bootblocks have been moved, but we want 4.2 to be upgradeable.  So
reduce the footprint of the bsd.rd by shrinking the ramdisk filesystem
because it is way too large.  tested by sthen and kettenis

also adjust the documentation a little bit to decrease confusion about
the check timeout.
From pyr@
ok deraadt@

reference is "HARD" (or "GPS", "UMBG", "UDCF" ... in theory) rather than
"^@^@^@^@"
"why not" henning@

- rdr-anchor "relayd/*": the anchor used by relayd to load
redirections into pf.
- pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to
block icmp, this example proposes to allow it by default.
ok henning@

randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@

but only do the final popfile call after yyparse() is done.
This also fixes config reload on SIGHUP for some daemons.
Spotted by otto@. OK deraadt@

prevents a few "cannot free mem because i need mem to free mem"
scenarios (one found by weingart@). ok weingart@ millert@ miod@

ok espie@, henning@

by code that does not do zero padding. The example code does. Fix.
millert@ ok

ok millert@

pubkey authentication users with the correct file permissions a bit easier.
ok djm krw henning miod and many others

http://www.iana.org/reports/root-aaaa-announcement.html

ok krw@, laurent@

approved by deraadt@, ok thib@

This allows recovery after an IP address change (e.g. on dialup links).
Also move the update of "nextaction" timeout below the deadline check.
OK henning@

taken into consideration for rtsol.
ok reyk@ dlg@

fixes spamlogd with pflogd disabled.
ok henning

has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@

make the installation media's life easier:
- stop using ``Pc'' as a getty terminal type, use std.9600 instead.
- on platforms with multiple virtual consoles (alpha, amd64, i386,
zaurus), console is disabled, various ttyC* are enabled.
- on other platforms, console is enabled, all other devices are
disabled. This only changes armish, mac68k, sgi.
- default terminal for console is unknown on serial-only machines, vt220
on glass-capable machines (questionable, but done for consistency).
- minor whitespace changes.
- glass console forgotten on a couple platforms (luna88k, sparc64, vax).
eyeballed by deraadt@, ok krw@

timeout, either set auto retriggering or start watchdogd(8)...
From Mitja Muzenic.  ok deraadt.

we've found a better solution for chrooted applications.

instead of the generic pthread macros since free(3) uses __arc4_getbyte()
when freeing small sized allocations and the generic pthread macros call
malloc(3).
- eliminate passing pointers to a static variable with global scope (rs)
for additional code clarity and reduction.
- shlib minor bumps for libc and libpthread due to new functions.
From andreas@ with some bits from me. okay tedu@ marc@ w/some spot
checking from millert@

because otherwise the poll timeout will stay at SETTIME_TIMEOUT (15s)
forever unless we time out waiting for the first reply with -s
spotted by Aaron Riekenberg <aaron.riekenberg@gmail.com>

also add "(no drift file)" to the adjfreq log message on failure;
ok henning@

ok jsing@ miod@

replace IPv4 and IPv6 loopback zones with BIND's autogenerated empty zones.
move root.hint to /var/named/etc
remove empty directory /var/named/standard

and graphical console based on the selection made in the ARCBIOS.
Early attachment of gbe(4) is still required, otherwise we have a working
graphical console.
ok miod@

From Daniel Ouellet (daniel at presscom dot net)

to use "protocol foo" without defining a type).

the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@