diff --git a/EasyRSA-nix-3.0.5.tgz b/EasyRSA-nix-3.0.5.tgz deleted file mode 100644 index 34417b8..0000000 --- a/EasyRSA-nix-3.0.5.tgz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37 -size 50270 diff --git a/EasyRSA-nix-3.0.5.tgz.sig b/EasyRSA-nix-3.0.5.tgz.sig deleted file mode 100644 index c440b74..0000000 Binary files a/EasyRSA-nix-3.0.5.tgz.sig and /dev/null differ diff --git a/EasyRSA-unix-v3.0.6.tgz b/EasyRSA-unix-v3.0.6.tgz new file mode 100644 index 0000000..9f1d1f0 --- /dev/null +++ b/EasyRSA-unix-v3.0.6.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb29aed2d27824e59dbaad547f11dcab380a53c9fe05681249e804af436f1396 +size 40840 diff --git a/EasyRSA-unix-v3.0.6.tgz.sig b/EasyRSA-unix-v3.0.6.tgz.sig new file mode 100644 index 0000000..9c9eee0 Binary files /dev/null and b/EasyRSA-unix-v3.0.6.tgz.sig differ diff --git a/easy-rsa.changes b/easy-rsa.changes index b82d48d..eea678f 100644 --- a/easy-rsa.changes +++ b/easy-rsa.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Feb 12 12:26:17 UTC 2019 - Tuukka Pasanen + +- update to 3.0.6 (2019-02-01) + * Certifcates that are revoked now move to a revoked subdirectory (#63) + * EasyRSA no longer clobbers non-EASYRSA environment variables (#277) + * More sane string checking, allowingn for commas in CN (#267) + * Support for reasonCode in CRL (#280) + * Better handling for capturing passphrases (#230, others) + * Improved LibreSSL/MacOS support + * Adds support to renew certificates up to 30 days before expiration (#286) + - This changes previous behavior allowing for certificate creation using + duplicate CNs. +- update and rebase suse-packaging.patch + ------------------------------------------------------------------- Fri Nov 30 11:10:10 UTC 2018 - chris@computersalat.de diff --git a/easy-rsa.spec b/easy-rsa.spec index 958e1ae..10636f3 100644 --- a/easy-rsa.spec +++ b/easy-rsa.spec @@ -1,7 +1,7 @@ # # spec file for package easy-rsa # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -13,21 +13,21 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define pname EasyRSA-nix +%define pname EasyRSA-unix Name: easy-rsa -Version: 3.0.5 +Version: 3.0.6 Release: 0 Summary: CLI utility to build and manage a PKI CA License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz -Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig +Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz +Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-v%{version}.tgz.sig # https://github.com/OpenVPN/easy-rsa/tree/master/release-keys Source2: %{name}.keyring Patch100: suse-packaging.patch @@ -41,7 +41,7 @@ certificates, including sub-CAs, and create Certificate Revokation Lists (CRL). %prep #setup -q -n %{pname}-%{version} -%setup -q -n EasyRSA-%{version} +%setup -q -n EasyRSA-v%{version} %patch100 %build diff --git a/suse-packaging.patch b/suse-packaging.patch index e0586ce..ad4e418 100644 --- a/suse-packaging.patch +++ b/suse-packaging.patch @@ -1,24 +1,26 @@ ---- easyrsa.orig 2018-09-15 06:21:19.000000000 +0200 -+++ easyrsa 2018-12-03 23:38:04.420888219 +0100 -@@ -315,7 +315,7 @@ - EASYRSA_PKI env-var undefined" +diff --git a/easyrsa b/easyrsa +index e019982..635a2b9 100755 +--- easyrsa ++++ easyrsa +@@ -376,7 +376,7 @@ $out" + verify_ssl_lib () { # make safessl-easyrsa.cnf - make_ssl_config + [ "$1" == "no_safe_ssl_config" ] || make_ssl_config # Verify EASYRSA_OPENSSL command gives expected output if [ -z "$EASYRSA_SSL_OK" ]; then -@@ -415,7 +415,7 @@ +@@ -403,7 +403,7 @@ verify_pki_init() { + help_note="Run easyrsa without commands for usage and command help." - # init-pki backend: - init_pki() { + # check that the pki dir exists - vars_source_check + vars_source_check no_safe_ssl_config - - # If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH) - if [ -e "$EASYRSA_PKI" ]; then -@@ -1124,7 +1124,7 @@ + [ -d "$EASYRSA_PKI" ] || die "\ + EASYRSA_PKI does not exist (perhaps you need to run init-pki)? + Expected to find the EASYRSA_PKI at: $EASYRSA_PKI +@@ -1452,7 +1452,7 @@ vars_setup() { vars= # set up program path @@ -27,7 +29,7 @@ # set up PKI path pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" -@@ -1154,7 +1154,7 @@ +@@ -1482,7 +1482,7 @@ Note: using Easy-RSA configuration from: $vars" fi # Set defaults, preferring existing env-vars if present @@ -36,22 +38,24 @@ set_var EASYRSA_OPENSSL openssl set_var EASYRSA_PKI "$PWD/pki" set_var EASYRSA_DN cn_only -@@ -1185,7 +1185,11 @@ - set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" - set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" - else set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf" -- set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" -+ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then -+ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" -+ else -+ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" -+ fi - fi +@@ -1510,7 +1510,11 @@ Note: using Easy-RSA configuration from: $vars" + set_var EASYRSA_DIGEST sha256 + + set_var EASYRSA_SSL_CONF "$EASYRSA_PKI/openssl-easyrsa.cnf" +- set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" ++ if touch "$EASYRSA/safessl-easyrsa.cnf" &>/dev/null; then ++ set_var EASYRSA_SAFE_CONF "$EASYRSA/safessl-easyrsa.cnf" ++ else ++ set_var EASYRSA_SAFE_CONF "$EASYRSA_PKI/safessl-easyrsa.cnf" ++ fi # Same as above for the x509-types extensions dir ---- vars.example.orig 2018-12-03 23:06:35.863084842 +0100 -+++ vars.example 2018-12-03 23:07:12.538808022 +0100 -@@ -47,7 +47,7 @@ + if [ -d "$EASYRSA_PKI/x509-types" ]; then +diff --git a/vars.example b/vars.example +index f03ea6e..2e1d781 100644 +--- vars.example ++++ vars.example +@@ -47,7 +47,7 @@ fi # itself, which is also where the configuration files are located in the # easy-rsa tree.