in. This fixes the case where one would be in a non default rdomain shell then
run an rdomain 0 rc.d daemon.
reported by YASUOKA Masahiko and Pierre Emeriaud
ok sthen@ claudio@ benno@

patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>

off.
This makes three changes: adds the ht capability to the standard lines
in gettytab(5); removes OXTABS from TTYDEF_OFLAG in ttydefaults.h (the
defaults used by pty(4) - diff from martijn); and only sets OXTABS on
terminals which lack hts and tbc in tset(1) (from Thomas Dickey
upstream).
Addresses problems reported by tedu.
ok millert

This is required to build the radeonsi Mesa driver.
ok patrick@

As of usr.bin/xinstall/install.c revision 1.68, -S is a no-op and
install(1) will always create files safely, thus clean the option usage
from the tree.
Diff from Lauri Tirkkonen <lotheac at iki dot fi>, thanks.

Loop over df(1)'s output directly, ensure the resulting list of block
devices is unique to avoid later duplicity checks and redundant mount(8)
invocations.
This allows direct bail out on invalid types and simpler saving for later
remount.
OK deraadt

ok deraadt@

larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno

OK sthen

changing timestamps we can track it in /etc/changelist.
OK sthen

correctly itself now. At leat considering the end of life times of
OpenBSD releases and the speed at which the root key signing key (KSK)
rolls.
On the other hand, unbound-anchor assumes a certain network quality
which we cannot guarantee in places where we want to run unwind(8).
This in turn can lead to unbound-anchor stalling the boot process.

Note that unwind(8) works without a config file in many (most?) cases.
This provides an example on how to use the captive portal detection
feature.
Input benno
Input & OK sthen

could be useful in ports.
initial diff by David Carlier some time ago.
ok jca

This requires a libc major version bump.  OK deraadt@

ok florian@

ok deraadt@ florian@

re-commit now that snapshots are over the bump.
OK deraadt

found the hard way by deraadt

ok deraadt@, visa@

suggested by and ok deraadt@ ("I think we never hang there anymore")

the wrong idiom. ok tedu@ but probably needs some tweakin

Actually specify whether the certificate is not yet valid or has expired,
and log the actual time values to hopefully save some head scratching.
ok deraadt@ tb@

Spotted by tb@
ok deraadt@ tb@

Given that we're getting a constraint so that we can validate time, if our
own time is out we can fail the automatic validity checking since it is
based on the wallclock. Instead, disable the automatic validity checking
and perform manual checks based on the time reported from the server via
the HTTP header.
Discussed at length with and ok deraadt@

macros with spaces in them. With and OK ajacoutot

anything larger than an int. ok jca@ rsadowski@

sure pexp matches the process (i.e. doesn't include the quotes).
It's a bit hackish but it allows things like these in rc.conf.local:
relayd_flags=-D IPS="1.2.3.4 2.3.4.5"
And we properly end up with...
$ grep ^pexp /var/run/rc.d/relayd
pexp=/usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
... which matches what is in the process list:
root     14217  <snip>    0:00.01 /usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
There's always the possibility that we have introduced a regressions with hand
crafted functions in rc.d scripts (mostly from packags), so watch out.
reported by and debugged with claudio@

ok tedu@