From cca759b60e59e27fecc36e194e03c0a12bbd0792 Mon Sep 17 00:00:00 2001
From: Matthias Andree <mandree@FreeBSD.org>
Date: Thu, 23 Mar 2017 21:53:58 +0000
Subject: Update to openvpn release 2.4.1

This contains predominently bugfixes and compatibility with
newer OpenSSL/LibreSSL.

Remove one patch that had been cherry-picked from upstream, no longer
needed.

Summary: https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-241
Changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
---
 security/openvpn/Makefile                          |  2 +-
 security/openvpn/distinfo                          |  6 +--
 .../openvpn/files/patch-src_openvpn_ssl__openssl.c | 44 ----------------------
 3 files changed, 4 insertions(+), 48 deletions(-)
 delete mode 100644 security/openvpn/files/patch-src_openvpn_ssl__openssl.c

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index f24ba858548d..2fae57d2b82f 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=		openvpn
-DISTVERSION=		2.4.0
+DISTVERSION=		2.4.1
 PORTREVISION?=		0
 CATEGORIES=		security net
 MASTER_SITES=		http://swupdate.openvpn.net/community/releases/ \
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index 9aa8e110ef26..02041ce3714a 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1482879037
-SHA256 (openvpn-2.4.0.tar.xz) = 6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e
-SIZE (openvpn-2.4.0.tar.xz) = 930948
+TIMESTAMP = 1490301135
+SHA256 (openvpn-2.4.1.tar.xz) = fde9e22c6df7a335d2d58c6a4d5967be76df173c766a5c51ece57fd044c76ee5
+SIZE (openvpn-2.4.1.tar.xz) = 920796
diff --git a/security/openvpn/files/patch-src_openvpn_ssl__openssl.c b/security/openvpn/files/patch-src_openvpn_ssl__openssl.c
deleted file mode 100644
index 36526830318e..000000000000
--- a/security/openvpn/files/patch-src_openvpn_ssl__openssl.c
+++ /dev/null
@@ -1,44 +0,0 @@
-From dcfd3b6173d8cdb4658de23db1dd0bd932b390d2 Mon Sep 17 00:00:00 2001
-From: Olivier Wahrenberger <olivierw.ml@gmail.com>
-Date: Mon, 13 Feb 2017 19:38:26 +0100
-Subject: [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.
-
-Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619
-
-Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
-
-Signed-off-by: Olivier Wahrenberger <olivierw.ml@gmail.com>
-Acked-by: Steffan Karger <steffan.karger@fox-it.com>
-Message-Id: <20170213183826.73008-1-O2Graphics@users.noreply.github.com>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14045.html
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
----
- src/openvpn/ssl_openssl.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 8266595..abf69c9 100644
---- ./src/openvpn/ssl_openssl.c~
-+++ ./src/openvpn/ssl_openssl.c
-@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
-         const EC_GROUP *ecgrp = NULL;
-         EVP_PKEY *pkey = NULL;
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-+        pkey = SSL_CTX_get0_privatekey(ctx->ctx);
-+#else
-         /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
--        SSL ssl;
--        ssl.cert = ctx->ctx->cert;
--        pkey = SSL_get_privatekey(&ssl);
-+        SSL *ssl = SSL_new(ctx->ctx);
-+        if (!ssl)
-+        {
-+            crypto_msg(M_FATAL, "SSL_new failed");
-+        }
-+        pkey = SSL_get_privatekey(ssl);
-+        SSL_free(ssl);
-+#endif
- 
-         msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
- 
-- 
cgit v1.2.3