Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-io for openSUSE:Factory checked in at 2025-10-16 17:39:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-io (Old) and /work/SRC/openSUSE:Factory/.aws-c-io.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-io" Thu Oct 16 17:39:14 2025 rev:31 rq:1311663 version:0.23.1 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-io/aws-c-io.changes 2025-10-04 18:53:00.210172488 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-io.new.18484/aws-c-io.changes 2025-10-16 17:40:05.643799586 +0200 @@ -1,0 +2,7 @@ +Mon Oct 13 11:17:00 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.23.1 + * Default to PQ TLS for s2n handlers if TLSv1.3 is negotiated + by @WillChilds-Klein in (#740) + +------------------------------------------------------------------- Old: ---- v0.22.1.tar.gz New: ---- v0.23.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-io.spec ++++++ --- /var/tmp/diff_new_pack.pWbNzv/_old 2025-10-16 17:40:06.299827195 +0200 +++ /var/tmp/diff_new_pack.pWbNzv/_new 2025-10-16 17:40:06.299827195 +0200 @@ -21,7 +21,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-io -Version: 0.22.1 +Version: 0.23.1 Release: 0 Summary: I/O and TLS package AWS SDK for C License: Apache-2.0 ++++++ v0.22.1.tar.gz -> v0.23.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.22.1/CMakeLists.txt new/aws-c-io-0.23.1/CMakeLists.txt --- old/aws-c-io-0.22.1/CMakeLists.txt 2025-09-30 01:14:59.000000000 +0200 +++ new/aws-c-io-0.23.1/CMakeLists.txt 2025-10-02 20:24:25.000000000 +0200 @@ -232,6 +232,16 @@ set (TARGET_DIR "static") endif() +if(${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") + # OpenBSD by defaults links with --execute-only, which is problematic because + # some AWS assembly sources still have references to static data in the .text section + if(NOT BUILD_SHARED_LIBS) + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-execute-only") + else() + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--no-execute-only") + endif() +endif() + install(EXPORT "${PROJECT_NAME}-targets" DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}/${TARGET_DIR}" NAMESPACE AWS:: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.22.1/include/aws/io/tls_channel_handler.h new/aws-c-io-0.23.1/include/aws/io/tls_channel_handler.h --- old/aws-c-io-0.22.1/include/aws/io/tls_channel_handler.h 2025-09-30 01:14:59.000000000 +0200 +++ new/aws-c-io-0.23.1/include/aws/io/tls_channel_handler.h 2025-10-02 20:24:25.000000000 +0200 @@ -51,6 +51,9 @@ */ AWS_IO_TLS_CIPHER_PREF_TLSV1_2_2025_07 = 9, + /* This security policy was the system default before PQ was enabled by default. */ + AWS_IO_TLS_CIPHER_PREF_TLSV1_0_2023_06 = 10, + AWS_IO_TLS_CIPHER_PREF_END_RANGE = 0xFFFF }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.22.1/source/s2n/s2n_tls_channel_handler.c new/aws-c-io-0.23.1/source/s2n/s2n_tls_channel_handler.c --- old/aws-c-io-0.22.1/source/s2n/s2n_tls_channel_handler.c 2025-09-30 01:14:59.000000000 +0200 +++ new/aws-c-io-0.23.1/source/s2n/s2n_tls_channel_handler.c 2025-10-02 20:24:25.000000000 +0200 @@ -264,16 +264,9 @@ bool aws_tls_is_cipher_pref_supported(enum aws_tls_cipher_pref cipher_pref) { switch (cipher_pref) { - case AWS_IO_TLS_CIPHER_PREF_SYSTEM_DEFAULT: - return true; - /* PQ Crypto no-ops on android for now */ -#ifndef ANDROID - case AWS_IO_TLS_CIPHER_PREF_PQ_TLSV1_2_2024_10: - return true; case AWS_IO_TLS_CIPHER_PREF_PQ_DEFAULT: - return true; -#endif - + case AWS_IO_TLS_CIPHER_PREF_PQ_TLSV1_2_2024_10: + case AWS_IO_TLS_CIPHER_PREF_SYSTEM_DEFAULT: case AWS_IO_TLS_CIPHER_PREF_TLSV1_2_2025_07: return true; default: @@ -1519,14 +1512,14 @@ security_policy = "AWS-CRT-SDK-TLSv1.1-2023"; break; case AWS_IO_TLSv1_2: - security_policy = "AWS-CRT-SDK-TLSv1.2-2023"; + security_policy = "AWS-CRT-SDK-TLSv1.2-2025-PQ"; break; case AWS_IO_TLSv1_3: - security_policy = "AWS-CRT-SDK-TLSv1.3-2023"; + security_policy = "AWS-CRT-SDK-TLSv1.3-2025-PQ"; break; case AWS_IO_TLS_VER_SYS_DEFAULTS: default: - security_policy = "AWS-CRT-SDK-TLSv1.0-2023"; + security_policy = "AWS-CRT-SDK-TLSv1.0-2025-PQ"; } } @@ -1537,7 +1530,7 @@ break; case AWS_IO_TLS_CIPHER_PREF_PQ_DEFAULT: /* The specific PQ policy used here may change over time. */ - security_policy = "AWS-CRT-SDK-TLSv1.2-2023-PQ"; + security_policy = "AWS-CRT-SDK-TLSv1.2-2025-PQ"; break; case AWS_IO_TLS_CIPHER_PREF_PQ_TLSV1_2_2024_10: security_policy = "AWS-CRT-SDK-TLSv1.2-2023-PQ"; @@ -1545,6 +1538,9 @@ case AWS_IO_TLS_CIPHER_PREF_TLSV1_2_2025_07: security_policy = "AWS-CRT-SDK-TLSv1.2-2025"; break; + case AWS_IO_TLS_CIPHER_PREF_TLSV1_0_2023_06: + security_policy = "AWS-CRT-SDK-TLSv1.2-2025"; + break; default: AWS_LOGF_ERROR(AWS_LS_IO_TLS, "Unrecognized TLS Cipher Preference: %d", options->cipher_pref); aws_raise_error(AWS_IO_TLS_CIPHER_PREF_UNSUPPORTED);
