On Mon Jun 15, 2026 at 7:36 AM CEST, Naman Jain via lists.openembedded.org wrote: > From: Naman Jain <[email protected]> > > OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed in this > release is High. > This release incorporates the following bug fixes and mitigations: > * Fixed heap use-after-free in PKCS7_verify(). (CVE-2026-45447) > * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. > (CVE-2026-7383) > * Fixed out-of-bounds read in CMS password-based decryption. (CVE-2026-9076) > * Fixed heap buffer over-read in ASN.1 content parsing. (CVE-2026-34180) > * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. > (CVE-2026-34181) > * Fixed CMS AuthEnvelopedData processing may accept forged messages. > (CVE-2026-34182) > * Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler. > (CVE-2026-34183) > * Fixed NULL pointer dereference in QUIC server initial packet handling. > (CVE-2026-42764) > * Fixed AES-OCB IV ignored on EVP_Cipher() path. (CVE-2026-45445) > > [1] https://openssl-library.org/news/secadv/20260609.txt > > Reference: [https://github.com/openssl/openssl/releases/tag/openssl-3.5.7] > > Signed-off-by: AshishKumar Mishra <[email protected]> > Signed-off-by: Naman Jain <[email protected]> > ---
Hello, Looks like this upgrade needs ptest tweaking. See https://lore.kernel.org/all/as8pr10mb5073a4fa9653c5f2a6fc59eafd...@as8pr10mb5073.eurprd10.prod.outlook.com/ Let's wait for the upgrade to merge on master, then, request a backport. Thanks! > .../openssl/{openssl_3.5.6.bb => openssl_3.5.7.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-connectivity/openssl/{openssl_3.5.6.bb => > openssl_3.5.7.bb} (99%) > > diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb > b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb > similarity index 99% > rename from meta/recipes-connectivity/openssl/openssl_3.5.6.bb > rename to meta/recipes-connectivity/openssl/openssl_3.5.7.bb > index 6685654472..6d864e0746 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.5.6.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.5.7.bb > @@ -19,7 +19,7 @@ SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = > "deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736" > +SRC_URI[sha256sum] = > "a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8" > > inherit lib_package multilib_header multilib_script ptest perlnative manpages > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238816): https://lists.openembedded.org/g/openembedded-core/message/238816 Mute This Topic: https://lists.openembedded.org/mt/119811420/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
