Remove machdep.userldt sysctl.
Remove i386_[gs]et_ldt syscall stub from libi386.
Remove i386_[gs]et_ldt regression test.
ok mlarkin@ millert@ guenther@

emulations left; ok millert@ deraadt@, jmc@ (man pages)

about which options are turned on/off by 's' and 'S'
ok tedu

creation of maillog as part of the distribution-etc-root-var target
was missed.  From Nathanael Rensen

titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@,
missed in previous commit noticed after re-checking following report in bgpd.

titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@,
missed in previous commit, problem reported by mxb/alumni/chalmers/se.

improvements sthen@, jmc@. okay millert@, jca@ jmc@

There is long-standing consensus that err(1, NULL) is the best idiom
after failure of malloc(3) and friends.
Quirk in the manual noticed by tb@.

warnings with newer gcc versions and -Werror=unused-value.
OK guenther@

titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

Based on an original idea and a different patch from landry@.
OK jung@ zhuk@ landry@
krw@ agreed to the general idea

process management of the contraint processes has been moved from ntp
to the parent, for better privsep and pledge, but the ntp process
still attempted to kill the constraints on timeout directly.  Fix this
regression by introducing a new imsg from ntp to the parent and the
related logic to kill a constraint at the right place.
Reported & tested by bcook@
Ok bcook@

ok reyk@

Positive feedback and/or OKs from benno millert jcs aja jasper

Needed for the key-value interface that has been added to pvbus(4).
OK mikeb@

David CARLIER

POSIX used to specify those declarations, but later removed them.
ok guenther@

actually remove this header. It was originally added for ports, which is
malloc.h-free now.
additional ports bulk by aja@
ok bently@ dcoppa@ millert@ sthen@

The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval

prompted by comments from naddy

number all the time, but let's use install59.fs as it will be the
first release that includes vmm.

the examples.
Diff from Juuso Lapinlampi < wub () partyvan ! eu >, thanks!
ok schwarze@

Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@

to /usr/ports/pobj years ago.
OK millert@, ajacoutot@

validate_junk. from Michal Mazurek

OK halex@

OK halex@

OK halex@

Instead, check the return value of fprintf() and fflush()
and call clearerr() before returning on error.  OK jca@

ok and slight improvement, mmcco@
ok semarie@ and encouragement tedu@ krw@

ok and valuable input from millert@