openssl: security bump to version 1.0.1j

Fixes:
CVE-2014-3513 - SRTP memory leak
CVE-2014-3567 - Session ticket memory leak
CVE-2014-3568 - Build option no-ssl3 is incomplete
And adds SSL3 fallback protection against POODLE.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index aa45a763fcfccdb0b337eb2301f499aa65ef6d4a..22b15292c6ea9cb93b3b90133d453468707b1a5f 100644 (file)
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -1,4 +1,4 @@
-# From https://www.openssl.org/source/openssl-1.0.1i.tar.gz.md5
-# From https://www.openssl.org/source/openssl-1.0.1i.tar.gz.sha1
-md5    c8dc151a671b9b92ff3e4c118b174972        openssl-1.0.1i.tar.gz
-sha1   74eed314fa2c93006df8d26cd9fc630a101abd76        openssl-1.0.1i.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.1j.tar.gz.md5
+# From https://www.openssl.org/source/openssl-1.0.1j.tar.gz.sha1
+md5    f7175c9cd3c39bb1907ac8bba9df8ed3        openssl-1.0.1j.tar.gz
+sha1   cff86857507624f0ad42d922bb6f77c4f1c2b819        openssl-1.0.1j.tar.gz

diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 4911034078e54e745deac06acc0bb36d9be8b4aa..7c1c7f033bdab702e2c47db92142cd98ece9c14c 100644 (file)
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.1i
+OPENSSL_VERSION = 1.0.1j
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE