openbsd
7 years agoLet the 's' command delete the right number of bytes when UTF-8
schwarze [Wed, 31 May 2017 20:18:43 +0000 (20:18 +0000)]
Let the 's' command delete the right number of bytes when UTF-8
characters are involved; similar to what anton@ previously did for 'r';
OK tb@ anton@;
also tested by Walter Alejandro Iglesias <wai at roquesor dot com>.

7 years agoToo vs To. Found by Denis Fondras openbsd (at) ledeuns (dot) net
claudio [Wed, 31 May 2017 20:01:51 +0000 (20:01 +0000)]
Too vs To. Found by Denis Fondras openbsd (at) ledeuns (dot) net

7 years agolate game space battles require tty pledge to clear screen, etc.
tedu [Wed, 31 May 2017 19:51:27 +0000 (19:51 +0000)]
late game space battles require tty pledge to clear screen, etc.
from tomr

7 years agoUse ferror() to check for getline() failure. From Scott Cheloha.
millert [Wed, 31 May 2017 19:41:30 +0000 (19:41 +0000)]
Use ferror() to check for getline() failure.  From Scott Cheloha.
OK jung@

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
deraadt [Wed, 31 May 2017 19:18:18 +0000 (19:18 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, unmap the early startup code.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code,
which has been unmapped.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

ok kettenis mlarkin visa, also thanks to tedu for getting me back to this

7 years agoabout ten different improvements; OK tedu@ espie@ bentley@
schwarze [Wed, 31 May 2017 17:58:56 +0000 (17:58 +0000)]
about ten different improvements; OK tedu@ espie@ bentley@

7 years agoStyle and spacing nits.
nicm [Wed, 31 May 2017 17:56:48 +0000 (17:56 +0000)]
Style and spacing nits.

7 years agouse the standard OpenBSD license for new manual pages
schwarze [Wed, 31 May 2017 17:16:48 +0000 (17:16 +0000)]
use the standard OpenBSD license for new manual pages
rather than some 2-clause variant of the ancient BSD license;
OK benno@ tedu@

7 years agoDo not use CVS_LOCK_REPO for committing.
joris [Wed, 31 May 2017 16:48:16 +0000 (16:48 +0000)]
Do not use CVS_LOCK_REPO for committing.

This flag tells our file recursion code that for each directory entered
we should lock it. Commit however locks all relevant directories on its
own when it is about to make changes and should not depend on the file
recursion code to do so.

7 years agosync
tb [Wed, 31 May 2017 16:44:52 +0000 (16:44 +0000)]
sync

7 years agoShut up a warning.
nicm [Wed, 31 May 2017 16:44:33 +0000 (16:44 +0000)]
Shut up a warning.

7 years agoPlug memleak in rcs_translate_tag() that was causing havoc on large repos.
joris [Wed, 31 May 2017 16:31:55 +0000 (16:31 +0000)]
Plug memleak in rcs_translate_tag() that was causing havoc on large repos.

7 years agoWhen unlocking a directory only unlock the given one rather then all repo_locks.
joris [Wed, 31 May 2017 16:18:20 +0000 (16:18 +0000)]
When unlocking a directory only unlock the given one rather then all repo_locks.

7 years agofix indentation
joris [Wed, 31 May 2017 16:14:37 +0000 (16:14 +0000)]
fix indentation

7 years agoFix opencvs tag so it does not attempt to to local operations in a remote setup.
joris [Wed, 31 May 2017 16:13:25 +0000 (16:13 +0000)]
Fix opencvs tag so it does not attempt to to local operations in a remote setup.

While here make sure the "up-to-date" check (-c) works as one expects.

7 years agoImplement support for missed beacon notifications in iwn(4).
stsp [Wed, 31 May 2017 16:12:39 +0000 (16:12 +0000)]
Implement support for missed beacon notifications in iwn(4).
Works with WIFIonICE.
ok phessler@

7 years agoremove -X, it was just migrated to mandoc -Wstyle; OK wiz@
schwarze [Wed, 31 May 2017 15:35:22 +0000 (15:35 +0000)]
remove -X, it was just migrated to mandoc -Wstyle; OK wiz@

7 years agoSTYLE message about missing use of Ox/Nx/Fx/Dx; OK jmc@ wiz@
schwarze [Wed, 31 May 2017 15:30:12 +0000 (15:30 +0000)]
STYLE message about missing use of Ox/Nx/Fx/Dx; OK jmc@ wiz@

7 years agotime.h here too.
nicm [Wed, 31 May 2017 15:27:57 +0000 (15:27 +0000)]
time.h here too.

7 years agoNeed time.h.
nicm [Wed, 31 May 2017 15:26:41 +0000 (15:26 +0000)]
Need time.h.

7 years agoAdd support for EV_RECEIPT and EV_DISPATCH flags
mikeb [Wed, 31 May 2017 14:52:05 +0000 (14:52 +0000)]
Add support for EV_RECEIPT and EV_DISPATCH flags

From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks!
OK tedu, bluhm

7 years agoanother place to use ieee80211_min_basic_rate() to select the minimum tx rate
phessler [Wed, 31 May 2017 13:22:16 +0000 (13:22 +0000)]
another place to use ieee80211_min_basic_rate() to select the minimum tx rate

OK stsp@

7 years agoUse mbuf_queue to properly serialize access to pflow output queue.
visa [Wed, 31 May 2017 13:05:43 +0000 (13:05 +0000)]
Use mbuf_queue to properly serialize access to pflow output queue.

Input from mpi@, jmatthew@; OK mpi@, henning@, benno@

7 years agosection order;
jmc [Wed, 31 May 2017 12:46:30 +0000 (12:46 +0000)]
section order;

7 years agoadd ieee80211_min_basic_rate() to iwm(4), to select the lowest available
phessler [Wed, 31 May 2017 12:24:06 +0000 (12:24 +0000)]
add ieee80211_min_basic_rate() to iwm(4), to select the lowest available
datarate for management frames

based on revs 1.187 and r 1.188 from iwn(4)

OK stsp@

7 years agoSome applications like vi(1) and tmux until 10 minutes or so ago, do not
nicm [Wed, 31 May 2017 11:00:00 +0000 (11:00 +0000)]
Some applications like vi(1) and tmux until 10 minutes or so ago, do not
redraw on SIGWINCH if the size returns to the original size between the
original SIGWINCH and when they get around to calling TIOCGWINSZ. So use
the existing resize timer to introduce a small delay between the two
resizes.

7 years agomake sure we don't pass a NULL string to vfprintf (triggered by the
markus [Wed, 31 May 2017 10:54:00 +0000 (10:54 +0000)]
make sure we don't pass a NULL string to vfprintf (triggered by the
principals-command regress test); ok bluhm

7 years agoMan page bits for ext-community which grew a few more subtypes.
claudio [Wed, 31 May 2017 10:49:10 +0000 (10:49 +0000)]
Man page bits for ext-community which grew a few more subtypes.
Based on a diff from Job Snijders

7 years agoUpdate ext community printer to the changes done in bgpd.
claudio [Wed, 31 May 2017 10:48:06 +0000 (10:48 +0000)]
Update ext community printer to the changes done in bgpd.
OK henning@ benno@

7 years agoOups, that should have not been committed. Revert.
claudio [Wed, 31 May 2017 10:47:21 +0000 (10:47 +0000)]
Oups, that should have not been committed. Revert.

