Accepting request 1293101 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/1293101
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/s2n?expand=0&rev=27

s2n.changes

@@ -1,3 +1,486 @@
+-------------------------------------------------------------------
+Fri Jul 11 10:59:37 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.22
+  * chore(ci): add a cargo timing buildspec (#5176)
+  * build(deps): update pprof requirement from 0.14 to 0.15
+    in /bindings/rust/standard (#5334)
+  * refactor(examples): remove connection pool (#5353)
+  * ci: Fix the sslyze test for nix (#5283)
+  * Include application message in Debug impl (#5359)
+  * build: prevent needless rebuild with S2N_INTERN_LIBCRYPTO=ON and Ninja (#5356)
+  * build(deps): bump baptiste0928/cargo-install from 3.3.0 to 3.3.1
+    in /.github/workflows in the all-gha-updates group (#5361)
+  * tests(integv2): fix flaky session resumption test (#5362)
+  * tests(integ): add more debug logging (#5363)
+  * build(deps): bump nixbuild/nix-quick-install-action from 30 to 31
+    in /.github/workflows in the all-gha-updates group (#5366)
+  * build(deps): bump nixbuild/nix-quick-install-action from 31 to 32
+    in /.github/workflows in the all-gha-updates group (#5371)
+  * fix: policy util should ignore deprecated TLS1.2 kems if missing (#5372)
+  * chore: apply clippy and fmt fixes (#5386)
+  * feature: new TLS1.2 + FIPS CRT security policy (#5375)
+
+-------------------------------------------------------------------
+Wed Jul  2 07:39:00 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.21
+  * feat(bindings): expose custom critical extension API (#5337)
+  * tests(integ): fix nondeterministic ocsp test shutdown behavior (#5340)
+  * chore: Bindings release 0.3.20 (#5344)
+  * ci: workaround for nix + gnutls + ubuntu24 issue (#5345)
+  * fix: do not use "digest and sign" for ML-DSA in FIPS mode (#5348)
+
+-------------------------------------------------------------------
+Tue Jun  3 09:17:03 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.20
+  * feat(examples): add key log example (#5314)
+  * build(deps): bump the all-gha-updates group across 1 directory
+    with 3 updates (#5315)
+  * Add CertificateRequest certificate selection callback (#5318)
+  * CertificateRequest Rust bindings (#5331)
+  * chore: bindings release 0.3.20 (#5332)
+  * fix(benches): reuse config for handshakes (#5319)
+  * feat: add custom critical extension support (#5321)
+  * ci: Use official libcrypto verification model repository (#5336)
+  * chore(ci): Pin parking_lot_core, lock_api (#5338)
+
+-------------------------------------------------------------------
+Tue May 27 06:59:27 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.19
+  * Remove unused negotiate_kem function causing build failure (#5316)
+  * chore: Bump nixpkgs version to 24.11 (#5294)
+  * tests: policy snapshot test (#5309)
+  * fix(benches): use session ticket for resumption (#5305)
+  * feature: release ML-DSA support (#5307)
+  * feature: support for ML-DSA handshake signatures (#5303)
+  * tests: turn verbose mode off by default in integ tests (#5286)
+  * Revert "build: add pull requests limit for dependabot" (#5302)
+  * chore: Update Apache test certificates from RSA1024 to RSA2048 (#5285)
+  * feature: add crypto support for mldsa signing (#5272)
+  * refactor: remove conn->client_hello_version (#5278)
+  * build(deps): unpin test-log because of MSRV updates (#5300)
+  * build: add pull requests limit for dependabot (#5299)
+  * chore: bindings release 0.3.19 (#5298)
+  * build(deps): update strum requirement from 0.25 to 0.27
+    in /bindings/rust/standard (#5292)
+  * build(deps): update test-log-macros requirement from =0.2.14
+    to =0.2.17 in /bindings/rust/standard (#5290)
