From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue, 30 Sep 2025 09:06:25 +0000 (+0200)
Subject: CHANGES.md, NEWS.md: update for 3.5.4
X-Git-Tag: openssl-3.5.4~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=33eed23ca6f682532c4216dd3a7c322db2b1318c;p=thirdparty%2Fopenssl.git

CHANGES.md, NEWS.md: update for 3.5.4

3.5.4 CHANGES.md includes the following:
 * https://github.com/openssl/openssl/pull/28415
 * https://github.com/openssl/openssl/pull/28573
 * https://github.com/openssl/openssl/pull/28603

3.5.4 NEWS.md includes the following:
 * https://github.com/openssl/openssl/pull/28603

Release: Yes
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
---

diff --git a/CHANGES.md b/CHANGES.md
index e6d803ebcad..292bd14d0dc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -77,6 +77,23 @@ OpenSSL 3.5
 
    *Stanislav Fort*
 
+ * The FIPS provider no longer performs a PCT on key import for ECX keys
+   (that was introduced in 3.5.2), following the latest update
+   on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
+
+   *Eugene Syromiatnikov*
+
+ * Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted
+   signatures.
+
+   *Xiao Lou Dong Feng*
+
+ * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
+   builds, as it broke some exiting applications that relied on the previous
+   3.x semantics, as documented in `OpenSSL_version(3)`.
+
+   *Richard Levitte*
+
 ### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]
 
  * Avoided a potential race condition introduced in 3.5.1, where
diff --git a/NEWS.md b/NEWS.md
index 7be303da5d1..795fc78a4ef 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -39,6 +39,10 @@ This release incorporates the following bug fixes and mitigations:
   * Fix Out-of-bounds read in HTTP client no_proxy handling.
     ([CVE-2025-9232])
 
+  * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
+    builds, as it broke some exiting applications that relied on the previous
+    3.x semantics, as documented in `OpenSSL_version(3)`.
+
 ### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]
 
 OpenSSL 3.5.3 is a bug fix release.
@@ -56,6 +60,8 @@ This release incorporates the following bug fixes and mitigations:
 
 OpenSSL 3.5.2 is a bug fix release.
 
+This release incorporates the following bug fixes and mitigations:
+
   * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
 
 ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]