From 7aee4c5989ab24d8f3364acc84a83bd41239573e Mon Sep 17 00:00:00 2001
From: Robb Kidd <rkidd@chef.io>
Date: Thu, 22 Sep 2016 14:58:08 -0400
Subject: [PATCH] upgrade to OpenSSL 1.0.2i

* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

* SSL_peek() hang on empty record (CVE-2016-6305)

* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* Pointer arithmetic undefined behaviour (CVE-2016-2177)
* Constant time flag not preserved in DSA signing (CVE-2016-2178)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
* Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
* Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)

https://www.openssl.org/news/secadv/20160922.txt

Signed-off-by: Robb Kidd <rkidd@chef.io>
---
 omnibus/config/projects/supermarket.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omnibus/config/projects/supermarket.rb b/omnibus/config/projects/supermarket.rb
index ebb1bab9f3..482e9c2584 100644
--- a/omnibus/config/projects/supermarket.rb
+++ b/omnibus/config/projects/supermarket.rb
@@ -34,7 +34,7 @@
 override :git, version: "2.2.1"
 override :'chef-gem', version: '12.13.37'
 override :redis, version: '2.8.21'
-override :openssl, version: '1.0.2h'
+override :openssl, version: '1.0.2i'
 
 # pin berks to keep net-ssh at 2.9.2 as expected by Supermarket
 # chef, net-ssh, berks and rspec have gotten tangled