ok deraadt@

with a little help from jmc@ for the man page bits
ok jca@  and a reluctant tedu@

In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@

For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@

chunk rnd), rm P: is default

double unmap and I experienced a much more unstable firefox.
discussed with otto on icb

expensive syscall, and we don't want to tie up other threads. there's no
need to hold the lock, so defer it to afterwards.
from Michael McConville
ok deraadt

for login.conf, and we don't want to go lower.

ok tedu@

ok natano@ millert@ deraadt@

in some cases.  Be consistent and use "dst" everywhere like for
strlcat(3) and strncat(3).  From Tim Kuijsten.

hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis

From Michal Mazurek <akfaew at jasminek dot net>.
OK tedu@

additions and functionality changes.

The getenv(3) and unsetenv(3) functions already support this.
This will make it easier to emulate the glibc clearenv() function in ports.
Based on a diff from and OK jca@

Michael McConville

data isn't necessary.
ok mpi@, ok&tweak natano@

correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung

ok otto@

ok @stefan armani@

in libc's hidden/stdlib.h instead of in each .c file that needs one
ok deraadt@ gsoares@ mpi@

void return types 'return no value'. This is obvious and therefore
unneccessary to mention.
We spare rewind(3)'s sentence because espie@ pointed out that it's a
warning - the function masks a potential error.
This commit also adds a sentence to X509_free clarifying that it's
NULL-safe. This bit was discussed with doug@.
ok martijn@, sentiment supported by schwarze@

about which options are turned on/off by 's' and 'S'
ok tedu

improvements sthen@, jmc@. okay millert@, jca@ jmc@

There is long-standing consensus that err(1, NULL) is the best idiom
after failure of malloc(3) and friends.
Quirk in the manual noticed by tb@.

David CARLIER

The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval

the examples.
Diff from Juuso Lapinlampi < wub () partyvan ! eu >, thanks!
ok schwarze@

Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@

validate_junk. from Michal Mazurek

ok and slight improvement, mmcco@
ok semarie@ and encouragement tedu@ krw@

ok and valuable input from millert@

if the data is needed.  Use O_CLOEXEC on the internal fd as MT paranoia.
Fix cast in offset calculation; delete register keyword;
prefer memset() over bzero()
ok millert@

ok tedu@

This is slightly less robust, but RAND_MAX must be one below a power
of two in both variants anyway.
Based on a suggestion by Matthew Martin.
ok tedu@

ok jsing@, deraadt@, beck@