pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/easy-rsa
Module Name: pkgsrc
Committed By: leot
Date: Wed Jun 7 11:10:38 UTC 2023
Modified Files:
pkgsrc/security/easy-rsa: Makefile PLIST distinfo
pkgsrc/security/easy-rsa/patches: patch-easyrsa patch-vars.example
Log Message:
easyrsa: Update to 3.1.4
3.1.4
-----
* build-ca: New option --ca-via-stdin, use SSL -pass* argument 'stdin'
* build-ca: Revert manual CA password method to temp-files
Release v3.1.3 was fatally flawed, it would fail to build a CA under Windows.
Release v3.1.4 is specifically a bugfix ONLY, to resolve the Windows problem.
See the following commits for further details:
5d7ad1306d5ebf1588aef77eb3445e70cf5b4ebc
build-ca: Revert manual CA password method to temp-files
c11135d19b2e7e7385d28abb1132978c849dfa74
build-ca: Use OpenSSL password I/O argument 'stdin'
27870d695a324e278854146afdac5d6bdade9bba
build-ca: Replace password temp-file method with file-descriptors
Superseded by 5d7ad13 above.
3.1.3
-----
* build-ca: Replace password temp-files with file-descriptors
* Replace --fix-offset with --startdate, --enddate
* Introduce option -S|--silent-ssl: Silence SSL output
* Only create a random serial number file when expected
* Always verify SSL lib, for all commands
* Option --fix-offset: Adjust off-by-one day
* Update OpenSSL to v3.0.8
3.1.2
-----
* build-full: Always enable inline file creation
* Make default Edwards curve ED25519
* Allow --fix-offset to create post-dated certificates
* Introduce command 'set-pass'
* Introduce global option '--nopass|--no-pass'
* Introduce global option '--notext|--no-text'
* Command 'help': For unknown command, exit with error
* Find data-files in the correct order
* Update OpenSSL to 3.0.7 for Windows distribution
3.1.1
-----
* Remove command 'renewable' (#715)
* Expand 'show-renew', include 'renewed/certs_by_serial'
* Resolve long-standing issue with --subca-len=N
* ++ NOTICE: Add EasyRSA-Renew-and-Revoke.md
* Require 'openssl-easyrsa.cnf' is up to date
* Introduce 'renew' (version 3). Only renew cert
* Always ensure X509-types files exist
* Expand alias '--days' to all suitable options with a period
* Introduce --keep-tmp, keep temp files for debugging
* Add serialNumber (OID 2.5.4.5) to DN 'org' mode
* Support ampersand and dollar-sign in vars file
* Introduce 'rewind-renew'
* Expand status reports to include checking a single cert
* Introduce 'revoke-renewed'
* update OpenSSL for Windows to 3.0.5
3.1.0
-----
* Introduce basic support for OpenSSL version 3
* Update regex in grep to be POSIX compliant
* Introduce status reporting tools
* Display certificates using UTF8
* Allow certificates to be created with fixed date offset
* Add 'verify' to verify certificate against CA
* Add PKCS#12 alias 'friendlyName'
* Support multiple IP-Addresses in SAN
* Add option '--renew-days=NN', custom renew grace period
* Add 'nopass' option to the 'export-pkcs' functions
* Add support for 'busybox'
* Add option '--tmp-dir=DIR' to declare Temp-dir
3.0.9
-----
* Upgrade OpenSSL from 1.1.0j to 1.1.1o
- We are buliding this ourselves now.
