openssl: bump to 1.1.1k
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Fri, 26 Mar 2021 17:46:29 +0000 (14:46 -0300)
committerPetr Štetiar <ynezz@true.cz>
Sat, 27 Mar 2021 06:44:43 +0000 (07:44 +0100)
commit81266d900104d657275aa5df3fb7629f7892c57a
tree0e373318ce411cda252892b3b05bf5204fc20981
parent6165bb0d6009283ffd8f330622b2155ee29c9c0b
openssl: bump to 1.1.1k

This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
package/libs/openssl/Makefile
package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch