Skip to content
Permalink
Browse files

[depends] update openssl to 1.0.2r

- This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.

Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.

The above (1.1) is patched in openssl, where it was marked as low severity.  Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.
  • Loading branch information...
who-biz committed May 18, 2019
1 parent 5fbfa8a commit c27d96129e262025ee6be62c9479d8b284bfbeb8
Showing with 2 additions and 2 deletions.
  1. +2 −2 contrib/depends/packages/openssl.mk
@@ -1,8 +1,8 @@
package=openssl
$(package)_version=1.0.2q
$(package)_version=1.0.2r
$(package)_download_path=https://www.openssl.org/source
$(package)_file_name=$(package)-$($(package)_version).tar.gz
$(package)_sha256_hash=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
$(package)_sha256_hash=ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6

define $(package)_set_vars
$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"

0 comments on commit c27d961

Please sign in to comment.
You can’t perform that action at this time.