Added Unreleased section in CHANGELOG after v1.0.1 release #497
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ankit Saurabh <sauraank@amazon.co.uk>
sauraank
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
sauraank
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
sauraank
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
sauraank
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
jamesbornholt
approved these changes
Sep 1, 2023
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
passaro
added a commit
to passaro/mountpoint-s3
that referenced
this pull request
Feb 5, 2025
Submodule mountpoint-s3-crt-sys/crt/aws-c-auth 5bc67797..b513db4b: > A bunch of CMake fixes (awslabs#258) > Add Account Id to Credentials (awslabs#260) > Skip Transfer-Encoding from signing (awslabs#261) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal fbbe2612..7299c6ab: > Fix Findcrypto.cmake (awslabs#205) > A bunch of CMake fixes (awslabs#203) > Switch CI to use roles (awslabs#202) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 7a6f5df2..0e7637fa: > A bunch of CMake fixes (awslabs#1178) > Fix heap overflow on uri parsing (awslabs#1185) > (take 2) Detect when AVX is disabled via OSXSAVE (awslabs#1184) > Fixup IPv6 validation logic (awslabs#1180) > Detect when AVX is disabled via OSXSAVE (awslabs#1182) > proof_ci.yaml must use latest upload-artifact (awslabs#1183) > change PR template to ask for clearer wording (awslabs#1177) Submodule mountpoint-s3-crt-sys/crt/aws-c-compression c6c1191e..f951ab2b: > A bunch of CMake fixes (awslabs#72) > Switch CI to use roles (awslabs#71) > chore: Modified bug issue template to add checkbox to report potential regression. (awslabs#69) Submodule mountpoint-s3-crt-sys/crt/aws-c-http fc3eded2..590c7b59: > A bunch of CMake fixes (awslabs#497) > Fix CI for GCC-13 on Ubuntu-18 (awslabs#496) > Switch CI to use roles (awslabs#494) Submodule mountpoint-s3-crt-sys/crt/aws-c-io fcb38c80..3041dabf: > A bunch of CMake fixes (awslabs#701) > Event Loop & Socket Type Multi-Support (awslabs#692) > fix typo in log message (awslabs#702) > Fix CI for GCC-13 on Ubuntu-18 (awslabs#700) > Switch CI to use roles (awslabs#698) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 a3b401bf..6eb8be53: > A bunch of CMake fixes (awslabs#480) > S3Express CreateSession Allowlist Headers (awslabs#492) > Auto - Update S3 Ruleset & Partition (awslabs#491) Submodule mountpoint-s3-crt-sys/crt/aws-c-sdkutils 1ae8664f..ba6a28fa: > A bunch of CMake fixes (awslabs#50) Submodule mountpoint-s3-crt-sys/crt/aws-checksums 3e4101b9..fb8bd0b8: > A bunch of CMake fixes (awslabs#101) > Switch CI to use roles (awslabs#100) Submodule mountpoint-s3-crt-sys/crt/aws-lc ffd6fb71..138a6ad3: > Prepare AWS-LC v1.44.0 (#2153) > Fix issue with ML-DSA key parsing (#2152) > Add support for PKCS7_set/get_detached (#2134) > Prepare Docker image for CI integration jobs (#2126) > Delete OpenVPN mainline patch from our integration build (#2149) > SHA3/SHAKE Init Updates via FIPS202 API layer (#2101) > Support keypair calculation for PQDSA PKEY (#2145) > Optimize x86/aarch64 MD5 implementation (#2137) > Check for MIPSEB in target.h (#2143) > Ed25519ph and Ed25519ctx Support (#2120) > Support for ML-DSA public key generation from private key (#2142) > Avoid mixing SSE and AVX in XTS-mode AVX512 implementation (#2140) > Remove remaining support for Trusty and Fuchsia operating systems (#2136) > ACVP test harness for ML-DSA (#2127) > Minor symbols to work with Ruby's mainline (#2132) Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 5, 2025
