Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package easy-rsa for openSUSE:Factory checked in at 2024-11-30 13:31:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/easy-rsa (Old) and /work/SRC/openSUSE:Factory/.easy-rsa.new.28523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "easy-rsa" Sat Nov 30 13:31:55 2024 rev:18 rq:1227415 version:3.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/easy-rsa/easy-rsa.changes 2023-10-17 20:25:29.336312466 +0200 +++ /work/SRC/openSUSE:Factory/.easy-rsa.new.28523/easy-rsa.changes 2024-11-30 13:31:57.455981062 +0100 @@ -1,0 +2,71 @@ +Sat Nov 30 02:54:52 UTC 2024 - Richard Rahl <rrahl0@opensuse.org> + +- update to 3.2.1: + * inline: Add decimal value for cert. serial + * Always exit with error for unknown command options + * ntegrate Easy-RSA TLS-Key for use with 'init-pki soft' + * easyrsa-tools.lib, show-expire: Add CA certificate to report + * inline: OpenVPN TLS Keys inlining for TLS-AUTH, TLS-CRYPT-V1 + * easyrsa-tools.lib: OpenVPN TLS Key gen. TLS-AUTH, TLS-CRYPT-V1 + * easyrsa-tools.lib: expire_status_v2() (show-expire version 2) + * sign-req: Require 128bit serial number + * Move command 'verify-cert' to Tools-lib; drop 'verify' shortcut + * Windows secure_session(): Ensure $secured_session dir is created + * Switch to '-f' for file existence + * inline: Move auto-inline from build_full() to sign_req() + * gen-crl: Create additional CRL in DER format + * self-sign: Allow Edwards Curve based keys + * Re-enable command 'renew' (version 2): Requires EasyRSA Tools + * bug-fix: revoke: Pass the correct certificate location + * vars.example: Add flags for auto-SAN and X509 critical attribute + * Global option --eku-crit: Mark X509 extendedKeyUsage as critical + * sign-req: Add critical and pathlen details to confirmation + * export-p12: Automatically generate inline file + * Introduce global option --auto-san, use commonName as SAN + * Introduce global option --san-crit, mark SAN critical + * Introduce new global options: --ku-crit and --bc-crit + * gen-req: Always check for existing request file + * revoke/revoke-expired/-renewed: Keep duplicate certificate + * revoke-expired/-renewed: Keep req/key files for resigning + * revoke: Add abbreviations for optional 'reason' + * build-ca: Allow use of --req-cn without batch mode + * gen-req: Re-enable use of --req-cn + * write: Change syntax, target as file, not directory +- update to 3.2.0: + * Revert ca76697: Restore escape_hazard() + * New X509 Type: 'selfsign' Internal only + * New commands: self-sign-server and self-sign-client + * build-ca: Command 'req', remove SSL option '-keyout' + * Remove escape_hazard(), obsolete + * Remove command and function display_cn(), unused + * docs: Update EasyRSA-Renew-and-Revoke.md + * Remove all 'renew' code; replaced by 'expire' code + * Introduce commands: 'expire' and 'revoke-expired' + * Keep request files [CSR] when revoking certificates + * Restrict use of --req-cn to build-ca + * Remove command 'display-san' (Code removed in 5a06f94) + * Move Status Reports to 'easyrsa-tools.lib' + * export-p12, OpenSSL v1.x: Upgrade PBE and MAC options + * LibreSSL: Add fix for missing 'x509' option '-ext' + * Variable heredoc expansion for SSL/Safe Config file + * Always use here-doc version of openssl-easyrsa.cnf + * export-p12: New command option 'legacy'. OpenSSL V3 Only + * export-p12: Always set 'friendlyName' to file-name-base + * As of Easy-RSA version 3.2.0-beta1, the