mirror of
https://git.yoctoproject.org/poky
synced 2026-04-30 12:32:12 +02:00
365e8a69d7
Release information: https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-353-and-openssl-354-30-sep-2025 OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this release is Moderate. This release incorporates the following bug fixes and mitigations: * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. (CVE-2025-9231) * Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) * Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release builds, as it broke some exiting applications that relied on the previous 3.x semantics, as documented in OpenSSL_version(3). Release information: https://github.com/openssl/openssl/blob/openssl-3.5/NEWS.md#major-changes-between-openssl-352-and-openssl-353-16-sep-2025 OpenSSL 3.5.3 is a bug fix release. This release incorporates the following bug fixes and mitigations: * Added FIPS 140-3 PCT on DH key generation. * Fixed the synthesised OPENSSL_VERSION_NUMBER. * Removed PCT on key import in the FIPS provider as it is not required by the standard. (From OE-Core rev: 0e2b3c46fdf2e2b3854fa73bda434fdd41da0a3c) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>