7 years agoRework the way we do extended communities (mainly in the parser) and update
claudio [Wed, 31 May 2017 10:44:00 +0000 (10:44 +0000)]
Rework the way we do extended communities (mainly in the parser) and update
the IANA table to a somewhat more complete list. This includes BGP Prefix
Origin Validation State support via the ext-community ovs keyword.
OK henning@ benno@ based on a diff by Job Snijders

7 years agosync
sthen [Wed, 31 May 2017 10:30:30 +0000 (10:30 +0000)]
sync

7 years agoinstall futex(2), ok mpi
sthen [Wed, 31 May 2017 10:29:47 +0000 (10:29 +0000)]
install futex(2), ok mpi

7 years agoIt is not OK to ignore SIGWINCH if SIOCGWINSZ reports the size has
nicm [Wed, 31 May 2017 10:29:15 +0000 (10:29 +0000)]
It is not OK to ignore SIGWINCH if SIOCGWINSZ reports the size has
unchanged, because it may have changed and changed back in the time
between us getting the signal and calling ioctl(). Always redraw when we
see SIGWINCH.

7 years agoBecause we defer actually resizing applications (calling TIOCSWINSZ)
nicm [Wed, 31 May 2017 10:15:51 +0000 (10:15 +0000)]
Because we defer actually resizing applications (calling TIOCSWINSZ)
until the end of the server loop, tmux may have gone through several
internal resizes in between. This can be a problem if the final size is
the same as the initial size (what the application things it currently
is), because the application may choose not to redraw, assuming the
screen state is unchanged, when in fact tmux has thrown away parts of
the screen, assuming the application will redraw them.

To avoid this, do an extra resize if the new size is the same size as
the initial size. This should force the application to redraw when tmux
needs it to, while retaining the benefits of deferring (so we now resize
at most two times instead of at most one - and only two very rarely).

Fixes a problem with break-pane and zoomed panes reported by Michal
Mazurek.

7 years agoperhaps a few more words about encoding format
tedu [Wed, 31 May 2017 10:09:31 +0000 (10:09 +0000)]
perhaps a few more words about encoding format

7 years agominor tweaks;
jmc [Wed, 31 May 2017 10:06:02 +0000 (10:06 +0000)]
minor tweaks;

7 years agouse SO_ZEROIZE for privsep communication (if available)
markus [Wed, 31 May 2017 10:04:29 +0000 (10:04 +0000)]
use SO_ZEROIZE for privsep communication (if available)

7 years agoutf8 has an rfc
tedu [Wed, 31 May 2017 09:58:36 +0000 (09:58 +0000)]
utf8 has an rfc

7 years agoDeleting a default route proposal is a bit of work and the code got
florian [Wed, 31 May 2017 09:39:03 +0000 (09:39 +0000)]
Deleting a default route proposal is a bit of work and the code got
copied around (not always correctly). Introduce free_dfr_proposal() to
have this in one place.

7 years agoclarify that translations happen immediately on match rules, not generally
henning [Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)]
clarify that translations happen immediately on match rules, not generally
Tony Gong <tony.y.gong at gmail>

7 years agoAs pf blocks packets with IPv6 options header, the tests needs an
bluhm [Wed, 31 May 2017 09:25:17 +0000 (09:25 +0000)]
As pf blocks packets with IPv6 options header, the tests needs an
allow-opts rule.

7 years agoBlock IPv6 packets in pf(4) that have hop-by-hop options header or
bluhm [Wed, 31 May 2017 09:19:10 +0000 (09:19 +0000)]
Block IPv6 packets in pf(4) that have hop-by-hop options header or
destination options header.  Such packets can be passed by adding
"allow-opts" to the rule.  So IPv6 options are handled like their
counterpart in IPv4 now.
tested by benno@; OK henning@

7 years agoThe net80211 stack was providing a 'beacon miss timeout' value (in ms)
stsp [Wed, 31 May 2017 09:17:39 +0000 (09:17 +0000)]
The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@

7 years agoSwitch to recallocarray() for a few operations. Both growth and shrinkage
deraadt [Wed, 31 May 2017 09:15:42 +0000 (09:15 +0000)]
Switch to recallocarray() for a few operations.  Both growth and shrinkage
are handled safely, and there also is no need for preallocation dances.
Future changes in this area will be less error prone.
Review and one bug found by markus

