FreshBSD

   kern.timecounter.choices: Don't offer the dummy counter as an option.

   The dummy counter is a stopgap during boot.  It is not useful after a
   real timecounter is attached and started and there is no reason to return
   to using it.

   So don't even offer it to the admin.  This is easy: never add it to the
   timecounter list.  It will effectively cease to exist after the first real
   timecounter is actived in tc_init().

   In principle this means that we can have an empty timecounter list so we
   need to check for that case in sysctl_tc_choice().

   "I don't mind" mpi@, ok visa@

   drop fatalx calls when claiming a new vm id; otherwise it's possible
   to crash vmd and take all other vms with it. this required a little
   shuffling to get the error value reported back to the caller to
   handle the error properly.

   ok mlarkin@

   Fix ordering of source-file with multiple files and add flags to load_cfg.

   Replace the various identical error callbacks with a single one in cmd-queue.c.

   Add a helper to allocate a cmd_list.

   rev 1.219 of the file was a fix to an LMTP issue that was misunderstood. we
   fixed the root cause in mda_variables.c months ago independantely but we're
   still carrying this diff which is not only unnecessary now, but is also the
   cause of a bug with mailer-daemons going through an LMTP mda.

   issue reported by otto@

   *an* RSA;

   tweak previous;

   Fix the color space parameter in RGB SGR, from Brad Town.

   Remove unused variables; no binary change.

   From Jake Champlin

   embiggen format buffer size for certificate serial number so
   that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues
   Junior

   When signing certificates with an RSA key, default to using the
   rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
   will therefore be incompatible with OpenSSH < 7.2 unless the default
   is overridden.

   Document the ability of the ssh-keygen -t flag to override the
   signature algorithm when signing certificates, and the new default.

   ok deraadt@

   It uses hw.ncpuonline since r1.170

   ok espie@

   clarify that later flags modify earlier flags;
   triggered by a question from Jan Stary <hans at stare dot cz> on misc@;
   OK otto@

   Fix integer overflow in block size calculation.

   Fixes truncation of contents of files with rate above 64kHz
   generate in off-line mode (i.e. -n option).

   pass a context struct to each test function in order to reduce future churn

   During fuzzing, one or many fuzzing processes are often stuck waiting on
   memory from the subproc malloc subsystem which is exhausted. Attempt to
   circumvent such scenarios by allocation the kcov coverage buffer using
   km_alloc() instead.

   With help from kettenis@ and ok visa@

   include uvm.h -> uvm_extern.h; ok visa@

   unneeded escape, as noticed by jmc@ who can't commit right now

   Move the single command flag (CMD_CONTROL) into the shared flags.

   Unveil tetris.

   ok brynet@, tedu@

   document -c and -I. Use compact literal for the examples, so that the
   description is not too lax.

   Fix LDAP RFC reference in comment. Also noticed by martijn.

   ok guenther@, claudio@

   Both FreeBSD and I appear to have been confused by intel's deep-dive doc:
   the RDCL_NO bit of the ARCH_CAPA msr only indicates one of the MDS
   subissues is mitigated; only the MDS_NO bit indicates they're all
   mitigated.

   ok jsg@ mlarkin@

   freezero() is of no use here, the computed digest is not a secret.
   ok millert@

   Add parsing for standard boot options.

   Correct free size. Fixes a panic when detaching crypto volumes.

   OK jan@, "yes please" tedu@

   BPF: remove redundant reference counting of filedescriptors

   OK visa@, OK mpi@

   Don't put dhclient into a loop when interface-mtu is present
   in a lease.

   dhclient.c r1.634 made every RTM_IFINFO restart the DHCP protocol
   and obtain a new/renewed lease. If the lease contained
   interface-mtu the interface MTU was set. An RTM_IFINFO is
   generated every time an interface MTU is set.

   So only set the interface MTU if it is different from the
   existing MTU. Fix using %d to print an unsigned value in passing.

   Noticed and fix inmproved & tested by Bj??rn Ketelaars while
   usihg the wifi on Dutch Railways.

   Add realpath to regress

   Oops, forgot to include a copyright year when originally added

   Mitigate Intel's Microarchitectural Data Sampling vulnerability.
   If the CPU has the new VERW behavior than that is used, otherwise
   use the proper sequence from Intel's "Deep Dive" doc is used in the
   return-to-userspace and enter-VMM-guest paths.  The enter-C3-idle
   path is not mitigated because it's only a problem when SMT/HT is
   enabled: mitigating everything when that's enabled would be a _huge_
   set of changes that we see no point in doing.

   Update vmm(4) to pass through the MSR bits so that guests can apply
   the optimal mitigation.

   VMM help and specific feedback from mlarkin@
   vendor-portability help from jsg@ and kettenis@
   ok kettenis@ mlarkin@ deraadt@ jsg@

   stop using the moribund MLINKS bsd.man.mk feature;
   no functional change intended;
   OK patrick@

   stop using the moribund MLINKS bsd.man.mk feature;
   no functional change intended;
   OK millert@

   add various missing information
   and remove the lie that these functions would set errno;
   tweaks and OK jmc@; OK rob@ on the previous version

   Implement mcx_down() and use it to unwind unsuccessful mcx_up() attempts.

   handle ERSPAN type I

   type I and II share their GRE protocol, but you tell them apart by
   checking if a sequence number is used. type I does not use a sequence
   number and contains a bare ethernet frame. type II contains a
   sequence number and a shim header that is already handled by the
   code.

   tested with a Dell S5048F-ON and an encapsulated remote port mirror setup.

   Change a couple of ACS characters to be more sensible and add a few
   missing ones, reported by Ricardo Banffy.

   Initialize default size variables, from Thomas Adam.

   Add SMR_ASSERT_NONCRITICAL() in assertwaitok(). This eases debugging
   because now the error is detected before context switch.

   The sleep code path eventually calls assertwaitok() in mi_switch(),
   so the assertwaitok() in the SMR barrier function is somewhat redundant
   and can be removed.

   OK mpi@

   For AR9271, use correct clock control register and add a macro to access it.

   ok stsp@

   Unbreak vmctl start foo -b /bsd -d disk.img -cL
   Define a local definition of LOADADDR() instead of pulling in
   machine/loadfile_machdep.h. vmd -b requires the addresses to be masked
   and the new bootloader no longer does that.
   OK pd@ kettenis@

   Add XXX to a comment.

   Accept address and number format for "ospfctl show database area XXX".

   OK denis@ benno@

   Correct errno markup. Noticed by schwarze.

   Discussed with schwarze and jmc. ok schwarze

   Stop using the moribund MLINKS bsd.man.mk feature for Perl manuals.
   It was only used in a very unsystematic way for a small minority
   of Perl manual pages anyway, and using it consistently would entail
   unsustainable maintenance workload.
   Using input from afresh1@ espie@ and Grinnz#p5p;
   OK afresh1@ espie@ jmc@.

   Stop using the moribund MLINKS bsd.man.mk feature for clang(1).
   Patch clang.rst such that "gmake -f Makefile.sphinx man" keeps working.
   Using input from jsg@; OK patrick@; "no worries" deraadt@

   unveil code was unaware of -f option.
   From Anton Borowka.
   ok sthen

   Remove incorrect optimization. The current logic for skipping idle CPUs
   does not establish strong enough ordering between CPUs. Consequently,
   smr_grace_wait() might incorrectly skip a CPU and invoke an SMR
   callback too early.

   Prompted by haesbaert@

   More consistently put remarks about the less useful LC_* categoties,
   i.e. those other than LC_CTYPE, into the CAVEATS section, and
   standardize wording somewhat.
   OK jmc@