+  * feat: Add `as_ptr()` API for Config (#5274)
+  * tests: reduce integ test flakiness + improve debugability (#5282)
+  * build(deps): update env_logger requirement from 0.10 to 0.11
+    in /bindings/rust/standard (#5296)
+  * build(deps): bump aws-actions/configure-aws-credentials from 4.1.0
+    to 4.2.0 in /.github/workflows in the all-gha-updates group (#5297)
+  * tests: fix flaky test_serialization (#5288)
+  * chore: bump standard MSRV to 1.82.0 (#5295)
+  * chore: Add comments to track dependency requirements (#5287)
+  * tests: improve coverage for s2n_stream_cipher_null (#5268)
+  * build(deps): bump astral-sh/setup-uv from 5 to 6 in /.github/workflows
+    in the all-gha-updates group (#5273)
+  * chore: bindings release 0.3.18 (#5284)
+  * ci: fix expectations when using system default libcrypto (#5279)
+  * ci: handle 429 from yahoo.com network integ test (#5280)
+
+-------------------------------------------------------------------
+Tue May  6 12:44:35 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.18
+  * build: add -Wa,-mbranches-within-32B-boundaries compiler flag (#5267)
+  * build(deps): bump JulienKode/team-labeler-action from 1.3.0 to 2.0.0
+    in /.github/workflows in the all-gha-updates group (#5252)
+  * refactor: remove unused hash methods (#5269)
+  * Add 20250414 security policy (#5253)
+  * feature: add support for configuring (but not yet using) ml-dsa certs (#5263)
+  * tests: add ml-dsa test certs from RFC (#5261)
+  * refactor: cleanup hash to better support multiple implementations (#5258)
+  * chore: bindings release 0.3.17 (#5260)
+  * chore: add new team member (#5259)
+  * ci: add awslcfips to nix jobs (#5205)
+  * chore(ci): revert nix installer pin (#5251)
+
+-------------------------------------------------------------------
+Wed Apr 23 12:43:13 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.17
+  * ci: use correct openssl version for updated AL2023 version (#5255)
+  * ci: pytest generate junit reports (#5235)
+  * feat: Expose `as_ptr()` for external build (#5229)
+  * doc: tainted stuffer reset operation (#5231)
+  * fix: make -fPIC flag private (#5227)
+  * Revert "ci: exclude new setuptools (#5215)" (#5226)
+  * refactor: remove legacy pkey impls (#5241)
+  * chore: bindings release 0.3.16 (#5242)
+  * fix: tainted handshake.io and add large client hello test (#5208)
+  * ci: rebalance integV2 testcases (#5232)
+  * chore: Fix new clippy warning (#5243)
+  * ci: pin nix installer to older version (#5245)
+
+-------------------------------------------------------------------
+Wed Apr  9 09:16:43 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.16
+  * ci: add ruff linting (#5182)
+  * feat(bindings): expose certificate match api (#5220)
+  * refactor: add evp pkey size/encrypt/decrypt methods (#5225)
+  * ci: add openssl-3.0-fips to general batch (#5207)
+  * refactor: implement match the same for all pkeys (#5224)
+  * ci: Fix cppcheck build (#5238)
+  * fix: tighten session ticket lifetime (#5217)
+  * refactor(bindings): use implicit linking for aws-lc (#5218)
+  * docs: fix openssl-3.0-fips provider requirements documentation (#5214)
+  * ci: add openssl-3.0-fips to valgrind (#5211)
+  * chore: bindings release 0.3.15 (#5221)
+  * feat: add s2n_connection_get_key_exchange_group (#5209)
+  * fix: Update README.md to include Rust bindings docs (#5212)
+  * ci: exclude new setuptools (#5215)
+  * Remove PQ TLS 1.2 from all Security Policies (#5194)
+  * chore: binding release 0.3.14 (#5210)
+  * chore: deprecate s2n_set (#5155)
+  * fix: handshake message length integer overflow in s2n_handshake_finish_header (#5206)
+  * ci: add openssl-3.0-fips to asan build properly (#5204)
+  * ci: add libcrypto openssl-3.0-fips to integ tests (#5202)
+
+-------------------------------------------------------------------
