security/openssl: Update to 1.0.2m

 - Remove patch now included upstream
 - Include post-release patch for clang build error

MFH:		2017Q4
Security:	3bb451fc-db64-11e7-ac58-b499baebfeaf

4 files changed, 52 insertions, 32 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index abb349fd47cc..808e958181b7 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	openssl
-PORTVERSION=	1.0.2m
+PORTVERSION=	1.0.2n
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 432f07b68d07..b7a9e36a64be 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1509655985
-SHA256 (openssl-1.0.2/openssl-1.0.2m.tar.gz) = 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f
-SIZE (openssl-1.0.2/openssl-1.0.2m.tar.gz) = 5373776
+TIMESTAMP = 1512655797
+SHA256 (openssl-1.0.2/openssl-1.0.2n.tar.gz) = 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe
+SIZE (openssl-1.0.2/openssl-1.0.2n.tar.gz) = 5375802
 SHA256 (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
 SIZE (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
 SHA256 (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
diff --git a/security/openssl/files/patch-ssl_fatalerrtest.c b/security/openssl/files/patch-ssl_fatalerrtest.c
new file mode 100644
index 000000000000..91765d65c4b5
--- /dev/null
+++ b/security/openssl/files/patch-ssl_fatalerrtest.c
@@ -0,0 +1,48 @@
+From a4597f079bf2662e06d505538f83b6b610c41c7c Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 7 Dec 2017 14:40:49 +0000
+Subject: [PATCH] Fix initialisation in fatalerrtest
+
+---
+ ssl/fatalerrtest.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ssl/fatalerrtest.c b/ssl/fatalerrtest.c
+index 0288c33fa2e..749bc3697ea 100644
+--- ssl/fatalerrtest.c.orig
++++ ssl/fatalerrtest.c
+@@ -13,8 +13,8 @@
+ 
+ int main(int argc, char *argv[])
+ {
+-    SSL_CTX *sctx, *cctx;
+-    SSL *sssl, *cssl;
++    SSL_CTX *sctx = NULL, *cctx = NULL;
++    SSL *sssl = NULL, *cssl = NULL;
+     const char *msg = "Dummy";
+     BIO *err = NULL, *wbio = NULL;
+     int ret = 1, len;
+From b24e0573c6838e8d726fb16d558c562ce4e8f025 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 7 Dec 2017 14:41:21 +0000
+Subject: [PATCH] Fix the buffer sizing in the fatalerrtest
+
+Fixes #4865
+---
+ ssl/fatalerrtest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/fatalerrtest.c b/ssl/fatalerrtest.c
+index 749bc3697ea..f9d66e27b30 100644
+--- ssl/fatalerrtest.c.orig
++++ ssl/fatalerrtest.c
+@@ -76,7 +76,7 @@ int main(int argc, char *argv[])
+     }
+ 
+     /* SSL_read()/SSL_write should fail because of a previous fatal error */
+-    if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) {
++    if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) {
+         buf[len] = '\0';
+         printf("Unexpected success reading data: %s\n", buf);
+         goto err;
+
diff --git a/security/openssl/files/patch-ssl_s23__clnt.c b/security/openssl/files/patch-ssl_s23__clnt.c
deleted file mode 100644
index 0bb3bae5fd17..000000000000
--- a/security/openssl/files/patch-ssl_s23__clnt.c
+++ /dev/null
@@ -1,28 +0,0 @@
-From 98fe34c30fe1fb7be3023e4c1458da73f8e55da9 Mon Sep 17 00:00:00 2001
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Thu, 2 Nov 2017 18:53:16 +0100
-Subject: [PATCH] Fix no-ssl3-method build
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-GH: #4649
----
- ssl/s23_clnt.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
-index 92f41dd549a..05b892b7238 100644
---- ssl/s23_clnt.c.orig
-+++ ssl/s23_clnt.c
-@@ -757,10 +757,12 @@ static int ssl23_get_server_hello(SSL *s)
-                 s->version = TLS1_VERSION;
-                 s->method = TLSv1_client_method();
-                 break;
-+#ifndef OPENSSL_NO_SSL3_METHOD
-             case SSL3_VERSION:
-                 s->version = SSL3_VERSION;
-                 s->method = SSLv3_client_method();
-                 break;
-+#endif
-             }
-             SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-             ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);