ssherr-libcrypto: avoid use of deprecated ERR_load_crypto_strings()
Follow regress and use unchecked OPENSSL_init_crypto() because
ERR_load_crypto_strings() has been deprecated in OpenSSL 1.1.0.
This call can in principle fail, in which case there's a fallback
to generic error strings.
There is still use of OpenSSL 3.x-deprecated API in here. That's
a problem for someone else to solve.
ok djm
change Venezuelan Bolivar ISO 4217 code from VEF to VES
VES was used for the 2018 redenomination. VED was used as part of the 2021
redenomination process. VES remains the official code after the 2021
redenomination according to ISO 4217 amendment number 170.
set FD_CLOEXEC on the fds between sftp and its ssh process,
avoids risk of subcommands that write on odd fds breaking the
connection. GHPR693 from Manuel Einfalt;
feedback deraadt@ ok dtucker@
check key and IV length received in privsep state transfer
exactly match the expected sizes for the selected cipher;
partially redundant to similar checks in cipher_init(), but
nice to be more exact.
GHPR from jmestwa-coder; ok dtucker@
Use pre-allocated extent region descriptors to prevent bus_dmamap_load(9)
failures on a dmamap that was created with the BUS_DMA_ALLOCNOW flag.
ok chris@, hshoexer@
Limit hyperlink URIs to 1024 bytes which seems enough and allows us not
to have to worry about gigantic URIs in styles, part of a change from
Moritz Angermann.
Declare immutable `msginfo' structure as const. Also, `msginfo' is local
to kern/sysv_msg.c, so remove declaration from sys/msg.h. This
declaration is not exposed to the userland. usr.bin/ipcs/ipcs.c has
"#define _KERNEL" before include SysV headers, but doesn't touch
`msginfo'.
ok deraadt
fix ineffective max file size check when loading blobs/keys from
files and add another one on a patch that was not covered by the
existing ones. From Tess Gauthier via bz3969 and bz3970
move documentation of the Include directive to near the start of
the options list, alongside that for Match and Host which are similar
insofar as they all affect configuration parsing rather than altering
the configuration directly. from xspielinbox via bz3968
Make pane scrollbars able to auto-hide after a short timeout. This
replaces the previous "modal" behaviour where the pane would be resized,
which tended to make a mess. Instead, the scrollbar appears when
scrolling or when hovered over with the mouse and disappears a
(configurable) short period later. From Michael Grant.
don't print an error message when trying to load a host private key
when PKCS#11 keys are in use, as these don't need the private half
on the filesystem. GHPR664 from Ingo Franzki
make ssh-add open it's connection to the agent after it has
finished getopt() processing and not before. This allows the -v
flag to work properly.
ok jca@
Fix bounds checking when signing messages of length greater than will
fit in a size_t.
In OpenSSH, messages sizes are bounded by SSHBUF_SIZE_MAX so this was
unreachable.
From Swival scanner.
