ok deraadt@

Also fix a signed vs. unsigned issue while I am at it.
Found by Jim Geovedi.  OK deraadt@

doesn't blow up.  This is a hack but is better than compiling sha1.c
with -O0 on sparc64.  From NetBSD (mrg).
deraadt@ OK

o Add __BEGIN_DECLS/__END_DECLS to include files
o Safe macros
o Remove useless variable assignment in the End function of *hl.c
o Some minor KNF, needs more
From Dan Weeks

it is not the fist character of optstring (since that would conflict
with GNU semantics).
Update the bit on "W;" within optstring when called as getopt (not
getopt_long) to current reality.

in optstring.  Problem noticed by Theo.

of optstring to avoid a semantic conflict with GNU getopt.

return -1 like POSIX requires.

This is used by a few programs such as man and su.

as shortcuts for long ones, but only if this would not conflict with
a short option in optstring.  Now binutils gas works.

We don't want to use the sysctl() by default since we are reading more
than just a few bytes of entropy when setting up the state.

o Check for long options even when not at the beginning of an option.
For instance, if -a is a short option w/o an arg and -static is a
boolean long option then -astatic is valid for getopt_long_only().
o If a potential long argument does not match longopts and the first
character is not a short option, print a warning and skip the rest
of the argument.
Also clean up some trailing whitespace and change return value of
parse_long_options() from -2 to -1 when unmatched and in long_only mode.
With these fixes the binutils ld seems happy with our getopt_long_only()

is in optstring.

In order for getopt_only_only() to work we need to check for long
options before short ones.  I have merged getopt_internal and
getopt_long_internal into a single function with the actual long
args parsing broken out into a separate function.
This also simplifies the flow of control.

getopt_long_only().  At some point this should replace the BSD
getopt(3) but we are not there yet.
While I am here add protection from the multiple getopt() definitions
due to conflicting standards.

now build libraries with propolice enabled.  Without this, existing
binaries (such as ports/packages) that link with any system library
other than libc will fail with an undefined symbol of "___guard"
(__guard on ELF).
Pointed out by markus@ and discussed with deraadt@

STDERR_FILENO instead of 2.
OK millert@

similar to the atexit handlers. Idea and help deraadt@, ok deraadt@

malloc.c gets the first mmap() call (since it depends on that, for its
sbrk(0) use). ok deraadt@

first.

help get this right.

function pointers from the outside will segfault. Idea, hints and feedback
from deraadt. ok deraadt.

Noticed by deraadt@

aliases to fake up strtou?q().  espie@ OK.

that the first char in the line is not NUL after killing comments.

field separators as empty field.  This is not what we want for
whitespace-delimited fields.