+Wed Apr  2 15:14:55 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.15
+  * feature: openssl-3.0-fips support (#5191)
+  * ci: defend against unset version number in awslc installer (#5195)
+  * fix: openssl-3.0-fips should use libcrypto HKDF (#5183)
+  * fix: remove unnecessary RC4 restriction (#5170)
+  * fix: openssl-3.0-fips should use separate private rand (#5184)
+  * ci: move openssl3fips build to existing asan build (#5181)
+  * chore: include Need By Date section in github issue template (#5187)
+  * ci: cleanup awslc-fips versioning (#5156)
+  * chore: bump linting action Ubuntu version (#5186)
+  * build(deps): update aws-lc-rs version to remove paste deps (#5192)
+  * test: fix self-talk pkey offload test for openssl-3.0-fips (#5175)
+  * test: reduce parameter selection (#5161)
+  * chore: add inline noqa suppression (#5159)
+  * ci: make start_codebuild.sh work for forks (#5178)
+  * test(integv2): add partial support for OpenSSL 3.0 provider (#5131)
+  * (docs): Improve PQ docs (#5173)
+  * ci: use ruff --diff instead of --check (#5177)
+  * chore: pin once_cell version to unblock the CI (#5174)
+  * fix(ruff): resolve linting errors detected by Ruff (#5140)
+  * fix: mark chachapoly as unavailable with openssl-3.0-fips (#5168)
+  * tests: fix flaky ja4 test (#5169)
+  * chore: update git blame ignore commit ID (#5164)
+  * style: fix redundant return (#5150)
+  * build(deps): bump nixbuild/nix-quick-install-action from 29 to 30
+    in /.github/workflows in the all-gha-updates group (#5153)
+  * refactor: add libcrypto PRF impl for openssl-3.0-fips (#5158)
+  * chore: binding release 0.3.13 (#5167)
+  * chore(ci): pin symbolic-common (#5166)
+
+-------------------------------------------------------------------
+Fri Mar 14 09:44:47 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.14
+  * tests: try to make s2n_mem_usage_test more useful (#5139)
+  * chore: git-blame-ignore ruff formatting (#5151)
+  * chore(bindings): change in rustup behavior (#5160)
+  * refactor: remove unused prf hmac impls (#5148)
+  * chore(ci): make the awslc fips install script version aware (#5100)
+  * fix: memory leak during STEK rotation (#5146)
+  * refactor: add alternative EVP signing method (#5141)
+  * refactor: cleanup prf header (#5144)
+  * feat(bindings): expose context on cert chain (#5132)
+  * Ruff Formatting and add to CI (#5138)
+  * chore(nix): Add aws-lc-fips 2022/4 (#5109)
+  * test(integv2): fixes to allow test_record_padding to partially run (#5099)
+  * build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap
+    in the all-cargo-updates group across 1 directory (#5087)
+  * tests: use sig schemes as source of truth for valid hash+sig algs (#5129)
+- from version 1.5.13
+  * ci: always set values for command line defines (#5126)
+  * fix: update callback return value (#5136)
+  * refactor: always use EVP hashing (#5121)
+  * ci: add check for third-party-src in disable rand override buildspec (#5137)
+  * feat: add async cert validation support (#5110)
+  * chore: remove unused well-known-endpoints.py (#5127)
+  * fix(bindings): remove mutation behind Arc (#5124)
+  * chore: binding release 0.3.12 (#5128)
+  * refactor: use EVP_MD_fetch() if available (#5116)
+  * feat: Option to disable RAND engine override (#5108)
+  * fix(bindings): make Context borrow immutable (#5071)
+  * build(deps): update rand requirement (#5125)
+  * chore: fix a typo in API comments (#5123)
+  * bindings: unpin openssl crate from a specific patch version (#5120)
+  * refactor: move "s2n_libcrypto_is" methods into s2n_libcrypto.h (#5117)
+  * Add new security policy (20250211) (#5111)
+  * Revert "refactor: remove unused evp support for md5+sha1 (#5106)" (#5118)
