| Message ID | 20260615053601.1110782-1-naman.jain@partner.bmw.de |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [master,meta] openssl: upgrade 3.5.6 -> 3.5.7 | expand |
Please run ptests before submitting patches, it should fail for this one. Upgrade of openssl with ptest adaptation is already on master-next branch. Peter -----Original Message----- From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Naman Jain via lists.openembedded.org Sent: Monday, June 15, 2026 7:36 AM To: openembedded-core@lists.openembedded.org Subject: [OE-core] [master][meta][PATCH] openssl: upgrade 3.5.6 -> 3.5.7 From: Naman Jain <namanj1@kpit.com> OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in PKCS7_verify(). (CVE-2026-45447) * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. (CVE-2026-7383) * Fixed out-of-bounds read in CMS password-based decryption. (CVE-2026-9076) * Fixed heap buffer over-read in ASN.1 content parsing. (CVE-2026-34180) * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. (CVE-2026-34181) * Fixed CMS AuthEnvelopedData processing may accept forged messages. (CVE-2026-34182) * Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler. (CVE-2026-34183) * Fixed NULL pointer dereference in QUIC server initial packet handling. (CVE-2026-42764) * Fixed AES-OCB IV ignored on EVP_Cipher() path. (CVE-2026-45445) [1] https://openssl-library.org/news/secadv/20260609.txt Reference: [https://github.com/openssl/openssl/releases/tag/openssl-3.5.7] Signed-off-by: AshishKumar Mishra <ashishkumar.mishra@bmwtechworks.in> Signed-off-by: Naman Jain <namanj1@kpit.com> --- .../openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} (99%) diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb index 6685654472..6d864e0746 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736" +SRC_URI[sha256sum] = "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb index 6685654472..6d864e0746 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736" +SRC_URI[sha256sum] = "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"