openssl: upgrade 3.5.6 -> 3.5.7

Message ID	20260615061938.1285933-1-saisneha196@gmail.com
State	Accepted, archived
Commit	9365ac47f994a7d6be92b8c011c51ecf48e8ef87
Headers	show Return-Path: <saisneha196@gmail.com> ip: 209.85.214.182, mailfrom: saisneha196@gmail.com) From: Sai Sneha <saisneha196@gmail.com> To: openembedded-core@lists.openembedded.org Cc: nisha.m.parrakat@bmw.de, ashishkumar.mishra@bmwtechworks.in, suresh.ha@bmwtechworks.in, nikhil.r@bmwtechworks.in, Sai Sneha <saisneha196@gmail.com>, Sai Sneha <sai.sneha@bmwtechworks.in> Subject: [PATCH] openssl: upgrade 3.5.6 -> 3.5.7 Date: Mon, 15 Jun 2026 11:49:38 +0530 Message-Id: <20260615061938.1285933-1-saisneha196@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	openssl: upgrade 3.5.6 -> 3.5.7 \| expand openssl: upgrade 3.5.6 -> 3.5.7

Message ID

20260615061938.1285933-1-saisneha196@gmail.com

State

Accepted, archived

Commit

9365ac47f994a7d6be92b8c011c51ecf48e8ef87

Headers

From: Sai Sneha <saisneha196@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: nisha.m.parrakat@bmw.de,
	ashishkumar.mishra@bmwtechworks.in,
	suresh.ha@bmwtechworks.in,
	nikhil.r@bmwtechworks.in,
	Sai Sneha <saisneha196@gmail.com>,
	Sai Sneha <sai.sneha@bmwtechworks.in>
Subject: [PATCH] openssl: upgrade 3.5.6 -> 3.5.7
Date: Mon, 15 Jun 2026 11:49:38 +0530
Message-Id: <20260615061938.1285933-1-saisneha196@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

openssl: upgrade 3.5.6 -> 3.5.7 | expand

Commit Message

Sai Sneha June 15, 2026, 6:19 a.m. UTC

Fixes the following CVEs:
  - CVE-2026-45447 (High): heap use-after-free in PKCS7_verify()
  - CVE-2026-7383: heap buffer overflow in ASN.1 multibyte string
  - CVE-2026-9076: OOB read in CMS password-based decryption
  - CVE-2026-34180: heap buffer over-read in ASN.1 content parsing
  - CVE-2026-42764: NULL ptr deref in QUIC server packet handling
  - CVE-2026-45445: AES-OCB IV ignored on EVP_Cipher() path

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md

Reference: https://openssl-library.org/news/secadv/20260609.txt

Signed-off-by: Sai Sneha <saisneha196@gmail.com>
Signed-off-by: Sai Sneha <sai.sneha@bmwtechworks.in>
---
 .../openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} (99%)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb
rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb
index 3bf78eff5c..8adbe43c56 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb
@@ -19,7 +19,7 @@  SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736"
+SRC_URI[sha256sum] = "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

openssl: upgrade 3.5.6 -> 3.5.7

Commit Message

Patch