From fc7ff015761e4b6124c8fca486dfee8e9f06fa39 Mon Sep 17 00:00:00 2001 From: CN_SZTL <22235437+1715173329@users.noreply.github.com> Date: Thu, 23 Apr 2020 10:47:31 +0800 Subject: [PATCH] openssl: bump to 1.1.1g (#4415) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Cherry-pick from openwrt/openwrt@3773ae1. Also add mirror for mainland China user in this commit. Signed-off-by: Petr Štetiar Signed-off-by: CN_SZTL Co-authored-by: Petr Štetiar --- package/libs/openssl/Makefile | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index e2f2661566..0db051b6ee 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=f +PKG_BUGFIX:=g PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=1 PKG_USE_MIPS16:=0 @@ -19,12 +19,13 @@ PKG_BUILD_PARALLEL:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ - http://ftp.fi.muni.cz/pub/openssl/source/ \ - http://ftp.linux.hr/pub/openssl/source/ \ + https://mirrors.cloud.tencent.com/openssl/source/ \ + https://mirrors.cloud.tencent.com/openssl/source/old/$(PKG_BASE)/ \ + https://ftp.fi.muni.cz/pub/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ - http://www.openssl.org/source/ \ - http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35 + https://www.openssl.org/source/ \ + https://www.openssl.org/source/old/$(PKG_BASE)/ +PKG_HASH:=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE