security/easy-rsa: download & install easyrsa-tools.lib

to support, for instance, easyrsa show-expire

Reported by:	avg@ (Andriy Gapon, by e-mail)

For upstream bug report,
see also:	https://github.com/OpenVPN/easy-rsa/issues/1144

security/easy-rsa: update to 3.2.1

ChangeLog:	https://github.com/OpenVPN/easy-rsa/releases/tag/v3.2.1

security/easy-rsa: revert to 3.1.7

to avoid regressions. Everyone tells me 3.2.0 were a "development
snapshot" and it seems to have broken --req-cn.

Let us revert to 3.1.7 so we don't surprise quarterly tree users
next week.

Reported by:	vvd@

security/easy-rsa: update to 3.2.0; fix pkg-message [1]

ChangeLog:	https://github.com/OpenVPN/easy-rsa/releases/tag/v3.2.0

[1] pkg-message issue
Reported by:	mikael@
PR:		277573

security/easy-rsa: update to 3.1.7

Changelog:	https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.7

security/easy-rsa: update to 3.1.6

Quoting its changes:
   * New commands: 'inline' and 'x509-eku' (#993)
     inline: Build an inline file for a commonName
     x509-eku: Extract X509v3 extended key usage from a certificate
   * Expose serial-check, display-dn, display-san and default-san to
     command line. (#980) (Debugging functions, which remain undocumented)
   * Expand default status to include vars-file and CA status (#973)
   * sign-req: Allow the CSR DN-field order to be preserved (#970)

security/easy-rsa: update to v3.1.5

Changelog: https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.5

security/easy-rsa: update to v3.1.4

ChangeLog: 	https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.4
MFH:		2023Q2

security/easy-rsa: update 3.1.2 → 3.1.3

ChangeLog: https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.3

security/easy-rsa: update to v3.1.2

ChangeLog: https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.2

security/easy-rsa: update to v3.1.1

Changelog:	https://github.com/OpenVPN/easy-rsa/releases/tag/v3.1.1
Detailed:	https://github.com/OpenVPN/easy-rsa/compare/v3.1.0...v3.1.1

also fixes
PR:		266727
Reported by:	topical@gmx.net

security/easy-rsa: sed \s -> [[:space:]]

Fix https://github.com/OpenVPN/easy-rsa/issues/714

Patch suggested (needed to be integrated) and
Reported by:	topical@gmx.net
PR:		266726
MFH:		2022Q4

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/easy-rsa: fix EASYRSA override and locale

* remove our own wrapper, overriding the EASYRSA folder is no
  longer working since 3.1.0.

* patch EasyRSA to unset LC_ALL and override LC_TIME, to avoid
  date command failures

* bump PORTREVISION=2

see comment #7 ff. of
PR:		264415

security/easy-rsa: fix confusion of vars file

...and no longer package it as @sample. It is per-PKI, and easyrsa init-pki
will copy vars.example from the distribution, and create a PKI-local copy
named vars.  Should fix grembo@'s bug report [1]

add a new pkg-message file to explain this.

while here, add a convenience hardlink easy-rsa to the easyrsa wrapper,
to have an executable matching the package name.

PR:		264415
Reported by:	grembo@ (Michael Gmelin)

security/easy-rsa: update to 3.1.0

3.1.0 (2022-05-18)
   * Introduce basic support for OpenSSL version 3 (#492)
   * Update regex in grep to be POSIX compliant (#556)
   * Introduce status reporting tools (#555 & #557)
   * Display certificates using UTF8 (#551)
   * Allow certificates to be created with fixed date offset (#550)
   * Add 'verify' to verify certificate against CA (#549)
   * Add PKCS#12 alias 'friendlyName' (#544)
   * Disallow use of '--vars=FILE init-pki' (#566)
   * Support multiple IP-Addresses in SAN (#564)
   * Add option '--renew-days=NN', custom renew grace period (#557)
   * Add 'nopass' option to the 'export-pkcs' functions (#411)
   * Add support for 'busybox' (#543)

security/easy-rsa: fix cert issuance with BSD grep

easyrsa running on systems with bsdgrep for grep
fails issuing certs because it attempts \d as shorthand for
[[:digit:]] or [0-9] and triggers a grep failure with diagnostic

    grep: trailing backslash (\)

