security/openvpn-devel: upgrade port to git commit 4281449ba4 (2.7_rc1, 2025-10-31)
This commit brings the port to "openvpn 2.7_rc1".
Changes of interest for FreeBSD:
- even more type conversion related warnings have been fixed
- more bugfixes related to BYTECOUNT display on the management interface and byte counters on DCO platforms in general
- numerous minibugs reported by ZeroPath AI have been fixed (small memleaks, possible file descriptor leaks, improved sanity checks, add ASSERT() on function contracts, etc.)
- add warning for unsupported combination of --push and --tls-server
- add warning for unsupported combination of --reneg-bytes or --reneg-pkts with DCO
- remove perf_push()/perf_pop() infrastructure (because it did not work anymore, and compiler profiling will give better results today)
- ensure compatibility with OpenSSL 3.6.0 - specifically, do not crash in t_lpback.sh trying to use new encrypt-then-mac (ETM) ciphers
- improved PUSH_UPDATE server side support, which now handles changes of pushed ifconfig/ifconfig-ipv6 addresses correctly (send packets to new IP addresses to this client, stop sending packets to the old addresses).
- bugfixes reconnect and PUSH_UPDATE handling on the client side (notably handling of ifconfig/ifconfig-ipv6/redirect-gateway ipv6 if the server is not always pushing the same address families)
- improve CONTRIBUTING documentation
- clean up and remove outdated stuff from COPYING
- freshen URLs all over the tree, and change to HTTPS where possible
- on DCO Linux/FreeBSD, add support for clients receiving an IPv4/IPv6 address that is not part of the --server/--server-ipv6 subnet (= install extra on-interface host routes).
- remove undocumented and unused --memstats feature
- improve "recursive routing checks", prepare the way for a policy-based setup where "packets to VPN server" could end up in the tunnel without interfering with OpenVPN operations
(cherry picked from commit e4baec8206e849270394a508040cbcaa6d9275d4)
PR: 290715