Instead of terminating with fatalx() when a private key hash cannot be found, log a warning and send an error back to the relay worker. This prevents a race condition during "reload" where a request might reach the CA process while keys are being repopulated. Reported by Nick Owens; thanks! OK tb@

Adjust a comment. Being non-existent, the OpenSSL engine layer cannot be responsible for whatever unholy hacks this code requires.

Joel Carnat (Thanks) notice that GoToSocial does not like it when we sent no User-Agent and returns an HTTP/418. Lloyd pointed to use RELAYD_SERVERNAME instead hardcoded "relayd" OK sthen, claudio (diff without RELAYD_SERVERNAME)

OK claudio@

OK claudio@

If the cookie doesn't match, we bail with a continue and totally forget to free the imsg. OK claudio@

patch from Christoph Liebender OK: rsadowski@

The things that need quoting are not necessarily "argument names", and not even necessarily "names" at all, so just talk about "arguments". "I guess?" florian@ and no objection from otto@, both back in July 2025. Actually, the quoting rules are more complicated than the text makes believe, but i do not know how to better describe them. It may not be easy because some suspect the implementation may be somewhat adhoc rather than based on cleary defined lexical rules.

OK stsp

It is possible that "request_method" is checked without having been initialised in line 439. OK kirill@ stsp@

Found by scan-build: carp.c:64:7: warning: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c' [deadcode.DeadSt ores] 64 | if ((c = carp_group_find(group)) == NULL) Feedback from Crystal Kolipe and tb@, OK tb@

The HTTP standard RFC 9110 requires GMT, in HTTP-date. We used to do this until a recent modification to localtime.c changed GMT to UTC. sync from httpd

As a result IF the other side of the privsep was succesfully exploited, it could then send such a flawed message and cause a cause an array bounds violation over the privsep boundary. Reported by S. Ai, H. Lefeuvre, Systopia team ok claudio

and the titles from all caps to sentence case such that they match the table of contents, and switch from .Sy to .Sx as needed. OK florian@

the syntax of both defining and using macros, rather than exclusively relying on examples, which some of the pages do not even provide. In those pages containing tables of content, also clarify that the "Macros" section contains *definitions* of variables. Both changes were already committed to vm.conf(5) earlier. In those few pages that referenced cpp(1) and m4(1), stop doing that because the macro definition syntax and the macro dereferencing syntax of both languages is totally different from the parse.y syntax. OK florian@, and deraadt also requests keeping these manuals in sync.

the privileged parent. Again code does not expect strings that are not terminated and by default nothing sends such strings but lets fix this bug anyway. Reported by S. Ai, H. Lefeuvre, Systopia team OK tb@ benno@

sockets to unveil. reported by pascal@ OK sthen@ benno@

imsgbuf_allow_fdpass. OK tb@

OK tb@

OK tb@

OK tb@

imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush. This separates the imsgbuf API from the per-imsg API. OK tb@

OK tb@

imsg_write() is just a thin wrapper around msgbuf_write(). So this is mostly search and replace. OK tb@