From ef58892c7f7ddc4482838c672fbb1714f5796df4 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Wed, 8 Apr 2026 07:57:30 +0200 Subject: [PATCH] openssl: upgrade 3.5.5 -> 3.5.6 Release information [1]: OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this release is Medium. This release incorporates the following bug fixes and mitigations: * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. (CVE-2026-31790) * Fixed loss of key agreement group tuple structure when the DEFAULT keyword is used in the server-side configuration of the key-agreement group list. (CVE-2026-2673) * Fixed potential use-after-free in DANE client code. (CVE-2026-28387) * Fixed NULL pointer dereference when processing a delta CRL. (CVE-2026-28388) * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. (CVE-2026-28389) * Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo. (CVE-2026-28390) * Fixed heap buffer overflow in hexadecimal conversion. (CVE-2026-31789) [1] https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-355-and-openssl-356-7-apr-2026 (From OE-Core rev: a8cf6e078aa7967dde5f950e3e6f9b212b748dcf) Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit fc25ce383ddcb1185c193ff2b10f9116741eb316) Signed-off-by: Yoann Congal Signed-off-by: Paul Barker --- ...1-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | 2 +- .../openssl/{openssl_3.5.5.bb => openssl_3.5.6.bb} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-connectivity/openssl/{openssl_3.5.5.bb => openssl_3.5.6.bb} (99%) diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index dadc034c91..bfbfedbd67 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch @@ -38,7 +38,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm index 09303c4..011bda1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -513,13 +513,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), +@@ -514,13 +514,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb b/meta/recipes-connectivity/openssl/openssl_3.5.6.bb similarity index 99% rename from meta/recipes-connectivity/openssl/openssl_3.5.5.bb rename to meta/recipes-connectivity/openssl/openssl_3.5.6.bb index 1321adda92..3bf78eff5c 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.5.5.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.6.bb @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89" +SRC_URI[sha256sum] = "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736" inherit lib_package multilib_header multilib_script ptest perlnative manpages MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"