* Fix --version so it uses EASYRSA_OPENSSL
* Use openssl rand instead of non-POSIX mktemp
* Fix paths with spaces
* Correct OpenSSL version from Homebrew on macOs
* Fix revoking a renewed certificate
Follow-up commit: ef22701878bb10df567d60f2ac50dce52a82c9ee
* Introduce 'show-crl'
* Support Windows-Git 'version of bash'
* Disallow use of single quote (') in vars file, Warning
* Creating a CA uses x509-types/ca and COMMON
* Prefer 'PKI/vars' over all other locations
* Introduce 'init-pki soft' option
* Warnings are no longer silenced by --batch
* Improve packaging options
* Update regex for POSIX compliance
* Correct date format for Darwin/BSD
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/easy-rsa/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/easy-rsa/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/easy-rsa/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/easy-rsa/patches/patch-easyrsa
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/easy-rsa/patches/patch-vars.example
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/easy-rsa/Makefile
diff -u pkgsrc/security/easy-rsa/Makefile:1.12 pkgsrc/security/easy-rsa/Makefile:1.13
--- pkgsrc/security/easy-rsa/Makefile:1.12 Tue Jun 6 16:15:25 2023
+++ pkgsrc/security/easy-rsa/Makefile Wed Jun 7 11:10:38 2023
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2023/06/06 16:15:25 leot Exp $
+# $NetBSD: Makefile,v 1.13 2023/06/07 11:10:38 leot Exp $
-DISTNAME= EasyRSA-3.0.8
+DISTNAME= EasyRSA-3.1.4
PKGNAME= ${DISTNAME:S/EasyRSA/easy-rsa/}
-PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=OpenVPN/}
GITHUB_RELEASE= v${PKGVERSION_NOREV}
Index: pkgsrc/security/easy-rsa/PLIST
diff -u pkgsrc/security/easy-rsa/PLIST:1.3 pkgsrc/security/easy-rsa/PLIST:1.4
--- pkgsrc/security/easy-rsa/PLIST:1.3 Sun Jun 24 07:31:09 2018
+++ pkgsrc/security/easy-rsa/PLIST Wed Jun 7 11:10:38 2023
@@ -1,8 +1,10 @@
-@comment $NetBSD: PLIST,v 1.3 2018/06/24 07:31:09 adam Exp $
+@comment $NetBSD: PLIST,v 1.4 2023/06/07 11:10:38 leot Exp $
bin/easyrsa
share/doc/easyrsa/COPYING.md
share/doc/easyrsa/EasyRSA-Advanced.md
+share/doc/easyrsa/EasyRSA-Contributing.md
share/doc/easyrsa/EasyRSA-Readme.md
+share/doc/easyrsa/EasyRSA-Renew-and-Revoke.md
share/doc/easyrsa/EasyRSA-Upgrade-Notes.md
share/doc/easyrsa/Hacking.md
share/doc/easyrsa/Intro-To-PKI.md
Index: pkgsrc/security/easy-rsa/distinfo
diff -u pkgsrc/security/easy-rsa/distinfo:1.13 pkgsrc/security/easy-rsa/distinfo:1.14
--- pkgsrc/security/easy-rsa/distinfo:1.13 Tue Jun 6 16:15:25 2023
+++ pkgsrc/security/easy-rsa/distinfo Wed Jun 7 11:10:38 2023
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.13 2023/06/06 16:15:25 leot Exp $
+$NetBSD: distinfo,v 1.14 2023/06/07 11:10:38 leot Exp $
-BLAKE2s (EasyRSA-3.0.8.tgz) = 982b53198ba2140451f51a40e8ed8a93b89b2fc0d005bc7da6731ca553ab8848
-SHA512 (EasyRSA-3.0.8.tgz) = fd2cde4725cffd60c6af1b6aeaff0dbf15f31f0f322c9df75c22838e2297ba9dc3bba610d956464c8227bd74b3e63840e2a3da41fbc5ee1c79c1e7f5350adc94
-Size (EasyRSA-3.0.8.tgz) = 48907 bytes
-SHA1 (patch-easyrsa) = 767ff3df6e6863864eee6d76758558d77a22c51f
-SHA1 (patch-vars.example) = 31ffcf40ced1fb07a7531ec7de373ad24c04455e
+BLAKE2s (EasyRSA-3.1.4.tgz) = 608b15678f80043385638349f818f99badbe7c08b485cf7ec6e87cfe62e61933
+SHA512 (EasyRSA-3.1.4.tgz) = 1a1500c909f086fa45b13543a6ad0f0b8708055f95a07abc5ea67e3b1340cb884e5c6c4c3d7777cc05646b7d8d7ef3193a5506f51d01c27ea980204c4a24b231
+Size (EasyRSA-3.1.4.tgz) = 73536 bytes
+SHA1 (patch-easyrsa) = 9c5855682cee9674fc6695ad08dd69b1c3ee1561
+SHA1 (patch-vars.example) = 6148e15e404da398b9e04064f3195b60361339e9
Index: pkgsrc/security/easy-rsa/patches/patch-easyrsa
diff -u pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.3 pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.4
--- pkgsrc/security/easy-rsa/patches/patch-easyrsa:1.3 Tue Jun 6 16:15:25 2023
+++ pkgsrc/security/easy-rsa/patches/patch-easyrsa Wed Jun 7 11:10:38 2023
@@ -1,39 +1,33 @@
-$NetBSD: patch-easyrsa,v 1.3 2023/06/06 16:15:25 leot Exp $
+$NetBSD: patch-easyrsa,v 1.4 2023/06/07 11:10:38 leot Exp $
-- Only FreeBSD and OpenBSD date(1) knowns about `-f' and `-v' option.
- Exclude possible other *BSD and fallbacks to date(1) `-d' there
- that is supported by NetBSD.
-- Stick to POSIX basic regular expression (spell spaces via `[[:blank:]]'
- instead of `\s' that could be not supported and undefined).
- Set a sane default for config file. Needs to be SUBSTed.
