- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Increase the "memorylocked" limit for the "daemon" class.

amd(8) requires more than the 64MB that is currently available to it so bump
it up to 128MB.

Reviewed by: kib
Discussed with: avg, kib, zont

- Set memorylocked limit to 64Kb for default login class.
This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.

Suggested by: avg
Approved by: kib (mentor)
MFC after: 1 week

Passive mode is the default, and has been for a while.

MFC after: 1 week

Switch the default password hash from md5 to sha512.

MFC after: 1 week

Remove vestiges of 'slip'.

PR: 145648
Submitted by: alexbestms at wwu dot de and spam at rm-rf dot kiev dot ua
MFC after: 1 week

Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)

Integrate the new MPSAFE TTY layer to the FreeBSD operating system.

The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.

If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).

The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan

Remove more vestiges of /usr/X11R6, but leave mtree for portmgr.

Add a short description of how a literal colon ':' can be inlined in the
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.

Triggered by: a question by Ceri on -questions

Removed whitespace at BOF, EOL & EOF.

add default vmemoryuse (unlimited), and samples

Fix typo. '|' looks a lot like 'l' in my xterm font.

When having an expanded name for a class, use '|' instead if ':' to
seperate the short name and the long name. This was present for most
but not all entries. Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.

Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
MFC after: 2 weeks

ftp(1) was not the only user of FTP_PASSIVE_MODE, libfetch uses it
too, so add it back

ftp(1) uses passive mode by default now, therefore remove
FTP_PASSIVE_MODE=YES.

Pointed out by: billf

s/password_format/passwd_format/

PR: misc/30494
Submitted by: "brian j. peterson" <rbw@myplace.org>

Remove duplicate entry.

Submitted by: Paul Herman <pherman@frenchfries.net>

Updates for Blowfish password hashing.

o Back out 1.39, it was a bad idea. There was, and should be, a
distinction between the OS copyright message and the message displayed
gratuitously to each user at login. Because, well, they may be
different, among other things, and boy can a copyright message each
login consume some screen space. If people really want to do this,
they can copy /COPYRIGHT to /etc/COPYRIGHT.

Submitted by: Anders Andersson <anders@codefactory.se>

o /etc/COPYRIGHT -> /COPYRIGHT, since that's where it's installed.

Submitted by: Anders Andersson <anders@sanyusan.se>

Add `password_format=md5' to the default settings. I've had this locally
for a while, but a recent email to -stable suggests it should be spelled
out as the documentation of "password_format" is sparse.

Also add a `des_users' entry.
Submitted by: Sean O'Connell <sean@stat.Duke.EDU>

document sbsize limit.

o Improve the comment concerning rebuilding the database using cap_mkdb --
it's not a speed thing, it's a correctness thing :-)
o Reorder the path slightly to be more consistent

Reviewed by: jhb

Synchronize login.conf default path with skel/dot.cshrc and root/dot.cshrc

$Id$ -> $FreeBSD$

Axe LOGIN_CAP_AUTH.

PR: 10115
Reported by: Gene Skonicki <gene@cif.rochester.edu>
Requested by: jdp

Be a little clearer about login_getpwclass(3), and its penchant for
looking up a record called "root".

PR: docs/12377
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>

Set FTP_PASSIVE_MODE=YES by default in the default login class.

Change references from "passwordperiod" to "passwordtime", since
"passwordtime" is what passwd(1) has actually been using. I suspect
passwordperiod was the original intent. I can't figure-out which,
if either, BSDi uses. If anyone knows...

Add /usr/X11R6/bin to default path also.

remove 'russian' duplicated in comment

Ripped out EDITOR=ee with extreme prejudice.

Oops, I missed a few more /etc/nologin references yesterday. It appears
my check of the tree was incomplete. Sorry guys.

Reported by: Ben Smithurst <ben@scientia.demon.co.uk>

Move nologin from /etc to /var/run. This means one less file that has
to be written to /etc.

The only essential change is in paths.h, so any third-party software
written correctly will pick it up in the next rebuild.

Reviewed by: the committers list (actually an old version)

Slightly clarify wording of "Example".

Don't set a MANPATH by default for users who aren't in a login class.
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.

PR: 8587
Submitted by: Marc Slemko <marcs@znep.com>

Fix typo: s/;/:/

PR: conf/7964
PR: conf/7966
Submitted by: Zach Heilig <zach@gaffaneys.com>
Submitted by: Jos Backus <Jos.Backus@nl.origin-it.com>

Effectively disable resource limit setting by default, leaving the
original contents of the file preserved as examples for administrators
that need to enable them.

Also add a comment to the examples pointing out that the authentication
functionality is largely unused and requires rebuilding libutil.

Reviewed by: jkh

Remove extraneous trailing \'s.

PR: 5949
Submitted by: Studded@dal.net

Expand default datasize to 22M, perl5 & pine are usual memory eaters

Revisions 1.14 and 1.9.2.3 fixed PR conf/5127.

datasize-curr -> datasize-cur, typo fix.

PR: 5152
Submitted by: owaki@st.rim.or.jp

daemon: bump maxproc from 256 to 512
256 means f.e. that only 256 users at once can be served by your HTTPD

Further tweak to 'daemon' so that the hard limit for coredumpsize
is not set to zero, only the soft limit. This means that non-root
processes started from /etc/rc* can explicitly raise the coredump limit
if they wish.

Raise some of the 'daemon' class limits as used by things started
from /etc/rc, including inetd and it's children, stuff from
/usr/local/etc/rc.d (eg: squid, apache). The default limits are causing
a lot of problems including things like fsck failing on large disks.
I hope I've understood the quirks of the override mechanism properly.

Fix typo

Fix "daemon" class, Apache not works from /etc/rc otherwise.

Among bumping several limits, most interesting thing is that
Apache requires than "filesize=64M" restriction must be removed.
I think it is due to mmap() usage in apache, but I am not shure.

Restore backwards compatible default behavior for requirehome

Correct comment to show correct path to cap_mkdb

Add 'russian' users class

Remove term=dumb from default entry: ovverrides TERM variable for login

Fix typing error in default class: rc= instead of tc=

For root & daemon classes bump max openfiles to 1024 to really activate
bumped select limit

Revert $FreeBSD$ to $Id$

Made more reasonable as a set of defaults. Remove cruft, fix a couple
of errors and eliminate cap_mkdb errors. Closes PR misc/2551.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Added 'xuser' class entry point for X users (who need more resources).
Increased default procs/file handles so that man will work in more
situations. Other suggestions welcome, btw.

Adds a template/example login.conf, login class capabilities database.