Filed upstream: https://github.com/OpenVPN/easy-rsa/issues/556

PR:		263812
Submitted by:	grembo@

*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

Remove # $FreeBSD$ from Makefiles.

security/easy-rsa: update to 3.0.8

   * Provide --version option (#372)
   * Version information now within generated certificates like on *nix
   * Fixed issue where gen-dh overwrote existing files without warning (#373)
   * Fixed issue with ED/EC certificates were still signed by RSA (#374)
   * Added support for export-p8 (#339)
   * Clarified error message (#384)
   * 2->3 upgrade now errors and prints message when vars isn't found (#377)

security/easy-rsa: Update to v3.0.7

FreeBSD-relevant ChangeLog extract since 3.0.6:
   * Remove RANDFILE environment variable (#261)
   * Workaround for bug in win32 mktemp (#247, #305, PR #312)
   * Handle IP address in SAN and renewals (#317)
   * Workaround for ash and no set -o echo (#319)
   * Shore up windows testing framework (#314)
   * Provide upgrade mechanism for older versions of EasyRSA (#349)
   * Add support for KDC certificates (#322)
   * Add support for Edward Curves (#354, #350)
   * Add support for EASYRSA_PASSIN and EASYRSA_PASSOUT env vars (#368)
   * Add support for RID to SAN (#362)

Update WWW: link in pkg-descr.

Remove patches that have been integrated upstream.

Shuffle USES=-line to please portlint.

Add NO_ARCH=yes, since this is all scripts and text.

Reported by:	Eric F Crist (upstream maintainer)

security/easy-rsa: update to 3.0.6

ChangeLog: <https://github.com/OpenVPN/easy-rsa/releases/tag/v3.0.6>

This also includes a cherry-pick for Issue #261 that happened
only after v3.0.6, <https://github.com/OpenVPN/easy-rsa/issues/261>

Fix security/easy-rsa regression that broke bootstrapping.

v3.0.5 added code that expanded variables, for compatibility with LibreSSL.
This code assumed that the source configuration file could be variable-
expanded and the result could be saved next to the source - which it
cannot, since the latter is under ${PREFIX} where the unprivileged users
should not be able to write.

Add a patch provided by Eric Crist, and rename another file to keep
a sane patch order.

Mark broken pending a band-aid fix from upstream.

Update security/easy-rsa to 3.0.5 release.

ChangeLog: <https://github.com/OpenVPN/easy-rsa/releases/tag/v3.0.5>

Upgrade Easy-RSA to v3.0.4

Upstream's ChangeLog (without Windows-/Travis related changes) since v3.0.1:

* Remove use of egrep (#154)
* Remove "local" from variable assignment (#165)
* Assign values to variables defined previously w/local
* Finally(?) fix the subjectAltName issues presented earlier (really fixes #168)
* copy CSR extensions into signed certificate

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files that are not actually manual pages (part 2).

Install openssl-1.0.cnf as well (EasyRSA-3.0 specific).

Originally install it as ${DATADIR}/*.example and mark it as @sample in
pkg-plist, so that it gets copied to the real file name on installation,
and will not be removed if modified by the user.

Submitted by:	Michele Possamai (e-mail kept private)

Repair breakage on older make implementations (FreeBSD 9.3).

Update security/easy-rsa to major release 3.0.1.

Move a copy of the older package to security/easy-rsa2,
add CONFLICTS_INSTALL markers, and an UPDATING entry.

Changelog: <https://github.com/OpenVPN/easy-rsa/releases>

Update to 2.2.2.

Changes:
  - Default KEY_SIZE to 2048 bits
  - Default the signing hash to SHA256 rather than SHA1 and MD5
  - vars cleanups
  - pkitool cleanups
  - pkitool -days fix for https://community.openvpn.net/openvpn/ticket/198

Approved by:	2 year old fix for SHA1->SHA256.

Cleanup plist

- Remove NO_STAGE as these have been tested to be safe

With hat:	portmgr

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Remove A/An in COMMENT
- Trim Header where applicable

Add a new security/easy-rsa package that contains the bits that got
split out of OpenVPN prior to the current 2.3.0 release, and make that
security/openvpn RUN_DEPENDS on it. Also update UPDATING record.