From nobody Wed Apr 02 19:35:12 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZSZp90pn7z5rVGb;
	Wed, 02 Apr 2025 19:35:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZSZp82Bfdz3NMF;
	Wed, 02 Apr 2025 19:35:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743622512;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4zcm2jLyW5pyJlHYeWHF6nkPN+L+WIoJS3WF0idxnvM=;
	b=YP4KTmbbFMF75ILrnpH8y//mHQKKd4wOKeJAp74ZepjLj2yyenHafbpV/gSD28dpdumHLW
	/eOIMermtyCSjEVSn/5CEzlsFNNZGQnNvXXIXDVC5TPugy+quxayorzrrU5yMDhdrHczYJ
	r1ek6CXBCPtPk9mgbYLf6SWBljdX3rxaSpF+BFoOdJQRzH9CBmjSQApI+fr4Z6WrQAuVFP
	JEdztq6CFQ0D5QN93kpiPRVPKigudFxXvyCQB0/9OT3o4fUx2vCp8kSHUq/juJeUGbUUbb
	znrnSR/eC/A3gfFdjxPXTcr+SFhbqIZK5yLY2hJGURzMoiF9wG9ofNPRkgsBag==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743622512; a=rsa-sha256; cv=none;
	b=aQ1W7uuA3CKqKpEYbcEi/P5YIdmw2Q/FdEwEwyFM28H9QSJXMjg8rKy9vSLIxgf9LuP1PL
	YhrMGJ9lhza0C0h8LmY5eYG1pFuN0zBCZ4jKpSDDTvttIy3xPkNWesYp1MkP+FXGAQ4cNW
	eFqFGxon8RX1BpUFwRwIER6Fz1AUPB0n1M4UcMM/gLXdoRDmo0YVQUt36pAoWQ/HoW2RxU
	TqdrmUuwMIPt+NHOaEifWmBpPsFyWqrgIv11YHY/BbY6fWhZaMEZWfuGEKBhhIrhh+gBTe
	rVfk7dEvRxOv0oaQcOni1wQVjUABm2jOJZ8LyoFWUfNdlk1NnKS0xDRDqQaX/A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743622512;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4zcm2jLyW5pyJlHYeWHF6nkPN+L+WIoJS3WF0idxnvM=;
	b=iBRE9/+0BtSoimmTpn7dB448Q0L1mgBoxQV+vkchSnBrR4sXEWEMJgytexINPzCH+kO+1j
	us+62BlfsrIb7NYEoKdqYn1hupNmJGwFiIVtyBEvh/hE0qKvmkv92Jz+EsWCRR+PFXoidF
	RkC+Fyc4YfKFD1ryLK3VGkvyPQiEtqP9x56qKKMccJbMK9hcT43vYDcxd3CEijxMj4hrlh
	Ehpc/+YGwuVUF9WMZB88r21LOjXVhLq0gmYdZrhwMSabR8ERlN4Q7Sgs6LiBqCu0h+DXr0
	R0ryEfDw4nx/LvIwq+V5MTl/5OOKmhsyLXPIPbrfQ3WGdQm29HmVAltOR1uCOw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZSZp81dqDzTgM;
	Wed, 02 Apr 2025 19:35:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 532JZC6x048178;
	Wed, 2 Apr 2025 19:35:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 532JZCRo048175;
	Wed, 2 Apr 2025 19:35:12 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 19:35:12 GMT
Message-Id: <202504021935.532JZCRo048175@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Matthias Andree <mandree@FreeBSD.org>
Subject: git: 4c75982ca9f2 - 2025Q2 - security/openvpn: security
  update to 2.6.14
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mandree
X-Git-Repository: ports
X-Git-Refname: refs/heads/2025Q2
X-Git-Reftype: branch
X-Git-Commit: 4c75982ca9f2ddd0db5c07dfd60fd76f79f98104
Auto-Submitted: auto-generated

The branch 2025Q2 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4c75982ca9f2ddd0db5c07dfd60fd76f79f98104

commit 4c75982ca9f2ddd0db5c07dfd60fd76f79f98104
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-04-02 19:26:30 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-04-02 19:34:41 +0000

    security/openvpn: security update to 2.6.14
    
    "Fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2
    
    Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using
    --tls-crypt-v2 can be made to abort with an ASSERT() message by sending
    a particular combination of authenticated and malformed packets.
    
    To trigger the bug, a valid tls-crypt-v2 client key is needed, or
    network observation of a handshake with a valid tls-crypt-v2 client key
    
    No crypto integrity is violated, no data is leaked, and no remote code
    execution is possible.
    
    This bug does not affect OpenVPN clients."
    
    clean up CONFLICTS_INSTALL
    
    ChangeLog:      https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614
    Security:       2cad4541-0f5b-11f0-89f8-411aefea0df9
    Security:       CVE-2025-2704
    MFH:            2025Q2
    (cherry picked from commit 70a3176764f09cfeb26bc8d4c9463e7497a299c0)
    (cherry picked from commit e20a69e3dce88c98be4aa4354c94ffa21bca0b17)
---
 security/openvpn/Makefile | 4 ++--
 security/openvpn/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index e48256c0a03b..c771eea03b22 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=		openvpn
-DISTVERSION=		2.6.13
+DISTVERSION=		2.6.14
 PORTREVISION?=		0
 CATEGORIES=		security net net-vpn
 MASTER_SITES=		https://swupdate.openvpn.org/community/releases/ \
@@ -30,7 +30,7 @@ CONFIGURE_ARGS+=	--enable-strict --with-crypto-library=openssl
 # set PLUGIN_LIBDIR so that unqualified plugin paths are found:
 CONFIGURE_ENV+=		PLUGINDIR="${PREFIX}/lib/openvpn/plugins"
 
-CONFLICTS_INSTALL?=	openvpn-2* openvpn-devel openvpn-mbedtls
+CONFLICTS_INSTALL?=	openvpn-devel
 
 SUB_FILES=		pkg-message openvpn-client
 
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index d9ee1ee81458..9274b1ed493c 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1737076293
-SHA256 (openvpn-2.6.13.tar.gz) = 1af10b86922bd7c99827cc0f151dfe9684337b8e5ebdb397539172841ac24a6a
-SIZE (openvpn-2.6.13.tar.gz) = 1911719
+TIMESTAMP = 1743554391
+SHA256 (openvpn-2.6.14.tar.gz) = 9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a
+SIZE (openvpn-2.6.14.tar.gz) = 1926343