{"id":2221378,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2221378/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260409-openssl-3-5-6-v1-1-3ced4c3e7b73@cherry.de/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.2/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260409-openssl-3-5-6-v1-1-3ced4c3e7b73@cherry.de>","list_archive_url":null,"date":"2026-04-09T10:36:27","name":"[2025.02.x] package/libopenssl: security bump to version 3.5.6","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"25d3055ea65b34bf89cd3670fa023ea18d3bb883","submitter":{"id":83602,"url":"http://patchwork.ozlabs.org/api/1.2/people/83602/?format=json","name":"Quentin Schulz","email":"foss+buildroot@0leil.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260409-openssl-3-5-6-v1-1-3ced4c3e7b73@cherry.de/mbox/","series":[{"id":499271,"url":"http://patchwork.ozlabs.org/api/1.2/series/499271/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=499271","date":"2026-04-09T10:36:27","name":"[2025.02.x] package/libopenssl: security bump to version 3.5.6","version":1,"mbox":"http://patchwork.ozlabs.org/series/499271/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2221378/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2221378/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=AAmut33T;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frxFH5snpz1yD3\n\tfor ;\n Thu, 09 Apr 2026 20:36:51 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 44C5A8299D;\n\tThu, 9 Apr 2026 10:36:50 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id rkWsm-Is-6xG; Thu, 9 Apr 2026 10:36:49 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 55D4C829A9;\n\tThu, 9 Apr 2026 10:36:49 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id 01B781F6\n for ; Thu, 9 Apr 2026 10:36:48 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id DAAD660891\n for ; Thu, 9 Apr 2026 10:36:47 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id BLCApscHGVWi for ;\n Thu, 9 Apr 2026 10:36:46 +0000 (UTC)","from smtp-bc0b.mail.infomaniak.ch (smtp-bc0b.mail.infomaniak.ch\n [IPv6:2001:1600:7:10::bc0b])\n by smtp3.osuosl.org (Postfix) with ESMTPS id EDB26607E0\n for ; Thu, 9 Apr 2026 10:36:45 +0000 (UTC)","from smtp-4-0001.mail.infomaniak.ch (smtp-4-0001.mail.infomaniak.ch\n [10.7.10.108])\n by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4frxF55fjCz676;\n Thu, 9 Apr 2026 12:36:41 +0200 (CEST)","from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA\n id 4frxF51nQsz8Fs; Thu, 9 Apr 2026 12:36:41 +0200 (CEST)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org 55D4C829A9","OpenDKIM Filter v2.11.0 smtp3.osuosl.org EDB26607E0"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1775731009;\n\tbh=lIqvHj2/GmCUVkpY/+6KCTfNUy9GbMChPxk0ndDFhQs=;\n\th=Date:To:Cc:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From:Reply-To:From;\n\tb=AAmut33T+0rL7hFAO4y3Hp4SnzASgqC5OjSY85QlZsyc66XcU2Oz0Onks0GkIlw+v\n\t MG7552qo13ns5uXvckoGP3evWra1N+nyd8fmf0GQ5U+/1HkQhiayZrNAv9zHqcS8wv\n\t zwps4JI+dYBeTRmfUO9KzrONVzYac/WdNCnq90hjSvpi0qcJNOs9h6ws43Ujfx4As+\n\t CWnEDrI3gX5r6NftU/Jncz4r1+ijMq4f6jNW0IetM/lLL5lINam5hGMpK13cVbLBeL\n\t QT/gn2dscwRuw/nfumW0N5ZYGltjRdoUVURRd+V0j2DeBIwqEQ+QN7N5KuxTukr+QT\n\t 2rx7DOIM2H8tQ==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2001:1600:7:10::bc0b;\n helo=smtp-bc0b.mail.infomaniak.ch; envelope-from=foss+buildroot@0leil.net;\n receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org EDB26607E0","Date":"Thu, 09 Apr 2026 12:36:27 +0200","MIME-Version":"1.0","Message-Id":"<20260409-openssl-3-5-6-v1-1-3ced4c3e7b73@cherry.de>","X-B4-Tracking":"v=1; b=H4sIAAAAAAAC/yWMQQqDMBAAvyJ77som1TT0K+Khmm27pUTJqgji3\n xvrcRhmNlBOwgr3YoPEi6gMMYO5FNC/H/HFKCEzWLKOKvI4jBxVv3jFGh0Gb01HJtwce8jNmPg\n p6//XHE1dki1XaE+lc/fhfjp+sO8/HYe6Q3wAAAA=","X-Change-ID":"20260408-openssl-3-5-6-d821b01d76e8","To":"buildroot@buildroot.org","Cc":"Quentin Schulz ","X-Mailer":"b4 0.15-dev-47773","X-Infomaniak-Routing":"alpha","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=0leil.net; s=20231125; t=1775731001;\n bh=bvXdZxc2fRoZycQhqJ+qdprZnsKKknxImoaQqaDhdhc=;\n h=From:Date:Subject:To:Cc:From;\n b=aRbGZlAyjmFOzU0geNh5gqHsjLjqwghfASqU2Y5xxHaC/LMyl5/1E3IeXITOSSqNp\n FhTKtroz7APjs6/tEryagGvTdxYF+qKCupX2Ucr6iLnFzSAjMuxcQIkQUTgOmcFzRl\n s1bwX5bFwO+3ySi6WG7D7SdpVtHpQ4fii+l5ohqxG0CPQaDrGsg3WQCWqK2CRp0NC5\n tW8uKGvKeEYAeRomHzRvDWSEb3JzkVs4oJ6EbXUNrmWLwen+cRt1sGLv6e8JNL2jhg\n vi0PBaXrAL75hJdm0zX0q1eST6UkdYt7FCXCoM3D7rhd4TY/JTNDKNyv5yf5p5nAvU\n VtI5D47TjCycQ==","X-Mailman-Original-Authentication-Results":["smtp3.osuosl.org;\n dmarc=pass (p=reject dis=none)\n header.from=0leil.net","smtp3.