+  * ci: add default provider to openssl-3.0-fips (#5114)
+  * fix: don't enable custom random for openssl fips (#5093)
+  * fix: allow b64 decoding using libcrypto for sidechannel resistance (#5103)
+  * refactor: remove unused evp support for md5+sha1 (#5106)
+  * refactor: remove s2n_hmac_is_available (#5104)
+  * build(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0
+    in /.github/workflows in the all-gha-updates group across 1 directory (#5107)
+  * fix(integrationv2): Skip unsupported client auth tests (#5096)
+  * chore: bindings release 0.3.11 (#5098)
+  * chore: ktls buildspec (#5083)
+  * Fixed formatting for debugging statements (#5094)
+  * feat(bindings): add external psk apis (#5061)
+  * test: add minimal openssl-3.0-fips test (#5081)
+- from version 1.5.12
+  * fix(ci): Allow validate_start_codebuild to run on pushes to main (#5080)
+  * fix: don't use DEPENDS with add_custom_command(TARGET) (#5074)
+  * fix: error for uninit psk, check for all-zero psk (#5084)
+  * fix: calculation of session ticket age (#5001)
+  * fix: add support for `S2N_INTERN_LIBCRYPTO` with FetchContent (#5076)
+  * fix(integration): Update PQ integration test expectations (#5082)
+  * ci: fix dependabot, commit & check Cargo.toml (#5065)
+  * docs(s2n-tls-hyper): Add hyper client/server example (#5069)
+  * docs(integv2): add architecture diagram (#5072)
+  * fix(bindings): prevent temp connection free after panic (#5067)
+  * ci: Emit benchmark metrics from scheduled runs (#5064)
+  * ci: change rust-toolchain format to toml (#5070)
+  * Revert "ci: remove openssl-1.0.2-fips builds (#4995)" (#5060)
+  * feat(bench): impl into for base config type (#5056)
+  * refactor: cleanup CBMC proofs after #5048 (#5058)
+  * ci: Adding integ tests back to integv2 (#5054)
+  * refactor: remove openssl-1.0.2-fips 'allow md5' logic (#5048)
+  * ci: pin duvet version (#5057)
+  * build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0
+    in /.github/workflows in the all-gha-updates group (#5053)
+  * chore: fix typos (#5052)
+  * chore: bump osx Openssl to latest (#5041)
+  * chore: bindings release for 0.3.10 (#5046)
+  * fix: initial config should not influence sslv2 (#4987)
+  * ci: add openssl-3.0-fips builds (#5037)
+  * Add Security Policy Deprecation API (#5034)
+  * docs: add C / s2n-tls-sys doc references to s2n-tls docs (#5012)
+  * test: add sslv2 client hello test w/ jvm (#5019)
+  * ci: add timeout for cbmc proof (#5038)
+  * fix(bindings): Specify correct minimum versions (#5028)
+
+-------------------------------------------------------------------
+Mon Feb  3 10:32:39 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.11
+  * fix: add build specs to copyright check (#5025)
+  * chore: run more checks on pushes to main (#4963)
+  * feature: remove openssl-1.0.2-fips fips mode support (#5030)
+  * tests: make integV2 locally runnable (#5029)
+  * chore: improve the dashboard comment query (#5016)
+  * refactor(bin): remove references to FIPS_mode_set (#5026)
+  * ci: improve output of validate_start_codebuild_script (#5031)
+  * chore: remove unused test utils (#5005)
+  * ci: keep start_codebuild.sh up-to-date (#5023)
+  * ci: commit integrationv2 small batch spec (#5020)
+  * fix(bindings/bench): Prevent IO from going out of scope (#5007)
+  * chore: remove unused imports (#5017)
+  * fix: don't prefix empty string when interning (#5015)
+  * Migrate PQ Python code to TLS 1.3 (#4999)
+  * ci: config logging for integration tests (#4751)
+  * ci: add script to help launch stuck codebuild jobs (#5004)
+  * chore(s2n-tls-hyper): Publish s2n-tls-hyper (#5000)
+  * chore: add new team member (#5006)
+  * Migrate PQ Rust code to TLS 1.3 (#4998)
+  * ci: remove S2N_TEST_IN_FIPS_MODE (#4994)
+  * ci: remove openssl-1.0.2-fips builds (#4995)
