security/easy-rsa: sync with upstream

Taken from: HardenedBSD

security/easy-rsa/Makefile

@@ -1,10 +1,11 @@
 # $FreeBSD$
 
 PORTNAME=	easy-rsa
-DISTVERSION=	3.0.4
+DISTVERSION=	3.0.5
+PORTREVISION=	1
 CATEGORIES=	security net-mgmt
 MASTER_SITES=	https://github.com/OpenVPN/easy-rsa/releases/download/v${DISTVERSION}/
-DISTNAME=	EasyRSA-${DISTVERSION}
+DISTNAME=	EasyRSA-nix-${DISTVERSION}
 
 # Eric F. Crist <ecrist@secure-computing.net> does not require my
 # approval for changes to this package. -- mandree@FreeBSD.org
@@ -18,6 +19,8 @@ CONFLICTS_INSTALL=easy-rsa2-*
 USES=		tar:tgz
 NO_BUILD=	yes
 
+WRKSRC=		${WRKDIR}/EasyRSA-${DISTVERSION}
+
 OPTIONS_DEFINE=		DOCS EXAMPLES
 
 PORTDATA=	x509-types/

security/easy-rsa/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1529952735
-SHA256 (EasyRSA-3.0.4.tgz) = 472167f976c6cb7c860cec6150a5616e163ae20365c81f179811d6ee0779ec5a
-SIZE (EasyRSA-3.0.4.tgz) = 37721
+TIMESTAMP = 1537015455
+SHA256 (EasyRSA-nix-3.0.5.tgz) = 5ebfe7dfa20008aa15cecb136f2b308f6e23e29f17568969a3ba772aa50bbb37
+SIZE (EasyRSA-nix-3.0.5.tgz) = 50270

security/easy-rsa/files/patch-easyrsa

@@ -0,0 +1,46 @@
+--- easyrsa~	2018-09-14 23:21:19.000000000 -0500
++++ easyrsa	2018-09-15 10:21:49.241886000 -0500
+@@ -415,7 +415,6 @@
+ 
+ # init-pki backend:
+ init_pki() {
+-	vars_source_check
+ 
+ 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
+ 	if [ -e "$EASYRSA_PKI" ]; then
+@@ -432,6 +431,11 @@
+ 	for i in private reqs; do
+ 		mkdir -p "$EASYRSA_PKI/$i" || die "Failed to create PKI file structure (permissions?)"
+ 	done
++	
++	if [ ! -f "$EASYRSA_PKI/openssl-easyrsa.cnf" -a -f "$EASYRSA/openssl-easyrsa.cnf" ];
++	then
++		cp "$EASYRSA/openssl-easyrsa.cnf" "$EASYRSA_PKI/openssl-easyrsa.cnf"
++	fi
+ 
+ 	notice "\
+ init-pki complete; you may now create a CA or requests.
+@@ -1180,18 +1184,15 @@
+ 	set_var EASYRSA_REQ_CN		ChangeMe
+ 	set_var EASYRSA_DIGEST		sha256
+ 
+-	# Detect openssl config, preferring EASYRSA_PKI over EASYRSA
+-	if [ -f "$EASYRSA_PKI/openssl-easyrsa.cnf" ]; then
+-		set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
+-		set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+-	else	set_var EASYRSA_SSL_CONF	"$EASYRSA/openssl-easyrsa.cnf"
+-		set_var EASYRSA_SAFE_CONF	"$EASYRSA/safessl-easyrsa.cnf"
+-	fi
++	set_var EASYRSA_SSL_CONF	"$EASYRSA_PKI/openssl-easyrsa.cnf"
++	set_var EASYRSA_SAFE_CONF	"$EASYRSA_PKI/safessl-easyrsa.cnf"
+ 
+ 	# Same as above for the x509-types extensions dir
+ 	if [ -d "$EASYRSA_PKI/x509-types" ]; then
+ 		set_var EASYRSA_EXT_DIR		"$EASYRSA_PKI/x509-types"
+-	else	set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
++	else	
++		#TODO: This should be removed.  Not really suitable for packaging.
++		set_var EASYRSA_EXT_DIR		"$EASYRSA/x509-types"
+ 	fi
+ 
+ 	# EASYRSA_ALGO_PARAMS must be set depending on selected algo

security/easy-rsa/files/patch-zgit-c5ff31e8

@@ -0,0 +1,11 @@
+--- easyrsa
++++ easyrsa
+@@ -546,7 +546,7 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
+ 	if [ $sub_ca ]; then
+ 		notice "\
+ NOTE: Your sub-CA request is at $out_file
+-and now must be sent to you parent CA for signing. Place your resulting cert
++and now must be sent to your parent CA for signing. Place your resulting cert
+ at $EASYRSA_PKI/ca.crt prior to signing operations.
+ "
+ 	else	notice "\