I'd like to push this to -current so that it ends up in 7.9.
https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst

fix race condition in TLS handshake that could lead to leaking of
packet data from a previous handshake under specific circumstances
(CVE-2026-40215)

fix server ASSERT() on receiving a suitably malformed packet with a
valid tls-crypt-v2 key (CVE-2026-35058)

ok?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/openvpn/Makefile,v
diff -u -p -r1.145 Makefile
--- Makefile	1 Apr 2026 19:08:19 -0000	1.145
+++ Makefile	22 Apr 2026 22:10:32 -0000
@@ -1,6 +1,6 @@
 COMMENT=	easy-to-use, robust, and highly configurable VPN
 
-DISTNAME=	openvpn-2.7.1
+DISTNAME=	openvpn-2.7.2
 
 CATEGORIES=	net security
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/openvpn/distinfo,v
diff -u -p -r1.73 distinfo
--- distinfo	1 Apr 2026 19:08:19 -0000	1.73
+++ distinfo	22 Apr 2026 22:10:41 -0000
@@ -1,2 +1,2 @@
-SHA256 (openvpn-2.7.1.tar.gz) = mFhHfsKJSopnKXTYZQ3LGvLu/7RomBorYZ8Po4cIEWc=
-SIZE (openvpn-2.7.1.tar.gz) = 2088230
+SHA256 (openvpn-2.7.2.tar.gz) = nD4VCllfyaN1Ih8vqfEFJKnAZFNs+ByW47pmxzW4byY=
+SIZE (openvpn-2.7.2.tar.gz) = 2107857

-- 
jca