package/libopenssl: security bump to version 1.0.2p

Fixes CVE-2018-0732 & CVE-2018-0737:
https://www.openssl.org/news/vulnerabilities.html

Added upstream sha1 hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 48b7471c20a5522d82b8e67a6cc0c499832907a1..2b1e048751d1dc58c19b5f348f8014f228f6c47f 100644 (file)
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,7 @@
-# From https://www.openssl.org/source/openssl-1.0.2o.tar.gz.sha256
-sha256 ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d        openssl-1.0.2o.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha256
+sha256 50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00        openssl-1.0.2p.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2p.tar.gz.sha1
+sha1   f34b5322e92415755c7d58bf5d0d5cf37666382c                                openssl-1.0.2p.tar.gz
 # Locally computed
 sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9        openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f        openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 16a9c2e9d26092215d71a7b7636ede1939e41e96..d8e3dd8b56602416aa9beef34eaa2fc10f134bc4 100644 (file)
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.0.2o
+LIBOPENSSL_VERSION = 1.0.2p
 LIBOPENSSL_SITE = http://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay