ok sthen@

server and radiusctl(8) is to control the server.  radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.
fixes from jsg blambert
ok deraadt

ok deraadt

able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".
Idea from and OK halex@
OK deraadt@ krw@ guenther@

any of the other interfaces.
OK deraadt, phessler, benno

to get the network related vars from rc.conf. This is even necessary
if netstart is run from within /etc/rc. Remove test of $INRC which
unintentionally evaluated always to true.
problem with previous change found by nigel@
OK sthen@ aja@ halex@

control-enable is used, our standard configuration is using unix domain sockets
without certs. existing setups with already-created certificates are ok, if
somebody needs remote+certs they can generate keys themself. ok florian@

keys/certificates for auth. ok florian@

It introduced a regression reported by nigel@

OK halex@ krw@

inside /etc/rc.
With help from and OK halex@, ajacoutot@

OK krw@ halex@

- no space in redirections like </foo or >$bar
- few other minor whitespaces
OK krw@

- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80
OK krw@

multi-user builds. Discussed with espie, ajacoutot, ok deraadt

ok tedu@ rep@

/etc/examples/ntpd.conf
ok deraadt@ benno@ schwarze@

ok halex@

This allows running several instances of the same rc.d(8) script by just
linking it to different name.
e.g.
ln -s ftpproxy ftpproxy6
echo 'ftpproxy6_flags=-6' >>/etc/rc.conf.local
This is likely to break some rc.d scripts in ports. I will try and fix them all
in the next few days but I'd appreciate reports if I missed some.
ok halex@

This is necessary so that rc.d scripts launched with `-f' can be properly
stopped, checked and reloaded.
ok schwarze@

the public key.
prodded by semarie@
ok sthen@

/var/nsd/etc/nsd.conf (may contain a key)
/var/unbound/db/root.key (fix path as well)
from Tim van der Molen
ok millert@ sthen@

login class.

ok jmatthew@ miod@

"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler

Add a miniroot for the CuBox-i which needs u-boot at a particular
offset in the sd image to boot.  Based on changes made by Patrick
Wildt in bitrig.

owner and group.  Reported by Mark Patruck.  ok deraadt@ miod@

usr.bin/ssh/moduli-gen.

conflicting symbols we can combine the configs.
Multiple umg files are still required however.  The bsd.umg target in
the kernel is replaced by targets for bsd.IMX.umg, bsd.OMAP.umg and
bsd.SUNXI.umg.

Similiar changes were made in bitrig by Patrick Wildt.
As part of this change the physical load address for imx and sunxi have
changed.  Any u-boot settings that include it will need to be modified.
imx: 0x10800000 -> 0x10300000
sunxi: 0x40800000 -> 0x40300000
Tested by bmercer, canacar and myself.
ok bmercer@

divert-to has many advantages over rdr-to for proxies.  For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to.  spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@