- Security update to version 2.1_rc9 to fix CVE-2008-3459

(arbitrary code execution).
- VulnDB update was submitted in a previous PR.
- Add PKCS#11 option which explicitly disables PKCS11 at
  build time if not desired to avoid invisible pkcs11-helper
  dependency, else openvpn would silently pick up security/pkcs11-helper.

PR:		126356
Submitted by:	Matthias Andree <matthias.andree@gmx.de> (maintainer)

security/openvpn-devel/Makefile

@@ -6,10 +6,9 @@
 #
 
 PORTNAME=	openvpn
-DISTVERSION=	2.1_rc8
-PORTREVISION=	1
+DISTVERSION=	2.1_rc9
 CATEGORIES=	security net
-MASTER_SITES=	https://secure.openvpn.net/beta/
+MASTER_SITES=	http://openvpn.net/release/
 PKGNAMESUFFIX=	-devel
 
 MAINTAINER=	matthias.andree@gmx.de
@@ -26,7 +25,8 @@ INSTALL_TARGET=	install mandir=${MANPREFIX}/man
 
 MAN8=		openvpn.8
 
-OPTIONS=	PW_SAVE "Interactive passwords may be read from a file" off
+OPTIONS=	PW_SAVE "Interactive passwords may be read from a file" off \
+		PKCS11  "Use security/pkcs11-helper" off
 
 USE_RC_SUBR=	openvpn.sh
 USE_LDCONFIG=	${PREFIX}/lib
@@ -52,6 +52,12 @@ LIB_DEPENDS+=	lzo.1:${PORTSDIR}/archivers/lzo
 CONFIGURE_ARGS+=	--enable-password-save
 .endif
 
+.if defined(WITH_PKCS11)
+LIB_DEPENDS+=	pkcs11-helper.1:${PORTSDIR}/security/pkcs11-helper
+.else
+CONFIGURE_ARGS+=	--disable-pkcs11
+.endif
+
 post-patch:
 	@${FIND} ${WRKSRC} -name \*.orig -delete
 

security/openvpn-devel/distinfo

@@ -1,3 +1,3 @@
-MD5 (openvpn-2.1_rc8.tar.gz) = 059dfb6e21b503687c6b4a8a1b0034ac
-SHA256 (openvpn-2.1_rc8.tar.gz) = 0c80db02ff783b23f91f230bc769aaec96bab405106829283a3b9c4702822ed0
-SIZE (openvpn-2.1_rc8.tar.gz) = 809545
+MD5 (openvpn-2.1_rc9.tar.gz) = f435e4ad43cf4323e942da570bae4951
+SHA256 (openvpn-2.1_rc9.tar.gz) = f73ec227a5fb7f4c73190e7ae52a59a4db149e8d628f22e8a0a762a58fbb424d
+SIZE (openvpn-2.1_rc9.tar.gz) = 818716