git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Peter Marko <peter.marko@siemens.com>
	Mon, 6 Oct 2025 09:36:41 +0000 (11:36 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 13 Oct 2025 16:47:21 +0000 (09:47 -0700)
commit	ef6bbf39c10ff7bd8ad36d5d2f59ddd0756e0141
tree	a5db468a83517123d02ac54854d357cecf1fc1f9	tree \| snapshot
parent	2f69dceeebbb67ce06ceda8782a60a71a0ed7f22	commit \| diff

openssl: upgrade 3.2.4 -> 3.2.6

3.2.6 has fixed 3.2.5 regression which broke python3 ptests so we can
upgrade now. We can also drop CVE-2025-27587 patch which was taken
instead of 3.2.5 upgrade under:
https://github.com/openssl/openssl/pull/28198

Release information:
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3017-and-openssl-3018-30-sep-2025

OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231)
* Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

Release information:
https://github.com/openssl/openssl/blob/openssl-3.2/NEWS.md#major-changes-between-openssl-324-and-openssl-325-1-jul-2025

OpenSSL 3.2.5 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Miscellaneous minor bug fixes.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch	[deleted file]	blob \| blame \| history
meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch	[deleted file]	blob \| blame \| history
meta/recipes-connectivity/openssl/openssl_3.2.6.bb	[moved from meta/recipes-connectivity/openssl/openssl_3.2.4.bb with 98% similarity]	diff \| blob \| blame \| history