---- easyrsa.orig 2020-09-09 20:59:45.000000000 +0000
+--- easyrsa.orig 2023-05-24 12:02:30.000000000 +0000
+++ easyrsa
-@@ -1179,7 +1179,7 @@ at: $crt_in"
- sed 's/^notAfter=//'
- )
- case $(uname 2>/dev/null) in
-- "Darwin"|*"BSD")
-+ "Darwin"|"FreeBSD"|"OpenBSD")
- expire_date=$(date -j -f '%b %d %T %Y %Z' "$expire_date" +%s)
- allow_renew_date=$(date -j -v"+${EASYRSA_CERT_RENEW}d" +%s)
- ;;
-@@ -1515,7 +1515,7 @@ display_san() {
- echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName
+@@ -1308,7 +1308,7 @@ install_data_to_pki() {
+ # '/usr/local/share/easy-rsa' - Default user installed
+ # '/usr/share/easy-rsa' - Default system installed
+ # Room for more..
+- # '/etc/easy-rsa' - Last resort
++ # '@SYSCONFDIR@' - Last resort
- if [ $? -eq 0 ]; then
-- print "$(echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName | sed 's/^\s*subjectAltName\s*=\s*//')"
-+ print "$(echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName | sed 's/^[[:space:]]*subjectAltName[[:space:]]*=[[:space:]]*//')"
- else
- san=$(
- "$EASYRSA_OPENSSL" "$format" -in "$path" -noout -text |
-@@ -1685,6 +1685,9 @@ vars_setup() {
- # EASYRSA, if defined:
- elif [ -n "$EASYRSA" ] && [ -f "$EASYRSA/vars" ]; then
- vars="$EASYRSA/vars"
-+ # sysconf location:
-+ elif [ -f "@SYSCONFDIR@/vars" ]; then
-+ vars="@SYSCONFDIR@/vars"
- # program location:
- elif [ -f "$prog_vars" ]; then
- vars="$prog_vars"
+ # Find and optionally copy data-files, in specific order
+ for area in \
+@@ -1318,7 +1318,7 @@ install_data_to_pki() {
+ "${0%/*}" \
+ '/usr/local/share/easy-rsa' \
+ '/usr/share/easy-rsa' \
+- '/etc/easy-rsa' \
++ '@SYSCONFDIR@' \
+ # EOL
+ do
+ if [ "$context" = x509-types-only ]; then
+@@ -5143,6 +5143,8 @@ The 'vars' file was not found:
+ # Some other place vars, out of scope.
+ if [ "$EASYRSA" ]; then
+ easy_vars="${EASYRSA}/vars"
++ elif [ -f "@SYSCONFDIR@/vars" ]; then
++ easy_vars="@SYSCONFDIR@/vars"
+ else
+ unset -v easy_vars
+ fi
Index: pkgsrc/security/easy-rsa/patches/patch-vars.example
diff -u pkgsrc/security/easy-rsa/patches/patch-vars.example:1.1 pkgsrc/security/easy-rsa/patches/patch-vars.example:1.2
--- pkgsrc/security/easy-rsa/patches/patch-vars.example:1.1 Sun Jun 24 07:31:09 2018
+++ pkgsrc/security/easy-rsa/patches/patch-vars.example Wed Jun 7 11:10:38 2023
@@ -1,20 +1,19 @@
-$NetBSD: patch-vars.example,v 1.1 2018/06/24 07:31:09 adam Exp $
+$NetBSD: patch-vars.example,v 1.2 2023/06/07 11:10:38 leot Exp $
Set default location for configuration files.
---- vars.example.orig 2018-01-21 15:37:26.000000000 +0000
+--- vars.example.orig 2023-05-24 12:02:30.000000000 +0000
+++ vars.example
-@@ -42,12 +42,8 @@ fi
- # This variable is used as the base location of configuration files needed by
- # easyrsa. More specific variables for specific files (e.g., EASYRSA_SSL_CONF)
+@@ -43,11 +43,7 @@ fi
+ # easyrsa. More specific variables for specific files (eg: EASYRSA_SSL_CONF)
# may override this default.
--#
+ #
-# The default value of this variable is the location of the easyrsa script
-# itself, which is also where the configuration files are located in the
-# easy-rsa tree.
-
+-#
-#set_var EASYRSA "${0%/*}"
+set_var EASYRSA "@SYSCONFDIR@"
- # If your OpenSSL command is not in the system PATH, you will need to define the
- # path to it here. Normally this means a full path to the executable, otherwise
+ # If your OpenSSL command is not in the system PATH, you will need to define
+ # the path here. Normally this means a full path to the executable, otherwise
Home |
Main Index |
Thread Index |
Old Index