@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-3.3.1.tar.gz.sha256
-sha256 777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e openssl-3.3.1.tar.gz
+# From https://www.mail-archive.com/openssl-announce@openssl.org/msg00463.html
+sha256 2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281 openssl-3.3.2.tar.gz
# License files
sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt
@@ -4,8 +4,8 @@
#
################################################################################
-LIBOPENSSL_VERSION = 3.3.1
-LIBOPENSSL_SITE = https://www.openssl.org/source
+LIBOPENSSL_VERSION = 3.3.2
+LIBOPENSSL_SITE = https://github.com/openssl/openssl/releases/download/openssl-$(LIBOPENSSL_VERSION)
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = Apache-2.0
LIBOPENSSL_LICENSE_FILES = LICENSE.txt
Fixes the following security issues: - CVE-2024-6119: Possible denial of service in X.509 name checks [Moderate severity] https://openssl-library.org/news/secadv/20240903.txt - CVE-2024-5535: SSL_select_next_proto buffer overread [Low severity] https://openssl-library.org/news/secadv/20240528.txt Downloads now moved to github, so adjust _SITE to match. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/libopenssl/libopenssl.hash | 4 ++-- package/libopenssl/libopenssl.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)