stubs for the executable from crtbegin.o into libc, which lets them be
excluded from static links that don't use them.
For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini
sections for libc aren't called at the right times anyway, so it's good that
they're unused.  libc.so just needs __guard_local and the .note.openbsd.ident
section, so add them to stack_protector.c for now (this will be improved)
"good time" deraadt@

creating the directory /usr/share/nls.  Having a non-existing default
path in catopen(3) does not make sense, so remove it.  If the user
does not specify a NLS path, better fail early than fail because
of an empty directory.  Remove path form hier(7).
OK stsp@ schwarze@ jmc@

OK jsing@

General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms
Other changes:
- No need to care about "autoboot" because netstart doesn't inherit the
positional parameters from /etc/rc anymore. /etc/rc executes netstart
instead of sourcing it since r1.439.
- Use simpler for-loop to process list of interfaces with ifstart.
OK halex@

OK krw@

so servers with numeric IP addresses won't be skipped; ok reyk@

we have ntpctl now and ntpd doesn't need redundant/obsolete features.
Pointed out by naddy@, with input from zhuk@ (SIGINFO doesn't need SIG_IGN)
OK deraadt@

stripcom() output directly with the hostname command.
OK deraadt@ krw@

doesn't get pulled into all static executables
ok millert@ jca@

Wrap __cxa_{atexit,finalize}() so the call from exit() goes direct
Switch regress/lib/libc/atexit/ to be built with -static so that it can
still access __atexit*
ok millert@ jca@

/dev/null.  copy the code from the ntp engine.

are the errno messages and signal names.  Everything else is in
English.  We are not planning to translate more text.  Running a
mixed system with less than 1% of the text in native language makes
no sense.  So remove the NLS support from libc messages.  The
catopen(3) functions stay as they are.
OK stsp@ mpi@

wrappers.  To keep uses from crawling back in, mark signal() as
deprecated inside libc.
ok deraadt@

and pwd_gensalt.c - so remove it from the default /etc/login.conf files as well.
ok millert@

and coping with error conditions... that lets us avoid a pledge "wpath".
Putting it all together, this lets the master ntpd pledge "stdio rpath
inet settime proc id".  It works like this: "rpath" to load the
certificates, "proc" to create constraint processes, "id" to chroot
and lock the constraint processes into a jail, then "inet" to open a
https session.  "settime" is used by the master to manage the system
time when the ntp-speaking engine instructs the master.
with help from naddy

OK dlg@ mpi@

non-sensical.  The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains.  If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.
"listen on * rtable X" is still supported.
Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"
OK deraadt@

SIGINT and SIGQUIT with sigaction() instead of signal() so that all bits
are preserved.
ok deraadt@ millert@

into libc, and move pthread_sigmask() as well (just a trivial wrapper).
This provides consistent handling of SIGTHR between single- and multi-threaded
programs and is a step in the merge of all the libpthread overloads, providing
some ASM and Makefile bits that the other wrappers will need.
ok deraadt@ millert@

ok renato@

OpenSSH requires a 2048 minimum for DH in the client and server.
input and ok sthen@
ok dtucker@, djm@

Move the one useful bit of information contained in the file ("one
user name per line") to the ftpd(8) manual page where it belongs.
OK deraadt@ sthen@

utctime and gentime wrappers accordingly. Along with some other cleanup.
this also removes the need for timegm.
ok bcook@ sthen@ jsing@

OK krw@ halex@

ok aja

and eliminate the now superfluous -D option
ok kettenis@ millert@

ok schwarze@

The file format is so simple that no example is needed.
All relevant documentation is already available
from the proper place, which is the lpd(8) manual.
Consequently, delete the empty file.
OK millert@ dcoppa@ beck@ deraadt@

ok millert

the truncation check immediately following it was not updated to
match.  Not an issue in practice since the buffers are the same
size.  OK deraadt@

This helps the ntp process to a) give a better pledge(2) and to b)
keep the promise of "saving the world again... on time" by removing
the delays that have been introduced by expensive constraint forks.
The new design offers better privsep but introduces a few more imsgs
and runs a little bit more code in the privileged parent.  The
privileged code is minimal, carefully checked, and does not attempt to
"parse" any contents; the forked constraints instantly drop all
privileges and pledge to "stdio inet".
OK beck@ deraadt@

types of functions (perhaps required by 'stdio' or 'libevent' will not
become available unless DNS suceeds.  Replace it with "stdio dns".

ok gilles@

including fork/exec cost, it would be better if constraints were
forked from the master process, which would then tell the ntp
engine.  That would increase accuracy and security.
Lots of conversations with reyk and bcook

"stdio inet".  It took weeks to get to this point...

ok deraadt@