security/strongswan: Enable ML plugin by default to allow Post-Quantum Key Exchange Methods
Currently ML-DSA (used for Digital Signatures) is a draft in strongswan
(ETA Version 6.1.0 or later). So CNSA 2.0 cannot be fully supported yet.
https://linux-ipsec.org/slides/2025/steffen-pqc-auth-for-ikev2.pdf
But most firewalls (Palo Alto / Fortigate) already support ML-KEM Key
Exchange in addition to standard proposals.
E.g. aes128gcm16-ecp256-ke1_mlkem512.
More details:
https://docs.strongswan.org/docs/latest/config/proposals.html
PR: 294305
Approved by: strongswan at Nanoteq.com (maintainer, timeout 2 weeks)
Sponsored by: UNIS Labs
audio/libopenshot-audio: fix build on armv7
The usual interference of the poorly named mb() macro from
<machine/atomic.h> with other symbols.
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
(cherry picked from commit cd6af040992a77756b14d8c038b213bc1f425398)
audio/libopenshot-audio: fix build on armv7
The usual interference of the poorly named mb() macro from
<machine/atomic.h> with other symbols.
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
emulators/ripes: unbundle devel/cereal to fix the armv7 build
The bundled version of cereal is outdated and produces this build error:
In file included from /wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/graphics/vsrtl_componentgraphic.cpp:14:
In file included from /wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/archives/json.hpp:56:
/wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/external/rapidjson/document.h:319:82: error: cannot assign to non-static data member 'length' with const-qualified type 'const SizeType' (aka 'const unsigned int')
319 | GenericStringRef& operator=(const GenericStringRef& rhs) { s = rhs.s; length = rhs.length; }
| ~~~~~~ ^
/wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/external/rapidjson/document.h:325:20: note: non-static data member 'length' declared const here
325 | const SizeType length; //!< length of the string (excluding the trailing NULL terminator)
| ~~~~~~~~~~~~~~~^~~~~~
1 error generated.
Unbundle devel/cereal to get an up to date version which does not
exhibit this issue and to follow our policy on unbundling.
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
[2 lines not shown]
biology/htslib: fix build on armv7 (again)
The patches provided by me in 2023 to fix the build on armv7 were
upstreamed shortly after. In a subsequent update to the port, it
appears that the maintainer had then reversed these patches (?!),
effectively undoing my now upstreamed bug fix.
Remove the bogus patches to fix the build.
Fixes: aafe5d31c5f3afdaad0f6345bee06e7a3e2c5ced
See also: https://github.com/samtools/htscodecs/issues/81
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
(cherry picked from commit 89c7d793da2638cfdc15252825a5548c3eb2f147)
biology/ugene: fix build on aarch64
The bundled copy of htslib is missing required assembly source files,
causing build failure due to undefined symbols an aarch64.
Unbundle htslib and use our working port biology/htslib instead.
Approved by: makc (maintainer)
MFH: 2026Q2
PR: 293379
(cherry picked from commit 372104dd71f6e0b1d463713793510b0f7ca5f0a8)
databases/pecl-couchbase: fix build on armv7
This port bundles an older version of snappy that does not build on
armv7 due to an issue that was fixed in the snappy port long ago.
Grab my old armv7 patch for archivers/snappy from the attic to fix
the build. Long term, the dependency should probably be unbundled.
See also: 9a0a2422622d5feee7d77ddc954540daff449a1d
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
(cherry picked from commit 99f343f62620243a68d37717cbfbdaa9bc3ecf53)
emulators/ripes: unbundle devel/cereal to fix the armv7 build
The bundled version of cereal is outdated and produces this build error:
In file included from /wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/graphics/vsrtl_componentgraphic.cpp:14:
In file included from /wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/archives/json.hpp:56:
/wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/external/rapidjson/document.h:319:82: error: cannot assign to non-static data member 'length' with const-qualified type 'const SizeType' (aka 'const unsigned int')
319 | GenericStringRef& operator=(const GenericStringRef& rhs) { s = rhs.s; length = rhs.length; }
| ~~~~~~ ^
/wrkdirs/usr/ports/emulators/ripes/work/Ripes-2.2.6/external/VSRTL/external/cereal/include/cereal/external/rapidjson/document.h:325:20: note: non-static data member 'length' declared const here
325 | const SizeType length; //!< length of the string (excluding the trailing NULL terminator)
| ~~~~~~~~~~~~~~~^~~~~~
1 error generated.
Unbundle devel/cereal to get an up to date version which does not
exhibit this issue and to follow our policy on unbundling.
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
biology/ugene: fix build on aarch64
The bundled copy of htslib is missing required assembly source files,
causing build failure due to undefined symbols an aarch64.
Unbundle htslib and use our working port biology/htslib instead.
Approved by: makc (maintainer)
MFH: 2026Q2
PR: 293379
biology/htslib: fix build on armv7 (again)
The patches provided by me in 2023 to fix the build on armv7 were
upstreamed shortly after. In a subsequent update to the port, it
appears that the maintainer had then reversed these patches (?!),
effectively undoing my now upstreamed bug fix.
Remove the bogus patches to fix the build.
Fixes: aafe5d31c5f3afdaad0f6345bee06e7a3e2c5ced
See also: https://github.com/samtools/htscodecs/issues/81
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
databases/pecl-couchbase: fix build on armv7
This port bundles an older version of snappy that does not build on
armv7 due to an issue that was fixed in the snappy port long ago.
Grab my old armv7 patch for archivers/snappy from the attic to fix
the build. Long term, the dependency should probably be unbundled.
See also: 9a0a2422622d5feee7d77ddc954540daff449a1d
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