7 years agoThese shutdown() SHUT_RDWR are not needed before close()
deraadt [Wed, 31 May 2017 08:58:52 +0000 (08:58 +0000)]
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio

7 years agovirtio_pci: Support IPL_MPSAFE interrupt handlers
sf [Wed, 31 May 2017 08:57:48 +0000 (08:57 +0000)]
virtio_pci: Support IPL_MPSAFE interrupt handlers

7 years agonew socketoption SO_ZEROIZE: zero out all mbufs sent over socket
markus [Wed, 31 May 2017 08:55:10 +0000 (08:55 +0000)]
new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

7 years agoLook for setrgbf and setrgbb terminfo extensions for RGB colour. This is
nicm [Wed, 31 May 2017 08:43:44 +0000 (08:43 +0000)]
Look for setrgbf and setrgbb terminfo extensions for RGB colour. This is
the most reasonable of the various (some bizarre) suggestions for
capabilities.

7 years agoAdd serial console support for efiboot.
yasuoka [Wed, 31 May 2017 08:40:32 +0000 (08:40 +0000)]
Add serial console support for efiboot.

7 years agoAdd missing function prototype for iwm_rx_bmiss().
stsp [Wed, 31 May 2017 08:33:11 +0000 (08:33 +0000)]
Add missing function prototype for iwm_rx_bmiss().

7 years agoadd a tiny, to be improved, man page for utf8 encoding.
tedu [Wed, 31 May 2017 08:30:22 +0000 (08:30 +0000)]
add a tiny, to be improved, man page for utf8 encoding.
ok stsp

7 years agoDisable "machine boot" and "machine comaddr" from efiboot.
yasuoka [Wed, 31 May 2017 08:23:33 +0000 (08:23 +0000)]
Disable "machine boot" and "machine comaddr" from efiboot.

7 years agoImplement support for iwm(4) firmware's missed beacon notification.
stsp [Wed, 31 May 2017 08:14:52 +0000 (08:14 +0000)]
Implement support for iwm(4) firmware's missed beacon notification.
Requested by deraadt@
ok mpi@

7 years agodocument COMPILER, this is getting to be clean enough to be documentable
espie [Wed, 31 May 2017 08:12:27 +0000 (08:12 +0000)]
document COMPILER, this is getting to be clean enough to be documentable

7 years agoOptimize virtio_enqueue_trim() a bit by nuking unneeded
krw [Wed, 31 May 2017 08:10:24 +0000 (08:10 +0000)]
Optimize virtio_enqueue_trim() a bit by nuking unneeded
re-initializations of statically set fields. Move a common
chunk out of both clauses of if/else.

No intentional functional change.

ok sf@

7 years agoclear session keys from memory; ok djm@
markus [Wed, 31 May 2017 08:09:45 +0000 (08:09 +0000)]
clear session keys from memory; ok djm@

7 years agowhitespace nit
tb [Wed, 31 May 2017 08:02:56 +0000 (08:02 +0000)]
whitespace nit

7 years agoChange cp -pR to pax copy mode with -k when copying /etc/skel. This way
tb [Wed, 31 May 2017 07:55:29 +0000 (07:55 +0000)]
Change cp -pR to pax copy mode with -k when copying /etc/skel. This way
we keep existing files in the user's home directory that might have been
installed from siteXX.tgz. Found the hard way by Erling Westenvik.
Thanks to trondd for helpful analysis.

"If that's what it does, I'm all for it" halex

7 years agoDrop -t option from ctags call.
anton [Wed, 31 May 2017 07:48:04 +0000 (07:48 +0000)]
Drop -t option from ctags call.

