checks for the correct mode/ownership.
prodded by ajacoutot@

/root/.ssh/authorized_keys file with correct permissions (0600 for the
file, 0700 for /root/.ssh dir). Since we encourage administrators to use
public keys only if they want to access root account via ssh, might
aswell make it easier, this will be particularly useful in
managed/provisioned environments (think ansible & others).
Note that administrators might get an e-mail from security(8) if the
file suddenly appears after an update - this is of course expected :)
ok tb@ sthen@ rpe@ ajacoutot@

raising openfiles-cur above the implicit -max value (1024 on at least the
common arch) results in the setting not being applied at all.
Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about
openfiles= from millert@ - changes in this version are to use 1024 for -max
rather than 512 to avoid changing the existing hard limit, and just use
openfiles= for bgpd/unbound where max and cur are the same value.

<arpa/inet.h> needs to provide uint16_t and uint32_t.
ok millert@ krw@ naddy@

<netinet/in.h> and <arpa/inet.h>
ok and ports test naddy@ (thanks!)
ok krw@ beck@ millert@

OK tb@

half a page and a page. ok jmatthew@ tb@

ok patrick@

ok deraadt@ rpe@

right before building kernels. This should unbreak 'make release' for
people having this setting.
ok deraadt

give a sensible example for the domain {} section.
ok florian

allocation to the size of the new allocation (instead of the requested size).
2. Previously realloc takes the easy way and always reallocates if C is
active. This commit fixes by carefully updating the recorded requested
size in all cases, and writing the canary bytes in the proper location
after reallocating.
3. Introduce defines to test if MALLOC_MOVE should be done and to
compute the new value.

and verify patches.
discussed with deraadt@ rpe@
ok deraadt@

This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)

TAILQ_FOREACH().
No intentional functional change.
ok reyk@

so it is safe calling log_* after an error without loosing the it.

ok millert@

This is a remnant from the original 4.4BSD code that had 'a' as
void * in the function args.  No binary change.  OK bluhm@

"No problem" deraadt@

net/uucp and net/uucpd don't log to syslog.  Discussed with jmc@

This should cut the amount of spam received by mlarkin.  If you need
this alias, just set it up.  Prompted by a mail from tb@

OK visa@

the interface pointed to by the default route.
Since the kernel no longer keep routes with dangling address pointer,
netstart(8) has to re-add the default route when the corresponding ifa
has been deleted and re-created.
deraadt@ points out that even if the previous semantic was not necessarily
better, a script like netstart(8) cannot totally fix the default route
problem.
Regression reported by and fix tested by Hrvoje Popovski.
ksh foo checked by halex@

using the heap.
ok bcook@

variables that were also never used
OK otto@

allows to build xenocara with extra options in malloc.conf.
OK deraadt@

help, testing & ok rpe

to /usr/src or /usr/xenocara.
Change /usr/{,x}obj to owner build:wobj with mode 770 and install the
systemwide makefiles before starting a build.  The root of the noperm fs
containing DESTDIR should also be owned by build:wobj.
Developers will need to add their users to group wobj to be able to write
to /usr/{,x}obj/.
"push forward" deraadt; testing, input & ok rpe

defaults for building the system from source.
ok deraadt

issue reported by scott cheloha
ok otto

Proposed some time ago by tedu@, builk build by ajacoutot@

OK tb@

flag to chown to change the symlinks themselves instead of their targets.
Also change permissions of all symlinks, so they don't depend on the umask
during make build.
ok millert

The installer will create these directories during install.
So local setups will not get overwritten during upgrades.
idea from and OK deraadt@
with help from and OK tb@
feedback from and no objections halex@