 2026/06/28 05:08:28 Switch the default TLS cipher set from "compat" to "secure" The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers that have forward secrecy (ECDHE/DHE). See tls_config_set_ciphers(3) for details. This is stricter than "HIGH:!aNULL" and drops older ciphers without AEAD or forward secrecy. Also update the ciphers text in httpd.conf.5 with the clearer wording from smtpd.conf.5. Old peers that need these older ciphers may no longer connect. idea from Mischa, ok kirill@ ok tb@ usr.sbin/httpd/httpd.conf.5 usr.sbin/httpd/httpd.h commit XyrIA9xuORtxeGBZ Author: rsadowski Date: 2026/06/28 05:06:54 Switch the default TLS cipher set from "HIGH:!aNULL" to "secure" The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers that have forward secrecy (ECDHE/DHE). See tls_config_set_ciphers(3) for details. This is stricter than "HIGH:!aNULL" and drops older ciphers without AEAD or forward secrecy. Also update the ciphers text in relayd.conf.5 with the clearer wording from smtpd.conf.5. Old peers that need these older ciphers may no longer connect. idea from Mischa, ok kirill@ ok tb@ usr.sbin/relayd/relayd.conf.5 usr.sbin/relayd/relayd.h