openssl: bump to 1.0.2q

This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
(cherry picked from commit 989060478ae270885727d91c25b9b52b0f33743c)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b64a51d6d31438234da6a08a081e414d5f306efa..a4781e9eeea0bd855d001b592b760917d4ef608d 100644 (file)
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2

-PKG_BUGFIX:=p
+PKG_BUGFIX:=q

 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0


@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
        http://gd.tuwien.ac.at/infosys/security/openssl/source/ \
        http://www.openssl.org/source/ \
        http://www.openssl.org/source/old/$(PKG_BASE)/
        http://gd.tuwien.ac.at/infosys/security/openssl/source/ \
        http://www.openssl.org/source/ \
        http://www.openssl.org/source/old/$(PKG_BASE)/

-PKG_HASH:=50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00
+PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684

 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE