This project is archived. Its data is read-only.

Commit 25b218c1 authored Mar 01, 2016 by Gustavo Zacarias Committed by Peter Korsgaard Mar 01, 2016

openssl: security bump to version 1.0.2g



Fixes:
CVE-2016-0800 - Cross-protocol attack on TLS using SSLv2 (DROWN)
CVE-2016-0705 - Double-free in DSA code
CVE-2016-0798 - Memory leak in SRP database lookups
CVE-2016-0797 - BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0799 - Fix memory issues in BIO_*printf functions
CVE-2016-0702 - Side channel attack on modular exponentiation

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent a6209d1b

package/openssl/openssl.hash

+2 −2

Original line number	Diff line number	Diff line
		# From https://www.openssl.org/source/openssl-1.0.2f.tar.gz.sha256
		sha256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c openssl-1.0.2f.tar.gz
		# From https://www.openssl.org/source/openssl-1.0.2g.tar.gz.sha256
		sha256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 openssl-1.0.2g.tar.gz
		# Locally computed
		sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
		sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d

package/openssl/openssl.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		#
		################################################################################

		OPENSSL_VERSION = 1.0.2f
		OPENSSL_VERSION = 1.0.2g
		OPENSSL_SITE = http://www.openssl.org/source
		OPENSSL_LICENSE = OpenSSL or SSLeay
		OPENSSL_LICENSE_FILES = LICENSE