Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2026-06-08 14:19:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Mon Jun 8 14:19:58 2026 rev:74 rq:1357769 version:4.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2026-01-31 16:17:30.604941155 +0100 +++ /work/SRC/openSUSE:Factory/.libressl.new.2375/libressl.changes 2026-06-08 14:25:40.809953052 +0200 @@ -1,0 +2,19 @@ +Sat Jun 6 08:03:21 UTC 2026 - Anonymous Checkouts <[email protected]> + +- Update to release 4.3.2 + * Support for MLKEM768_X25519 keyshare in TLS. + * Added ML-KEM benchmarks to openssl(1) speed. + * Added support for starttls protocol sieve. + * Add support for RSASSA-PSS with pubkey OID RSASSA-PSS to + libssl. + * Rework portable assembly handling with LIBRESSL_USE_ASSEMBLY. + * Add SHA assembly for elf-aarch64. + * Fix posix_open() implementation so it properly signals failure. + * Fix overwrite of user CFLAGS/LDFLAGS in hardening flag + detection. +- Added fix_cert_path.patch: Use the correct path for cert bundle + from ca-certificates packages. +- Added enable_pqc.patch: Enable use of PQC for TLSv1.3 with + default parameters. + +------------------------------------------------------------------- Old: ---- libressl-4.2.1.tar.gz libressl-4.2.1.tar.gz.asc New: ---- enable_pqc.patch fix_cert_path.patch libressl-4.3.2.tar.gz libressl-4.3.2.tar.gz.asc ----------(New B)---------- New: from ca-certificates packages. - Added enable_pqc.patch: Enable use of PQC for TLSv1.3 with default parameters. New: detection. - Added fix_cert_path.patch: Use the correct path for cert bundle from ca-certificates packages. ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.C9wEVz/_old 2026-06-08 14:25:42.846037483 +0200 +++ /var/tmp/diff_new_pack.C9wEVz/_new 2026-06-08 14:25:42.866038312 +0200 @@ -16,7 +16,7 @@ # Name: libressl -Version: 4.2.1 +Version: 4.3.2 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -31,6 +31,8 @@ Source5: unavailable-libcrypto-symbols.txt.zst Patch1: des-fcrypt.diff Patch2: extra-symver.diff +Patch3: fix_cert_path.patch +Patch4: enable_pqc.patch BuildRequires: automake BuildRequires: libtool BuildRequires: fdupes ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.C9wEVz/_old 2026-06-08 14:25:43.010044284 +0200 +++ /var/tmp/diff_new_pack.C9wEVz/_new 2026-06-08 14:25:43.026044948 +0200 @@ -1,5 +1,5 @@ -mtime: 1769808394 -commit: e8616760569b8ccdced66e2ff91c0e2baef2e8f678f59a9f027d956a78298129 +mtime: 1780838836 +commit: 230ad8744b5004b60da200ee513d9e7d1f91f75464f1f4720015e1bcb0ce2608 url: https://src.opensuse.org/jengelh/libressl revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-07 15:27:16.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ enable_pqc.patch ++++++ Add MLKEM to default curves to enable use of PQC for TLSv1.3 by default. This change was provided by libressl devs and is expected in a future release. --- libressl-4.3.2/tls/tls_internal.h.orig 2026-05-29 23:34:07.157991736 +0200 +++ libressl-4.3.2/tls/tls_internal.h 2026-05-29 23:34:58.169324628 +0200 @@ -37,7 +37,7 @@ #define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL" #define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL" -#define TLS_ECDHE_CURVES "X25519,P-256,P-384" +#define TLS_ECDHE_CURVES "X25519MLKEM768,X25519,P-256,P-384" union tls_addr { struct in_addr ip4; ++++++ fix_cert_path.patch ++++++ Use the correct filename for cert bundle from ca-certificates package. Index: libressl-3.2.4/tls/Makefile.am =================================================================== --- libressl-3.2.4.orig/tls/Makefile.am +++ libressl-3.2.4/tls/Makefile.am @@ -18,9 +18,9 @@ libtls_la_LIBADD += $(PLATFORM_LDADD) libtls_la_CPPFLAGS = $(AM_CPPFLAGS) if OPENSSLDIR_DEFINED -libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" +libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/ca-bundle.pem\" else -libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" +libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/ca-bundle.pem\" endif libtls_la_SOURCES = tls.c ++++++ libressl-4.2.1.tar.gz -> libressl-4.3.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/libressl/libressl-4.2.1.tar.gz /work/SRC/openSUSE:Factory/.libressl.new.2375/libressl-4.3.2.tar.gz differ: char 13, line 1