+  * ci: correctly read environment variable from CodeBuild
+    configuration for scheduled fuzz test (#4990)
+  * fix: add coverage for all ticket formats (#4997)
+  * ci: fix regression test paths (#4996)
+  * ci: run fuzz tests in parallel and generate coverage report (#4960)
+  * chore: move hyper to a newer MSRV (#4983)
+  * chore: remove toidiu from teams.yml (#4985)
+  * feat(s2n-tls-hyper): Allow plain HTTP connections (#4978)
+  * chore(binding): release 0.3.9 (#4982)
+  * refactor(bindings/bench): make harness own IO (#4847)
+  * refactor(s2n-tls-hyper): Add HttpsConnector builder (#4976)
+
+-------------------------------------------------------------------
+Tue Jan  7 10:19:36 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.10
+  * refactor(bench): remove historical benchmarks (#4940)
+  * fix: pem parsing detection of last cert errors (#4908)
+  * docs: specify s2n_blob growable conditions (#4943)
+  * chore(bindings): move tokio examples to dedicated folder (#4954)
+  * chore: fix GHA for merge-queue (#4973)
+  * chore(binding): release 0.3.8 (#4969)
+  * (chore): Installs Nix in AL2023 Buildspec (#4934)
+  * build(deps): bump the all-gha-updates group in /.github/workflows with 5 updates (#4961)
+  * feat(s2n-tls-hyper): Add support for negotiating HTTP/2 (#4924)
+  * tests: allow TLS1.2 with RSA-PSS certs in integ tests (#4949)
+  * ci: update CRT test ubuntu version to ubuntu24 (#4964)
+  * feat(bindings): enable application owned certs (#4937)
+  * ci: batch dependabot updates (#4959)
+  * ci(refactor): deprecate Omnibus (#4953)
+  * build(deps): bump actions/cache from 2.1.4 to 4.1.2 in /.github/workflows (#4928)
+  * build(deps): bump peaceiris/actions-gh-pages from 3 to 4 in /.github/workflows (#4921)
+  * build(deps): bump cross-platform-actions/action from 0.23.0 to 0.26.0 in /.github/workflows (#4951)
+  * build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#4917)
+  * ci: add change directory to third-party-src logic (#4950)
+  * feat: TLS1.2 support for RSA-PSS certificates (#4927)
+  * feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE (#4878)
+  * test(bindings): run unit tests under asan (#4948)
+  * ci(refactor): remove ASAN from Omnibus and GeneralBatch (#4946)
+  * ci(refactor): remove fuzz tests from Omnibus (#4945)
+  * refactor: add a s2n_libcrypto_is_openssl() helper function (#4930)
+  * fix(s2n-tls-hyper): Add proper IPv6 address formatting (#4938)
+  * ci: add openssl-1.0.2-fips to fuzz test (#4942)
+  * ci(refactor): remove Valgrind checks from omnibus and generalBatch (#4913)
+  * fix(bindings): address clippy issues from 1.83 (#4941)
+  * test: pin tests to explicit TLS 1.2/TLS 1.3 policy (#4926)
+  * (chore): Fixes team-label github action (#4935)
+  * chore: add new team member (#4939)
+  * upgrade cmake version to 3.9 (#4933)
+  * ci: add awslc-fips and openssl-1.0.2-fips to valgrind (#4912)
+  * chore(bindings): feature gate network testsa and relax http status assertions (#4907)
+  * chore: Ocsp timeout adjustment (#4866)
+  * build(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2 in /.github/workflows (#4892)
+  * test: expand s2n_record_read testing to both TLS1.3 and TLS1.2 (#4903)
+  * test: pin optional client auth test to a TLS 1.2 policy (#4914)
+  * feat: add alert mappings for certificate errors (#4919)
+  * doc: document generating bindings with prebuilt libs2n (#4872)
+  * ci: Move kTLS test out of GeneralBatch (#4904)
+  * build(deps): bump actions/checkout from 3 to 4 in /.github/workflows (#4888)
+  * test(s2n-tls-hyper): matching on s2n-tls error (#4906)
+  * build(deps): bump nixbuild/nix-quick-install-action from 21 to 29 in /.github/workflows (#4890)
+  * build(deps): bump JulienKode/team-labeler-action from 0.1.1 to 1.3 in /.github/workflows (#4889)
