[Bug 263812] security/easy-rsa: grep error prevents issuing of certs

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 06 May 2022 11:25:32 UTC

            Bug ID: 263812
           Summary: security/easy-rsa: grep error prevents issuing of
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: mandree@FreeBSD.org
          Reporter: grembo@FreeBSD.org
             Flags: maintainer-feedback?(mandree@FreeBSD.org)
          Assignee: mandree@FreeBSD.org

When running easyrsa on FreeBSD 13.0, it fails due to bsdgrep (which is
installed by default now) not understanding "\d" for digit.

So the problematic line is:

    echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'

Which leads to this error:

    grep: trailing backslash (\)

Changing \d to [0-9] fixes the issue (see patch below).

I would suggest this order to approach the issue:

1. Patch easy-rsa in the port, so it works again
2. Check if bsdgrep not understanding \d is on purpose
3. Only if it's not, try to upstream the patch above

--- /usr/local/share/easy-rsa/easyrsa.real~     2022-05-06 11:04:57.000000000
+++ /usr/local/share/easy-rsa/easyrsa.real      2022-05-06 11:10:49.687010000
@@ -1546,7 +1546,7 @@
                easyrsa_openssl req -in "$path" -noout -subject -nameopt
sep_multiline |
                awk -F'=' '/^  *CN=/{print $2}'
-       echo "$cn" | grep -E -q '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$'
+       echo "$cn" | grep -E -q
        #shellcheck disable=SC2181
        if [ $? -eq 0 ]; then
                print "subjectAltName = IP:$cn"

You are receiving this mail because:
You are the assignee for the bug.