openssl: Update to 1.0.2o

CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:

Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/openssl-compat b/lfs/openssl-compat
index 188baa07322cbef2fb04e45be8f59404a14f52fe..9e991b496029982478d1404cb198aeb6ff4a6f1d 100644 (file)
--- a/lfs/openssl-compat
+++ b/lfs/openssl-compat
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.0.2n
+VER        = 1.0.2o
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -84,7 +84,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 13bdc1b1d1ff39b6fd42a255e74676a4
+$(DL_FILE)_MD5 = 44279b8557c3247cbe324e2322ecd114
 
 install : $(TARGET)