[pkgsrc/trunk]: pkgsrc/security/openssl openssl: update to 1.0.2o.

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/afce00f4ab3b
branches:  trunk
changeset: 378071:afce00f4ab3b
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Thu Mar 29 11:08:44 2018 +0000

description:
openssl: update to 1.0.2o.

 Changes between 1.0.2n and 1.0.2o [27 Mar 2018]

  *) Constructed ASN.1 types with a recursive definition could exceed the stack

     Constructed ASN.1 types with a recursive definition (such as can be found
     in PKCS7) could eventually exceed the stack given malicious input with
     excessive recursion. This could result in a Denial Of Service attack. There
     are no such structures used within SSL/TLS that come from untrusted sources
     so this is considered safe.

     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
     project.
     (CVE-2018-0739)
     [Matt Caswell]

diffstat:

 security/openssl/Makefile |   5 ++---
 security/openssl/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (31 lines):

diff -r 206a68670243 -r afce00f4ab3b security/openssl/Makefile
--- a/security/openssl/Makefile Thu Mar 29 10:19:30 2018 +0000
+++ b/security/openssl/Makefile Thu Mar 29 11:08:44 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.237 2018/01/02 05:37:23 maya Exp $
+# $NetBSD: Makefile,v 1.238 2018/03/29 11:08:44 wiz Exp $
 
-DISTNAME=      openssl-1.0.2n
-PKGREVISION=   1
+DISTNAME=      openssl-1.0.2o
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 
diff -r 206a68670243 -r afce00f4ab3b security/openssl/distinfo
--- a/security/openssl/distinfo Thu Mar 29 10:19:30 2018 +0000
+++ b/security/openssl/distinfo Thu Mar 29 11:08:44 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.131 2018/01/16 09:48:46 jperkin Exp $
+$NetBSD: distinfo,v 1.132 2018/03/29 11:08:44 wiz Exp $
 
-SHA1 (openssl-1.0.2n.tar.gz) = 0ca2957869206de193603eca6d89f532f61680b1
-RMD160 (openssl-1.0.2n.tar.gz) = 90fbf1df8986e04921e14e4c6e408458b5b31f6c
-SHA512 (openssl-1.0.2n.tar.gz) = 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
-Size (openssl-1.0.2n.tar.gz) = 5375802 bytes
+SHA1 (openssl-1.0.2o.tar.gz) = a47faaca57b47a0d9d5fb085545857cc92062691
+RMD160 (openssl-1.0.2o.tar.gz) = aac1564f006766e66f5a319def41e5d99122915d
+SHA512 (openssl-1.0.2o.tar.gz) = 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
+Size (openssl-1.0.2o.tar.gz) = 5329472 bytes
 SHA1 (patch-Configure) = 2d963d781314276a0ee1bc531df6bc50f0f6b32b
 SHA1 (patch-Makefile.org) = d2a9295003a8b88718a328b01ff6bcbbc102ec0b
 SHA1 (patch-Makefile.shared) = 273154600c6cf0cf4de4ae16d56c5555bca5f9ad