+  * tests: pin tests to a numbered TLS1.2 policy (#4905)
+  * test: remove load system certs functionality for s2n_default_tls13_config (#4897)
+  * doc: add information about s2n-tls software architecture (#4868)
+  * ci: grant dependabot status update permissions (#4898)
+  * ci: fixes for cargo audit (#4895)
+  * test(s2n-tls-hyper): Add localhost http tests (#4838)
+  * test: add rust well-known-endpoint tests (#4884)
+  * chore: bindings release 0.3.7 (#4894)
+  * chore: add a cargo audit action (#4862)
+  * ci: add open fds valgrind check (#4851)
+
+-------------------------------------------------------------------
+Thu Nov 21 11:11:40 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.9
+  * feat: Reworking cleanup behavior (#4871)
+  * chore: broaden use of flaky mark (#4865)
+  * chore: configure dependabot (#4861)
+- from version 1.5.8
+  * fix: fix open AF_INET sockets in s2n_self_talk_ktls_test.c (#4852)
+  * chore: update github PR template (#4885)
+  * feat: add new security policy `20241106` (#4874)
+  * chore: remove unused benchmarks (#4869)
+  * ci: Clean dup source tree for CRT (#4882)
+  * ci: remove www.mozilla.com from well-known to unblock CI (#4880)
+  * fix: move prelude inclusion as PRIVATE (#4876)
+  * build: add s2n_prelude.h to consolidate defines (#4465)
+  * chore: bindings release 0.3.6 (#4867)
+  * doc: fix incorrect README references (#4863)
+  * fix: typo in comment of s2n_self_talk_tls13_test (#4864)
+
+-------------------------------------------------------------------
+Mon Nov  4 14:02:24 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.7
+  * fix: close all /dev/urandom open fds (#4835)
+  * docs: update fips documentation to specify supported libcrypto (#4857)
+  * fix(bindings): correct poll_flush implementation (#4859)
+  * feat: Adds cleanup_final (#4853)
+  * test(bindings): Consolidate test pems (#4858)
+  * chore: bindings release 0.3.5 (#4860)
+  * chore: grant duvet action more permissions (#4854)
+  * (feat): Adds certificate match metrics API (#4844)
+
+-------------------------------------------------------------------
+Thu Oct 24 12:58:26 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to version 1.5.6
+  * chore: Fix failing OIDC workflows; cleanup unused actions (#4848)
+  * chore(GHA): Update duvet arguments (#4850)
+  * chore: remove unused compile definition (#4815)
+  * Add new MLKEM TLS Policies (#4830)
+  * fix: fix opened AF_UNIX sockets that didn't call s2n_io_pair_close (#4833)
+  * bindings: pin openssl crate to 0.10.66 (#4849)
+  * chore: flip 2 GHAs to use short lived creds. (#4839)
+  * fix: fix s2n_io_pair_close_one_end (#4841)
+  * ci: Re-enable asan and ubsan for fuzz tests (#4840)
+  * fix: some open AF_UNIX sockets in forked child processes (#4834)
+  * Update FIPS rules for ML-KEM (#4829)
+  * ci: update ubuntu versions (#4828)
+  * Add initial support for MLKEM768 (without any new Security Policies) (#4816)
+  * chore: Adds print statements to help debug s2n_dynamic_load_test (#4836)
+  * ci: add more libcryptos for fuzz batch & follow cmake idioms (#4795)
+  * feature: bump cert authorities max size to 20kb (#4832)
+  * ci: Add ubuntu24 with a new cmake buildspec (#4824)
+  * Add ML-KEM Feature Probe and Test (#4823)
+  * docs: update stateful resumption doc (#4818)
+  * chore: remove make fuzz and AFL fuzz (#4808)
+- from version 1.5.5
+  * chore: bump awslc(non FIPS) to 1.36.0 (#4821)
+  * chore: bindings release 0.3.4 (#4819)
+  * feat: add s2n_cleanup_thread (#4584)
+  * feat(bindings): add set receive buffering to the rust bindings (#4817)
+- from version 1.5.4
+  * refactor: make s2n_array_len constant (#4801)
+  * feature(bindings): scheduled renegotiation via poll_recv (#4764)
+  * Update PQ code to be generic over EVP_KEM API's (#4810)