The option has been deprecated for almost 7 years by now.

ok tb@

7 years agodo not leak address and dfr proposals if an interface goes away
florian [Wed, 31 May 2017 07:30:32 +0000 (07:30 +0000)]
do not leak address and dfr proposals if an interface goes away

7 years agowe can just use void for functions that always return 0.
tedu [Wed, 31 May 2017 07:20:26 +0000 (07:20 +0000)]
we can just use void for functions that always return 0.
from Michael W. Bombardieri

7 years agoadd a workaround for the rebound portjacking hijinks. ok millert
tedu [Wed, 31 May 2017 07:18:10 +0000 (07:18 +0000)]
add a workaround for the rebound portjacking hijinks. ok millert

7 years agoremove DEBUG_IMSG; I have figured out imsg flow by now; no binary
florian [Wed, 31 May 2017 07:14:58 +0000 (07:14 +0000)]
remove DEBUG_IMSG; I have figured out imsg flow by now; no binary
change

7 years agomake a copy of the first EV_SET argument to prevent multiple evaluation.
tedu [Wed, 31 May 2017 07:12:28 +0000 (07:12 +0000)]
make a copy of the first EV_SET argument to prevent multiple evaluation.
matches freebsd, fixes lldb. from Kamil Rytarowski at NetBSD.
while here, make the same change to KNOTE. ok deraadt

7 years agoremove now obsolete ctx from ssh_dispatch_run; ok djm@
markus [Wed, 31 May 2017 07:00:13 +0000 (07:00 +0000)]
remove now obsolete ctx from ssh_dispatch_run; ok djm@

7 years agoAllow replacement of UTF-8 characters in vi mode.
anton [Wed, 31 May 2017 06:59:12 +0000 (06:59 +0000)]
Allow replacement of UTF-8 characters in vi mode.

Reported by Walter Alejandro Iglesias on tech@.

ok schwarze@ tb@

7 years agoca_revoke() gets called two ways. Directly from ca_opt() with keyname
jsg [Wed, 31 May 2017 06:46:57 +0000 (06:46 +0000)]
ca_revoke() gets called two ways.  Directly from ca_opt() with keyname
set to the cert to revoke, and indirectly from ca_create() with a
keyname set to NULL.

ca_create() sets REQ_EXT so avoid setting it in ca_revoke() when keyname
is NULL and the crl database is being initialised.

Avoids "REQ_EXT already set" when creating a CA error introduced
in rev 1.44 which set REQ_EXT unconditionally in ca_revoke().

7 years agotweak previous;
jmc [Wed, 31 May 2017 06:23:19 +0000 (06:23 +0000)]
tweak previous;

7 years agoMove IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and
mpi [Wed, 31 May 2017 05:59:09 +0000 (05:59 +0000)]
Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().

We currently rely on the NET_LOCK() serializing access to most global
data structures for that.  IP input queues are no longer used in the
forwarding case.  They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().

Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch.  That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().

IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.

Tested by Hrvoje Popovski.

ok visa@, bluhm@, henning@

7 years agoadd some details relating to SATA device power management
jmatthew [Wed, 31 May 2017 05:54:06 +0000 (05:54 +0000)]
add some details relating to SATA device power management
part of a diff from Imre Vadasz via sf@

7 years agofix SATA_SStatus_DET_OFFLINE value and add newer SStatus bits
jmatthew [Wed, 31 May 2017 05:47:29 +0000 (05:47 +0000)]
fix SATA_SStatus_DET_OFFLINE value and add newer SStatus bits
from Imre Vadasz via sf@

7 years agouse the ssh_dispatch_run_fatal variant
markus [Wed, 31 May 2017 05:34:14 +0000 (05:34 +0000)]
use the ssh_dispatch_run_fatal variant

7 years agofold the vnetid and parent lines into a single encap line.
dlg [Wed, 31 May 2017 05:25:12 +0000 (05:25 +0000)]
fold the vnetid and parent lines into a single encap line.

this is a modest attempt to shorten the ifconfig output. encap wont
show up if neither vnetid or parent are supplied by an interface.

whitespace tweaks from benno@
output tweaks from reyk@
ok deraadt@ henning@

7 years agomake vlan use their parents lladdr all the time, not just when theyre up.
dlg [Wed, 31 May 2017 05:14:51 +0000 (05:14 +0000)]
make vlan use their parents lladdr all the time, not just when theyre up.

