06:22 Matthias Andree (mandree) 

security/openvpn-devel: upgrade port to git commit efad93d049 (2023-11-17)

contains a number of bugfixes and minor improvements, plus fixes
for two bugs that have been assigned CVEs:

- CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use
  a send buffer after it has been free()d in some circumstances, causing
  some free()d memory to be sent to the peer.  All configurations using TLS
  (e.g. not using --secret) are affected by this issue.
  (found while tracking down CVE-2023-46849 / Github #400, #417)

- CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
  restore "--fragment" configuration in some circumstances, leading to
  a division by zero when "--fragment" is used.  On platforms where
  division by zero is fatal, this will cause an OpenVPN crash.

see also https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

Also adjust files/patch-tests__t_cltsrv.sh because upstream commit
d623aa6c29 conflicts with this patch.

Security:	2fe004f5-83fd-11ee-9f5d-31909fb2f495
Security:	CVE-2023-46849
Security:	CVE-2023-46850

    110af6a

14:38 mandree 

Update openvpn-devel to 2016-52 snapshot.

Align with security/openvpn for RC script improvements, dropping the
TUNNELBLICK patch (integrated upstream) and pkg-help file (no longer
required).

Note that pkcs11* and mbedTLS currently do not mix (I randomly checked
different option sets), an issue this port shares with security/openvpn.
"checking mbedtls pkcs11 support...
configure: error: mbedtls has no pkcs11 wrapper compiled in"

PR:		215734
Submitted by:	Eric F. Crist (maintainer)