changing timestamps we can track it in /etc/changelist.
OK sthen

correctly itself now. At leat considering the end of life times of
OpenBSD releases and the speed at which the root key signing key (KSK)
rolls.
On the other hand, unbound-anchor assumes a certain network quality
which we cannot guarantee in places where we want to run unwind(8).
This in turn can lead to unbound-anchor stalling the boot process.

Note that unwind(8) works without a config file in many (most?) cases.
This provides an example on how to use the captive portal detection
feature.
Input benno
Input & OK sthen

could be useful in ports.
initial diff by David Carlier some time ago.
ok jca

This requires a libc major version bump.  OK deraadt@

ok florian@

ok deraadt@ florian@

re-commit now that snapshots are over the bump.
OK deraadt

found the hard way by deraadt

ok deraadt@, visa@

suggested by and ok deraadt@ ("I think we never hang there anymore")

the wrong idiom. ok tedu@ but probably needs some tweakin

Actually specify whether the certificate is not yet valid or has expired,
and log the actual time values to hopefully save some head scratching.
ok deraadt@ tb@

Spotted by tb@
ok deraadt@ tb@

Given that we're getting a constraint so that we can validate time, if our
own time is out we can fail the automatic validity checking since it is
based on the wallclock. Instead, disable the automatic validity checking
and perform manual checks based on the time reported from the server via
the HTTP header.
Discussed at length with and ok deraadt@

macros with spaces in them. With and OK ajacoutot

anything larger than an int. ok jca@ rsadowski@

sure pexp matches the process (i.e. doesn't include the quotes).
It's a bit hackish but it allows things like these in rc.conf.local:
relayd_flags=-D IPS="1.2.3.4 2.3.4.5"
And we properly end up with...
$ grep ^pexp /var/run/rc.d/relayd
pexp=/usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
... which matches what is in the process list:
root     14217  <snip>    0:00.01 /usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
There's always the possibility that we have introduced a regressions with hand
crafted functions in rc.d scripts (mostly from packags), so watch out.
reported by and debugged with claudio@

ok tedu@

ok deraadt@ tedu@

ok deraadt@ claudio@

* mention LC_COLLATE;
* clarify that all these functions are infested, including the *_l() versions;
* avoid ENVIRONMENT, these functions don't inspect it;
* and point to the C library functions that change the locale.
OK millert@

clearly stating which arguments have to be avoided, and mention the
header files defining the constants required for the checks.
Feedback and OK guenther@, OK bluhm@.

CAVEATS pointing to the new CAVEATS section in setlocale(3).
Make those in wprintf(3) and wscanf(3) more concise
since duplicate information is a bad idea.
Incompleteness of information originally pointed out by millert@.
OK millert@

work with our old code.  In fmt_scaled() move the check before
calling llabs().
found by regress/lib/libutil/fmt_scaled; OK deraadt@ millert@ tedu@

This brings over the logic from bgpd & ospfd.
Input & OK deraadt

Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@

Many arm64 systems use device trees instead of ACPI and acpidump is
expectected to fail on those systems.  And vmm(4) doesn't provide ACPI
information either.
ok deraadt@

by me and others indicate that it is the optimum.

making the number of pools variable.  Do not document the malloc
conf settings atm, don't know yet if they will stay.  Thanks to all
the testers. ok deraadt@