From 00cc46208b1dc5f91c1510a679e2024af1f24d85 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Wed, 18 Sep 2024 22:56:51 +0200
Subject: [PATCH] package/libopenssl: security bump to version 3.2.3

- CVE-2024-6119: Possible denial of service in X.509 name checks [Moderate
  severity]
  https://openssl-library.org/news/secadv/20240903.txt

- CVE-2024-5535: SSL_select_next_proto buffer overread [Low severity]
  https://openssl-library.org/news/secadv/20240528.txt

Updated _SITE and project URL according to
https://openssl-library.org/post/2024-04-30-releases-distribution-changes/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/libopenssl/libopenssl.hash | 4 ++--
 package/libopenssl/libopenssl.mk   | 4 ++--
 package/openssl/Config.in          | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 0909784e90..e8940781b7 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-3.2.2.tar.gz.sha256
-sha256  197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7  openssl-3.2.2.tar.gz
+# From https://github.com/openssl/openssl/releases/download/openssl-3.2.3/openssl-3.2.3.tar.gz.sha256
+sha256  52b5f1c6b8022bc5868c308c54fb77705e702d6c6f4594f99a0df216acf46239  openssl-3.2.3.tar.gz
 
 # License files
 sha256  7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a  LICENSE.txt
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 1a7e2bd54e..c3796e14ba 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 3.2.2
-LIBOPENSSL_SITE = https://www.openssl.org/source
+LIBOPENSSL_VERSION = 3.2.3
+LIBOPENSSL_SITE = https://github.com/openssl/openssl/releases/download/openssl-$(LIBOPENSSL_VERSION)
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = Apache-2.0
 LIBOPENSSL_LICENSE_FILES = LICENSE.txt
diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index 30db152fad..d255a05596 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -35,7 +35,7 @@ config BR2_PACKAGE_LIBOPENSSL
 	  (TLS v1) as well as a full-strength general-purpose
 	  cryptography library.
 
-	  http://www.openssl.org/
+	  https://openssl-library.org/
 
 	  Note: Some helper scripts need perl.