krw@ has been having issues with dhclient on vlan interfaces because
i made them only configure the lladdr when they were brought up.
dhclient likes to read the mac address and then bring them up.

this makes vlan copy the parents lladdr onto the vlan interface
when the parent is configured. this probably helps with v6 addresses
on vlan interfaces too.

the new code still supports configuring a custom lladdr on a vlan
interface. this can be done both before and after a parent is
configured, and if a parent is removed.

while here, if the parent is reconfigured while the vlan is up, dont
error if the new parent is the same as the current one. this should
make running netstart again less noisy.

ok krw@

7 years agoanother ctx => ssh conversion (in GSSAPI code)
djm [Wed, 31 May 2017 05:08:46 +0000 (05:08 +0000)]
another ctx => ssh conversion (in GSSAPI code)

7 years agouse strerror; from Edgar Pettijohn
deraadt [Wed, 31 May 2017 04:52:11 +0000 (04:52 +0000)]
use strerror; from Edgar Pettijohn

7 years agotypo; from Edgar Pettijohn
deraadt [Wed, 31 May 2017 04:50:55 +0000 (04:50 +0000)]
typo; from Edgar Pettijohn

7 years agoavoid going outside array bounds
jsg [Wed, 31 May 2017 04:35:38 +0000 (04:35 +0000)]
avoid going outside array bounds
ok krw@ deraadt@

7 years agospell out that custom options/extensions should follow the usual SSH
djm [Wed, 31 May 2017 04:29:44 +0000 (04:29 +0000)]
spell out that custom options/extensions should follow the usual SSH
naming rules, e.g. "extension@example.com"

7 years agoone more void *ctx => struct ssh *ssh conversion
djm [Wed, 31 May 2017 04:19:28 +0000 (04:19 +0000)]
one more void *ctx => struct ssh *ssh conversion

7 years agoclose fd on an exit path
jsg [Wed, 31 May 2017 04:18:58 +0000 (04:18 +0000)]
close fd on an exit path

7 years agoone more void *ctx => struct ssh *ssh conversion
djm [Wed, 31 May 2017 04:17:12 +0000 (04:17 +0000)]
one more void *ctx => struct ssh *ssh conversion

7 years agoFix a memory leak in pkey_add() error path. All current callers fatal
jsg [Wed, 31 May 2017 04:14:34 +0000 (04:14 +0000)]
Fix a memory leak in pkey_add() error path.  All current callers fatal
if pkey_add() fails.

7 years agoAdd support for Ralink RT5360. From Kevin Lo who tested with a
jsg [Wed, 31 May 2017 03:45:15 +0000 (03:45 +0000)]
Add support for Ralink RT5360.  From Kevin Lo who tested with a
D-Link DWA-525 rev A2.

7 years agoregen
jsg [Wed, 31 May 2017 03:38:35 +0000 (03:38 +0000)]
regen

7 years agoAdd Ralink RT5360. From Kevin Lo.
jsg [Wed, 31 May 2017 03:37:54 +0000 (03:37 +0000)]
Add Ralink RT5360.  From Kevin Lo.

7 years agoMake gcc move switch tables into .rodata instead of .text on i386/amd64
stefan [Wed, 31 May 2017 03:24:20 +0000 (03:24 +0000)]
Make gcc move switch tables into .rodata instead of .text on i386/amd64

For C++, gcc has to make use of comdat sections instead
of .gnu.linkonce sections for this because
switch tables and functions would now end up
in different .gnu.linkonce sections. This can cause ld
to sometimes incorrectly discard the switch tables, which causes
linker errors. With comdat sections, making the switch table
and function sections belong together is more reliable.

ok deraadt@

7 years agofix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@
djm [Wed, 31 May 2017 00:43:04 +0000 (00:43 +0000)]
fix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@

7 years agomake the AES-XTS mode a little more constant-time, though the AES
djm [Wed, 31 May 2017 00:34:33 +0000 (00:34 +0000)]
make the AES-XTS mode a little more constant-time, though the AES
implementation that it depends on currently isn't.