configuration files + vars.example, openssl-eayrsa.cnf and all files in x509-types directory + are no longer required + * Rename X509-type file code-signing to codeSigning + * init-pki: Always write vars.example file to fresh PKI + * New command 'write': Write 'legacy' files to stdout or files + * Remove command 'make-safe-ssl': Replaced by command 'write safe-cnf' + * New Command 'rand': Expose easyrsa_random() to the command line + * Remove function 'set_pass_legacy()' + * Remove command 'rewind-renew' + * Remove command 'rebuild' + * Remove command 'upgrade' + * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file + * New diagnostic command 'display-cn' + * Expand renewable certificate types to include code-signing +- attach a source to keyring + +------------------------------------------------------------------- Old: ---- EasyRSA-3.1.7.tgz EasyRSA-3.1.7.tgz.sig New: ---- EasyRSA-3.2.1.tgz EasyRSA-3.2.1.tgz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ easy-rsa.spec ++++++ --- /var/tmp/diff_new_pack.zs2iXs/_old 2024-11-30 13:31:58.356018550 +0100 +++ /var/tmp/diff_new_pack.zs2iXs/_new 2024-11-30 13:31:58.356018550 +0100 @@ -1,7 +1,7 @@ # # spec file for package easy-rsa # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # Copyright (c) 2015 Stefan Jakobs. # # All modifications and additions to the file contributed by third parties @@ -19,16 +19,14 @@ %define pname EasyRSA Name: easy-rsa -Version: 3.1.7 +Version: 3.2.1 Release: 0 Summary: CLI utility to build and manage a PKI CA License: GPL-2.0-or-later -Group: Productivity/Networking/Security URL: https://github.com/OpenVPN/easy-rsa -Source: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz -Source1: https://github.com/OpenVPN/%{name}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig -# https://github.com/OpenVPN/easy-rsa/tree/master/release-keys -Source2: %{name}.keyring +Source: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz +Source1: %{url}/releases/download/v%{version}/%{pname}-%{version}.tgz.sig +Source2: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6f4056821152f03b6b24f2fcf8489f839d7367f3#/%{name}.keyring Patch100: suse-packaging.patch BuildArch: noarch ++++++ EasyRSA-3.1.7.tgz -> EasyRSA-3.2.1.tgz ++++++ ++++ 9406 lines of diff (skipped) ++++++ easy-rsa.keyring ++++++ ++++ 1974 lines (skipped) ++++ between easy-rsa.keyring ++++ and /work/SRC/openSUSE:Factory/.easy-rsa.new.28523/easy-rsa.keyring ++++++ suse-packaging.patch ++++++ --- /var/tmp/diff_new_pack.zs2iXs/_old 2024-11-30 13:31:58.532025881 +0100 +++ /var/tmp/diff_new_pack.zs2iXs/_new 2024-11-30 13:31:58.536026048 +0100 @@ -1,18 +1,7 @@ ---- EasyRSA-3.1.7/easyrsa.orig 2023-10-17 08:27:37.665021587 +0200 -+++ EasyRSA-3.1.7/easyrsa 2023-10-17 08:34:59.943976542 +0200 -@@ -1440,10 +1440,7 @@ - # "$EASYRSA" - Old default and Windows - # "$PWD" - Usually the same as above, avoid - # "${0%/*}" - Usually the same as above, avoid -- # '/usr/local/share/easy-rsa' - Default user installed -- # '/usr/share/easy-rsa' - Default system installed -- # Room for more.. -- # '/etc/easy-rsa' - Last resort -+ # '/etc/easy-rsa' - - # Find and optionally copy data-files, in specific order - for area in \ -@@ -1451,8 +1448,6 @@ +diff -rub EasyRSA-3.2.1/easyrsa EasyRSA-3.2.1-patched/easyrsa +--- EasyRSA-3.2.1/easyrsa 2024-09-13 20:04:18.000000000 +0200 ++++ EasyRSA-3.2.1-patched/easyrsa 2024-11-27 15:30:40.171687859 +0100 +@@ -1510,8 +1510,6 @@ "$EASYRSA" \ "$PWD" \ "${0%/*}" \