Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information to fully recover an
ECDSA private key (CVE-2020-10932).
- add `-fheinous-gnu-extensions' as seen on some other archs
- add a patch to remove the `-Wa,-mppc' flag, because clang's
integrated assembler was unhappy with it. Proposed by jca@,
instead of using `-no-integrated-as'.
OK jca@ (maintainer)
Detection succeeds on sparc64 where clang uses gas, but then build fails
because of a mix of -Wa,foobar unused argument warning and -Werror.
Just drop the use of --noexecstack, the stack is always marked
non-executable on OpenBSD.
ok sthen@ (maintainer)
Significant changes since 1.6.0:
* A new -u option instructs spiped to run as a different uid/gid.
* RDRAND x86 CPU extensions (if available) are used as an additional source
of entropy. (Note that they are only used as a *supplemental* source, and
if the operating system provides strong entropy then it doesn't matter if
RDRAND works.)
* SHA x86 CPU extensions (if available) are used to speed up computations.
Few CPUs support these yet.
* spipe now prints a warning if it cannot connect to the target host.
Fix a DTLS-protocol regression (caused by TLS1.3 support).
The DTLS client would not contribute any randomness to the DTLS negotiation,
breaking the security guarantees of the DTLS protocol.
(which is not) throughout the ports Makefiles.
* Replace find|xargs with find -exec {} +
* Replace -exec {} \; with -exec {} + if applicable.
* Use the -delete operator to remove files and empty directories.
* Combine and tweak some find(1) invocations while here.
ok kn@ rsadowski@ espie@
devel/cargo modules will take care of some aspects of crate dependencies on
system/ports libraries
adapt some ports depending on devel/cargo to properly link to ports libraries,
and to not patch anymore what it is now done by devel/cargo (openssl-sys crate
for example)
with help and ok @sthem
