openssl: bump to 1.1.1v
authorHauke Mehrtens <hauke@hauke-m.de>
Fri, 11 Aug 2023 20:45:40 +0000 (22:45 +0200)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Fri, 29 Sep 2023 10:05:05 +0000 (12:05 +0200)
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]

    o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
    o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit de29f15af173e9434d11a00ffcf437bd6bc97727)

package/libs/openssl/Makefile

index 3535859bf4ed39646c164aebb8d38b1b87edc83b..2b7cd81035ad68cf23609a0d42eeb3d6bae1e71a 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=u
+PKG_BUGFIX:=v
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -26,7 +26,7 @@ PKG_SOURCE_URL:= \
        ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
        ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
-PKG_HASH:=e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6
+PKG_HASH:=d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE