feat: update openssl to 3.5.6-1~deb13u1

[deepin-community-bot]

This pull request is requested by @UTsweetyfish.

Basic Information

Old Version: 3.2.4-0deepin7
New Version: 3.5.6-1~deb13u1
Old version may contain dde / deepin patches. Please review more precisely.

Potential transition

• libssl3 is not present in the new package.

64-bit time_t transition

Caution

DCBot assumes this package is already gone through 64-bit time_t transition.

Patch series

--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,34 +4,4 @@
 pic.patch
 c_rehash-compat.patch
 Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
-Remove-the-provider-section.patch
 conf-Serialize-allocation-free-of-ssl_names.patch
-Always-call-OPENSSL_cleanup-prior-to-exit.patch
-Add-support-for-Zhaoxin-SM2-3-4-instruction.patch
-deepin-sw64-support.patch
-1000-Support-TLCP-and-GM-T-0024-2014.patch
-bugfix-ZHAOXIN-GM-certificate-verify-error.patch
-kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch
-SM2-Use-constant-time-modular-inversion.patch
-use_proxy-Add-missing-terminating-NUL-byte.patch
-Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch
-Some-comments-to-clarify-functions-usage.patch
-Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch
-ossl_quic_get_cipher_by_char-Add-a-NULL-guard-before-dere.patch
-Check-the-received-uncompressed-certificate-length-to-pre.patch
-Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch
-Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch
-Check-return-code-of-UTF8_putc.patch
-Verify-ASN1-object-s-types-before-attempting-to-access-th.patch
-PKCS12_item_decrypt_d2i_ex-Check-oct-argument-for-NULL.patch
-Ensure-ASN1-types-are-checked-before-use.patch
-dane_match_cert-should-X509_free-on-mcert-instead-of-OPEN.patch
-Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch
-Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch
-Fix-NULL-deref-in-rsa_cms_decrypt.patch
-Add-test-for-CMS-decryption-with-RSA-keys.patch
-Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch
-Added-test-for-CVE-2026-28388.patch
-Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch
-rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch
-rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch

[deepin-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zeno-sole for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment