openssl: security bump to version 1.0.2h

Fixes:
CVE-2016-2105 - Fix EVP_EncodeUpdate overflow
CVE-2016-2106 - Fix EVP_EncryptUpdate overflow
CVE-2016-2107 - Prevent padding oracle in AES-NI CBC MAC check
CVE-2016-2109 - Prevent ASN.1 BIO excessive memory allocation
CVE-2016-2176 - EBCDIC overread

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index e3ea2aedceddebae0e976e297051b5ad9cacd2f5..edbce8e276e7025c0708adb67b8b173676656117 100644 (file)
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.0.2g.tar.gz.sha256
-sha256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33        openssl-1.0.2g.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2h.tar.gz.sha256
+sha256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919        openssl-1.0.2h.tar.gz
 # Locally computed
 sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9        openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f        openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 2f50dfb1faee2cf76daac3772f39cacd940bc485..2368aa913c24e908563dcc0fdbde535ec50b4ad1 100644 (file)
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.2g
+OPENSSL_VERSION = 1.0.2h
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE