From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 09 Apr 2026 19:45:09 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wAtRF-00AMx9-2k for lore@lore.pengutronix.de; Thu, 09 Apr 2026 19:45:09 +0200 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wAtRF-00084m-MX; Thu, 09 Apr 2026 19:45:09 +0200 Received: from mail-francecentralazon11023121.outbound.protection.outlook.com ([40.107.162.121] helo=PA4PR04CU001.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1wAtQx-000849-Tk for ptxdist@pengutronix.de; Thu, 09 Apr 2026 19:44:53 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HkMUvaR117jTV6hif1/wvQUQkfdD1I/2gzQKH+Bj+v2O08r1XHIJzyvwcgTc49bwSs0Pl5wL8NcmYQzet6owG2NUN3rZvAVHBEY22HoVbP21pPe5AdZ56LqZyFa1/c72yKT7rPHR44PeSWOSDSxeYZ7JKPpLX0ngcYnqTTv/LEXOkBQKgkNhFfSG2VSKebz0XhgEA/Y51EweHIPRm2XxO6F8XSrzKzdnGwe3bhDl/2j7FuOHRR4Vkz4XCh9QTTfyTldM8Bhka4K3WLeRxq5ZfIFYSPJcMN9Rwog7xY6cfb8niWuACW9e46/xkbZHLZSUm7Sua0S9TzzQ6xmWBR2Hkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FORv6pcBxBcUFVGvdtR5fX5LhcjFZRyojSblusqgwsI=; b=Swv2nzei2s6oiy2rv4dSOWEiTm7NdyuqqPkcW/PwbLZEAfs1a2VEFi89ERQWZH9RgjYMnCPSJUFiP/23DaNQZe1KLGmhydlE6R24KJYpsG9Ex7WqvNPVfqrD3vfx3XEMdSnQEPh8IGaLZDtJ7TwkwXJQFUACcKQRef0l2OWWNwo1SHn/unaZfFc5pB2KI2Nf13vRa/8tRw9JRotkZNfG+Hhsv60xc9HLL1pFco1v+tfw85xLkf2hEmQPy1m9lMgF2bkamtWjQ3JoSWHxXCR2u66bvMkLedfALtMtV7BfvVaFbrMxjjzZq/Ks0pGbjAK5rirglletUFgUZFLHDCtkIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FORv6pcBxBcUFVGvdtR5fX5LhcjFZRyojSblusqgwsI=; b=QzBxIvZ0T5G8MAyZaPmybHqo/G7ei5Htpj6SgkA0qY3m5udmRptuurEV4bX0tlz338QoOCsnAyfJV+Yx3Iash0ovo2lTOXqR8h42+SiGZvkdMg9+KfNutGeJHXDBpGkiFL8WgRCQ0W0HiZczqi+2O5zQ64fLHWaHPPayu1fiAkE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DU0P251MB0985.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:3e4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.42; Thu, 9 Apr 2026 17:44:49 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%4]) with mapi id 15.20.9769.016; Thu, 9 Apr 2026 17:44:49 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Thu, 9 Apr 2026 19:44:43 +0200 Message-ID: <20260409174443.2219927-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.43.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVZP280CA0002.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:273::13) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DU0P251MB0985:EE_ X-MS-Office365-Filtering-Correlation-Id: 67efe379-232b-4f2a-f6d2-08de965fb285 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|52116014|1800799024|366016|38350700014|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: JRdC6gLgw18QeDtsxvOFtFNTa5S9lda42T5ll4PKeFqTZQGZS+Ug2g9LfBBn4qzPezMLC0pcQbgXI2++EtHAJBnGxVA57drMwLmafyquRSyupo78bgx/2boNLFUNc4lRNzBYIIeOegTOJkKe14HoRqiJt86mlpJbnyR1VY8+Ai90ODkejwo9/P+Jw47t5xvTWYKi6t53ntbBCRryjZZcdjXVpwLjCuSEPH7/d5oq9xnQDlEPwQ8zrNH8yGOXzi8jv+5XwBmW/xTgrYMyvDP58PySanj0xxqKcVIQeWdI/5wNZg4QvwuarDk4sf085JJbRq9sy+vOMhgLORYWyegMomcydjlYrLjcpmP/3LvjNqVzf9Dw4pmdk6BmHyCaZWqpazPAtQ2m9sVSZUeRmaNEziNUZvSaB82XAG41+KrkCzVfb+OR6KrWCgcON1nWtgNP12uLjz3NpLF196jP4puP0cUHOo0qdqvmGQhiEsubozE7YUsPGc86xWm2XafW6j2m+2/7KQkAtD2DrvJ8LUTlgjpkpWGVR6aitrRzq50o5UhBuBP3ZpkN5lcZtnyDf0mIDhnrECa/Qhc6H/NtFomKJYjZEikKsGsFCAgasQZgPk8ynlQn3krf4tDF/97A8SCSS+FUXCO2tOBe+dIP4JmeV5izVwOo4tKQb6djznFSmom/PrNXzyksmfvG85X9Dpof+mQTo+bRy6um4RFrk1FVfjXoCp0qvxHZOzuq7dD+JDAxymN5x5uXhbYLh+Faz4k19tRdLMq5QVF1MY8W6LS1wWqwuBIZ86kUHkKJjkQLTKY= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014)(56012099003)(18002099003); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BQCoLlPu85QQebRMuhnnixI/uPmWZuCT9GJCUSWFWpku5gYHIFdnOE8uDZ4v?= =?us-ascii?Q?9jYJzFL/wIQ2bagwUx/Zgk42moaHeR8fySoWwNxE0WLnlsUgrtdjdfVBmpmO?= =?us-ascii?Q?72B3/qAVMaOKF3rpWKHzmFRJx/OyHpq0PWqYJWRp3HLfXJj9P6LG/tusYdo9?= =?us-ascii?Q?v5/AVRzYtcO7MqMDND1GoTWQC6aiQDG6AgxIYj0XaYVl/lAX+Rth1CHzgqNc?= =?us-ascii?Q?0em9eYKHgT9Dx8lAVNJVIXsVHgh2xSMLEZHlZgwBqxp52jO6SUH1pBu7pNo7?= =?us-ascii?Q?gXEB+RJW5tzxHBNRz7UtvT4Gf936eAB1Ex/Vomm0E2RSUGbXZ4cVhtM3OwVD?= =?us-ascii?Q?ZsS4FeBPNwiGLROdNiwoCrVnxTzvU5WOVIKoWnDW/TjV/z3FuF4drUWzJGUX?= =?us-ascii?Q?MPbXiMtX4/DvWIVxCTVuJx4jhW0swpyvH9+w6LRw7aFdmbKcHMLe5l8mPo24?= =?us-ascii?Q?UidMxPD7SdpRDfDUNhUd7JZMhnW+rZbvsqeQ18V80bc71UF6keq3XFPZY4RC?= =?us-ascii?Q?81v5A2waxlO0kCV6X3Dnuo1aUv8nPKhRsFJtl31rUFPVl3Bw7+Dm09B9FTYx?= =?us-ascii?Q?IWv85mc96+IRMecbvx1cHOhOWBhi0OlA312+TIf0nghQWxA7CaOe5Ibtq9YK?= =?us-ascii?Q?IiiogdPcSzh2HrIkCBx4ZHayYBeuFmAshXwv+mGUEsUSy1kEpjmHtskyzX5+?= =?us-ascii?Q?FbYtbV0LlA1BOzLTB9Dx0tMBj9CmvwJQsP2fk1i7aGhGLb/M4DCsWIVK1H9x?= =?us-ascii?Q?moK8hsmvhuhXsQQ1p8kmllgq2PxzRdTj6GJWBNs5ayuWI+LNmx07w2fEzxTB?= =?us-ascii?Q?xZgdIZybOjUyZHYVorWrlI4C4M12Z6XSRikdmFbYUTQnrvftMi+Vdx2eeScC?= =?us-ascii?Q?ILimkHrzRbZMvTx46JeKf49Rz9OC3yPHsTtHR4Tl36mjXgnAVeE1M1iwEfaF?= =?us-ascii?Q?7z+WCj18OYYF2pH72VGouKlTucHZEZ/ZXWeGv3IWASHSwZREsmWioQqyojCo?= =?us-ascii?Q?jMlSx3PMRjUwNNZ87NcyBpaj2WZSZE14hwFMPDz7vftTsJDvkVnKKEWSwIp1?= =?us-ascii?Q?3zJQiRc1wg18qevfiQHUU1xEKRts2ZocOERCp/TWvE5OkKnnazhohlLp1amD?= =?us-ascii?Q?s7P1pXzKrnTAjWxHQWTs1YqlucGyLMoAu5P2xNRdDYmnusxCJauEW2BvXFzM?= =?us-ascii?Q?0B2Df/61TxuuFIiaRAhxYg1UJGDzuAIgTTck41hQRBLkauZPkeJpLCZ0rImT?= =?us-ascii?Q?Vea6sgqsM5iEEs5UwTtlB822+q25Ghq0pdc6IPJbL/IJYphXF5KjjLBcENet?= =?us-ascii?Q?U+7dSFhBSXkYpviVUiHrR7Ax1X023xoxVnQbkXlOp76az3m/1W8SusCl4DdE?= =?us-ascii?Q?pcDleqbqgkb0mtEVtZUgfqR9quekaGAkUc/nxcC/J1L98VpcxLWKQtDQPk5E?= =?us-ascii?Q?e/Q4EL9Cc6ueqdPyjMvnlpjRd7FSwcy4xMxucrieH4p0ik3ZV87D37x8NwCJ?= =?us-ascii?Q?MF9OCnH0c1Y06pbGg69kPkoaafsPIdP2doYe6C8gBmqVHtUlQK98Pk6+4gTl?= =?us-ascii?Q?RlGWr4OLn/0jA3DOY2mgfgjE9Q9vNTv4ATY8H/YD2qFkycH82VkEirvFwziD?= =?us-ascii?Q?amyM/s/JvRIQt/3IwJe6d1deLTgzjwX/+ay9x0hEs7Vql4ux8/Okvs364NIV?= =?us-ascii?Q?nwFs7r85Tt5BMO+ThDjxd/dBvzF4DGzOHk+wLcKbR3kwdOcehF4gw9ccL76W?= =?us-ascii?Q?UA+qx0RAcY6IFDfPTECTIJU5TuXXoYE=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 67efe379-232b-4f2a-f6d2-08de965fb285 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Apr 2026 17:44:49.7133 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vnETe4dahtFl0mrMwsXL9/BK2SUl8hmRgMvq/sWW+DhPYrKgdIwWspDHPm1UBfj/13myPGoyZT9+rQiz3bSldxMFAyPMhbemyMSTLP2HhSA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P251MB0985 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] openssl: Version bump. 3.5.5 -> 3.5.6 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Security