secure: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

crypt_r(3): fix reentrancy problems with DES

This code was originally written for non-reentrant crypt(3).
In 5f521d7ba72, a thread-safe crypt_r(3) was introduced. However,
it looks like the DES implementation is still not re-entrant;
routines like setup_salt() or des_setkey() still use global
variables.

Instead of something drastic, eg removing DES support altogether,
just mark those variables as thread-local. This adds about 30kB
of data per thread.

Given that this only applies to DES, I think the impact is minimal.

Reviewed By: markj
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D30674

Make libcrypt thread-safe. Add crypt_r(3).

glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision: https://reviews.freebsd.org/D7306

Update the previous openssl fix. [12:01]

Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]

Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on: alpha, i386
Reviewed by: bde, jake, tmm

__FBSDID() (second half of src/lib/libcrypt changes)

Make this completely dependant on the exportable libcrypt, to avoid
duplication of effort. Also a large cleanup of the code, inspired
by Brandon Gillespie.

$Id$ -> $FreeBSD$

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Dual personality crypt(3). This crypt will choose its encryption algorithm
(DES or MD5) based on the type of salt used. Salt beginning with "$1$"
indicates MD5.

Remove trailing whitespace.

More elegant fix for short settings.
(Our existing fixes already plugged the security holes involved.)
Submitted by: Geoff Rehmet after consultation with David Burren

Back out static hacks & build of usr.bin until Geoff informs the
world of his master plan.

Submitted by: pst

Remove static in front of declarations for des_setkey and des_cipher
so that linking against -lcrypt (-ldescrypt) will give us the good
versions instead of the stubs in libc. (These changes need to be
made to the non-US version of libdescrypt too!)

Allow building and support for bdes program.
A bit more work still needs to be done on secure telnet.

Submitted by: pst

Modify libcrypt so that the only exported symbol is _crypt().
Submitted by: Geoff Rehmet

Unecumbered securedist from FreeBSD 1.1.5.1 - sources for libcrypt.
The next commit will remove all symbols except _crypt()
Reviewed by: Geoff Rehmet
Submitted by: David Burren