security/openvpn: remove 2048-bit legacy Diffie Hellman
I received a fallout complaint from i386 FreeBSD 15-PRERELEASE
builders that, as of now, has no other explanation than a tightened
(if intermediately) SECLEVEL on that machine, and that's due to
Diffie-Hellman 2048 bit parameters, and self-tests are failing
with stereotypical "ee key too small" and "dh key too small".
While it's not clear what the exact cause of the failure is and
if we had a glitch in the OpenSSL 3.5.1 import (Enji updated
the main branch to 3.5.2 shortly after), let's modernize the
setup a bit.
Fallout and Builder logs (I take it the 2nd URL states
that the FreeBSD src branch was at commit c6778f3a442):
https://pkg-status.freebsd.org/beefy17/data/main-i386-default/p98b748365fe6_sc6778f3a442/logs/openvpn-2.6.14.loghttps://pkg-status.freebsd.org/beefy17/build.html?mastername=main-i386-default&build=p98b748365fe6_sc6778f3a442
2025-08-20 11:46:39 OpenVPN 2.6.14 i386-portbld-freebsd15.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
[53 lines not shown]
security/krb5-122: Fix KRB5 GsS MIC Verification
Apply same fix as src/f96110babbe1, also upstream/83cd76b11. This
fixes upstream bug #9181. The result of the bug is the acceptance
of MIC tokens with invalid checksums.
Security: CVE-2025-57736
graphics/swappy: update to 1.7.1
While here:
- switch to use upstream release tarball
- split PLIST_FILES into pkg-plist
- move post-patch target to patch file since the change is about
static content
- sort variable order to make portclippy happy
Changelog: https://github.com/jtheoof/swappy/blob/v1.7.1/CHANGELOG.md
Reported by: GitHub (watch releases)
Revert "security/py-fail2ban: Remove unneeded filter.d files"
While some users want the upstream sshd filters to have the
contents the BSD sshd filters, others use them as is. Revert
this change. Let users decide which to use.
PR: 288849
This reverts commit d906503fb22992a7a92d46365b9f2af31454dee6.