From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Wed, 01 Oct 2025 20:27:22 +0200
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1v41Xu-003Ds7-2T
	for lore@lore.pengutronix.de;
	Wed, 01 Oct 2025 20:27:22 +0200
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1v41Xu-0002y2-FL; Wed, 01 Oct 2025 20:27:22 +0200
Received: from mail-francecentralazon11023113.outbound.protection.outlook.com
 ([40.107.162.113] helo=PA4PR04CU001.outbound.protection.outlook.com)
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <christian.melki@t2data.com>) id 1v41Xf-0002we-0K
 for ptxdist@pengutronix.de; Wed, 01 Oct 2025 20:27:07 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=uLe2674rFeFewfrI0KqHgxp5A5LUoVDgcWlXb8ncQdafXTw+maZCLoZ8WEn3KEH5RoS8ATnvaSMVVIelXXnNwNJbkHw75cYwZTFx3fQr+a1dFPpIqexFEF3z+kOxXvfRN2mp8/yLwfpa8rKPZiYoFqjxl66RUgkOHyDnxHIGNKDHbdsPFBvxzThuWkNhm9yPDSj2NdpFRmNZWs+ykDpRXuGPIYRfx0SgsGtQrr6uko7s3T8R9r5y1Ui7c2bgwEG3eq2fgXmrOZUaiwQ2tsq2s4p02BO/hz3wDzOwryNpOBprCEMXHCeIdPK3fxtHOsG6NvXGmfjzU0BMvuaR0VHSRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=ES/Xu+f6ZKKduoRdTV3Ex8AUdcLjsLzTSAmjqgnLoL0=;
 b=nXvQP3r9LWwOgIGnpx0yQfimbsiqIAUix1Qpy4ay9L7WEYePF69F12HSG4xoq3UMYr+6g0lz/igoNuRK3fwTaxak3sjLrBEukc89U/zzMOgbFnKvdko5HVYBbnQYuyjlrrgRwaaUY++gUwmGRCrVXTvr7oAmwig9aUb+MnFVXmQnW3aafARscOgx9B6eXT7bcS82JetLo5Ql2EVoRhrBLBOLAIvKFWoiLpqgwKVmWBD6wlMTgiZUMC90lSuKKcxYdT/bpABdkvJZ82roIOQTV6Jhe4/PiQIPEAYe3TMcV2tFlEQAWG3jeHW63Ifmv21lH2QaF5SjiT/hDNkDxW/r4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com;
 dkim=pass header.d=t2data.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ES/Xu+f6ZKKduoRdTV3Ex8AUdcLjsLzTSAmjqgnLoL0=;
 b=cTXul8xFy9ZkAIVr7NPq5qKMDBh5rgTEAkwOCWEmLu2iTotj4hGoBRkBiU30+fvmR7v/GEl8ApYi0sChy4DNhBGpdFWoIHEFm563CQl0en/7Mj2fXv7tRXvvw136E0+b0z8Ys4AXmAs0rCE+dd54QU2cRL5Q4mb66REenWSnJ9M=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=t2data.com;
Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22)
 by DB9P251MB0218.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:2cd::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9160.17; Wed, 1 Oct
 2025 18:27:05 +0000
Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 ([fe80::a4b2:58d7:8549:4b19%5]) with mapi id 15.20.9160.015; Wed, 1 Oct 2025
 18:27:05 +0000
From: Christian Melki <christian.melki@t2data.com>
To: ptxdist@pengutronix.de
Date: Wed,  1 Oct 2025 20:26:58 +0200
Message-ID: <20251001182658.2042659-1-christian.melki@t2data.com>
X-Mailer: git-send-email 2.43.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: GV3PEPF00007A7A.SWEP280.PROD.OUTLOOK.COM
