a free chunk at random and may allow to increase delayed chunk array.
ok otto

default and the new 'j' option to disable this; ok jmc@

This is a getaddrinfo() flag that is defined thusly in RFC 3493:
If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be
returned only if an IPv4 address is configured on the local system,
and IPv6 addresses shall be returned only if an IPv6 address is
configured on the local system.  The loopback address is not
considered for this case as valid as a configured address.
For example, when using the DNS, a query for AAAA records should
occur only if the node has at least one IPv6 address configured
(other than IPv6 loopback) and a query for A records should occur
only if the node has at least one IPv4 address configured (other
than the IPv4 loopback).
The flag is set by default when hints is NULL.
ok Eric Faurot, Jason McIntyre

ok miod@

used by npppd.
ok deraadt

the new status=none feature to make dd quiet.
OK halex@

ok miod@

we always junk small chunks now, and the first part of pages,
but only after free. J still does the old thing. j disables everything.
Consider experimental as we evaluate performance in the real world.
ok otto

okay otto@

ok reyk@

Should improve sparc64 and other be archs. ok matthew@ miod@

ok miod@

- use <>

malloc can, as always, be emulated via realloc(NULL).
ok deraadt

ok henning@

ok henning@

ok deraadt@ guenther@

already manually disabled).
ok deraadt@

value to use for the strerror() message as an argument.  Originally from
FreeBSD 3.0
Patch from Steffen Nurpmeso (sdaoden (at) gmail.com) with minor tweaks.

the _* functions outside libc

Like calloc(), except without the cleared-memory gaurantee
ok beck guenther, discussed for more than a year...

From Ben Cornett (ben (at) lantern.is)

ok deraadt@

APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@

very rarely if ever needed any more. we should not trick people into
thinking they are impoving sth doing so, it's rather the opposite
these days.
ok claudio

carp, rpc or nfs traffic in the initial ruleset active during network
startup for a short time (or a much longer time if /etc/pf.conf is
screwed up). ok phessler

non-dangerous use functions is difficult.
ok guenther

but rather figure out the endianness from <machine/endian.h> automagically;
help from guenther@
ok jca@ guenther@ beck@ and the rest of the `Buena SSL rampage club'

are still some 3rd-party code using it, and fixing them is not trivial.
As an excuse gift, the memory leaks on failure in resurrected a_set.c have
been fixed.

ok deraadt

ok deraadt.

"commit the switch now" espie@  "go for it" deraadt@
See the apropos(1) manual for a description of what's new.
On machines where you want the full functionality,
run "sudo makewhatis" and put "MAKEWHATISARGS=' '" into weekly.local(8).
Otherwise, when upgrading via source, run "sudo makewhatis -Q".

supposedly smart compilers from optimizing memory cleanups away. Understood.
Ok, in case of an hypothetically super smart compiler, OPENSSL_cleanse() had
to be convoluted enough for the compiler not to recognize that this was
actually bzero() in disguise. Understood.
But then why there had been optimized assembler versions of OPENSSL_cleanse()
is beyond me. Did someone not trust the C obfuscation?