update. https://github.com/openssl/openssl/releases/tag/openssl-3.5.6 Plugs CVEs: CVE-2026-31790: Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. CVE-2026-2673: Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in the server-side configuration of the key-agreement group list. CVE-2026-28387: Fixed potential use-after-free in DANE client code. CVE-2026-28388: Fixed NULL pointer dereference when processing a delta CRL. CVE-2026-28389: Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. CVE-2026-28390: Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. CVE-2026-31789: Fixed heap buffer overflow in hexadecimal conversion. * Forward patchset, applies cleanly. Signed-off-by: Christian Melki --- .../0001-debian-targets.patch | 0 patches/{openssl-3.5.5 => openssl-3.5.6}/0002-pic.patch | 0 ...Configure-allow-to-enable-ktls-if-target-does-not-st.patch | 0 .../0004-conf-Serialize-allocation-free-of-ssl_names.patch | 0 patches/{openssl-3.5.5 => openssl-3.5.6}/series | 0 rules/openssl.make | 4 ++-- 6 files changed, 2 insertions(+), 2 deletions(-) rename patches/{openssl-3.5.5 => openssl-3.5.6}/0001-debian-targets.patch (100%) rename patches/{openssl-3.5.5 => openssl-3.5.6}/0002-pic.patch (100%) rename patches/{openssl-3.5.5 => openssl-3.5.6}/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch (100%) rename patches/{openssl-3.5.5 => openssl-3.5.6}/0004-conf-Serialize-allocation-free-of-ssl_names.patch (100%) rename patches/{openssl-3.5.5 => openssl-3.5.6}/series (100%) diff --git a/patches/openssl-3.5.5/0001-debian-targets.patch b/patches/openssl-3.5.6/0001-debian-targets.patch similarity index 100% rename from patches/openssl-3.5.5/0001-debian-targets.patch rename to patches/openssl-3.5.6/0001-debian-targets.patch diff --git a/patches/openssl-3.5.5/0002-pic.patch b/patches/openssl-3.5.6/0002-pic.patch similarity index 100% rename from patches/openssl-3.5.5/0002-pic.patch rename to patches/openssl-3.5.6/0002-pic.patch diff --git a/patches/openssl-3.5.5/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.5.6/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch similarity index 100% rename from patches/openssl-3.5.5/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch rename to patches/openssl-3.5.6/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch diff --git a/patches/openssl-3.5.5/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.5.6/0004-conf-Serialize-allocation-free-of-ssl_names.patch similarity index 100% rename from patches/openssl-3.5.5/0004-conf-Serialize-allocation-free-of-ssl_names.patch rename to patches/openssl-3.5.6/0004-conf-Serialize-allocation-free-of-ssl_names.patch diff --git a/patches/openssl-3.5.5/series b/patches/openssl-3.5.6/series similarity index 100% rename from patches/openssl-3.5.5/series rename to patches/openssl-3.5.6/series diff --git a/rules/openssl.make b/rules/openssl.make index 988ff36e6..865f2c2b7 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 3.5.5 -OPENSSL_MD5 := 9c86d929c3d1067e2c88239d7d1ce81b +OPENSSL_VERSION := 3.5.6 +OPENSSL_MD5 := 1bb3506c580865a0a464e09288ac157e OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := \ -- 2.43.0