MFC: SECURITY update to openvpn-2.6.16
Fixes CVE-2025-13086
|Fix memcmp check for the hmac verification in the 3way handshake.
|This bug renders the HMAC based protection against state exhaustion on
|receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
Full changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.16/Changes.rst
SECURITY update to openvpn-2.6.16
Fixes CVE-2025-13086
|Fix memcmp check for the hmac verification in the 3way handshake.
|This bug renders the HMAC based protection against state exhaustion on
|receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
Full changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.16/Changes.rst
merge textproc/libxml,-python (py3-libxml) into textproc/libxml; there's no
direct equivalent any more (py3-lxml is the suggested replacement but it's
not a drop-in) and having the old package lying around causes an issue for
updates.
drop @pkgpath textproc/libxml; this was copied from PLIST-main but is the
default for a package built from ports/textproc/libxml without multipackages
anyway. update path is ok with just this; it was present directly in
PLIST-main so there's a valid update path. (that is ok because libxml
went from single- to multi-packages and back again; had it started as
multi-packages in the first place there would have been no @pkgpath in
PLIST-main - had that been the case, we'd need @pkgpath textproc,-main).
ok aja landry
Update qcad to 3.32.4.0
Patch the qmake project to build each plugin with "CONFIG += plugin"
and each library without "CONFIG += plugin". Stop building
libstemmer.a; qcad links to textproc/libstemmer. Drop some old
patches. Drop x11/qt5/webengine from RUN_DEPENDS.
https://marc.info/?l=openbsd-ports&m=176332651300900&w=2
ok rsadowski@
update py-jwt to 2.10.1
Some of the interfaces changed, and ports like py-flask-jwt-extended depend
on the newer version of jwt. Also fix license marker.
ok MAINTAINER