diff mbox series

openssl: Update to version 3.6.2

Message ID 20260424164300.3505717-4-adolf.belka@ipfire.org
State New
Headers
Series openssl: Update to version 3.6.2 |

Commit Message

Adolf Belka 24 Apr 2026, 4:42 p.m. UTC 
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- This looks to be the last release in the 3.x branch as 4.0.0 has been released.
   This patch updates that last 3.x branch version as it is a security release with
   eight CVE fixes in it.
   Also with the major change from 3.x to 4.x we will need to ensure that there are no
   issues for IPFire. I will do a separate build for 4.0.0 and test it before submitting
   that patch for consideration for 203 or 204
- Changelog
    3.6.2
	Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
	 (CVE-2026-31790)
	Fixed loss of key agreement group tuple structure when the DEFAULT keyword
	 is used in the server-side configuration of the key-agreement group list.
	 (CVE-2026-2673)
	Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
	 (CVE-2026-28386)
	Fixed potential use-after-free in DANE client code.
	 (CVE-2026-28387)
	Fixed NULL pointer dereference when processing a delta CRL.
	 (CVE-2026-28388)
	Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
	 (CVE-2026-28389)
	Fixed possible NULL dereference when processing CMS KeyTransportRecipientInfo.
	 (CVE-2026-28390)
	Fixed heap buffer overflow in hexadecimal conversion.
	 (CVE-2026-31789)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/openssl | 3 +++
 lfs/openssl                     | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 98d8c211b..bbdfd8cab 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -848,6 +848,7 @@  usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/UI_UTIL_read_pw.html
 #usr/share/doc/openssl/html/man3/UI_create_method.html
 #usr/share/doc/openssl/html/man3/UI_new.html
+#usr/share/doc/openssl/html/man3/X509V3_EXT_print.html
 #usr/share/doc/openssl/html/man3/X509V3_get_d2i.html
 #usr/share/doc/openssl/html/man3/X509V3_set_ctx.html
 #usr/share/doc/openssl/html/man3/X509_ACERT_add1_attr.html
@@ -6226,6 +6227,8 @@  usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/USERNOTICE_new.3ossl
 #usr/share/man/man3/X509V3_EXT_d2i.3ossl
 #usr/share/man/man3/X509V3_EXT_i2d.3ossl
+#usr/share/man/man3/X509V3_EXT_print.3ossl
+#usr/share/man/man3/X509V3_EXT_print_fp.3ossl
 #usr/share/man/man3/X509V3_add1_i2d.3ossl
 #usr/share/man/man3/X509V3_get_d2i.3ossl
 #usr/share/man/man3/X509V3_set_ctx.3ossl
diff --git a/lfs/openssl b/lfs/openssl
index 588fe3619..a91e16700 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 3.6.1
+VER        = 3.6.2
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = da949967d40ca9e17baf1bedded5080e37bce2dfc187f2a46f80ec01e708f9d550d055ef8557812135c4a1081b8f3477c5d4dbe46e0f39a9b696a7dbdc6b769a
+$(DL_FILE)_BLAKE2 = 21a23c53d16e9fbfb4c6d606d6056e7bb72e15c964c43a7f02837d805584bc34917fb2527cbc7fa75de63f3b5f840c693e7b43ac95e4bf9c10dce27f130bf69f
 
 install : $(TARGET)