(potentially) MD versions (function dependent, not filename dependent)
split out memcpy/memmove/bcopy and strchr/index/strrchr/rindex
Bring back amd64 .S versions
And the final touch: switch all architectures temporarily to MI
memcpy.c, which contains syslog + abort for overlapping copies.  A nice
harsh undefined behaviour.  We will clean the entire userland of the
remaining issues in this catagory, then switch to the optimised memcpy
which skips the memmove check.
I tried to cut this change into pieces, but testing each sub-step on
every architecture is too time consuming and mindnumbing.
ok miod

Requested by deraadt.

Remove the bug about rand() being faster.
Add a bug about historical implementations seeding very poorly.

the same text from random.3.

entries.

better to find one instead of continuing to mangle this mess.

only doing what's needed for crypt_hashpass. sigh.

write out a hash. also simplify writing out the hash.

ok deraadt

for quite some time.  Mop up the last few, by using /dev/random where we
actually want it, or not even mentioning arandom where it is irrelevant.

ok tedu@ on a previous version

ok tedu@

pwd_gensalt origins, but a string argument works equally work and is more
friendly to consumers beyond local user accounts.
ok deraadt

Makefile.inc (i.e. landisk and m88k)

Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@

Would be nice to document when/where this originated (in glibc?) if
anyone knows...
tweaks by schwarze@
ok jmc@ espie@ kettenis@ schwarze@ dimitry(at)google.com

login_cap_t lives and i don't want to forward declare it in unistd.h

libcrypto minor bump.

There used to be a strong reluctance to provide this cipher in LibreSSL in the
past, because the licence terms under which Cammelia was released by NTT were
free-but-not-in-the-corners, by restricting the right to modify the source
code, as well retaining the right to enforce their patents against anyone
in the future.
However, as stated in http://www.ntt.co.jp/news/news06e/0604/060413a.html ,
NTT changed its mind and made this code truly free. We only wish there had
been more visibility of this, for we could have had enabled Cammelia
earlier (-:
Licence change noticed by deraadt@. General agreement from the usual LibreSSL
suspects.
Crank libcrypto.so minor version due to the added symbols.

often space-constrained /var filesystem was a historical mistake.  There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many

does most of the work pwd_gensalt did, but also creates the hash.
(unused yet)

ok robert@ sthen@

troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@

No yyerror() calls needed to be changed.
ok bluhm@

CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song <dongsheng.song@gmail.com>

engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.
This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.
None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

This functionality was already available (and optional), and used in the
bowels of the ASN.1 code. This exposes it as a public interface, which will
be used by the upcoming GOST code.
Crank libcrypto minor version.
From Dmitry Eremin-Solenikov.

This is easier to understand and fixes a bug where the "-type d -prune"
was misplaced as noticed by pirofti@.  OK deraadt@

format string, create a temporary message.
OK claudio@

The FreeBSD-native arc4random_buf implementation falls back to weak sources of
entropy if the sysctl fails. Remove these dangerous fallbacks by overriding
locally.
Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with pthread_atfork()
simply fail silently. So, it is not always possible to detect a PID wraparound.
I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation.
Tested on FreeBSD 9 and 10.

distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.

don't want to give people the idea that this is non-portable (it
has been present since C89).  OK deraadt@ schwarze@

(Both NetBSD and FreeBSD provide these prototypes)
ok millert@

ok millert@

Suggested by millert@ and schwarze@.
OK schwarze@, millert@