From 512e30e74377436217c05583f4b20d515db9bbe48e58e169ea973e46a27951b8 Mon Sep 17 00:00:00 2001 From: Stefan Jakobs Date: Thu, 26 Nov 2020 07:01:50 +0000 Subject: [PATCH] Accepting request 850786 from home:oreinert:branches:network:vpn - update to 3.0.8 (2020-09-09) * Provide --version option (#372) * Version information now within generated certificates like on *nix * Fixed issue where gen-dh overwrote existing files without warning (#373) * Fixed issue with ED/EC certificates were still signed by RSA (#374) * Added support for export-p8 (#339) * Clarified error message (#384) * 2->3 upgrade now errors and prints message when vars isn't found (#377) * Update OpenSSL Windows binaries to 1.1.1g * Reverted OpenSSL back to 1.1.0j OBS-URL: https://build.opensuse.org/request/show/850786 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=29 --- EasyRSA-3.0.8.tgz | 3 ++ EasyRSA-3.0.8.tgz.sig | Bin 0 -> 310 bytes EasyRSA-unix-v3.0.6.tgz | 3 -- EasyRSA-unix-v3.0.6.tgz.sig | Bin 310 -> 0 bytes easy-rsa.changes | 14 ++++++++ easy-rsa.spec | 15 ++++---- suse-packaging.patch | 70 +++++------------------------------- 7 files changed, 33 insertions(+), 72 deletions(-) create mode 100644 EasyRSA-3.0.8.tgz create mode 100644 EasyRSA-3.0.8.tgz.sig delete mode 100644 EasyRSA-unix-v3.0.6.tgz delete mode 100644 EasyRSA-unix-v3.0.6.tgz.sig diff --git a/EasyRSA-3.0.8.tgz b/EasyRSA-3.0.8.tgz new file mode 100644 index 0000000..1f7b2b0 --- /dev/null +++ b/EasyRSA-3.0.8.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cae114c212a5be4d89f2253d36c70ab94f68d295f24e8b6711c2cab0fabf7e18 +size 48907 diff --git a/EasyRSA-3.0.8.tgz.sig b/EasyRSA-3.0.8.tgz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..4d674916ef66011b9981238fd762f6d94bddb3376bf3eb7c7bb0377bf625c733 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-4{G;dhhX*X)xg9TZmO>dh4Gj(j0$*7|a{vkn5OS76 z895CN4ra3l`2lj`3jZ1CV+Efw8iTjY{&q-aG$yiD`hN0H&3<^41B)zt!8JGZ&l z<805q_X*Emkul!JAJcY|L5>S;PApl zRcj7?d@TgG#f9folK47Z-l|$fR?nPsLk+nD>_bAG$-PhT#FC=xg0YfZ_s~&n`9_Ky zjB#v|`rns#7qZ9s%&$X05W IXXUqGGa2KNkpKVy literal 0 HcmV?d00001 diff --git a/EasyRSA-unix-v3.0.6.tgz b/EasyRSA-unix-v3.0.6.tgz deleted file mode 100644 index 9f1d1f0..0000000 --- a/EasyRSA-unix-v3.0.6.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396 -size 40840 diff --git a/EasyRSA-unix-v3.0.6.tgz.sig b/EasyRSA-unix-v3.0.6.tgz.sig deleted file mode 100644 index 9c9eee0c0f2896ef4f8b3f4bc83d6072fe40fae16f47cd7b551016099aeb0429..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-4{G;dhhX*X)xg9TZmO>dh4Gj(j0$f!Xng9w35OS76 z895CN4xdd30IAAONJM`EeCb4$aQ<9uT+1zsrC0D>Uk9*^B#(29%!F1)qd=r$PgBDV z4wuk%Mrko}5~PxtER0|v;HCxitB$hup><5_ogKMY1T9(vr(k57b>4P%!TEajGK823 z998EqwMgOpA)5g!8W~ry)lg;uaI?z5===n(*y7o1xX--frDuAH-N5 zwYOt4Rz(s!5~Q-qUYCSi@XMuVblkLCKnLGg=`ws4fg<~|gf?{5!_+qg?eHv6Pw6?V I)MUWpCB_1dhX4Qo diff --git a/easy-rsa.changes b/easy-rsa.changes index eea678f..f49384f 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Nov 25 16:48:19 UTC 2020 - Olav Reinert + +- update to 3.0.8 (2020-09-09) + * Provide --version option (#372) + * Version information now within generated certificates like on *nix + * Fixed issue where gen-dh overwrote existing files without warning (#373) + * Fixed issue with ED/EC certificates were still signed by RSA (#374) + * Added support for export-p8 (#339) + * Clarified error message (#384) + * 2->3 upgrade now errors and prints message when vars isn't found (#377) + * Update OpenSSL Windows binaries to 1.1.1g + * Reverted OpenSSL back to 1.1.0j + ------------------------------------------------------------------- Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen diff --git a/easy-rsa.spec b/easy-rsa.spec index 10636f3..f5e2f20 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -1,7 +1,7 @@ # # spec file for package easy-rsa # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -17,17 +17,17 @@ # -%define pname EasyRSA-unix +%define pname EasyRSA Name: easy-rsa -Version: 3.0.6 +Version: 3.0.8 Release: 0 Summary: CLI utility to build and manage a PKI CA License: GPL-2.0-or-later Group: Productivity/Networking/Security -Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz -Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz.sig +URL: https://github.com/OpenVPN/easy-rsa +Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz +Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys Source2: %{name}.keyring Patch100: suse-packaging.patch @@ -40,8 +40,7 @@ easy-rsa is a CLI utility to build and manage a Public Key Infrastructure certificates, including sub-CAs, and create Certificate Revokation Lists (CRL). %prep -#setup -q -n %{pname}-%{version} -%setup -q -n EasyRSA-v%{version} +%setup -q -n %{pname}-%{version} %patch100 %build diff --git a/suse-packaging.patch b/suse-packaging.patch index ad4e418..e659660 100644 --- a/suse-packaging.patch +++ b/suse-packaging.patch @@ -1,66 +1,14 @@ -diff --git a/easyrsa b/easyrsa -index e019982..635a2b9 100755 ---- easyrsa -+++ easyrsa -@@ -376,7 +376,7 @@ $out" - - verify_ssl_lib () { - # make safessl-easyrsa.cnf -- make_ssl_config -+ [ "$1" == "no_safe_ssl_config" ] || make_ssl_config - - # Verify EASYRSA_OPENSSL command gives expected output - if [ -z "$EASYRSA_SSL_OK" ]; then -@@ -403,7 +403,7 @@ verify_pki_init() { - help_note="Run easyrsa without commands for usage and command help." - - # check that the pki dir exists -- vars_source_check -+ vars_source_check no_safe_ssl_config - [ -d "$EASYRSA_PKI" ] || die "\ - EASYRSA_PKI does not exist (perhaps you need to run init-pki)? - Expected to find the EASYRSA_PKI at: $EASYRSA_PKI -@@ -1452,7 +1452,7 @@ vars_setup() { +--- easyrsa.orig 2020-11-20 15:05:31.051230522 +0100 ++++ easyrsa 2020-11-20 15:08:45.769207521 +0100 +@@ -1664,10 +1664,7 @@ vars= # set up program path -- prog_vars="${0%/*}/vars" -+ prog_vars="/etc/easy-rsa/vars" +- prog_file="$0" +- prog_file2="$(which -- "$prog_file" 2>/dev/null)" && prog_file="$prog_file2" +- prog_file2="$(readlink -f "$prog_file" 2>/dev/null)" && prog_file="$prog_file2" +- prog_dir="${prog_file%/*}" ++ prog_dir="/etc/easy-rsa" + prog_vars="${prog_dir}/vars" # set up PKI path pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - -@@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars" - fi - - # Set defaults, preferring existing env-vars if present -- set_var EASYRSA "${0%/*}" -+ set_var EASYRSA "/etc/easy-rsa" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only -@@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars" - set_var EASYRSA_DIGEST sha256 - - set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" -- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" -+ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then -+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" -+ else -+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" -+ fi - - # Same as above for the x509-types extensions dir - if [ -d "$EASYRSA_PKI/x509-types" ]; then -diff --git a/vars.example b/vars.example -index f03ea6e..2e1d781 100644 ---- vars.example -+++ vars.example -@@ -47,7 +47,7 @@ fi - # itself, which is also where the configuration files are located in the - # easy-rsa tree. - --#set_var EASYRSA "${0%/*}" -+#set_var EASYRSA "/etc/easy-rsa" - - # If your OpenSSL command is not in the system PATH, you will need to define the - # path to it here. Normally this means a full path to the executable, otherwise