Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-io for openSUSE:Factory checked in at 2026-01-17 14:53:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-io (Old) and /work/SRC/openSUSE:Factory/.aws-c-io.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-io" Sat Jan 17 14:53:02 2026 rev:36 rq:1327472 version:0.26.0 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-io/aws-c-io.changes 2026-01-13 21:28:55.901992923 +0100 +++ /work/SRC/openSUSE:Factory/.aws-c-io.new.1928/aws-c-io.changes 2026-01-17 14:53:48.760829312 +0100 @@ -1,0 +2,7 @@ +Wed Jan 14 10:49:59 UTC 2026 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.26.0 + * Change to net test case by @azkrishpy in (#789) + * Return error on using tls13 on macOS by @sfod in (#788) + +------------------------------------------------------------------- Old: ---- v0.25.0.tar.gz New: ---- v0.26.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-io.spec ++++++ --- /var/tmp/diff_new_pack.WVF3SC/_old 2026-01-17 14:53:50.860916861 +0100 +++ /var/tmp/diff_new_pack.WVF3SC/_new 2026-01-17 14:53:50.876917528 +0100 @@ -21,7 +21,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-io -Version: 0.25.0 +Version: 0.26.0 Release: 0 Summary: I/O and TLS package AWS SDK for C License: Apache-2.0 ++++++ v0.25.0.tar.gz -> v0.26.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.25.0/source/darwin/secure_transport_tls_channel_handler.c new/aws-c-io-0.26.0/source/darwin/secure_transport_tls_channel_handler.c --- old/aws-c-io-0.25.0/source/darwin/secure_transport_tls_channel_handler.c 2026-01-06 22:49:17.000000000 +0100 +++ new/aws-c-io-0.26.0/source/darwin/secure_transport_tls_channel_handler.c 2026-01-13 22:53:02.000000000 +0100 @@ -42,12 +42,15 @@ #define EST_HANDSHAKE_SIZE (7 * KB_1) /* We couldn't make SSLSetALPNFunc work, so we have to use the public API which isn't available until High-Sierra */ -#if (TARGET_OS_MAC && MAC_OS_X_VERSION_MAX_ALLOWED >= 101302) || \ - (TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000) || \ +#if (TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000) || \ (TARGET_OS_TV && __TV_OS_VERSION_MAX_ALLOWED >= 110000) || \ (TARGET_OS_WATCH && __WATCH_OS_VERSION_MAX_ALLOWED >= 40000) # define ALPN_AVAILABLE true # define TLS13_AVAILABLE true +#elif (TARGET_OS_MAC && MAC_OS_X_VERSION_MAX_ALLOWED >= 101302) +# define ALPN_AVAILABLE true +/* Even though TLS 1.3 can be configured in SecureTransport, it never actually worked. */ +# define TLS13_AVAILABLE false #else # define ALPN_AVAILABLE false # define TLS13_AVAILABLE false @@ -926,17 +929,18 @@ #if TLS13_AVAILABLE SSLSetProtocolVersionMin(secure_transport_handler->ctx, kTLSProtocol13); #else - AWS_LOGF_FATAL( + AWS_LOGF_ERROR( AWS_LS_IO_TLS, - "static: TLS 1.3 is not supported on this device. You may just want to specify " - "AWS_IO_TLS_VER_SYS_DEFAULTS and you will automatically" - "use the latest version of the protocol when it is available."); + "static: Minimum TLS version has been set to TLS 1.3, which is not supported on this device. If " + "minimum TLS version is not set or AWS_IO_TLS_VER_SYS_DEFAULTS is used, the latest supported version " + "of TLS will be used automatically."); /* * "TLS 1.3 is not supported for your target platform, * you can probably get by setting AWS_IO_TLSv1_2 as the minimum and if tls 1.3 is supported it will be * used. */ - AWS_ASSERT(0); + aws_raise_error(AWS_IO_TLS_CTX_ERROR); + goto cleanup_ssl_ctx; #endif break; case AWS_IO_TLS_VER_SYS_DEFAULTS: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.25.0/tests/CMakeLists.txt new/aws-c-io-0.26.0/tests/CMakeLists.txt --- old/aws-c-io-0.25.0/tests/CMakeLists.txt 2026-01-06 22:49:17.000000000 +0100 +++ new/aws-c-io-0.26.0/tests/CMakeLists.txt 2026-01-13 22:53:02.000000000 +0100 @@ -122,6 +122,11 @@ add_test_case(tls_client_channel_negotiation_success_ecc384_deprecated) endif() +# macOS must fail on trying to establish TLS 1.3 connection. +if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") + add_net_test_case(tls_client_channel_negotiation_failure_tls1_3) +endif() + add_test_case(channel_setup) add_test_case(channel_single_slot_cleans_up) add_test_case(channel_slots_clean_up) @@ -292,8 +297,8 @@ add_net_test_case(alpn_successfully_negotiates) add_net_test_case(alpn_no_protocol_message) add_net_test_case(test_ecc_cert_import) + add_net_test_case(test_tls_cipher_preference) - add_test_case(test_tls_cipher_preference) if(NOT AWS_USE_SECITEM) # These tests require the test binary to be codesigned with an Apple Developer account with entitlements. # The entitlements also require a provisioning profile and require the binary to be run from within XCode or a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-io-0.25.0/tests/tls_handler_test.c new/aws-c-io-0.26.0/tests/tls_handler_test.c --- old/aws-c-io-0.25.0/tests/tls_handler_test.c 2026-01-06 22:49:17.000000000 +0100 +++ new/aws-c-io-0.26.0/tests/tls_handler_test.c 2026-01-13 22:53:02.000000000 +0100 @@ -1637,6 +1637,14 @@ tls_client_channel_negotiation_success_mtls_tls1_3, s_tls_client_channel_negotiation_success_mtls_tls1_3_fn) +/* macOS-specific test to ensure that setting minimum TLS version to 1.3 fails the connection. */ +static int s_tls_client_channel_negotiation_failure_tls1_3_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + return s_verify_negotiation_fails(allocator, s_badssl_ecc256_host_name, 443, s_raise_tls_version_to_13); +} + +AWS_TEST_CASE(tls_client_channel_negotiation_failure_tls1_3, s_tls_client_channel_negotiation_failure_tls1_3_fn) + AWS_STATIC_STRING_FROM_LITERAL(s3_host_name, "s3.amazonaws.com"); static void s_disable_verify_peer(struct aws_tls_ctx_options *options) {
