<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/e5d5a85af82b4d06e014d618b61683624103dc2f">https://github.com/macports/macports-ports/commit/e5d5a85af82b4d06e014d618b61683624103dc2f</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new e5d5a85af82 privoxy: Fix -passout passphrase duplication code with newline bug
</span>e5d5a85af82 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit e5d5a85af82b4d06e014d618b61683624103dc2f
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Tue Nov 9 07:10:07 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> privoxy: Fix -passout passphrase duplication code with newline bug
</span>---
www/privoxy/Portfile | 19 +++++++++++++------
www/privoxy/files/openssl.cnf | 13 +++++++++----
2 files changed, 22 insertions(+), 10 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/Portfile b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index f818bcc7286..6ecad8a2638 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,7 +6,7 @@ PortGroup perl5 1.0
</span>
name privoxy
version 3.0.32
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 5
</span> categories www security net
platforms darwin
license GPL-2
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -284,15 +284,14 @@ variant https_inspection \
</span>
post-activate {
# CA passphrase
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # generate a strong password, use for openssl -passin and -passout
</span> set tls_ca_passphrase \
[correct_horse_battery_staple]
set tls_ca_passphrase_fd \
[open ${tls_ca_dir}/private/passphrase.txt w 0600]
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # see `man openssl` for -passin and -passout used together
</span> # -passin or -passout
puts ${tls_ca_passphrase_fd} \
${tls_ca_passphrase}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- puts ${tls_ca_passphrase_fd} "\n"
</span> # -passout
puts ${tls_ca_passphrase_fd} \
${tls_ca_passphrase}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -333,6 +332,8 @@ variant https_inspection \
</span> -inkey private/ca.key.pem -in certs/ca.cert.pem \\
-passin file:private/passphrase.txt \\
-passout file:private/passphrase.txt
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span> TLS_PRIVOXY_ROOT_CA
"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -383,13 +384,17 @@ TLS_PRIVOXY_ROOT_CA
</span> notes "Configure HTTPS inspection by creating a local Privoxy \
certificate authority (CA). As sudo:
<span style='display:block; white-space:pre;background:#ffe0e0;'>- cp -r ${prefix}/etc/privoxy/ca.macports ca.hostname && cd ca.hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp -R ${prefix}/etc/privoxy/ca.macports ca.hostname && cd ca.hostname
</span> # edit openssl.cnf for your local organizationName, commonName, etc.
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # generate a strong password, use for both -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # avoid passphrases with '#' as the passphrase is set in config
</span> sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null \\
| paste -s -d -- '-' 1> private/passphrase.txt
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat private/passphrase.txt private/passphrase.txt > private/passphrase-dbl.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && mv private/passphrase-dbl.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || rm -f private/passphrase-dbl.txt
</span> chmod go-rwx private/passphrase.txt
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # avoid passphrases with '#' as the passphrase is set in config
</span>
# private key (EC)
openssl genpkey -out private/ca.key.pem -algorithm EC \\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -408,7 +413,9 @@ certificate authority (CA). As sudo:
</span> openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
openssl pkcs12 -export -out certs/ca.p12 -inkey private/ca.key.pem \\
-in certs/ca.cert.pem -passin file:private/passphrase.txt \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>- -passout pass:\$(head private/passphrase.txt)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span>
# Install the Privoxy PKI
cp -p private/ca.key.pem certs/ca.cert.pem certs/ca.cer certs/ca.p12 \\
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/files/openssl.cnf b/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;color:#808080;'>index af1d1facb82..013d6c6d3e5 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -24,9 +24,12 @@
</span> # touch index.txt
# echo 1000 > serial
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# CA certificate encrypted key passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate encrypted key passphrase, both -passin and -passout
</span> # sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null | paste -s -d -- '-' \
# 1>private/passphrase.txt || true
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# cat private/passphrase.txt private/passphrase.txt > private/passphrase-dbl.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# && mv private/passphrase-dbl.txt private/passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# || rm -f private/passphrase-dbl.txt
</span> # chmod go-rwx private/passphrase.txt
# CA encrypted key
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -35,8 +38,8 @@
</span> # -pkeyopt ec_paramgen_curve:P-384 -aes256 \
# -pass file:private/passphrase.txt
# RSA
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # openssl genrsa -aes256 -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # -passout file:private/passphrase.txt
</span>
# CA certificate
# openssl req -config openssl.cnf \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -57,7 +60,9 @@
</span> # openssl pkcs12 -export -out certs/ca.p12 \
# -inkey private/ca.key.pem -in certs/ca.cert.pem \
# -passin file:private/passphrase.txt \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# -passout pass:$(head -1 private/passphrase.txt)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span>
[ca]
default_ca = CA_default
</pre><pre style='margin:0'>
</pre>