ok jsing@ phessler@ naddy@

ok robert@

discussed with schwarze@

ok aja@

OK jasper

ok deraadt miod

ok miod@

egress group only works if you have a default route; this confused
some people.

from this case where we have a static buffer and cant realloc.
ok phessler, claudio, reyk

use global data. The simplest fix is to only check blowfish passwords,
and implicitly lock out DES passwords.
crypt_checkpass is currently only used in one place, passwd, to verify
the local user's password, so this is probably acceptable.
Gives people a little more time to migrate away from DES before introduing
checkpass into more places.

OK deraadt@ some time ago

ramdisk libc builds.  there has to be a better way without #ifdef's
in gross places, but I don't see it yet.

no objection from deraadt@

naddy found sparc64 gets a little slower when unrolled.
ok deraadt

when it's really old. but no actual ports fallout in espie's build.
ok deraadt

update SYNOPSIS and DESCRIPTION and add STANDARDS

reflect reality.
OK benno@

effectively disabled support for the SSL protocols.  SSL remains a
common term describing SSL/TLS, there is some controvery about this
change, and the name really doesn't matter, but I feel confident about
it now.
(btw., sthen@ pointed out some historical context:
http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html)
OK benno@, with input from tedu@

rewrite the function to be simpler as well. the compiler can unroll the
loop for us if necessary.
ok schwarze

It may take a few iterations to get the tone right.
previously discussed with millert

the same thingies.  Therefore these "lists of functions" man pages can go
away.
Hurray!  I've wanted these pages to die for around 10 years!
ok ingo (and i think jmc)

we already used it by default for man(1) before.
While here, fix the order of Xenocara and ports.
ok millert@ sthen@

observed by jonas termansen

to returning strong random by default, source from arc4random(3).
Parameters to the seeding functions are ignored, and the subsystems remain
in strong random mode.  If you wish the standardized deterministic mode,
call srand_deterministic(), srandom_determistic(), srand48_deterministic(),
seed48_deterministic() or lcong48_deterministic() instead.
The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are
unaffected by this change and remain in deterministic mode (for now).
Verified as a good roadmap forward by auditing 8800 pieces of software.
Roughly 60 pieces of software will need adaptation to request the
deterministic mode.
Violates POSIX and C89, which violate best practice in this century.
ok guenther tedu millert