FreshBSD

    tag some functions with bounded. idea and ok djm

    remove the identity files from this manpage - ssh-agent doesn't deal
    with them at all and the same information is duplicated in ssh-add.1
    (which does deal with them); prodded by deraadt@

    skip leading zero bytes in buffer_put_bignum2_from_string();
    reported by jan AT mojzis.com; ok markus@

    Memory leak in error path and unnecessary assignment, from clang.

    Add ufs2 support and get one step closer to making ffs2 bootable. This work was done 
by Pedro Martelletto for bitrig. One small tweak to make it buildable with -Werror. 
"Please commit" miod@

    sync

    Rename the mpages.id column to mpages.pageid.  There is no good reason
    to call this kid by a different name here than in all other tables.
    Easier to polish this now than after enabling.

    TANSTAAFL - delete the buf freelist code. if you need a better malloc, get
    a better malloc. ok beck deraadt

    Remove a leftover prototype and fix some spacing.

    Remove the choose-list command to prepare for some later choose-* work.

    add back SRP. i was being too greedy.

    Clean up dangerous strncpy use. This included a use where the resulting
    string was potentially not nul terminated and a place where malloc return
    was unchecked.
    while we're at it remove dummytest.c
    ok miod@

    - Why do we hide from the OpenSSL police, dad?
    - Because they're not like us, son. They use macros to wrap stdio routines,
      for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
      obfuscate the code.
    
    ok tedu@

    > As I walk through the valley of the shadow of death
    > I take a look at my life and realize there's nothin' left
    > Cause I've been blasting and laughing so long,
    > That even my mama thinks that my mind is gone
    Remove even more unspeakable evil being perpetuated in the name of VMS.
    (and lesser evils done in the name of others.)
    ok miod

    lots of ifdef cleanup

    repair knf

    Remove ifdef'd out KerberosIV and stream encryption support.  While
    here, sort arguments.
    
    ok tedu miod (who had the same diff with an additional bit of clean-up)

    No need to define ANSI_SOURCE and NO_ERR. TERMIOS kept until ui/ui_openssl.c
    gets a second trim.

    add missing parens so that errorhost gets properly initialized.
    
    ok tedu miod (who had the same diff)

    Give the mlinks and keys tables a pageid index,
    as suggested by jeremy@ and espie@.
    
    The mlinks index speeds up basic apropos(1) searches by around 30%
    because it speeds up the final SELECT FROM mlinks query by about 95%.
    For large result sets, the overall speedup gets even larger, in the
    extreme case of "apropos Nd~." by more than 90%.
    The keys index finally makes the apropos(1) -O option usable: It no longer
    incurs relevant extra cost, while in the past it was embarrassingly slow.
    
    This comes at a cost:  Total database build times grow by about 5%,
    and each index adds about 10% database size with -Q.  I consider that
    acceptable in view of the huge apropos(1) performance gains.
    The -Q database for /usr/share/man still remains below 1 MB.

    No need to build with -DOPENSSL_NO_CAPIENG and -DOPENSSL_NO_HW_xxx for all
    now removed engines.

    Make dhclient -q even quieter. Make it immediately effective rather
    than possibly emitting a couple of random memory allocation error
    messages first.
    
    ok guenther@

    quoth the readme:
    NOTE: Don't expect any of these programs to work with current
    OpenSSL releases, or even with later SSLeay releases.
    ok miod

    delete a few leftovers

    fix a few bugs observed on http://www.viva64.com/en/b/0250/
    ok krw miod

    Thanks to the knobs in http://tools.ietf.org/html/rfc5746, we have a knob
    to say "allow this connection to negotiate insecurely". de-fang the code
    that respects this option to ignore it.
    ok miod@

    disentangle SRP code from TLS

    whack the ifdef pinata:
    OPENSSL_SYSNAME_VXWORKS
    OPENSSL_SYS_VMS
    OPENSSL_SYS_MSDOS
    OPENSSL_UNISTD
    OPENSSL_SYS_WIN16
    WIN_CONSOLE_BUG
    OPENSSL_SYS_WINCE
    SGTTY
    OPENSSL_SYS_MACINTOSH_CLASSIC
    MAC_OS_GUSI_SOURCE
    OPENSSL_SYS_NETWARE
    OPENSSL_SYS_SUNOS
    __DJGPP__
    OPENSSL_SYS_BEOS
    OPENSSL_SYS_WIN32

    SSLv3_client_method() doesn't support TLSv1.*; use SSLv23_client_method()
    the for anything where version negotiation would be useful.
    Also, constipate a couple formatting strings to make compilers and
    linkers happier.
    
    ok tedu@

    Zero-pad usec format to handle values less than 100,000 correctly
    
    ok matthew@ tedu@

    Initial KNF.

    Initial KNF.

    Mandatory Surgeon Guenther's Warning: This code could not possibly be
    correct because it doesn't zerofill the front of usecs, but that's the
    way I found it.
    a more thorough emulation of the old code, but with fewer whacky snprintf
    pointer arithmetic antics. ok beck guenther

    Initial KNF.

    More KNF.

    First pass for KNF.

    revert. the full horror has only now revealed itself.

    replace some bio_snprintf crazy with regular snprintf.
    beck had a diff to convert to strftime, but it's easier to verify this
    is functionally the same. ok beck.

    Kill the bogus "send an SSLv3/TLS hello in SSLv2 format" crap from
    the SSLv23_* client code.  The server continues to accept it.  It
    also kills the bits for SSL2 SESSIONs; even when the server gets
    an SSLv2-style compat handshake, the session that it creates has
    the correct version internally.
    
    ok tedu@ beck@

    More KNF.

    More KNF.

    My previous attempt to chdir(2) to the directory containing the cgi
    script was not quite right. slowcgi would try to chdir("") with a
    SCRIPT_NAME of /foo.cgi; chdir("/") in that case.
    I'm not sure how one would configure nginx/slowcgi to get to that
    point though.
    OK benno@

    Whitespace tweaks before further tweaks; no objections from ajacoutot@.

    Make this byzantine horror a shell of it's former self by stubbing the
    functions. The ability to set the debug mem functions died with mem.c,
    but some of the rest of this is still exposed API so we can't delete it..
    yet...
    ok tedu@

    OpenSSL is not the only place with bloated code! Remove unused
    function 'option_as_string()'.

    Some software expects RAND_status() to return 1 for success, so always
    return 1 in the arc4random backend because there is no possible error
    condition.  Unbreaks lynx, git and friends.
    
    ok miod@ dcoppa@

    Tweak network interface configuration so that after 1st attempted
    (rather than first successfull) configuration, the default selection
    becomes [done]. This allows one to <cr> past network configuration.
    e.g. when dhcp is not working.
    
    Requested by deraadt@. ok halex@.

    Merge in_fixaddr() into in_selectsrc() in order to prepare for
    IP_SENDSRCADDR support.  This reduces the differences with the
    IPv6 version and kill some comments that are no longer true.
    
    ok jca@, chrisz@, mikeb@

    Clean up non-fatal error handling - we know which error numbers we have
    defined.
    
    ok miod@ beck@

    unbreak install; /usr/share/man/man3/EVP_PKEY_print_private.3 should link to
    /usr/share/man/man3/EVP_PKEY_print_public.3 not itself, from deraadt