Update the CRT libraries to the latest releases. In particular, include: * S3Express CreateSession Allowlist Headers ([awslabs/aws-c-s3#492](awslabs/aws-c-s3#492)) <details> <summary>Full CRT changelog:</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-auth 5bc67797..b513db4b: > A bunch of CMake fixes (#258) > Add Account Id to Credentials (#260) > Skip Transfer-Encoding from signing (#261) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal fbbe2612..7299c6ab: > Fix Findcrypto.cmake (#205) > A bunch of CMake fixes (#203) > Switch CI to use roles (#202) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 7a6f5df2..0e7637fa: > A bunch of CMake fixes (#1178) > Fix heap overflow on uri parsing (#1185) > (take 2) Detect when AVX is disabled via OSXSAVE (#1184) > Fixup IPv6 validation logic (#1180) > Detect when AVX is disabled via OSXSAVE (#1182) > proof_ci.yaml must use latest upload-artifact (#1183) > change PR template to ask for clearer wording (#1177) Submodule mountpoint-s3-crt-sys/crt/aws-c-compression c6c1191e..f951ab2b: > A bunch of CMake fixes (#72) > Switch CI to use roles (#71) > chore: Modified bug issue template to add checkbox to report potential regression. (#69) Submodule mountpoint-s3-crt-sys/crt/aws-c-http fc3eded2..590c7b59: > A bunch of CMake fixes (#497) > Fix CI for GCC-13 on Ubuntu-18 (#496) > Switch CI to use roles (#494) Submodule mountpoint-s3-crt-sys/crt/aws-c-io fcb38c80..3041dabf: > A bunch of CMake fixes (#701) > Event Loop & Socket Type Multi-Support (#692) > fix typo in log message (#702) > Fix CI for GCC-13 on Ubuntu-18 (#700) > Switch CI to use roles (#698) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 a3b401bf..6eb8be53: > A bunch of CMake fixes (#480) > S3Express CreateSession Allowlist Headers (#492) > Auto - Update S3 Ruleset & Partition (#491) Submodule mountpoint-s3-crt-sys/crt/aws-c-sdkutils 1ae8664f..ba6a28fa: > A bunch of CMake fixes (#50) Submodule mountpoint-s3-crt-sys/crt/aws-checksums 3e4101b9..fb8bd0b8: > A bunch of CMake fixes (#101) > Switch CI to use roles (#100) Submodule mountpoint-s3-crt-sys/crt/aws-lc ffd6fb71..138a6ad3: > Prepare AWS-LC v1.44.0 (#2153) > Fix issue with ML-DSA key parsing (#2152) > Add support for PKCS7_set/get_detached (#2134) > Prepare Docker image for CI integration jobs (#2126) > Delete OpenVPN mainline patch from our integration build (#2149) > SHA3/SHAKE Init Updates via FIPS202 API layer (#2101) > Support keypair calculation for PQDSA PKEY (#2145) > Optimize x86/aarch64 MD5 implementation (#2137) > Check for MIPSEB in target.h (#2143) > Ed25519ph and Ed25519ctx Support (#2120) > Support for ML-DSA public key generation from private key (#2142) > Avoid mixing SSE and AVX in XTS-mode AVX512 implementation (#2140) > Remove remaining support for Trusty and Fuchsia operating systems (#2136) > ACVP test harness for ML-DSA (#2127) > Minor symbols to work with Ruby's mainline (#2132) ``` </details> ### Does this change impact existing behavior? No. ### Does this change need a changelog entry? Does it require a version change? No. --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 11, 2025
## Description of change Notably, includes awslabs/aws-c-auth#263 for #1203. Size: ```bash $ cargo package -p mountpoint-s3-crt-sys --no-verify --allow-dirty Packaging mountpoint-s3-crt-sys v0.12.1 (~/Code/mountpoint-s3/mountpoint-s3-crt-sys) Updating crates.io index Packaged 2171 files, 39.4MiB (7.0MiB compressed) ``` <details> <summary>CRT changelog:</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-auth b513db4b..01dd06ac: > Support Endpoint Override for CredentialsProviders (#263) > aws_hex_encode() no longer adds null-terminator (#264) > Account ID support for Crendentials Providers (#262) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal 7299c6ab..298122a0: > do not include crypto when doing byo_crypto (#207) > Ed25519 support. (#206) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 0e7637fa..568f46b1: > New Get_ENV Functions (#1141) > aws_base64_compute_encoded_len() is now exact, doesn't add 1 extra for null-terminator (#1188) > Make aws_byte_cursor_from_string NULL tolerant (#1187) > Integration test for CPU feature detection (#1186) Submodule mountpoint-s3-crt-sys/crt/aws-c-io 3041dabf..318f7e57: > Revert win TLS 1.3 (#712) > Fix Windows server-side for TLS 1.3 (#710) > Tls1.3 win update (#676) > Add PQ_DEFAULT enum to aws_tls_cipher_pref (#707) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 6eb8be53..1d0091c7: > Adapt to aws_base64_compute_encoded_len() no longer adding 1 