Security patch release. https://github.com/openssl/openssl/releases/tag/openssl-3.5.4
Plugs CVEs: CVE-2025-9230: Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9231: Fix Timing side-channel in SM2 algorithm on 64 bit ARM. CVE-2025-9232: Fix Out-of-bounds read in HTTP client no_proxy handling. * Forward patchset. Applies cleanly. Signed-off-by: Christian Melki <[email protected]> --- .../0001-debian-targets.patch | 0 patches/{openssl-3.5.3 => openssl-3.5.4}/0002-pic.patch | 0 ...Configure-allow-to-enable-ktls-if-target-does-not-st.patch | 0 .../0004-conf-Serialize-allocation-free-of-ssl_names.patch | 0 patches/{openssl-3.5.3 => openssl-3.5.4}/series | 0 rules/openssl.make | 4 ++-- 6 files changed, 2 insertions(+), 2 deletions(-) rename patches/{openssl-3.5.3 => openssl-3.5.4}/0001-debian-targets.patch (100%) rename patches/{openssl-3.5.3 => openssl-3.5.4}/0002-pic.patch (100%) rename patches/{openssl-3.5.3 => openssl-3.5.4}/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch (100%) rename patches/{openssl-3.5.3 => openssl-3.5.4}/0004-conf-Serialize-allocation-free-of-ssl_names.patch (100%) rename patches/{openssl-3.5.3 => openssl-3.5.4}/series (100%) diff --git a/patches/openssl-3.5.3/0001-debian-targets.patch b/patches/openssl-3.5.4/0001-debian-targets.patch similarity index 100% rename from patches/openssl-3.5.3/0001-debian-targets.patch rename to patches/openssl-3.5.4/0001-debian-targets.patch diff --git a/patches/openssl-3.5.3/0002-pic.patch b/patches/openssl-3.5.4/0002-pic.patch similarity index 100% rename from patches/openssl-3.5.3/0002-pic.patch rename to patches/openssl-3.5.4/0002-pic.patch diff --git a/patches/openssl-3.5.3/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.5.4/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch similarity index 100% rename from patches/openssl-3.5.3/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch rename to patches/openssl-3.5.4/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch diff --git a/patches/openssl-3.5.3/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.5.4/0004-conf-Serialize-allocation-free-of-ssl_names.patch similarity index 100% rename from patches/openssl-3.5.3/0004-conf-Serialize-allocation-free-of-ssl_names.patch rename to patches/openssl-3.5.4/0004-conf-Serialize-allocation-free-of-ssl_names.patch diff --git a/patches/openssl-3.5.3/series b/patches/openssl-3.5.4/series similarity index 100% rename from patches/openssl-3.5.3/series rename to patches/openssl-3.5.4/series diff --git a/rules/openssl.make b/rules/openssl.make index 0a46f5048..239a2436e 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 3.5.3 -OPENSSL_MD5 := 0ec20faeb96bbb203c8684cc7fe4432e +OPENSSL_VERSION := 3.5.4 +OPENSSL_MD5 := 570a7ab371147b6ba72c6d0fed93131f OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := \ -- 2.43.0