 (2603:10a6:158:401::605) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 (2603:10a6:10:334::22)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DB9P251MB0218:EE_
X-MS-Office365-Filtering-Correlation-Id: c94204cf-f3e8-469a-3155-08de01181f58
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|1800799024|366016|52116014|376014|38350700014; 
X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?XyvsfV6RfQ9d5rVU3CcEmLd8LpMkhuCA6Y7wOwgcUYI0kI6iGtTDQN5QpYb+?=
 =?us-ascii?Q?nr8MOxkiFXSFAtHBmw71v44eNomCMoVUqLWw48TAHi1Wd92vAqaF5KrDDCcG?=
 =?us-ascii?Q?h29WigOq2nZ+/T0z8bo9rH5In7i9znv/0Xkob3biR/gUtL5feDhZ8F6JCw9d?=
 =?us-ascii?Q?owec8nthUZRP6AfYZW0EriHF+xw76Uko/HN5a2t4lbJnIdEqJvRj93IWsl9q?=
 =?us-ascii?Q?SzUTqNE3jh5QHfP7lMLV5Mk26sTdK5BrTICT49zhbjmqSEdeLA7SPyrkWeZT?=
 =?us-ascii?Q?nEYRbHdSb+w1lPxPC/4n6ICQgZaPM8tqIYI2m/0mksCwD+9eUZto5BPpC/gJ?=
 =?us-ascii?Q?m55rc4pV5uOixQHxmb5L/0XZBbPGeG+cQ6GX5ARi2vr8mztc4HtE09J2bkYe?=
 =?us-ascii?Q?fVFJghQO5CRmCpvDFM/r3VQ7joOX43AY65SXAwJ11UWVm4YAaVsriOt090gK?=
 =?us-ascii?Q?HbBlxor7f0DXnSzKqDJT2N8TvtIIz5D6blbX6We64m6Ws1B89ckY1I7s/wJO?=
 =?us-ascii?Q?BywgkKSp8v7O2T9kIW0l6BfqC9SJYulKSbgm5U0hmDZwf+haPL7wxGhunw5p?=
 =?us-ascii?Q?l1oR41uA+Hk/RCQcqAOHShwa5XXqjv8ANn2k/Liy4MVEbl7+1dd0ti6xSVoG?=
 =?us-ascii?Q?wA0S+PKRjiw3ru/+/38rtdAHh7TJk6q/QwHBap37+M/Gce6K1863QsWk9SBM?=
 =?us-ascii?Q?h/ZUZ77HB2rGhon9MII7H7SUG3Pnvjyx2BXgYQTVHFaAfzMfRHcxu6Krh13e?=
 =?us-ascii?Q?jnig0xYS6gGxpPB75zY2FFzl2Ubky7X+sKMcJVqlyARG57g1ADMi2D5dTwxF?=
 =?us-ascii?Q?AUfjCXtlBg3I4VVxduX5hpvRiDz9x21Tmwtzkk9T2FWeAdeZd68P/sPJmEA9?=
 =?us-ascii?Q?TyzOU25j8xCpnykr9IsEgyN1A7GkwKHlgNI7LKRfclbCgoA0yimPhspyhi46?=
 =?us-ascii?Q?vHaOOQYC8UYEjxXOVj2CTMDcnIkpwMPa5C97EfknsAvOxtUR054Dx8oveRBp?=
 =?us-ascii?Q?HxIZrkRQSse4wXFG182elGNfxgLip9U/WispMtjl3Dhvs513BnoH8X0KUd0d?=
 =?us-ascii?Q?bGUyKbeKb0AIIN8Ap4U7fbyI2umy0a9xwAMsbwOX1/cY2BK+JCSDtcucu1OV?=
 =?us-ascii?Q?CIrKxquHmqbz+3G4Sh/mSdwxjXG0QVWOnX/6zLEfAKUXmlWyTMH15C97pNN5?=
 =?us-ascii?Q?O7UFKi03r6EhLNNvIRNa+EwbPIkerctapGZvwR/xgYEqmqxK2J/tboeHiL+v?=
 =?us-ascii?Q?M1ujvv/OYzyaG+Q41p7MWrl/efB5470aJrCL+JBcT9ZQrP9hHDX0H6YpddhS?=
 =?us-ascii?Q?7ZAhr2qBW+sRMFhQ+ibSe2MyHQDfZjuT1n0hJvzcutdc9/fdswG0Iq1NJECM?=
 =?us-ascii?Q?dUA5BUUTu/xEct7/r1wlvdobiy80NhK0KnBnIddjVJvCrsD4A7vqcJz9ylvk?=
 =?us-ascii?Q?Uz+SY59vwN2LQsykjaKTNIdZ9G6ep7JHTlMecxaM8qZ9kU28ibS7RT2uTxHD?=
 =?us-ascii?Q?thq9e8vwuj6k2L2WYwaTP3EM/knySHYnyWbQ?=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(13230040)(1800799024)(366016)(52116014)(376014)(38350700014); DIR:OUT;
 SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Ud/QM6OhAIIf/KYd2/lcE/Y65mVDmCBEYAWoytIBloX5zoVBqbXKfBKdY1mT?=
 =?us-ascii?Q?QlJ/W4IR30bLYHijek8bMP27Ku9g8to9op9d8MFylD6F47J/CHqCkRmeiBKE?=
 =?us-ascii?Q?lO8AcPNRHuOfC2P+rl4kwqABx30dwTcamDeEfSikLlEIG0bCOeeg64kPy4sO?=
 =?us-ascii?Q?N304LnvSPnWri0b6nZoPCjXx2HpLUIyAyqt26ON+zn6sTzrKt7ss/pm6rkpO?=
 =?us-ascii?Q?jSDkZ2BBxNC6TvxENEOKP/xQB2jYgffTjoV9qeTpzkExv+3hWUM1wWYBsvzQ?=
 =?us-ascii?Q?+PqJfx6wvzjaKm7iXdtCNo9yw58k41Pb49aowYqshDubNv+cAVhOj13qLfXk?=
 =?us-ascii?Q?b57aMOLG0TORlcjIwKXKfid81bRsHrRu5T/1Ov8fY1OSPcu4gECc9DgoEd1a?=
 =?us-ascii?Q?MD7HacwtmWp6jtTQMFyrqAVxYYW+x6ZtxEUTU5XTQ0lPUzrDUI0wzRAcJIUv?=
 =?us-ascii?Q?3uB/DUfmVgLoLXKTgOOOMdSUiAyTJsnZ2BN5IeR8sZ3yQonSMSy4uNKeP/OF?=
 =?us-ascii?Q?v2FK7vb7J3cxX8j24zzOGz/yCwGiIulQzu7oIjEmHD6HcVKYshdz4lZ4XqVs?=
 =?us-ascii?Q?mHTeSF/LyXPGpcQCuEJTi6RZFHV8YWxU4V7/HGmy9Yp2r7l/wmVXiuP9yWdT?=
 =?us-ascii?Q?e3F+EQw9fJHmL5pV8eq9STFBaOMyi9fPnuyx5hz5XcGlxfUPUxqDbD+VKCuW?=
 =?us-ascii?Q?7oe9sOlUbbpR7G2eIHBIB7Z0DHxQLqsyiSdOEZgV9M3JesVrvmY81q19ldZf?=
 =?us-ascii?Q?+gNgDDxwCjrthwcGlnH/wyprpXGOm+kSPhyUnOEj1TIylWef4s7pkiljgEuc?=
 =?us-ascii?Q?WH1XlWjofb3flWjLq30ve4YyBZQxT9JPdgTHcbc5m979o9AOrm1dkdTnyqZK?=
 =?us-ascii?Q?bLC+YQaGhRwfIJW/OfaN+maYw8QsSXiO9HINpr9IJ+8EuxcuAdHlEagJ0WQl?=
 =?us-ascii?Q?riFD3Oyk0s8grxZyEBoR8VJ8xUVvGAhnpN5PwO5fQaH0DNCjLI3GcKyGOMq/?=
 =?us-ascii?Q?D7veTnC2w/YxUJZEXttQ+hrrk9R9piAodcZFjmnYWkf6cToUSQ6vYitX3ha0?=
 =?us-ascii?Q?ofwCuK1+sVwtFwxy/uAFhuN6E4AtuFqNLykC31gK3NcEEC5QfGKr0X5qL4td?=
 =?us-ascii?Q?wElKZJTsi+D7bIdQ+SYL6V8Ji+nwQpV91Y0xez/tJe8ZBmF5Slnj31MiKgxS?=
 =?us-ascii?Q?kZ3Ni37cLgjsNJt6M80aC3zRqsEETsogbD8emdmXvR3t6VKAeYXabzH4F3hK?=
 =?us-ascii?Q?ZzGIVWOFEKJPJmJKe/spRwaMl4HRl4sFw6NLnYGC2+89enmsLskqaTJKzN29?=
 =?us-ascii?Q?fGZA5+oQaIoCKhd9xGVlsEdKrlFkvVjDq/68CiNkVD+Q4LhqSe8AQYcEycc+?=
 =?us-ascii?Q?jX7Y6042MPbDl8hGbMXvPBDYKs9H3xJZFxqnat+JdPB0o7uYR+zF0oPGoocL?=
 =?us-ascii?Q?64323Au+pfixMziGwJEx/n/phmdqFbsGjbp6kWcB8VWKhH63iUNrIQOgZ987?=
 =?us-ascii?Q?6frl1hVf2LrHgvr+Q9+fIAYUzqn+bZ+iPuvgoLs6gCXAChOtM5tvOjCCyOue?=
 =?us-ascii?Q?h9zXso/4FrGpddHby+86DuDPRGZGz+QPjp9sVU4zX6FxA1acPbM5xL4SZGjW?=
 =?us-ascii?Q?ew=3D=3D?=
X-OriginatorOrg: t2data.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c94204cf-f3e8-469a-3155-08de01181f58
X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Oct 2025 18:27:05.1012 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: NGPnojlXg5vTjfNoH354yrAfbp1bBYUZ6JzcrdpUDIsaYG9vRrQr1Rn9KYENfpKJ2oCdS57Jm8UEOsvk+ldJsYjkY2ewSwWwXEhF2ASLIow=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0218
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.whiteo.stw.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED,
 RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham
 autolearn_force=no version=3.4.2
Subject: [ptxdist] [PATCH] openssl: Version bump. 3.5.3 -> 3.5.4
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Security patch release.
