openssl (3.5.5-ok4) huanghe; urgency=medium

  * Fix CVE-2026-28387, dane_match_cert() should X509_free() on ->mcert
    instead of OPENSSL_free().
  * Fix CVE-2026-31789, avoid possible buffer overflow in buf2hex conversion

 -- songjuntao <songjuntao@kylinos.cn>  Sat, 09 May 2026 10:20:37 +0800

openssl (3.5.5-ok3) huanghe; urgency=medium

  * Fix CVE-2026-2673, openssl tls1.3 server may fail to negoticate the
    expected preferred key exchange group.

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 08 May 2026 16:41:48 +0800

openssl (3.5.5-ok2) huanghe; urgency=medium

  * set DEB_BUILD_OPTIONS to nocheck for riscv64 platform

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 17 Apr 2026 11:13:49 +0800

openssl (3.5.5-ok1) huanghe; urgency=medium

  * rebuild source for openkylin

 -- songjuntao <songjuntao@kylinos.cn>  Fri, 03 Apr 2026 18:07:02 +0800