extra for null terminator (#497) > Make public bucket optional (#495) > add life cycle to s3 express to test helper (#494) > Auto - Update S3 Ruleset & Partition (#493) Submodule mountpoint-s3-crt-sys/crt/aws-lc 138a6ad3..7bca7e96: > Add IbmTpm to our CI (#2231) > Revert BIO_get_mem_data back to macro (#2261) > Update patch for Postgres (#2232) > Add missing algorithms to benchmark (#2056) > Update internal IANA values of PQ SupportedGroups (#2235) > Add CMAC benchmark for AWS-LC (#2218) > Added ML-DSA to break-kat framework (#2253) > Update EVP_PKEY ED keygen to use an internal function that can return the result of the PWCT (#2256) > Remove unused CMake options for break tests (#2249) > Adding no-op X509_TRUST_cleanup for select application compatibility (#2257) > Add LibRdKafka to our CI (#2225) > Add public wrapper to internal bn_minimal_width function (#2245) > Prepare v1.48.1 (#2252) > Make BIO_get_mem_data a function again (#2246) > Move OCSP ASN1 type functions to public header (#2239) > Prepare for release v.1.48.0 (#2248) > Migrate last batch of jobs (#2214) > Enforce FIPS callback is only enabled for static builds (#2241) > Update to using Clang 18 on Windows (#2240) > Don't 'dllexport' Windows symbols on static build (#2238) > Check pagesize is non-negative in AES-XTS test (#2237) > Coverity Fix (#2236) > Increase required CMake version to 3.5 (#2219) > Remove BORINGSSL_FIPS_BREAK_FFC_DH (#2216) > Bump version, preparing for release v1.47.0 (#2229) > Add support to export ML-DSA key-pairs in seed format (#2194) > Integration test for libgit2 (#2215) > Fix out-of-bound (OOB) input read in AES-XTS Decrypt in AVX-512 implementation (#2227) > Integration test for libssh2 (#2222) > Reset DTLS1_BITMAP without resorting to memset (#2223) > Use AWSLC_SOURCE_DIR and AWSLC_BINARY_DIR (#2208) > Update ABI Diff Action to work correctly on push events (#2188) > Add SSL_CTX_use_cert_and_key (#2163) > Add support to define a callback for FIPS test failures instead of aborting the process (#2162) > Move Ed25519ph into module boundary (#2186) > Add utility for querying and comparing the BORINGSSL_bcm_text_hash (#2217) > Add guidance around certificate auto-chaining in TLS (#2205) > SHAKE Incremental Byte Squeezes && EVP_ Tests (#2155) > Migrate 3rd batch of CI jobs (#2183) > Avoid duplicated definition of standalone test executable variables (#2212) > Modify SSL to inherit ciphersuites from SSL_CTX at initialization (#2198) > Prepare release v1.46.1 (#2210) > Remove access() call from Snapsafe detection (#2197) > Simplify IsFlag check logic (#2209) > Update pairwise consistency test failures to support gracefully continiung (#2201) > Enable RSA keygen becnhmarks by default (#2206) > Fix C++98 compatibility in our header files (#2193) > Add pq-tls interop test with BoringSSL (#2199) > Refactor AWS_LC_FIPS_failure to always exist (#2200) > Improve tool-openssl compatability for x509 and verify subcommands (#2196) > Prepare release v1.46.0 (#2204) > Add SPARCV9 target (#2202) > Simplify OpenSSH mainline build (#2158) > ML-KEM: Move FIPS-abort upon PCT failure to top-level ML-KEM API (#2195) > Add runtime options to break the pairwise consistency test for Ed, ML-KEM, and ML-DSA (#2192) > Update pkcs8_corpus files to include ML-DSA (#2191) > Refactor TLS 1.3 cipher selection and fix SSL_get_ciphers (#2092) > Add suport for asl and rol to match existing support for asr and ror (#2185) > SCRUTINICE fixes (#2180) > Make install_shared_and_static test more robust (#2179) > MacOS-12 GH runner no longer supported (#2190) > Add integration patches/CI for Ruby main and 3.3 (#2071) > Move ML-DSA to fipsmodule (#2175) > Expand spki fuzz corpus (#2187) > Update PQREADME.md (#2151) > Setup X509 CodeBuild Project for Limbo Report Generation (#2171) > Add msl to ARMConstantTweak and recognise ldrsw to prevent delocator errors (#2177) > Remove DEPENDS from add_custom_command as CMake made the behavior clear (#2178) > Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message (#2182) > Fix Nginx build (#2181) > Add EVP API Support for ED25519ph (#2144) > Update benchmark to skip chunk sizes that doesn't work with the algorithm (#2146) > Add new CAST tests to break-kat.go (#2173) > Migrate 2nd batch of CI jobs (#2091) > Ensure enabling local symbols doesn't change the module hash (#2169) > Move PQDSA to FIPSMODULE (#2166) > Ensure service indicator is incremented only once, update RSA and ED25519 to ensure the state is locked (#2112) > CAST and PCT for ML-DSA (#2148) > Validate or define ARM HWCAP2_XXX macros (#2164) > Prepare AWS-LC v1.45.0 (#2172) > Wrap pointers to s2n-bignum functions - delocator fix (#2165) > ML-DSA private keys from seeds (#2157) > SHA3 and SHAKE - New API Design (#2098) > Add support for PKCS12_set_mac (#2128) > Fix policy grant on ECR resource policy (#2159) > Cross library PQ interop test with s2n-tls (#2138) Submodule mountpoint-s3-crt-sys/crt/s2n-tls 6cc9f53d..4ed4f1a6: > tests: try to make s2n_mem_usage_test more useful (#5139) > chore: git-blame-ignore ruff formatting (#5151) > chore(bindings): change in rustup behavior (#5160) > refactor: remove unused prf hmac impls (#5148) > chore(ci): make the awslc fips install script version aware (#5100) > fix: memory leak during STEK rotation (#5146) > refactor: add alternative EVP signing method (#5141) > refactor: cleanup prf header (#5144) > feat(bindings): expose context on cert chain (#5132) > Ruff Formatting and add to CI (#5138) > chore(nix): Add aws-lc-fips 2022/4 (#5109) > test(integv2): fixes to allow test_record_padding to partially run (#5099) > build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap in the all-cargo-updates group across 1 directory (#5087) > tests: use sig schemes as source of truth for valid hash+sig algs (#5129) > ci: always set values for command line defines (#5126) > fix: update callback return value (#5136) > refactor: always use EVP hashing (#5121) > ci: add check for third-party-src in disable rand override buildspec (#5137) > feat: add async cert validation support (#5110) > chore: remove unused well-known-endpoints.py (#5127) > fix(bindings): remove mutation behind Arc (#5124) > chore: binding release 0.3.12 (#5128) > refactor: use EVP_MD_fetch() if available (#5116) > feat: Option to disable RAND engine override (#5108) > fix(bindings): make Context borrow immutable (#5071) > build(deps): update rand requirement (#5125) > chore: fix a typo in API comments (#5123) > bindings: unpin openssl crate from a specific patch version (#5120) > refactor: move "s2n_libcrypto_is" methods into s2n_libcrypto.h (#5117) > Add new security policy (20250211) (#5111) > Revert "refactor: remove unused evp support for md5+sha1 (#5106)" (#5118) > ci: add default provider to openssl-3.0-fips (#5114) > fix: don't enable custom random for openssl fips (#5093) > fix: allow b64 decoding using libcrypto for sidechannel resistance (#5103) > refactor: remove unused evp support for md5+sha1 (#5106) > refactor: remove s2n_hmac_is_available (#5104) > build(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0 in /.github/workflows in the all-gha-updates group across 1 directory (#5107) > fix(integrationv2): Skip unsupported client auth tests (#5096) > chore: bindings release 0.3.11 (#5098) > chore: ktls buildspec (#5083) > Fixed formatting for debugging statements (#5094) > feat(bindings): add external psk apis (#5061) > test: add minimal openssl-3.0-fips test (#5081) > fix(ci): Allow validate_start_codebuild to run on pushes to main (#5080) > fix: don't use DEPENDS with add_custom_command(TARGET) (#5074) > fix: error for uninit psk, check for all-zero psk (#5084) > fix: calculation of session ticket age (#5001) > fix: add support for `S2N_INTERN_LIBCRYPTO` with FetchContent (#5076) > fix(integration): Update PQ integration test expectations (#5082) > ci: fix dependabot, commit & check Cargo.toml (#5065) > docs(s2n-tls-hyper): Add hyper client/server example (#5069) > docs(integv2): add architecture diagram (#5072) > fix(bindings): prevent temp connection free after panic (#5067) > ci: Emit benchmark metrics from scheduled