devel/*/gdb: unbreak build with llvm22 and revert prior workaround
LLVM 22 has changed -Wenum-constexpr-conversion into a hard error.
Revert the workaround introduced for LLVM 16 and replace idiom that
results in undefined behavior.
ok tb@
MFC: Update to Crypt::OpenSSL::RSA 0.41, tested by henning
Attacks on the Marvin attack were too aggressive and 0.35 disabled the
widely used PKCS#1 v1.5 padding outright, when only decryption is
problematic due to the padding oracle. Signing is fine and required for
many things, among other things TLS and DNSSEC.
Version 0.35 disabled PKCS#1 v1.5 padding entirely to mitigate the
Marvin attack. However, the Marvin attack only affects PKCS#1 v1.5
decryption (padding oracle), not signatures. Version 0.38 re-enables
use_pkcs1_padding() for use with sign() and verify(), while keeping it
disabled for encrypt() and decrypt(). PKCS1_OAEP should be used for
encryption and either PKCS1_PSS or PKCS1 can be used for signing.
https://metacpan.org/pod/Crypt::OpenSSL::RSA#SECURITY
bin/ksh: preserve tildes in completion
Keep leading tilde expressions in the command line after file
completion. Expanding ~user to pw_dir during editing bakes the result of
an early passwd lookup into the command line; if the account changes
before the command is executed, the command uses a stale pathname
instead of the current ~user expansion.
Completion still performs the lookup needed to enumerate pathname
matches, but rewrites matches back to the spelling the user typed and
does not leave a completion only lookup in the homedir cache.
Also complete bare ~user prefixes from the passwd database, so ~us[TAB]
can become ~user before pathname completion continues.
Preserving tilde is the default behaviour.
OK: deraadt@
mboxgrep: fix build with llvm22
gzFile is a pointer type, so it should be used, not gzFile *. It is also
not equivalent to FILE *, so undo some incorrect fixes from prior compiler
updates.
Tighten up read-only checks on attach-session, detach-client and
switch-client so that a user should be able to only detach their own
client. Reported by John Walker.
Update to Crypt::OpenSSL::RSA 0.41, tested by henning
Attacks on the Marvin attack were too aggressive and 0.35 disabled the
widely used PKCS#1 v1.5 padding outright, when only decryption is
problematic due to the padding oracle. Signing is fine and required for
many things, among other things TLS and DNSSEC.
Version 0.35 disabled PKCS#1 v1.5 padding entirely to mitigate the
Marvin attack. However, the Marvin attack only affects PKCS#1 v1.5
decryption (padding oracle), not signatures. Version 0.38 re-enables
use_pkcs1_padding() for use with sign() and verify(), while keeping it
disabled for encrypt() and decrypt(). PKCS1_OAEP should be used for
encryption and either PKCS1_PSS or PKCS1 can be used for signing.
https://metacpan.org/pod/Crypt::OpenSSL::RSA
