openssl (3.5.5-ok5) huangge; urgency=medium

  * Fix CVE-2026-28388, fix NULL dereference when delta crl lacks crl number
    extension.
  * Fix CVE-2026-28389, fix NULL deref in [ec]dh_cms_set_shared_info.
  * Fix CVE-2026-28390, fix NULL deref in rsa_cms_decrypt.
  * Fix CVE-2026-31790, rsa_kem: validate RSA_public_encrypt() result in
    RSASVE.

 -- songjuntao <songjuntao@kylinos.cn>  Thu, 14 May 2026 13:50:24 +0800

openssl (3.5.5-ok4) huanghe; urgency=medium

  * Fix CVE-2026-28387, dane_match_cert() should X509_free() on ->mcert
    instead of OPENSSL_free().
  * Fix CVE-2026-31789, avoid possible buffer overflow in buf2hex conversion

 -- songjuntao <songjuntao@kylinos.cn>  Sat, 09 May 2026 10:20:37 +0800

openssl (3.5.5-ok3) huanghe; urgency=medium

  * Fix CVE-2026-2673, openssl tls1.3 server may fail to negoticate the
    expected preferred key exchange group.

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 08 May 2026 16:41:48 +0800

openssl (3.5.5-ok2) huanghe; urgency=medium

  * set DEB_BUILD_OPTIONS to nocheck for riscv64 platform

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 17 Apr 2026 11:13:49 +0800

openssl (3.5.5-ok1) huanghe; urgency=medium

  * rebuild source for openkylin

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 03 Apr 2026 18:07:02 +0800