runs (#5064) > ci: change rust-toolchain format to toml (#5070) > Revert "ci: remove openssl-1.0.2-fips builds (#4995)" (#5060) > feat(bench): impl into for base config type (#5056) > refactor: cleanup CBMC proofs after #5048 (#5058) > ci: Adding integ tests back to integv2 (#5054) > refactor: remove openssl-1.0.2-fips 'allow md5' logic (#5048) > ci: pin duvet version (#5057) > build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0 in /.github/workflows in the all-gha-updates group (#5053) > chore: fix typos (#5052) > chore: bump osx Openssl to latest (#5041) > chore: bindings release for 0.3.10 (#5046) > fix: initial config should not influence sslv2 (#4987) > ci: add openssl-3.0-fips builds (#5037) > Add Security Policy Deprecation API (#5034) > docs: add C / s2n-tls-sys doc references to s2n-tls docs (#5012) > test: add sslv2 client hello test w/ jvm (#5019) > ci: add timeout for cbmc proof (#5038) > fix(bindings): Specify correct minimum versions (#5028) ``` </details> ## Does this change impact existing behavior? Nothing expected. ## Does this change need a changelog entry in any of the crates? Updated --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). Signed-off-by: Burak Varlı <burakvar@amazon.co.uk>
muddyfish
added a commit
to muddyfish/mountpoint-s3
that referenced
this pull request
Apr 10, 2025
Fix ed25519 builds against openssl 1.0.2 (awslabs#208) Use sleep-aware monotonic clock if available (awslabs#1189) Co-authored-by: Bret Ambrose <bambrose@amazon.com> Supprt response_first_byte_timeout_ms in ConnectionManagerOptions (awslabs#505) Revert win TLS 1.3 (awslabs#712) Adapt to aws_base64_compute_encoded_len() no longer adding 1 extra for null terminator (awslabs#497) A bunch of CMake fixes (awslabs#101) Add IbmTpm to our CI (#2231) ### Issues: `CryptoAlg-2857` ### Description of changes: Add IbmTpm to our CI. No tests found in the library. ### Call-outs: Point out areas that need special attention or support during the review process. Discuss architecture or design changes. ### Testing: How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. Add support for passing S3 URIs as part of the bucket name field Signed-off-by: Simon Beal <simobeal@amazon.com>
mansi153
pushed a commit
to mansi153/mountpoint-s3
that referenced
this pull request
Jul 24, 2025
Update the CRT libraries to the latest releases. In particular, include: * S3Express CreateSession Allowlist Headers ([awslabs/aws-c-s3#492](awslabs/aws-c-s3#492)) <details> <summary>Full CRT changelog:</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-auth 5bc67797..b513db4b: > A bunch of CMake fixes (awslabs#258) > Add Account Id to Credentials (awslabs#260) > Skip Transfer-Encoding from signing (awslabs#261) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal fbbe2612..7299c6ab: > Fix Findcrypto.cmake (awslabs#205) > A bunch of CMake fixes (awslabs#203) > Switch CI to use roles (awslabs#202) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 7a6f5df2..0e7637fa: > A bunch of CMake fixes (awslabs#1178) > Fix heap overflow on uri parsing (awslabs#1185) > (take 2) Detect when AVX is disabled via OSXSAVE (awslabs#1184) > Fixup IPv6 validation logic (awslabs#1180) > Detect when AVX is disabled via OSXSAVE (awslabs#1182) > proof_ci.yaml must use latest upload-artifact (awslabs#1183) > change PR template to ask for clearer wording (awslabs#1177) Submodule mountpoint-s3-crt-sys/crt/aws-c-compression c6c1191e..f951ab2b: > A bunch of CMake fixes (awslabs#72) > Switch CI to use roles (awslabs#71) > chore: Modified bug issue template to add checkbox to report potential regression. (awslabs#69) Submodule mountpoint-s3-crt-sys/crt/aws-c-http fc3eded2..590c7b59: > A bunch of CMake fixes (awslabs#497) > Fix CI for GCC-13 on Ubuntu-18 (awslabs#496) > Switch CI to use roles (awslabs#494) Submodule mountpoint-s3-crt-sys/crt/aws-c-io fcb38c80..3041dabf: > A bunch of CMake fixes (awslabs#701) > Event Loop & Socket Type Multi-Support (awslabs#692) > fix typo in log message (awslabs#702) > Fix CI for GCC-13 on Ubuntu-18 (awslabs#700) > Switch