Closes: #988478

The server-setup-with-ca autopkgtest was failing because easyrsa was
interactively asking for input, although the EASYRSA_BATCH variable
was set. Using the --batch command line option fixes this issue.

Closes: #983662

OpenVPN 2.5 slightly changed the output of some steps due to
the switch from iproute2 to the newer Netlink based interface.
This was not noticed because the autopkgtest of OpenVPN is not
run in debci infrastructure (machine-isolation not supported)

This patch was imported from Ubuntu, thanks a lot!

Partially fixes Bug#983662, but there is more work to do

Overview

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass
authentication and access control channel data on servers configured
with deferred authentication, which can be used to potentially trigger
further information leaks.

Detailed description

This bug allows - under very specific circumstances - to trick a server
using delayed authentication (plugin or management) into returning a
PUSH_REPLY before the AUTH_FAILED message, which can possibly be used
to gather information about a VPN setup.

In combination with "--auth-gen-token" or a user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.

Pre-Dependency:
CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010

CVE-Fix:
CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a
CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308
CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06

Closes: #987380

Update to upstream version '2.5.1'
with Debian dir 7ffab8b9a1f4bee8b10a736ef58cdbac4bfd4b14