it available during a regular install or upgrade so that it doesn't
need to be independently fetched.
Idea, directions and OK deraadt@
Feedback and Ok halex@ and aja@

included in httpd.conf.  httpd(8) now supports both mime.types
flavours with or without semicolon at the end of the line (nginx- or
apache-style).
Discussed with many, with input from halex@
OK halex@

ok reyk@

concept ok deraadt@
diff looks ok tedu@

ok schwarze@

ok schwarze@

none are set.
initial patch from me but reworked by schwarze@
ok schwarze@

calling instead of all flags which makes it very difficult to see the
information we actually need.
ok schwarze@ robert@

(someone should really sit down and flesh out the examples)

a proper & complete bind port will show up.
discussed with many for years

in rc.conf and the behaviour of the backwards compatibility
code in rc.subr for nfs_server=YES.
ok ajacoutot@

ok schwarze@

to hold the malloc lock across mmap syscalls in all cases. dropping it
allows another thread to access the existing chunk cache if necessary.
could be improved to be a bit more aggressive, but i've been testing this
simple diff for some time now with good results.

Committing early to make sure we have time to fix any side-effect.
ok deraadt@

(ok or failed) like we do with all other actions.
ok jung@ rpe@

like the sysctl path

This enables support for the new getrandom(2) syscall in Linux 3.17.
If the call exists and fails, return a failure in getentropy(2) emulation as
well. This adds a EINTR check in case the urandom pool is not initialized.
Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04
ok deraadt@

circular lists.  Amazingly, they managed to extend the requirements to no
longer match the behavior of the VAX instructions they were modeled after,
so the trivial VAX ASM versions have to go.  Nice job breaking it, X/Open!
Based on a diff from enh (at) google.com
ok miod@

on it, simplifying error checking, reducing system calls, and improving
thread-safety for libraries.
ok miod@

case of failing to map the 2nd object.
found by Paul Maurers

ok kili@

if it's invoked without parameters. It's simpler than adding adding
/etc/rc.conf and /etc/rc.conf.local parameters whereever _rc_parse_conf
is used (e.g. /etc/rc and /etc/netstart).
While here, replace a
for foo in "$@"; do something; done
by
for foo; do something; done
ok aja@

Most assembly blocks remain inactive if OPENSSL_NO_ASM is not defined,
only enabling inline assembly, but the RSA / RC4-5 blocks (used only in
amd64 systems) turn on implicitly. Guard these two as well.
This simplifies enabling just inline ASM in portable, no effective
change in OpenBSD.

ok robert@

diff from frantisek holop (minusf (at) obiit.org)

with the ssl options.
"listen on $ip port 443 ssl" turns into "listen on $ip ssl port 443".
ok florian@

max requests (per connection) and timeout.  We don't want to add too
many button, and there are good defaults, but these ones are kind of
mandatory.

that you don't have to push all kinds of buttons to run httpd.

OK ajacoutot@ halex@

up with a confusing output like:
multicast_host      >NO<
<...>
multicast_host      >YES<
Also properly evaluate values _after_ running _rc_quirks() because these
can modify flags.
ok robert@ halex@

servers, for example auto index for a sub-directory only.  Internally,
a "location" is just a special type of a "virtual" server.

The option "directory auto index" implements basic directory listing
and is turned off by default.
ok deraadt@

the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.
The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)

ok ajacoutot@ benno@