unmapping of freed allocations without disabling chunk randomisation
like the "Freeguard" ('F') option does. Make security 'S' option
use 'U' and not 'F'.
Rationale: guarding with no chunk randomisation is great for debugging
use-after-free, but chunk randomisation offers better defence against
"heap feng shui" style attacks that depend on carefully constructing a
particular heap layout so we should leave this enabled when requesting
security options.

references into a STANDARDS section;

an empty name, NULL pointer, or a name containing an '=' character.
OK millert@, guenther@

in working condition anymore (assuming there would be interest in running on
it).

equal, but it is more correct)
from Michal Mazurek

Okay otto@.
Found by Michal Mazurek <akfaew at jasminek dot net>, thanks!

be included in source files that specify POSIX source.  libutil isn't
a standard POSIX library, but no need to be gratuitously incompatible.
Fixes x11/st.
ok tedu, guenther, kettenis

regress test.

ok deraadt jsing matthew

variants) for URLs, allowing mandoc -Thtml to properly generate links;
(sendmail.8 changes are simply using Lk, which i somehow missed in previous)
ingo reminded me to verify that gnu groff recognises %U: 1.20.1 does not,
but 1.21 does;

ok guenther@

ok deraadt@ tedu@, wording tweaks jmc@

character after the '\0'; ok guenther@

util.h.
ok guenther

param.h symbol reduction.
ok guenther

Pointed out by Joachim Schipper (joachim at joachimschipper.nl)

Based on a note from Steffen Daode Nurpmeso (sdaoden at googlemail.com)
ok jmc@

scanning for free space if the hint isn't available.
also, on further inspection, this will prevent pmap_prefer from "improving"
our hint.

``-upper_bound % upper_bound''.  Simplifies the code and makes it the
same on both ILP32 and LP64 architectures, and also slightly faster on
LP64 architectures by using a 32-bit remainder instead of a 64-bit
remainder.
Pointed out by Jorden Verwer on tech@
ok deraadt; no objections from djm or otto

clear out the entire requested area, not just a perfect fit.  second,
use mquery to check for room to avoid getting an address we don't like
and having to send it back.

in order to span the the entire cache.  second, on free use the same offset
to put things in the cache instead of always starting at zero.
ok otto

overallocating and then releasing unneeded memory pages.
ok otto

ok gilles@

on descriptors, this can be achieved thanks to the new getdtablecount()
system call. application may provide a reserve count to ensure that the
recvmsg() call is not called when they don't have enough descriptors to
work properly.
change the API so that transient errors that can be retried immediately
are retried within the function right away, whereas transient errors for
which the application may want to take action will set errno to EAGAIN.
ok deraadt@ and henning@

Update SYNOPSIS for setkey() to show it's in <stdlib.h>
ok jmc@, millert@

and valloc() are not in the current version, while posix_memalign() mkstemp(),
and mkdtemp() are, and setstate()'s argument has lost a bogus 'const'.
ok millert@ jmc@ espie@ kettenis@; ports build testing by naddy@

/dev/ptm.  Users are strongly encouraged to upgrade to a more recent
release if they haven't already.
ok deraadt

ok deraadt

effective result.  its use is NOT discouraged -- it is not
common, but when you need it, there is nothing else that will do.

explaining of "what a C string is", and make it more clear that these
functiosn BEHAVE EXACTLY LIKE snprintf with "%s"!  (anyone who wants
to write a 'strlcpy considered harmful' paper should probably write a
'strlcpy and snprintf considered harmful' paper instead).
note to those from other projects reading this commit message: It would
be very good if this new manual was picked up in your project.
ok jmc millert krw

ok jmc@

ok millert@

with 0.  Use 1 and not 0 as the first element of the state array,
similar to what glibc does.  OK nicm@

into an bogus pointer error instead of a segfault.
- Document that we use the assumption that a non-MAP_FIXED mmap() with
hint 0 never returns NULL.

the last node is deleted.  Instead, resolve the Coverity warning
by returning (node *)1 when you delete the root node.
based an idea from millert@.  ok otto@

Includes friendly linker warning to wake up those dumb enough to use it.
Committing for kettenis@, who ran away to the hills after writing it

okay millert@