<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.

</pre>
<p><a href="https://github.com/macports/macports-ports/commit/e5d5a85af82b4d06e014d618b61683624103dc2f">https://github.com/macports/macports-ports/commit/e5d5a85af82b4d06e014d618b61683624103dc2f</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'>     new e5d5a85af82 privoxy: Fix -passout passphrase duplication code with newline bug
</span>e5d5a85af82 is described below

<span style='display:block; white-space:pre;color:#808000;'>commit e5d5a85af82b4d06e014d618b61683624103dc2f
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Tue Nov 9 07:10:07 2021 -0500

<span style='display:block; white-space:pre;color:#404040;'>    privoxy: Fix -passout passphrase duplication code with newline bug
</span>---
 www/privoxy/Portfile          | 19 +++++++++++++------
 www/privoxy/files/openssl.cnf | 13 +++++++++----
 2 files changed, 22 insertions(+), 10 deletions(-)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/Portfile b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index f818bcc7286..6ecad8a2638 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,7 +6,7 @@ PortGroup           perl5 1.0
</span> 
 name                privoxy
 version             3.0.32
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision            4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision            5
</span> categories          www security net
 platforms           darwin
 license             GPL-2
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -284,15 +284,14 @@ variant https_inspection \
</span> 
     post-activate {
         # CA passphrase
<span style='display:block; white-space:pre;background:#e0ffe0;'>+        # generate a strong password, use for openssl -passin and -passout
</span>         set tls_ca_passphrase \
             [correct_horse_battery_staple]
         set tls_ca_passphrase_fd \
             [open ${tls_ca_dir}/private/passphrase.txt w 0600]
<span style='display:block; white-space:pre;background:#ffe0e0;'>-        # see `man openssl` for -passin and -passout used together
</span>         # -passin or -passout
         puts ${tls_ca_passphrase_fd} \
             ${tls_ca_passphrase}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-        puts ${tls_ca_passphrase_fd} "\n"
</span>         # -passout
         puts ${tls_ca_passphrase_fd} \
             ${tls_ca_passphrase}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -333,6 +332,8 @@ variant https_inspection \
</span>                 -inkey private/ca.key.pem -in certs/ca.cert.pem \\
                 -passin file:private/passphrase.txt \\
                 -passout file:private/passphrase.txt
<span style='display:block; white-space:pre;background:#e0ffe0;'>+            # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span> TLS_PRIVOXY_ROOT_CA
 "
 
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -383,13 +384,17 @@ TLS_PRIVOXY_ROOT_CA
</span>     notes "Configure HTTPS inspection by creating a local Privoxy \
 certificate authority (CA). As sudo:
 
<span style='display:block; white-space:pre;background:#ffe0e0;'>-        cp -r ${prefix}/etc/privoxy/ca.macports ca.hostname && cd ca.hostname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        cp -R ${prefix}/etc/privoxy/ca.macports ca.hostname && cd ca.hostname
</span>         # edit openssl.cnf for your local organizationName, commonName, etc.
 
<span style='display:block; white-space:pre;background:#e0ffe0;'>+        # generate a strong password, use for both -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        # avoid passphrases with '#' as the passphrase is set in config
</span>         sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null \\
             | paste -s -d -- '-' 1> private/passphrase.txt
<span style='display:block; white-space:pre;background:#e0ffe0;'>+        cat private/passphrase.txt private/passphrase.txt > private/passphrase-dbl.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            && mv private/passphrase-dbl.txt private/passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            || rm -f private/passphrase-dbl.txt
</span>         chmod go-rwx private/passphrase.txt
<span style='display:block; white-space:pre;background:#ffe0e0;'>-        # avoid passphrases with '#' as the passphrase is set in config
</span> 
         # private key (EC)
         openssl genpkey -out private/ca.key.pem -algorithm EC \\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -408,7 +413,9 @@ certificate authority (CA). As sudo:
</span>         openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
         openssl pkcs12 -export -out certs/ca.p12 -inkey private/ca.key.pem \\
             -in certs/ca.cert.pem -passin file:private/passphrase.txt \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>-            -passout pass:\$(head private/passphrase.txt)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+        openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span> 
         # Install the Privoxy PKI
         cp -p private/ca.key.pem certs/ca.cert.pem certs/ca.cer certs/ca.p12 \\
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/files/openssl.cnf b/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;color:#808080;'>index af1d1facb82..013d6c6d3e5 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -24,9 +24,12 @@
</span> # touch index.txt
 # echo 1000 > serial
 
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# CA certificate encrypted key passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate encrypted key passphrase, both -passin and -passout
</span> # sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null | paste -s -d -- '-' \
 #     1>private/passphrase.txt || true
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# cat private/passphrase.txt private/passphrase.txt > private/passphrase-dbl.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     && mv private/passphrase-dbl.txt private/passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     || rm -f private/passphrase-dbl.txt
</span> # chmod go-rwx private/passphrase.txt
 
 # CA encrypted key
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -35,8 +38,8 @@
</span> #     -pkeyopt ec_paramgen_curve:P-384 -aes256 \
 #     -pass file:private/passphrase.txt
 # RSA
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#     -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # openssl genrsa -aes256 -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# #     -passout file:private/passphrase.txt
</span> 
 # CA certificate
 # openssl req -config openssl.cnf \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -57,7 +60,9 @@
</span> # openssl pkcs12 -export -out certs/ca.p12 \
 #     -inkey private/ca.key.pem -in certs/ca.cert.pem \
 #     -passin file:private/passphrase.txt \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-#     -passout pass:$(head -1 private/passphrase.txt)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -passout file:private/passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkcs12 -noout -in certs/ca.p12 -passin file:private/passphrase.txt
</span> 
 [ca]
 default_ca        = CA_default
</pre><pre style='margin:0'>

</pre>