OpenSSL vuln against 1.0.1f

[eousphoros]

https://www.openssl.org/news/vulnerabilities.html#2014-0160

[Kijewski]

You patch seems to work against openssl-1.0.1g, too:

diff --git a/src/build/gyp_chromium b/src/build/gyp_chromium
old mode 100644
new mode 100755
diff --git a/src/build_modssl_with_npn.sh b/src/build_modssl_with_npn.sh
index ff850d9..0be015d 100755
--- a/src/build_modssl_with_npn.sh
+++ b/src/build_modssl_with_npn.sh
@@ -97,7 +97,7 @@ function uncompress_file {
   fi
 }

-OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1f.tar.gz"
+OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1g.tar.gz"
 APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.4.7.tar.gz"
 APACHE_HTTPD_MODSSL_NPN_PATCH_PATH="$(dirname $0)/scripts/mod_ssl_with_npn.patch"

@@ -116,7 +116,7 @@ cp $APACHE_HTTPD_MODSSL_NPN_PATCH_PATH $BUILDROOT/$APACHE_HTTPD_MODSSL_NPN_PATCH

 pushd $BUILDROOT >/dev/null

-download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ f26b09c028a0541cab33da697d522b25
+download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ de62b43dfcd858e66a74bee1c834e959
 download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ 9272aadaa2d702f6ae5758641d830d7f

 echo ""

The server is up and running.

[eousphoros]

Want to submit that as a pull request?

[eousphoros]

https://www.ssllabs.com/ssltest/analyze.html?d=blck.io Confirmed we are no longer vuln. Thank you :)

[Kijewski]

You're welcome! :) And thank you for keeping this module alive!