https://github.com/openssl/openssl/releases/tag/openssl-3.5.4

Plugs CVEs:
CVE-2025-9230: Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
CVE-2025-9231: Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
CVE-2025-9232: Fix Out-of-bounds read in HTTP client no_proxy handling.

* Forward patchset. Applies cleanly.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 .../0001-debian-targets.patch                                 | 0
 patches/{openssl-3.5.3 => openssl-3.5.4}/0002-pic.patch       | 0
 ...Configure-allow-to-enable-ktls-if-target-does-not-st.patch | 0
 .../0004-conf-Serialize-allocation-free-of-ssl_names.patch    | 0
 patches/{openssl-3.5.3 => openssl-3.5.4}/series               | 0
 rules/openssl.make                                            | 4 ++--
 6 files changed, 2 insertions(+), 2 deletions(-)
 rename patches/{openssl-3.5.3 => openssl-3.5.4}/0001-debian-targets.patch (100%)
 rename patches/{openssl-3.5.3 => openssl-3.5.4}/0002-pic.patch (100%)
 rename patches/{openssl-3.5.3 => openssl-3.5.4}/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch (100%)
 rename patches/{openssl-3.5.3 => openssl-3.5.4}/0004-conf-Serialize-allocation-free-of-ssl_names.patch (100%)
 rename patches/{openssl-3.5.3 => openssl-3.5.4}/series (100%)

diff --git a/patches/openssl-3.5.3/0001-debian-targets.patch b/patches/openssl-3.5.4/0001-debian-targets.patch
similarity index 100%
rename from patches/openssl-3.5.3/0001-debian-targets.patch
rename to patches/openssl-3.5.4/0001-debian-targets.patch
diff --git a/patches/openssl-3.5.3/0002-pic.patch b/patches/openssl-3.5.4/0002-pic.patch
similarity index 100%
rename from patches/openssl-3.5.3/0002-pic.patch
rename to patches/openssl-3.5.4/0002-pic.patch
diff --git a/patches/openssl-3.5.3/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.5.4/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch
similarity index 100%
rename from patches/openssl-3.5.3/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch
rename to patches/openssl-3.5.4/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch
diff --git a/patches/openssl-3.5.3/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.5.4/0004-conf-Serialize-allocation-free-of-ssl_names.patch
similarity index 100%
rename from patches/openssl-3.5.3/0004-conf-Serialize-allocation-free-of-ssl_names.patch
rename to patches/openssl-3.5.4/0004-conf-Serialize-allocation-free-of-ssl_names.patch
diff --git a/patches/openssl-3.5.3/series b/patches/openssl-3.5.4/series
similarity index 100%
rename from patches/openssl-3.5.3/series
rename to patches/openssl-3.5.4/series
diff --git a/rules/openssl.make b/rules/openssl.make
index 0a46f5048..239a2436e 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
 #
 # Paths and names
 #
-OPENSSL_VERSION		:= 3.5.3
-OPENSSL_MD5		:= 0ec20faeb96bbb203c8684cc7fe4432e
+OPENSSL_VERSION		:= 3.5.4
+OPENSSL_MD5		:= 570a7ab371147b6ba72c6d0fed93131f
 OPENSSL			:= openssl-$(OPENSSL_VERSION)
 OPENSSL_SUFFIX		:= tar.gz
 OPENSSL_URL		:= \
-- 
2.43.0