CVS commit: pkgsrc/security/easy-rsa

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/easy-rsa
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 22 Dec 2025 08:00:12 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Dec 22 08:00:12 UTC 2025

Modified Files:
        pkgsrc/security/easy-rsa: Makefile distinfo

Log Message:
easy-rsa: updated to 3.2.5

3.2.5 (2025-12-13)

* ssl_cert_digest(): Support Edwards curve with LibreSSL (1eaa31e)
* New function ssl_cert_sig_digest() (f9d2b49)
* Add '-b' alias for --batch (575a964)
* Introduce peer-fingerprint inline lists (94c3690)
* Create new inline file type 'pfp', peer-fingerprint (353adc5)
* export_pkcs(), PKCS12 inline: Respect $EASYRSA_NO_INLINE (35d7ad3)
  Original bug report: Sébastien Luttringer
* Introduce global option --force-vars (5560d3c)
* source_vars(): Add 'set -e' to dry-run, sub-shell sourcing vars (6598711)
* source_vars(): Add grep check for assignment by '=' (fc36545)
* Update EasyRSA-Advanced.md (276eaa5)
* Introduce global option --no-inline (75e52f7)
* Replace $ignore_vars with $EASYRSA_NO_VARS (Revert 3c0ca17) (5879488)
* Libressl: Use ONLY $EASYRSA_FORCE_SAFE_SSL (25b7485)
* select_x509_type_tmp(): This compliments select_ssl_cnf_tmp() (dc754e4)
* select_ssl_cnf_tmp(): Replace provide_EASYRSA_SSL_CONF_tmp() (538ad3d)
* inline_file(): Make unknown certificate type non-fatal (b2373e2)
* Remove 'kdc' as a 'built-in' X509-type (13e37d9)
* peer-fingerprint: Allow 'show-cert' to be used (7cf55e0)
* init-pki: Introduce configurable cryptography (a8da392)

* Update OpenSSL for Windows to 3.6.0 (62a0cea)
* Replace "local" openssl-easyrsa.cnf (80702d6..b31443d)

  Original bug report: 1390 'OpenBSD/LibreSSL failure'

  With these changes, Easy-RSA now does the following:

  Create a global safe SSL config file exactly as before and export it
  to $OPENSSL_CONF, for use by any SSL library. This file is specifically
  required by check_serial_unique(), which must have the Easy-RSA CA
  configured file.

  Use either an existing openssl-easyrsa.cnf file OR provide a default,
  unexpanded tmp-file, which is exported to $EASYRSA_SSL_CONF, for use
  ONLY by Easy-RSA. This must be unexpanded to allow $EASYRSA_REQ_CN to
  be configured by the Easy-RSA command in use (eg. sign-req) once the
  Easy-RSA command line has been fully parsed.

  When calling easyrsa_openssl(), for LibreSSL or --force-safe-ssl,
  expand the current $EASYRSA_SSL_CONF and export that to $OPENSSL_CONF,
  for use by the called SSL command. Otherwise, use the current, unexpanded
  file and export that.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/easy-rsa/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/easy-rsa/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/easy-rsa/Makefile
diff -u pkgsrc/security/easy-rsa/Makefile:1.21 pkgsrc/security/easy-rsa/Makefile:1.22
--- pkgsrc/security/easy-rsa/Makefile:1.21      Wed Sep  3 07:46:42 2025
+++ pkgsrc/security/easy-rsa/Makefile   Mon Dec 22 08:00:11 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.21 2025/09/03 07:46:42 adam Exp $
+# $NetBSD: Makefile,v 1.22 2025/12/22 08:00:11 adam Exp $
 
-DISTNAME=      EasyRSA-3.2.4
+DISTNAME=      EasyRSA-3.2.5
 PKGNAME=       ${DISTNAME:S/EasyRSA/easy-rsa/}
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=OpenVPN/}

Index: pkgsrc/security/easy-rsa/distinfo
diff -u pkgsrc/security/easy-rsa/distinfo:1.22 pkgsrc/security/easy-rsa/distinfo:1.23
--- pkgsrc/security/easy-rsa/distinfo:1.22      Wed Sep  3 07:46:42 2025
+++ pkgsrc/security/easy-rsa/distinfo   Mon Dec 22 08:00:11 2025
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.22 2025/09/03 07:46:42 adam Exp $
+$NetBSD: distinfo,v 1.23 2025/12/22 08:00:11 adam Exp $
 
-BLAKE2s (EasyRSA-3.2.4.tgz) = 926a92f47a9e19bb9926e8342e6e1f0f20b12a85ba8c7208819ba6eccbf707b5
-SHA512 (EasyRSA-3.2.4.tgz) = 3fadf1468aa1a11cf01d0f4768eb7ffa1f522c0021831aa448ffb1e3e76c5a6681ddcd879e570e54f8f79a35269bd19510fc8f51f54a0feb6982d9593af00208
-Size (EasyRSA-3.2.4.tgz) = 89360 bytes
+BLAKE2s (EasyRSA-3.2.5.tgz) = 106c88c2b508f9dd94b1141cba576d40023c2b477197b647c3e0f62861074eb8
+SHA512 (EasyRSA-3.2.5.tgz) = 939663d0046d906051113c562605803be5d0abd4803ef9089ed87389ff54dd0d6c2a3fb9929c2d3a88088154ee7ec7e9aee75fcdb53e9efd53b3c8381b3d9cd9
+Size (EasyRSA-3.2.5.tgz) = 92106 bytes
 SHA1 (patch-easyrsa) = cc44e86031c875f102e140cea9582e4d88789b20
 SHA1 (patch-vars.example) = 6148e15e404da398b9e04064f3195b60361339e9

Prev by Date: CVS commit: pkgsrc/devel/libgit2
Next by Date: CVS commit: pkgsrc/devel/qt6-qtwayland
Previous by Thread: CVS commit: pkgsrc/devel/libgit2
Next by Thread: CVS commit: pkgsrc/devel/qt6-qtwayland
Indexes:

Home | Main Index | Thread Index | Old Index