+  * refactor(bindings): add general bindings error context (#4811)
+  * ci: adding CTest memcheck to CodeBuild (#4776)
+  * Revert "test: disallow explict use of "default" policy in tests (#4750)" (#4812)
+  * ci: check for s2n_array_len in loop bounds  (#4802)
+  * ci: use clang to build awslc (#4794)
+  * ci: run clippy on all features (#4809)
+  * docs: Update certificate loading documentation (#4790)
+  * test: only build requested unit tests in nix (#4770)
+  * refactor: clean up CMakelists.txt (#4779)
+  * fix: pem parsing should allow single dashes in comments (#4787)
+  * ci: use temporary directory for s2n_head build (#4771)
+  * fix(bindings): handle failures from wipe (#4798)
+  * fix: don't iterate over certs if not validating certs (#4797)
+  * ci: add buildspec file for scheduled fuzzing (#4763)
+  * Al2023 codebuild (#4756)
+  * test: disallow explict use of "default" policy in tests (#4750)
+  * chore: bindings release 0.3.3 (#4791)
+  * docs: clarify pre-TLS1.2 support (#4780)
+  * fix: update ja4 compliance (#4773)
+  * chore(bindings): pin unicode-width (#4785)
+- from version 1.5.3
+  * ci: refactor fuzz buildspec (#4783)
+  * docs(bindings): example for Policy::from_version (#4731)
+  * test: refactor pcap test to use version from rtshark (#4774)
+  * test: use seccomp on handshake test (#4768)
+  * ci: use newer version of libFuzzer (#4762)
+  * test: avoid mutating static configs in tests (#4749)
+  * chore(bindings): release 0.3.2 (#4760)
+  * ci: Emit CloudWatch metrics from rust benchmarks (#4742)
+  * CI: enable fuzz test build with cmake (#4743)
+  * fix: update handling of ja4 alpn edge cases (#4755)
+  * fix(bindings): update cc and unpin jobserver (#4758)
+  * fix: add missing null-checks in s2n_connection.c (#4754)
+- from version 1.5.2
+  * refactor: replace memcmp to s2n_constant_time_equals (#4709)
+  * tests(pcap): fix support for older tshark versions (#4744)
+  * refactor: move s2n_result functions inline (#4739)
+  * refactor: make s2n_stuffer_read_hex match s2n_stuffer_read (#4726)
+  * ci:Al2023 CodeBuild script (#4737)
+  * Update to CBMC 6.2.0 (#4746)
+  * docs: add test readme (#4718)
+  * tests(pcaps): download additional pcaps (#4728)
+  * ci: Add UBSAN test to the sanitizer (#4740)
+  * chore(integrationv2): add license header (#4732)
+  * fix: Cleanup libcrypto errors (#4733)
+  * fix(ci): update CBMC proofs' Makefile.common (#4703)
+  * ci: add separate license check (#4727)
+  * chore: cleanup old docker dev build (#4729)
+  * fix: resolve UBSAN violations in the codebase (#4722)
+  * refactor: minor fixes for common fingerprint code (#4712)
+  * tests: add JA4 pcap tests (#4714)
+  * fix: correct JA4 alpn parsing (#4721)
+  * chore: bump versions of aws-lc and aws-lc-fips (#4716)
+  * fix: Reorder PR and Mainline in Regression Test Runner (#4720)
+  * docs: Add a supported platforms section (#4695)
+  * chore(bindings): release 0.3.1 (#4719)
+  * test: add a harness for session resumption in regression test (#4706)
+  * fix(bindings): ConfigPool should always yield associated connections (#4708)
+
 -------------------------------------------------------------------
 Mon Aug 26 15:23:53 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
 

s2n.spec

@@ -19,7 +19,7 @@
 %define library_version 1.0.0
 %define library_soversion 0unstable
 Name:           s2n
-Version:        1.5.1
+Version:        1.5.22
 Release:        0
 Summary:        AWS implementation of the TLS/SSL protocols
 License:        Apache-2.0

v1.5.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d79710d6ef089097a3b84fc1e5cec2f08d1ec46e93b1d400df59fcfc859e15a3
-size 4885628

v1.5.22.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6903a819d43c1e5457e04ae34f895db97ff3d7bbb7d278fef16bd642178a941e
+size 5044900