ssherr-libcrypto: avoid use of deprecated ERR_load_crypto_strings()
Follow regress and use unchecked OPENSSL_init_crypto() because
ERR_load_crypto_strings() has been deprecated in OpenSSL 1.1.0.
This call can in principle fail, in which case there's a fallback
to generic error strings.
There is still use of OpenSSL 3.x-deprecated API in here. That's
a problem for someone else to solve.
ok djm
change Venezuelan Bolivar ISO 4217 code from VEF to VES
VES was used for the 2018 redenomination. VED was used as part of the 2021
redenomination process. VES remains the official code after the 2021
redenomination according to ISO 4217 amendment number 170.
set FD_CLOEXEC on the fds between sftp and its ssh process,
avoids risk of subcommands that write on odd fds breaking the
connection. GHPR693 from Manuel Einfalt;
feedback deraadt@ ok dtucker@
check key and IV length received in privsep state transfer
exactly match the expected sizes for the selected cipher;
partially redundant to similar checks in cipher_init(), but
nice to be more exact.
GHPR from jmestwa-coder; ok dtucker@
Use pre-allocated extent region descriptors to prevent bus_dmamap_load(9)
failures on a dmamap that was created with the BUS_DMA_ALLOCNOW flag.
ok chris@, hshoexer@
icecast tweaks: fix daemon in rc script, zap outdated link from README
Move -b to daemon instead of daemon_flags, so that icecast doesn't block
the boot sequence if the admin forgets to specify -b in icecast_flags.
Limit hyperlink URIs to 1024 bytes which seems enough and allows us not
to have to worry about gigantic URIs in styles, part of a change from
Moritz Angermann.
