This allows running several instances of the same rc.d(8) script by just
linking it to different name.
e.g.
ln -s ftpproxy ftpproxy6
echo 'ftpproxy6_flags=-6' >>/etc/rc.conf.local
This is likely to break some rc.d scripts in ports. I will try and fix them all
in the next few days but I'd appreciate reports if I missed some.
ok halex@

This is necessary so that rc.d scripts launched with `-f' can be properly
stopped, checked and reloaded.
ok schwarze@

The man page was already correct.

ok gilles claudio doug

the public key.
prodded by semarie@
ok sthen@

/var/nsd/etc/nsd.conf (may contain a key)
/var/unbound/db/root.key (fix path as well)
from Tim van der Molen
ok millert@ sthen@

henning@ "sure"

bcook@ notes that this check really only impacted 64-bit Windows.  Also,
changed the check to be unsigned for consistency.
ok bcook@

consistent with the behavior of the other libc sort functions.
OK deraadt@

ok miod@ jsing@

ok deraadt@ jsing@ miod@

when we can just make spanp const char * to match it.  OK deraadt@

We do not build, test or ship any dynamic engines, so we can remove the dynamic
engine loader as well. This leaves a stub initialization function in its place.
ok beck@, reyk@, miod@

login class.

This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.

Fix one occurence in imsg_flush() and clarify it the man page.
Discussed with at least blambert@ jsg@ yasuoka@.
OK gilles@

ok jmatthew@ miod@

"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler

is non-portable.  Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

Add a miniroot for the CuBox-i which needs u-boot at a particular
offset in the sd image to boot.  Based on changes made by Patrick
Wildt in bitrig.

if this happens, we want to tear down all of ntpd, so that people will
report it, any such bug can be found, and fixed.
ok bcook

owner and group.  Reported by Mark Patruck.  ok deraadt@ miod@

ok bcook

usr.bin/ssh/moduli-gen.

handler.  It is run in a chroot, so tzset() wouldn't even succeed to
open the zone file.  Found with tame.
OK deraadt@

prototype to match other prototypes in the file.  OK guenther@ deraadt@

henning@ 9 years ago because of an issue with the /dev/hotplug device
- it does not support multiple readers opening it.  Nobody ever cared
enough to fix it so it is time to sent the dead code to the Attic.
OK henning@ (feeling sad about it), mpi@ and others

conflicting symbols we can combine the configs.
Multiple umg files are still required however.  The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.

instead of calling the SIOCGIFRDOMAIN ioctl for every single address.
OK deraadt@

Similiar changes were made in bitrig by Patrick Wildt.
As part of this change the physical load address for imx and sunxi have
changed.  Any u-boot settings that include it will need to be modified.
imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000
Tested by bmercer, canacar and myself.
ok bmercer@

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@

discussed by deraadt@

of being wrong, not the NTP responses, reset it and query it from all
the constraint servers all over again.  This is turned out to be a bit
aggressive because it could get triggered with just a few bad NTP
peers in a larger pool.  To avoid constant reconnections, scale the
error margin with the number of resolved NTP peers using peer_cnt * 4.
This way a single or a few outliers in a NTP pool cannot trigger
reconnecting to the constraint servers immediately.  More NTP peers,
less reason to mistrust the constraint.
Found by dtucker@
OK deraadt@