often space-constrained /var filesystem was a historical mistake.  There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many

does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)

ok robert@ sthen@

troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@

No yyerror() calls needed to be changed.
ok bluhm@

CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song <dongsheng.song@gmail.com>

engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

This functionality was already available (and optional), and used in the
bowels of the ASN.1 code. This exposes it as a public interface, which will
be used by the upcoming GOST code.
Crank libcrypto minor version.
From Dmitry Eremin-Solenikov.

This is easier to understand and fixes a bug where the "-type d -prune"
was misplaced as noticed by pirofti@.  OK deraadt@

format string, create a temporary message.
OK claudio@

The FreeBSD-native arc4random_buf implementation falls back to weak sources of
entropy if the sysctl fails. Remove these dangerous fallbacks by overriding
locally.
Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with pthread_atfork()
simply fail silently. So, it is not always possible to detect a PID wraparound.
I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation.
Tested on FreeBSD 9 and 10.

distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.

don't want to give people the idea that this is non-portable (it
has been present since C89).  OK deraadt@ schwarze@

(Both NetBSD and FreeBSD provide these prototypes)
ok millert@

ok millert@

Suggested by millert@ and schwarze@.
OK schwarze@, millert@

ok deraadt@

relevant example snippet in the relayd.conf(5) man page.
Change the default SSL protocols in the example file/man page to
"no tlsv1.0" (suggested by sthen@), which will enable the TLSv1.1
and TLSv1.2 protocols only.
feedback/ok jsing@ reyk@ sthen@

Remove excessive technicalities on zero-sized objects as suggested by deraadt@.
contributions and ok deraadt@, ok jmc@ on an earlier version

and fix two instances of "new sentence, new line" while here
feedback and ok jmc@, ok doug@

The old man page had a lot of useful information, but it was all mixed
together which made it difficult to reference.  The main theme in this
commit is that the sections are more focused:
* DESCRIPTION describes the overall behavior
* RETURN VALUES describes what it may return (including implementation
defined values)
* EXAMPLES shows why we recently started an audit on malloc and realloc
usage in the tree.
* Added CAVEATS which describes what is implementation defined, gotchas
and security implications of misusing these functions
* Added IDIOMS which describes how these functions should or
should not be used
The MALLOC_OPTIONS section was left unchanged.  Function names were
added to DIAGNOSTICS and STANDARDS.  The MALLOC_OPTIONS and DIAGNOSTICS
sections were pushed down in the page so more pertinent information is
higher up.
This has gone through several revisions thanks to input from deraadt@
and schwarze@.  Ingo also helped with some of the mandoc formatting.
OK schwarze@ (as far as it is a good starting point and the code
snippets look ok)

millert@ made changes to realpath.c based on FreeBSD's version.  I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@

ok dcoppa@ deraadt@

ok tedu@

not all versions of <linux/random.h> include <linux/types.h> by default

i looked a bit closer and found instances before Reno, so correct HISTORY.
References:
http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.1cBSD/usr/src/ucb/dbx/defs.h
http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD/usr/src/etc/inetd.c
http://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD-Reno/src/lib/libc/string/strdup.c
ok deraadt@

in case something wants to create massive amounts of environment, like
a bit more than 1/4 of a 32-bit address space.  unrealistic -- but why
audit one code path, and not treat others the same?  then you have to
re-engage everytime you see the code.  read the news, that isn't what
developers do.  At least if the code paths look the same, there is hope,
because they are easier to verify for correctness.  developers need
to give other developers a chance to want to care.

for free, FREE, FREEEEE
ok doug

output because it may end up just calling 'ifconfig $if'. This needs
to be done better and properly tested.

fixed.

cases and breaks TLS 1.2; crank libcrypto.so minor version out of safety and
to be able to tell broken versions apart easily.

This explanation is based off of Ted's site.  Also, fix a comment from
the SHA-1 version.
ok tedu@

avoiding annoying delays for some switch configurations
ok claudio@ deraadt@
i would add ok phessler@, but it was not valid without an ok krw@

by first changing to $DESTDIR and then simply piping to xargs.
OK deraadt@

ok matthieu@ miod@

ok matthieu@

version with zero args, so it should only be visible if __BSD_VISIBLE
(and not also for __XPG_VISIBLE).  Contrawise, readlink() has been
part of base POSIX since 1995, so move to proper #if area for that.
Move crypt_checkpass() to the pure-BSD section of the file.
setpgrp() issue noted by Matti Karnaattu (mkarnaattu (at) gmail.com)
ok millert@