OK semarie@

on arm and m88k
problems with optind observed by jsg@

development of a cargo cult in case people look at existing files
for examples.  This achieves a consistent .Fo and .Fn quoting style
across the whole tree.

MD4 should have been removed a long time ago.  Also, RFC 6150 moved it to
historic in 2011.  Rides the major crank from removing SHA-0.
Discussed with many including beck@, millert@, djm@, sthen@
ok jsing@, input + ok bcook@

SHA-0 was withdrawn shortly after publication 20 years ago and replaced
with SHA-1.  This will require a major crank.
ok bcook@, jsing@

necessary
ok deraadt@ jsing@

Hide __xprt_register() and _authenticate(); truncate <rpc/svc_auth.h>
ok deraadt@

Hide bcrypt_autorounds(), prefixing with an underbar for static builds.

feedback/ok rpe

- run domainname only with a non-empty /etc/defaultdomain file
- Make single-user if-block more intuitive, which also matches
better what the comment actually says
OK halex@, krw@ on a similar diff

verified that they are there via isdigit() so we can convert from
ASCII to an int without using atoi().  OK guenther@ deraadt@

four line function and a tonne of license text.
ok beck@

ok deraadt@ "hurray!  finally!" miod@ "Yay!" sthen@

cpu's specific hardware capabilities users of libcrypto might be interested
in, as an integer value. This deprecates the existing OPENSSL_ia32cap()
macro and the OPENSSL_ia32cap_loc() function (which returns the pointer so
that you can mess with stuff you shouldn't mess with).
Interpreting the value returned by OPENSSL_cpu_caps() is, of course,
machine-dependent.
Minor version bump for libcrypto.
ok beck@ jsing@

The creation of Unix sockets directories in /tmp for X happens right
after pruning /tmp. So the whole dance of checking for their
existence, ownership or permissions is not necessary. It's safe to
just create them with the right permissions if X is installed.
Changes to do_fsck():
Remove the _flags variable and pass flags to fsck directly with "$@".
Feedback and OK halex@
OK krw@ on a similar diff

C standard are all weak.
Apply __{BEGIN,END}_HIDDEN_DECLS to gdtoa{,imp}.h, hiding the
arch-specific __strtorx, __ULtox_D2A, __strtorQ, __ULtoQ_D2A symbols.

and the symbols not in the C standard are weak

Delete unused 'fd' argument from internal function oldttyname()

variables go direct.  (Common variables cannot be aliased.)

at a time, so a second instance of the daemon is required.
OK mikeb stsp ajacoutot

**smaller than /24 allocations**.  Our default ruleset will not allow
those, even though they will be for various pieces of critical dual-stack
infrastructure to help IPv6-only systems survive.
This adds a default rule to allow those blocks.  With it, I see the
RIPE announced test blocks on our AMS-IX peers.
ARIN announced this block and policy at, enjoy
https://www.arin.net/announcements/2014/20140130.html
OK benno@, claudio@, sthen@, florian@

machinery. OpenBSD has never been not ELF on amd64, and changing this will
actually make -portable life slightly easier in the near future.

hostname.if, previously netstart tried to configure them all at once
("ifconfig if0 if1 if2 inet6 autoconf").  From Delan Azabani, ok phessler@

ok deraadt@

wants to use, well.... copy them there.
ok guenther

By default, MSVC's stdlib.h defines min(), so we need to spell out something
less common to avoid picking it up.
ok deraadt@ beck@ miod@

so that we can provide asm labels for the memcpy/memset/__stack_smash_handler
calls that it generates ab initio.  Eliminate direct #includes of it.  Make
sure it's a dependency of all objects (unnecessary for asm, but close enough).
ok deraadt@

jontly with jsing@

ok jsing@

which results in tame() code placements being much more recognizeable.
tame() can be moved to unistd.h and does not need cpp symbols to turn the
bits on and off.  The resulting API is a bit unexpected, but simplifies the
mapping to enabling bits in the kernel substantially.
vague ok's from various including guenther doug semarie

ports scan by sthen@

From Michael McConville