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=0leil.net header.i=@0leil.net header.a=rsa-sha256\n header.s=20231125 header.b=aRbGZlAy"],"Subject":"[Buildroot] [PATCH 2025.02.x] package/libopenssl: security bump to\n version 3.5.6","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","From":"Quentin Schulz via buildroot ","Reply-To":"Quentin Schulz ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" "},"content":"From: Quentin Schulz \n\nfixes CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469,\nCVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419,\nCVE-2025-69420, CVE-2025-69421, CVE-2026-22795 and CVE-2026-22796, see\nhttps://github.com/openssl/openssl/releases/tag/openssl-3.5.5\n\nfixes CVE-2026-31790, CVE-2026-2673, CVE-2026-28387, CVE-2026-28388,\nCVE-2026-28389, CVE-2026-28390, CVE-2026-31789, see\nhttps://github.com/openssl/openssl/releases/tag/openssl-3.5.6\n\nSigned-off-by: Quentin Schulz \n---\nThis depends on all 4 patches from\nhttps://lore.kernel.org/buildroot/20260319124247.2973165-1-jimmy.wesolowski@mobileye.com/\n\nThis is 2025.02.x specific because the only other maintained releases\nhave updated to 3.6.x already.\n---\n .../0001-Reproducible-build-do-not-leak-compiler-path.patch | 4 ++--\n .../0004-Serialize-install-process-to-avoid-multiple-make-dep.patch | 4 ++--\n package/libopenssl/libopenssl.hash | 4 ++--\n package/libopenssl/libopenssl.mk | 2 +-\n 4 files changed, 7 insertions(+), 7 deletions(-)\n\n\n---\nbase-commit: 6b12d67f57b358fb3e37fd5fb5bf80d99963bd35\nchange-id: 20260408-openssl-3-5-6-d821b01d76e8\n\nBest regards,\n-- \nQuentin Schulz ","diff":"diff --git a/package/libopenssl/0001-Reproducible-build-do-not-leak-compiler-path.patch b/package/libopenssl/0001-Reproducible-build-do-not-leak-compiler-path.patch\nindex 9353c1ae90..d283d8b329 100644\n--- a/package/libopenssl/0001-Reproducible-build-do-not-leak-compiler-path.patch\n+++ b/package/libopenssl/0001-Reproducible-build-do-not-leak-compiler-path.patch\n@@ -12,10 +12,10 @@ Signed-off-by: Peter Seiderer \n 1 file changed, 1 insertion(+), 1 deletion(-)\n \n diff --git a/crypto/build.info b/crypto/build.info\n-index 2c619c6..49ca6ab 100644\n+index aee5c46766..84d94aa623 100644\n --- a/crypto/build.info\n +++ b/crypto/build.info\n-@@ -115,7 +115,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \\\n+@@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF\n \n DEPEND[info.o]=buildinf.h\n DEPEND[cversion.o]=buildinf.h\ndiff --git a/package/libopenssl/0004-Serialize-install-process-to-avoid-multiple-make-dep.patch b/package/libopenssl/0004-Serialize-install-process-to-avoid-multiple-make-dep.patch\nindex 344b8d07b7..176375c000 100644\n--- a/package/libopenssl/0004-Serialize-install-process-to-avoid-multiple-make-dep.patch\n+++ b/package/libopenssl/0004-Serialize-install-process-to-avoid-multiple-make-dep.patch\n@@ -23,10 +23,10 @@ Signed-off-by: Peter Korsgaard \n 1 file changed, 5 insertions(+), 1 deletion(-)\n \n diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl\n-index e85763ccf8..b671723813 100644\n+index 5bf397eba0..806084ac0c 100644\n --- a/Configurations/unix-Makefile.tmpl\n +++ b/Configurations/unix-Makefile.tmpl\n-@@ -661,7 +661,11 @@ depend: Makefile\n+@@ -662,7 +662,11 @@ depend: Makefile\n # Install helper targets #############################################\n ##@ Installation\n \ndiff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash\nindex e78b664aa5..781701532d 100644\n--- a/package/libopenssl/libopenssl.hash\n+++ b/package/libopenssl/libopenssl.hash\n@@ -1,5 +1,5 @@\n-# From https://github.com/openssl/openssl/releases/download/openssl-3.5.4/openssl-3.5.4.tar.gz.sha256\n-sha256 967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 openssl-3.5.4.tar.gz\n+# From https://github.com/openssl/openssl/releases/download/openssl-3.5.6/openssl-3.5.6.tar.gz.sha256\n+sha256 deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736 openssl-3.5.6.tar.gz\n \n # License files\n sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt\ndiff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk\nindex 2f844fd44a..837c3f0346 100644\n--- a/package/libopenssl/libopenssl.mk\n+++ b/package/libopenssl/libopenssl.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-LIBOPENSSL_VERSION = 3.5.4\n+LIBOPENSSL_VERSION = 3.5.6\n LIBOPENSSL_SITE = https://github.com/openssl/openssl/releases/download/openssl-$(LIBOPENSSL_VERSION)\n LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz\n LIBOPENSSL_LICENSE = Apache-2.0\n","prefixes":["2025.02.x"]}