ok mikeb tom

7 years agoadd option "query from <ip>" to ntpd.conf, to specify a local IP
benno [Tue, 30 May 2017 23:30:48 +0000 (23:30 +0000)]
add option "query from <ip>" to ntpd.conf, to specify a local IP
address for outgoing ntp queries.
From Job Snijders, thanks!
with feedback and ok henning@

7 years agoAllow building the bootstrap with clang:
naddy [Tue, 30 May 2017 22:32:10 +0000 (22:32 +0000)]
Allow building the bootstrap with clang:
* skip the integrated assembler for assym.h
* use as(1) to build biosboot.S and the various versions of srt0.S
ok deraadt@

7 years agosync
sthen [Tue, 30 May 2017 22:19:36 +0000 (22:19 +0000)]
sync

7 years agoOops, this was RTP_BGP during development to be able to easier spot
florian [Tue, 30 May 2017 22:04:46 +0000 (22:04 +0000)]
Oops, this was RTP_BGP during development to be able to easier spot
the configured route. Should be RTP_DEFAULT.

7 years agoMake doas regression tests that involve doas running use a non-nosuid
zhuk [Tue, 30 May 2017 21:59:36 +0000 (21:59 +0000)]
Make doas regression tests that involve doas running use a non-nosuid
partition, or skip if it could not find a one.

thanks bluhm@ for valuable input

7 years agoremove no longer needed splnet/splx.
benno [Tue, 30 May 2017 21:57:39 +0000 (21:57 +0000)]
remove no longer needed splnet/splx.
ok florian@

7 years agoRewrite of choose mode, both to simplify and tidy the code and to add
nicm [Tue, 30 May 2017 21:44:59 +0000 (21:44 +0000)]
Rewrite of choose mode, both to simplify and tidy the code and to add
some modern features.

Now the common code is in mode-tree.c, which provides an API used by the
three modes now separated into window-{buffer,client,tree}.c. Buffer
mode shows buffers, client mode clients and tree mode a tree of
sessions, windows and panes.

Each mode has a common set of key bindings plus a few that are specific
to the mode. Other changes are:

- each mode has a preview pane: for buffers this is the buffer content
  (very useful), for others it is a preview of the pane;

- items may be sorted in different ways ('O' key);

- multiple items may be tagged and an operation applied to all of them
  (for example, to delete multiple buffers at once);

- in tree mode a command may be run on the selected item (session,
  window, pane) or on tagged items (key ':');

- displayed items may be filtered in tree mode by using a format (this
  is used to implement find-window) (key 'f');

- the custom format (-F) for the display is no longer available;

- shortcut keys change from 0-9, a-z, A-Z which was always a bit weird
  with keys used for other uses to 0-9, M-a to M-z.

Now that the code is simpler, other improvements will come later.

Primary key bindings for each mode are documented under the commands in
the man page (choose-buffer, choose-client, choose-tree).

Parts written by Thomas Adam.

7 years agoUse the CD bit (Cursor Disable) in the cursor start register to properly
fcambus [Tue, 30 May 2017 21:42:54 +0000 (21:42 +0000)]
Use the CD bit (Cursor Disable) in the cursor start register to properly
disable hardware cursor.

From NetBSD.

OK deraadt@

7 years agoFirst pass to make bluhm@ happy regarding doas regress conf.
zhuk [Tue, 30 May 2017 20:46:03 +0000 (20:46 +0000)]
First pass to make bluhm@ happy regarding doas regress conf.

1. Make permit tests use wsrc instead of wobj (because basically, to run
   test you need obj being writable, unless you want to pollute /usr/src);
2. Test if current user is in wobj group prior running the test, and skip
   the test if he is not.

7 years agoevent injection framework, will be used for other features coming shortly
mlarkin [Tue, 30 May 2017 20:31:24 +0000 (20:31 +0000)]
event injection framework, will be used for other features coming shortly

ok deraadt