Problem noticed by bluhm@. Discussed on hackers.
ok claudio@

ok jmc@, schwarze@

and remove the lie that these functions would set errno;
tweaks and OK jmc@; OK rob@ on the previous version

Discussed with schwarze and jmc. ok schwarze

OK rob@

Discussed with and ok jmc@, schwarze@, claudio@

ok claudio@

ok claudio@

Discussed with claudio@ and tedu@.

boolean has a contents length other than 1.
ok claudio@

"sure" claudio@

which is reserved for future use.
ok claudio@

snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@

reported by Fabio Scotoni <fabio at esse dot ch>;
also garbage collect one .Tn while here

ok deraadt@ claudio@

work with our old code.  In fmt_scaled() move the check before
calling llabs().
found by regress/lib/libutil/fmt_scaled; OK deraadt@ millert@ tedu@

ok nicm

This variable is only used in the parent context so there is no issue.
ok kettenis

to control which symbols are exported from the shared library.
ok guenther@, deraadt@, jca@

to separate the open(/dev/ptm) from the ioctl(PTMGET) for privilege
separation or pledge().
Based on a diff from reyk@.
ok deraadt millert

In our privsep model, imsg is often used to transport sensitive
information between processes.  But a process might free an imsg, and
reuse the memory for a different thing.  iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.
OK deraadt@ jsing@ claudio@

more portable. Add stdint.h to the headers in imsg_init(3).
No objections from millert@.

the standard realloc*() functions can leave behind.  imsg buffers are
sometimes used in protocol stacks which require some secrecy, and layering
violations would be needed to resolve this issue otherwise.
Discussed with many.

on additions.  This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error).  ok millert@

ok djm@ millert@

ok deraadt@ djm@

using AFL against ssh_config. ok deraadt@ millert@

error cases for -1 and 0 explicitly (it initially only checked for -1,
I updated it to also check for 0, and rzalamena@ figured out that 0
has to be checked in a differently).
OK millert@ rzalamena@

ok krw@ millert@

ok jca@ krw@

ok deraadt@

remove some references to differences between versions 6 and 7.
ok jmc, millert, tedu

correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung