See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.37_release_notes
Interestingly, in nss 3.31 the way entropy is gathered from the system
was revamped, and in #1057343 it started using the getentropy() syscall
by default if available, with a fallback to /dev/urandom...but only on
linux/glibc 2.25.
Add a patch to also use getentropy() on OpenBSD.. reported upstream in
#1461075
- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string. Makes it easier to see what privileges
remain.
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)
thousands of connections efficiently on multicore machines.
It supports ALPN, SNI, PROXY protocol, automatic OCSP stapling as well as
seamless configuration reloads of certificates and listen endpoints.
Feedback and OK jca
PyCryptodome is a self-contained Python package of low-level cryptographic
primitives. It is an cleaned and simplified fork of PyCrypto, exposing
almost the same API. Most applications run unmodified, apart from a very
few compatibility breaks for those parts of the API that represented a
security hazard or that were too hard to maintain.
NB: currently we're packaging cryptodomex which doesn't conflict with py-crypto.
once all callers are migrated we can switch to the regular cryptodome package.
with and ok sthen@
for the relevant PHP versions.
ports which are 5.6-only remain in pecl-foo port directories, set to only
build 5.6 packages
ports which have separate versions for 5.6 and 7.0 are split; the port
directories are named pecl56-foo for the 5.6-compatible version and
pecl-foo for the 7+-version
normal ports are in pecl-foo port directories with flavours for 5.6 and 7.0
dependency for upcoming mailpile port
A Python library for parsing PGP packets, similar to the pgpdump utility.
Currently supports:
- Signature packets
- Public key packets
- ASCII-armor decoding and CRC check
- Secret key packets
- Trust, user ID, and user attribute packets
with help from sthen@ jca@
ok from jca@ sthen@
From Gregoire Jadi (maintainer), ok sthen@ landry@
DESCR:
Keyringer lets you manage and share secrets using GnuPG and Git with
custom commands to encrypt, decrypt, recrypt, create key pairs, etc.
by the qt5 module so there was a bogus dep for -main in the port. (It doesn't
actually make it to the package as there's no associated entry in WANTLIB-main).
Note: the storage format has changed, dump to xml before updating:
$ kc -k ~/.kc/default.kcd
Password:
<example_chain% > dump kcdump
Dump OK
<example_chain% > quit
Then follow instructions in /usr/local/share/doc/kc/Changelog.
There is an @ask-update question during update giving users chance to do this.
