From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 13 Apr 2026 09:12:43 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCBTP-00BdPv-0P for lore@lore.pengutronix.de; Mon, 13 Apr 2026 09:12:43 +0200 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wCBTO-0002US-SB; Mon, 13 Apr 2026 09:12:42 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1wCBT1-0001Jr-WC; Mon, 13 Apr 2026 09:12:20 +0200 Received: from dude05.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::54]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCBT1-0057ye-2a; Mon, 13 Apr 2026 09:12:19 +0200 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.98.2) (envelope-from ) id 1wCBT1-00000001R6w-39QD; Mon, 13 Apr 2026 09:12:19 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Mon, 13 Apr 2026 09:12:19 +0200 Message-ID: <20260413071219.342535-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260409174443.2219927-1-christian.melki@t2data.com> References: <20260409174443.2219927-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] openssl: Version bump. 3.5.5 -> 3.5.6 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Christian Melki Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as c60783706fe86924d1a568b04a81b64d8c8ff9b7. Michael [sent from post-receive hook] On Mon, 13 Apr 2026 09:12:19 +0200, Christian Melki wrote: > Security update. > https://github.com/openssl/openssl/releases/tag/openssl-3.5.6 > > Plugs CVEs: > CVE-2026-31790: Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. > CVE-2026-2673: Fixed loss of key agreement group tuple structure when the DEFAULT keyword > is used in the server-side configuration of the key-agreement group list. > CVE-2026-28387: Fixed potential use-after-free in DANE client code. > CVE-2026-28388: Fixed NULL pointer dereference when processing a delta CRL. > CVE-2026-28389: Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. > CVE-2026-28390: Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. > CVE-2026-31789: Fixed heap buffer overflow in hexadecimal conversion. > > * Forward patchset, applies cleanly. > > Signed-off-by: Christian Melki > Message-Id: <20260409174443.2219927-1-christian.melki@t2data.com> > Signed-off-by: Michael Olbrich > > diff --git a/patches/openssl-3.5.5/0001-debian-targets.patch b/patches/openssl-3.5.6/0001-debian-targets.patch > similarity index 100% > rename from patches/openssl-3.5.5/0001-debian-targets.patch > rename to patches/openssl-3.5.6/0001-debian-targets.patch > diff --git a/patches/openssl-3.5.5/0002-pic.patch b/patches/openssl-3.5.6/0002-pic.patch > similarity index 100% > rename from patches/openssl-3.5.5/0002-pic.patch > rename to patches/openssl-3.5.6/0002-pic.patch > diff --git a/patches/openssl-3.5.5/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.5.6/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > similarity index 100% > rename from patches/openssl-3.5.5/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > rename to patches/openssl-3.5.6/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > diff --git a/patches/openssl-3.5.5/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.5.6/0004-conf-Serialize-allocation-free-of-ssl_names.patch > similarity index 100% > rename from patches/openssl-3.5.5/0004-conf-Serialize-allocation-free-of-ssl_names.patch > rename to patches/openssl-3.5.6/0004-conf-Serialize-allocation-free-of-ssl_names.patch > diff --git a/patches/openssl-3.5.5/series b/patches/openssl-3.5.6/series > similarity index 100% > rename from patches/openssl-3.5.5/series > rename to patches/openssl-3.5.6/series > diff --git a/rules/openssl.make b/rules/openssl.make > index 988ff36e6188..865f2c2b77ec 100644 > --- a/rules/openssl.make > +++ b/rules/openssl.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl > # > # Paths and names > # > -OPENSSL_VERSION := 3.5.5 > -OPENSSL_MD5 := 9c86d929c3d1067e2c88239d7d1ce81b > +OPENSSL_VERSION := 3.5.6 > +OPENSSL_MD5 := 1bb3506c580865a0a464e09288ac157e > OPENSSL := openssl-$(OPENSSL_VERSION) > OPENSSL_SUFFIX := tar.gz > OPENSSL_URL := \