An increasing number of types of these files (e.g. ppp, carp and
wlan adapters) may contain secrets.
ok deraadt oga johan

first version from todd, ok millert

inputs from jmc@
"looks ok" beck@ (similar older diff), "fine by me" jmc@

Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@

calls vfork(2). "untested, but looks OK" marc@
- document vfork(2), popen(3) and system(3) don't call atfork handlers
in multithreaded programs. okay jmc@

ok deraadt@

Instead, just return 1 if there is a difference.
Found by lint.
OK millert.

- simplify a macro call (Do/Dc -> Dq)

introduce two new APIs for requesting strong random numbers:
arc4random_buf() - fill an arbitrary memory range with random numbers
arc4random_uniform() - return a uniformly distributed random number
below
a specified upper bound, avoiding the bias that comes from a naive
"arc4random() % upper_bound" construction.
these mirror similarly-named functions in the kernel;
lots of discussion deraadt@ mcbride@

should be good, plus it prevents weird things from happening if
len > INT_MAX.
- Since n is now size_t, compare it against 0 instead of >= 0.
- temp is used to store individual bytes, so use char instead
(matches fp and tp).
- millert noted that the comma operator may not guarantee order of
execution, so replace with semicolons.
Found by lint, OK millert.

cast to make it explicit.
Found by lint, OK millert.

bsd.rd does not overlap the boot code... this problem is starting to
feel familiar.. tested by myself and claudio

bootblocks have been moved, but we want 4.2 to be upgradeable.  So
reduce the footprint of the bsd.rd by shrinking the ramdisk filesystem
because it is way too large.  tested by sthen and kettenis

also adjust the documentation a little bit to decrease confusion about
the check timeout.
From pyr@
ok deraadt@

reference is "HARD" (or "GPS", "UMBG", "UDCF" ... in theory) rather than
"^@^@^@^@"
"why not" henning@

- rdr-anchor "relayd/*": the anchor used by relayd to load
redirections into pf.
- pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to
block icmp, this example proposes to allow it by default.
ok henning@

randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@

but only do the final popfile call after yyparse() is done.
This also fixes config reload on SIGHUP for some daemons.
Spotted by otto@. OK deraadt@

prevents a few "cannot free mem because i need mem to free mem"
scenarios (one found by weingart@). ok weingart@ millert@ miod@

ok espie@, henning@

by code that does not do zero padding. The example code does. Fix.
millert@ ok

ok millert@

pubkey authentication users with the correct file permissions a bit easier.
ok djm krw henning miod and many others

http://www.iana.org/reports/root-aaaa-announcement.html

ok krw@, laurent@

approved by deraadt@, ok thib@

This allows recovery after an IP address change (e.g. on dialup links).
Also move the update of "nextaction" timeout below the deadline check.
OK henning@

taken into consideration for rtsol.
ok reyk@ dlg@

fixes spamlogd with pflogd disabled.
ok henning

has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@

make the installation media's life easier:
- stop using ``Pc'' as a getty terminal type, use std.9600 instead.
- on platforms with multiple virtual consoles (alpha, amd64, i386,
zaurus), console is disabled, various ttyC* are enabled.
- on other platforms, console is enabled, all other devices are
disabled. This only changes armish, mac68k, sgi.
- default terminal for console is unknown on serial-only machines, vt220
on glass-capable machines (questionable, but done for consistency).
- minor whitespace changes.
- glass console forgotten on a couple platforms (luna88k, sparc64, vax).
eyeballed by deraadt@, ok krw@

timeout, either set auto retriggering or start watchdogd(8)...
From Mitja Muzenic.  ok deraadt.

we've found a better solution for chrooted applications.

instead of the generic pthread macros since free(3) uses __arc4_getbyte()
when freeing small sized allocations and the generic pthread macros call
malloc(3).
- eliminate passing pointers to a static variable with global scope (rs)
for additional code clarity and reduction.
- shlib minor bumps for libc and libpthread due to new functions.
From andreas@ with some bits from me. okay tedu@ marc@ w/some spot
checking from millert@

because otherwise the poll timeout will stay at SETTIME_TIMEOUT (15s)
forever unless we time out waiting for the first reply with -s
spotted by Aaron Riekenberg <aaron.riekenberg@gmail.com>