some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
libssl internals. This effectively takes the OpenSSL 1.1 code path
instead of the OpenSSL 1.0 code path, and will allow for further
libssl clean up.
with and OK jsing@
This release contains fixes for mutliple issues, ranging from stack based
buffer overflows to out of bounds reads and writes on the heap. They can
be triggered by malicious smartcards sending malformed responses to APDU
commands. A detailed description can be found at X41-2018-002
<https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/>.
While here, replace hardcoded 0644 with ${NONBINMODE} and adjust the
default PKCS11 provider path to opensc-pkcs11.so so pkcs11-tool(1) works
without having to it pass it `--module' all the time.
OK sthen rsadowski
config style, which still has DNS-01. ok landry@
---
acme-client is a client for the ACME protocol used by the Let's Encrypt CA.
It uses isolated processes for various operations - network code doesn't
have access to the filesystem, etc - this is enforced by pledge(2).
acme-client is present in the OpenBSD base system. This package is for the
original version, which uses a different configuration interface (CLI rather
than configuration file). It also supports the DNS-01 challenge type which
is not currently available in the version in the base system.
The executable is installed as "eacme-client".
---
- the database format has changed from an internal format to sqlite3,
this is automatic but it's recommended to make an extra backup of old files
first.
from Charlene Wendling; OK bcallah@
Comment:
cryptographic toolkit for Perl
Description:
CryptX is a fairly comprehensive cryptographic toolkit that provides
a vast array of well-known symmetric, block, and stream ciphers,
authenticated encryption modes, hash functions, checksums, MAC,
public key cryptography, PRNG, and more.
from Charlene Wendling; OK bcallah@
Comment:
generate shared secret using ECDH function
Description:
Crypt::Curve25519 is a state-of-the-art Diffie-Hellman function
suitable for a wide variety of applications.
Given a user's 32-byte secret key, Crypt::Curve25519 computes the
user's 32-byte public key. Given the user's 32-byte secret key and
another user's 32-byte public key, Crypt::Curve25519 computes a
32-byte secret shared by the two users. This secret can then be
used to authenticate and encrypt messages between the two users.
