security/openvpn-devel: upgrade port to git commit df4863aa0e (2025-06-27)

This commit brings the port to "openvpn 2.7_alpha2" with a few extra
bugfixes.

There is one significant change here: the "old way" to update DNS
config via "--up contrib/pull-resolv-conf/client.up" and plugin-down-root.sh
has been replaced by a built-in mechanism (--dns-updown $script),
which is no loger "contributed" but maintained upstream, and brings
its own privilege separation / down-root mechanism.  The old
contrib/pull-resolv-conf scripts have been removed from the upstream
distribution.

The port-specific "openvpn-client" script has been adjusted to do
the same thing ("run a client config with DNS setup") with the new
mechanism.

Besides this, this update has a number of minor bugfixes and improvements
to documentation, logging and testing infrastructure.

PR:		287892

security/openvpn-devel/Makefile

@@ -1,5 +1,5 @@
 PORTNAME=	openvpn
-DISTVERSION=	g20250402
+DISTVERSION=	g20250629
 PORTREVISION=	0  # leave in even if 0 to avoid accidental PORTEPOCH bumps
 PORTEPOCH=	1
 CATEGORIES=	security net net-vpn
@@ -21,7 +21,7 @@ LIB_DEPENDS+=	liblzo2.so:archivers/lzo2
 USES=		autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz
 IGNORE_SSL=	libressl libressl-devel
 USE_GITLAB=	yes
-GL_TAGNAME=	b75849ba36433331227ff66430ea06423fab8148
+GL_TAGNAME=	df4863aa0e43544ea82ab9d98966a03a95c62334
 USE_RC_SUBR=	openvpn
 
 SHEBANG_FILES=	sample/sample-scripts/auth-pam.pl \
@@ -137,8 +137,6 @@ post-build:
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/openvpn/plugins/openvpn-plugin-down-root.so
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.up ${STAGEDIR}${PREFIX}/libexec/openvpn-client.up
-	${INSTALL_SCRIPT} ${WRKSRC}/contrib/pull-resolv-conf/client.down ${STAGEDIR}${PREFIX}/libexec/openvpn-client.down
 	${INSTALL_SCRIPT} ${WRKDIR}/openvpn-client ${STAGEDIR}${PREFIX}/sbin/openvpn-client
 	${MKDIR} ${STAGEDIR}${PREFIX}/include
 

security/openvpn-devel/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1743619255
+TIMESTAMP = 1751182633
-SHA256 (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 402e312f3d6be0a881ae068e3a52b96dece7d49cdddb0fd876ea7f06e4cff5dd
+SHA256 (openvpn-openvpn-df4863aa0e43544ea82ab9d98966a03a95c62334_GL0.tar.gz) = a1f756efc7aba2fdb79231a9eede327ce4242a777c88e7eaad3cb11d9197157c
-SIZE (openvpn-openvpn-b75849ba36433331227ff66430ea06423fab8148_GL0.tar.gz) = 1292100
+SIZE (openvpn-openvpn-df4863aa0e43544ea82ab9d98966a03a95c62334_GL0.tar.gz) = 1319214

security/openvpn-devel/files/openvpn-client.in

@@ -1,6 +1,5 @@
 #!/bin/sh
 
-exec %%PREFIX%%/sbin/openvpn --script-security 2 \
+exec %%PREFIX%%/sbin/openvpn \
-    --up %%PREFIX%%/libexec/openvpn-client.up \
+    --dns-updown force \
-    --plugin openvpn-plugin-down-root.so %%PREFIX%%/libexec/openvpn-client.down \
     --config "$@"

security/openvpn-devel/pkg-descr

@@ -4,8 +4,8 @@ using an encrypted tunnel over the internet. It can operate over UDP or TCP,
 can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
 server can handle many clients.
 
-This development port is updated frequently and is likely NOT STABLE.  This is
+This development port is updated frequently and is much less well tested
-an untested tar of the source tree.  We attempt to omit inoperable states, but
+than the formal releases, and functionality and APIs may change without
-there is a good chance this program will not run.
+warning.
 
-DO NOT USE IN PRODUCTION WITHOUT CAUTION
+DO NOT USE IN PRODUCTION WITHOUT PRIOR TESTING FOR YOUR USE CASE.

security/openvpn-devel/pkg-plist

@@ -5,6 +5,5 @@ lib/openvpn/plugins/openvpn-plugin-down-root.so
 share/man/man5/openvpn-examples.5.gz
 share/man/man8/openvpn.8.gz
 sbin/openvpn
-libexec/openvpn-client.down
-libexec/openvpn-client.up
 sbin/openvpn-client
+libexec/openvpn/dns-updown