From e99ee3ad9c37882e8756291896c61bdec091bfac Mon Sep 17 00:00:00 2001 From: John Audia Date: Thu, 2 Oct 2025 08:24:22 -0400 Subject: [PATCH] openssl: update to 3.5.4 release is Moderate. This release incorporates the following bug fixes and mitigations: Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231) Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3). Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia Link: https://github.com/openwrt/openwrt/pull/20275 Signed-off-by: Hauke Mehrtens --- package/libs/openssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 5ca2a2493b2..06844e2866d 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=3.5.3 +PKG_VERSION:=3.5.4 PKG_RELEASE:=1 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto @@ -21,7 +21,7 @@ PKG_SOURCE_URL:= \ https://www.openssl.org/source/old/$(PKG_BASE)/ \ https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=c9489d2abcf943cdc8329a57092331c598a402938054dc3a22218aea8a8ec3bf +PKG_HASH:=967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE.txt -- 2.47.3