Upgrade to new upstream bugfix release 2.3.14.

Drop files/extra-patch-fix-subnet and corresponding OPTION, since this
is now part of the upstream release.

Changelog:	<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.14>

3 files changed, 6 insertions, 100 deletions

diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile
index b16360401078..3e64bb08071b 100644
--- a/security/openvpn/Makefile
+++ b/security/openvpn/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=		openvpn
-DISTVERSION=		2.3.13
-PORTREVISION=		1
+DISTVERSION=		2.3.14
 CATEGORIES=		security net
 MASTER_SITES=		http://swupdate.openvpn.net/community/releases/ \
 			http://build.openvpn.net/downloads/releases/
@@ -32,8 +31,8 @@ LDFLAGS+=		-L${LOCALBASE}/lib
 CPPFLAGS+=		-DPLUGIN_LIBDIR=\\\"${PREFIX}/lib/openvpn/plugins\\\"
 
 OPTIONS_DEFINE=		PKCS11 EASYRSA DOCS EXAMPLES X509ALTUSERNAME \
-			TUNNELBLICK TEST FIXSUBNET
-OPTIONS_DEFAULT=	EASYRSA OPENSSL TEST FIXSUBNET
+			TUNNELBLICK TEST
+OPTIONS_DEFAULT=	EASYRSA OPENSSL TEST
 OPTIONS_SINGLE=		SSL
 OPTIONS_SINGLE_SSL=	OPENSSL POLARSSL
 # The following feature is always enabled since 2.3.9 and no longer optional.
@@ -43,7 +42,6 @@ EASYRSA_DESC=		Install security/easy-rsa RSA helper package
 POLARSSL_DESC=		SSL/TLS via mbedTLS 1.3.X (not 2.x)
 TUNNELBLICK_DESC=	Tunnelblick XOR scramble patch (READ HELP!)
 X509ALTUSERNAME_DESC=	Enable --x509-username-field (OpenSSL only)
-FIXSUBNET_DESC=		Enable 'topology subnet' fix (experimental)
 
 EASYRSA_RUN_DEPENDS=	easy-rsa>=0:security/easy-rsa
 
@@ -52,8 +50,6 @@ PKCS11_CONFIGURE_ENABLE=	pkcs11
 
 TUNNELBLICK_EXTRA_PATCHES=	${FILESDIR}/extra-tunnelblick-openvpn_xorpatch
 
-FIXSUBNET_EXTRA_PATCHES=	${FILESDIR}/extra-patch-fix-subnet
-
 X509ALTUSERNAME_CONFIGURE_ENABLE=	x509-alt-username
 
 X509ALTUSERNAME_PREVENTS=	POLARSSL
diff --git a/security/openvpn/distinfo b/security/openvpn/distinfo
index dc2f737a991e..fb9730e32aba 100644
--- a/security/openvpn/distinfo
+++ b/security/openvpn/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1478247941
-SHA256 (openvpn-2.3.13.tar.xz) = 9cde0c8000fd32d5275adb55f8bb1d8ba429ff3de35f60a36e81f3859b7537e0
-SIZE (openvpn-2.3.13.tar.xz) = 829484
+TIMESTAMP = 1481159357
+SHA256 (openvpn-2.3.14.tar.xz) = f3a0d0eaf8d544409f76a9f2a238a0cd3dde9e1a9c1f98ac732a8b572bcdee98
+SIZE (openvpn-2.3.14.tar.xz) = 831404
diff --git a/security/openvpn/files/extra-patch-fix-subnet b/security/openvpn/files/extra-patch-fix-subnet
deleted file mode 100644
index 4f95dac692f2..000000000000
--- a/security/openvpn/files/extra-patch-fix-subnet
+++ /dev/null
@@ -1,90 +0,0 @@
-commit 446ef5bda4cdc75d4cb955e274846faff0181fd3
-Author: Gert Doering <gert@greenie.muc.de>
-Date:   Tue Nov 8 13:45:06 2016 +0100
-
-    Repair topology subnet on FreeBSD 11
-    
-    We used to add "route for this subnet" by using our own address as
-    the gateway address, which used to mean "connected to the interface,
-    no gateway".  FreeBSD commit 293159 changed the kernel side of that
-    assumption so "my address" is now always bound to "lo0" - thus, our
-    subnet route also ended up pointing to "lo0", breaking connectivity
-    for all hosts in the subnet except the one we used as "remote".
-    
-    commit 60fd44e501f200 already introduced a "remote address" we use
-    for the "ifconfig tunX <us> <remote>" part - extend that to be used
-    as gateway address for the "tunX subnet" as well, and things will
-    work more robustly.
-    
-    Tested on FreeBSD 11.0-RELEASE and 7.4-RELEASE (client and server)
-    (this particular issue is not present before 11.0, but "adding the
-    subnet route" never worked right, not even in 7.4 - 11.0 just made
-    the problem manifest more clearly)
-    
-    Trac #425
-    URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207831
-    
-    Signed-off-by: Gert Doering <gert@greenie.muc.de>
-    Acked-by: Steffan Karger <steffan.karger@fox-it.com>
-    Message-Id: <20161108124506.32559-1-gert@greenie.muc.de>
-    URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12950.html
-    Signed-off-by: Gert Doering <gert@greenie.muc.de>
-    (cherry picked from commit a433b3813d8c38b491d2baa7b433973f2d6cd7c6)
-
-diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
-index 11027dd..9bb586d 100644
---- ./src/openvpn/tun.c
-+++ ./src/openvpn/tun.c
-@@ -635,8 +635,8 @@ void delete_route_connected_v6_net(struct tuntap * tt,
-  * is still point to point and no layer 2 resolution is done...
-  */
- 
--const char *
--create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc )
-+in_addr_t
-+create_arbitrary_remote( struct tuntap *tt )
- {
-   in_addr_t remote;
- 
-@@ -644,7 +644,7 @@ create_arbitrary_remote( struct tuntap *tt, struct gc_arena * gc )
- 
-   if ( remote == tt->local ) remote ++;
- 
--  return print_in_addr_t (remote, 0, gc);
-+  return remote;
- }
- #endif
- 
-@@ -1126,6 +1126,8 @@ do_ifconfig (struct tuntap *tt,
- 
- #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
- 
-+      in_addr_t remote_end;		/* for "virtual" subnet topology */
-+
-       /* example: ifconfig tun2 10.2.0.2 10.2.0.1 mtu 1450 netmask 255.255.255.255 up */
-       if (tun)
- 	argv_printf (&argv,
-@@ -1138,12 +1140,13 @@ do_ifconfig (struct tuntap *tt,
- 			  );
-       else if ( tt->topology == TOP_SUBNET )
- 	{
-+	    remote_end = create_arbitrary_remote( tt );
- 	    argv_printf (&argv,
- 			  "%s %s %s %s mtu %d netmask %s up",
- 			  IFCONFIG_PATH,
- 			  actual,
- 			  ifconfig_local,
--			  create_arbitrary_remote( tt, &gc ),
-+			  print_in_addr_t (remote_end, 0, &gc),
- 			  tun_mtu,
- 			  ifconfig_remote_netmask
- 			  );
-@@ -1170,7 +1173,7 @@ do_ifconfig (struct tuntap *tt,
-           r.flags = RT_DEFINED;
-           r.network = tt->local & tt->remote_netmask;
-           r.netmask = tt->remote_netmask;
--          r.gateway = tt->local;
-+          r.gateway = remote_end;
-           add_route (&r, tt, 0, NULL, es);
-         }
-