Update openssl to the latest security update

[pshipton]

openssl should be updated to the latest version for each OpenJ9 release.

Don't close this issue, move it to the next milestone after completing the update.

[pshipton]

There is a 1.1.1e update which we're using for the 0.20.0 release.

[pshipton]

There is a 1.1.1f bug fix update. It's in progress to update OpenJ9 head stream to use it, but I don't think the 0.20.0 release should be updated since there aren't any known problems we need bug fixes for, and updating carries the risk of breaking something. Adopt actually controls which version is used in a build.

@ashbm5 @DanHeidinga

[pshipton]

https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html

The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high

@ashbm5 we'll be asking you about the impact of the security fixes when this is released next week.

[pshipton]

1.1.1i is release with security fixes. Created issues to update. https://github.com/eclipse/openj9/issues/11407

[keithc-ca]

The tag 1.1.1j appeared today: created #11980.

[keithc-ca]

The tag OpenSSL_1_1_1k appeared today: created #12291.

[keithc-ca]

The tag OpenSSL_1_1_1l appeared today: created #13373.

[keithc-ca]

Version 1.1.1m was released on December 14, 2021: created #14208.

[keithc-ca]

The tag for 1.1.1n appeared today: I'll open a PR to update accordingly.

[keithc-ca]

Version 1.1.1o appeared today.

[AdamBrousseau]

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.8, 1.1.1t and 1.0.2zg. Note that OpenSSL 1.0.2 is End Of Life and so 1.0.2zg will be available to premium support customers only. These releases will be made available on Tuesday 7th February 2023 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in each of these three releases is High

[keithc-ca]

Version 1.1.1t is now available. I'll put together the necessary pull requests.

[keithc-ca]

• https://github.com/eclipse-openj9/openj9/pull/16675
• https://github.com/adoptium/temurin-build/pull/3242

[pshipton]

Update 1.1.1t with the latest security fixes. https://www.openssl.org/news/secadv/20230322.txt https://www.openssl.org/news/secadv/20230328.txt https://github.com/eclipse-openj9/openj9/pull/17161 https://github.com/eclipse-openj9/openj9/pull/17169 https://github.com/eclipse-openj9/openj9/pull/17170 https://github.com/ibmruntimes/temurin-build/pull/78