OK deraadt@ otto@

avoids DNS lookups entirely, but yes this https is correctly validated)
long discussions with otto, florian, and the quad9 crew.

other methods failed to inject/churn the rng enough.  Move it up far earlier.
ok naddy sthen kettenis

ok deraadt@

responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@

from brad@
ok bluhm@ claudio@ deraadt@

ober_add_string.3 and as it was before the ber -> ober rename.

so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt

Diff from eric@ and florian@, commiting on their behalf since they are absent
and we want to ride the minor shlib bump.

OK deraadt@

file to contain two hashes for bsd.mp, and cause later upgrade problems
spotted by afresh1

things and can easily exceed the previous 1.5GB limit.
(obviously, as with amd64, machines with less physical RAM won't cope with
building the largest ports).
ok deraadt phessler millert kettenis

as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects.  ok deraadt

as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@

for enabling devel/jdk/11 there.
okay phessler@

ok jmc millert

machdep.pwraction
ok jmc millert

some cases also the serial console) such that X can use it as its VT
when running without root privileges.
ok jsg@, matthieu@

Prompted by guenther@

violations in system accounting.  This will help to find missbehaving
programs and possible attacks.  The flags bit field is full, so
recycle the PDP-11 compatibility on VAX.  lastcomm(1) prints the
AMAP flag as 'M'.  daily(8) prints a list of affected processes.
OK deraadt@

ok semarie@

prodded by deraadt@
ok kn@ deraadt@ tb@

is no function called md5()
as discussed with jmc

name we want to Xr...
ok jmc

(more unclear is if anything in ports uses this, as our base no longer does)

ok deraadt@ kn@

build in 5 GB of memory. Bump default datasize for pbuild to 6 GB.
ok landry@ ajacoutot@

missed during code scan.

OK claudio@

current ber element.
OK claudio@
Seems sensible to deraadt@

Right now all consumers use 'e' at the end of the list, so no regressions
should be introduced.
OK claudio@
Seems sensible to deraadt@

where ber is utilized. This also allows us to remove the ber->be_next
check, which can cause weird behaviour, because a NULL be_next would result
in parsing the last element twice.
OK claudio@ on previous version
OK rob@

shipeed by default).
OK job@ sthen@ deraadt@

these are public files.
Agreed by deraadt@ (and florian@)

OIDS. This can result in false equality matches.
OK claudio@

OK claudio@
"Good find" deraadt@

approach was not right, and there is still room for improvement.
OK deraadt@