[depends] update openssl to 1.0.2r

[who-biz]

• This addresses https://www.openssl.org/news/secadv/20190226.txt (CVE: 2019-1559) which impacted all versions of openssl-1.0.

Note that this does not address CVE-2019-1543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543), which impacts all versions of openssl 1.1 through 1.1.0j and 1.1.1b.

The above (1.1) is patched in openssl, where it was marked as low severity. Similar issues possibly present in monero, should be looked into w.r.t. CVE-2019-1543.

[who-biz]

Duplicate of #5552 for release-v0.14 branch

[hyc]

OpenSSL 1.0.2s is already posted on openssl.org; shouldn't we upgrade to that, if we're going to be making a change?
https://www.openssl.org/news/cl102.txt

[who-biz]

OpenSSL 1.0.2s is already posted on openssl.org; shouldn't we upgrade to that, if we're going to be making a change?
https://www.openssl.org/news/cl102.txt

From the changelog:

 Changes between 1.0.2r and 1.0.2s [28 May 2019]

  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
     This changes the size when using the genpkey app when no size is given. It
     fixes an omission in earlier changes that changed all RSA, DSA and DH
     generation apps to use 2048 bits by default.
     [Kurt Roeckx]

  *) Add FIPS support for Android Arm 64-bit

     Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
     Module in Version 2.0.10. For some reason, the corresponding target
     'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
     built with FIPS support on Android Arm 64-bit. This omission has been
     fixed.
     [Matthias St. Pierre]

I see no real reason to upgrade to 1.0.2s over 1.0.2r... but that's up to you. The prior PR #5552 was created prior to May 28th.