openssl: update to 1.0.2n

add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from commit 55e70c8b72dbb8e812ceb790bf08543d69fce86e)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 2bf6a21e95e4d9fba5d43f905582a2a5a56f329d..4b70bc7249c17089b9f8f1ea1da0ef028fac7dc5 100644 (file)
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2

-PKG_BUGFIX:=m
+PKG_BUGFIX:=n

 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0


@@ -23,7 +23,7 @@ PKG_SOURCE_URL:=http://www.openssl.org/source/ \
        http://www.openssl.org/source/old/$(PKG_BASE)/ \
        ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/
        http://www.openssl.org/source/old/$(PKG_BASE)/ \
        ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \
        ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/

-PKG_HASH:=8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f
+PKG_HASH:=370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe

 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE


@@ -120,7 +120,7 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
 endif
 
 ifndef CONFIG_OPENSSL_WITH_SSL3
 endif
 
 ifndef CONFIG_OPENSSL_WITH_SSL3

-  OPENSSL_OPTIONS += no-ssl3
+  OPENSSL_OPTIONS += no-ssl3 no-ssl3-method

 endif
 
 ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
 endif
 
 ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT