MFH: r516218
security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8
This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.
Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."
High-level changes:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248
Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:
- mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() [Antonio Quartulli]
- openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
- Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert Doering]
- Ignore --pull-filter for --mode server [Richard Bonhomme]
- Fix typo in NTLM proxy debug message [Mykola Baibuz]
- tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans]
- Handle PSS padding in cryptoapicert [Selva Nair]
- Fix regression, reinstate LibreSSL support. [Matthias Andree]
- Increase listen() backlog queue to 32 [Gert Doering]
- Wrong FILETYPE in .rc files [Gisle Vanem]
- Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen]
- man: correct the description of --capath and --crl-verify regarding CRLs [Michal Soltys]
- Fix various compiler warnings [Lev Stipakov]
- build: Package missing mock_msg.h [David Sommerseth]
- cmocka: use relative paths [Steffan Karger]
- docs: Update INSTALL [David Sommerseth]
- Better error message when script fails due to script-security setting [Selva Nair]
- Fix documentation of tls-verify script argument [Thomas Quinot]
Detailed changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8
Build tests in poudriere and in a live system succeeded on:
11.2-RELEASE 1102000 arm64.aarch64
11.2-RELEASE 1102000 mips.mips64
11.2-RELEASE-p14 i386
11.3-RELEASE-p3 amd64
12.0-RELEASE-p10 i386
12.0-RELEASE-p6 amd64
12.0-RELEASE-p10 amd64 (live)
Approved by: ports-secteam@ (joneum@)