CI to use roles (awslabs#698) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 a3b401bf..6eb8be53: > A bunch of CMake fixes (awslabs#480) > S3Express CreateSession Allowlist Headers (awslabs#492) > Auto - Update S3 Ruleset & Partition (awslabs#491) Submodule mountpoint-s3-crt-sys/crt/aws-c-sdkutils 1ae8664f..ba6a28fa: > A bunch of CMake fixes (awslabs#50) Submodule mountpoint-s3-crt-sys/crt/aws-checksums 3e4101b9..fb8bd0b8: > A bunch of CMake fixes (awslabs#101) > Switch CI to use roles (awslabs#100) Submodule mountpoint-s3-crt-sys/crt/aws-lc ffd6fb71..138a6ad3: > Prepare AWS-LC v1.44.0 (#2153) > Fix issue with ML-DSA key parsing (#2152) > Add support for PKCS7_set/get_detached (#2134) > Prepare Docker image for CI integration jobs (#2126) > Delete OpenVPN mainline patch from our integration build (#2149) > SHA3/SHAKE Init Updates via FIPS202 API layer (#2101) > Support keypair calculation for PQDSA PKEY (#2145) > Optimize x86/aarch64 MD5 implementation (#2137) > Check for MIPSEB in target.h (#2143) > Ed25519ph and Ed25519ctx Support (#2120) > Support for ML-DSA public key generation from private key (#2142) > Avoid mixing SSE and AVX in XTS-mode AVX512 implementation (#2140) > Remove remaining support for Trusty and Fuchsia operating systems (#2136) > ACVP test harness for ML-DSA (#2127) > Minor symbols to work with Ruby's mainline (#2132) ``` </details> ### Does this change impact existing behavior? No. ### Does this change need a changelog entry? Does it require a version change? No. --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). Signed-off-by: Alessandro Passaro <alexpax@amazon.co.uk>
mansi153
pushed a commit
to mansi153/mountpoint-s3
that referenced
this pull request
Jul 24, 2025
## Description of change Notably, includes awslabs/aws-c-auth#263 for awslabs#1203. Size: ```bash $ cargo package -p mountpoint-s3-crt-sys --no-verify --allow-dirty Packaging mountpoint-s3-crt-sys v0.12.1 (~/Code/mountpoint-s3/mountpoint-s3-crt-sys) Updating crates.io index Packaged 2171 files, 39.4MiB (7.0MiB compressed) ``` <details> <summary>CRT changelog:</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-auth b513db4b..01dd06ac: > Support Endpoint Override for CredentialsProviders (awslabs#263) > aws_hex_encode() no longer adds null-terminator (awslabs#264) > Account ID support for Crendentials Providers (awslabs#262) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal 7299c6ab..298122a0: > do not include crypto when doing byo_crypto (awslabs#207) > Ed25519 support. (awslabs#206) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 0e7637fa..568f46b1: > New Get_ENV Functions (awslabs#1141) > aws_base64_compute_encoded_len() is now exact, doesn't add 1 extra for null-terminator (awslabs#1188) > Make aws_byte_cursor_from_string NULL tolerant (awslabs#1187) > Integration test for CPU feature detection (awslabs#1186) Submodule mountpoint-s3-crt-sys/crt/aws-c-io 3041dabf..318f7e57: > Revert win TLS 1.3 (awslabs#712) > Fix Windows server-side for TLS 1.3 (awslabs#710) > Tls1.3 win update (awslabs#676) > Add PQ_DEFAULT enum to aws_tls_cipher_pref (awslabs#707) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 6eb8be53..1d0091c7: > Adapt to aws_base64_compute_encoded_len() no longer adding 1 extra for null terminator (awslabs#497) > Make public bucket optional (awslabs#495) > add life cycle to s3 express to test helper (awslabs#494) > Auto - Update S3 Ruleset & Partition (awslabs#493) Submodule mountpoint-s3-crt-sys/crt/aws-lc 138a6ad3..7bca7e96: > Add IbmTpm to our CI (#2231) > Revert BIO_get_mem_data back to macro (#2261) > Update patch for Postgres (#2232) > Add missing algorithms to benchmark (#2056) > Update internal IANA values of PQ SupportedGroups (#2235) > Add CMAC benchmark for AWS-LC (#2218) > Added ML-DSA to break-kat framework (#2253) > Update EVP_PKEY ED keygen to use an internal function that can return the result of the PWCT (#2256) > Remove unused CMake options for break tests (#2249) > Adding no-op X509_TRUST_cleanup for select application compatibility (#2257) > Add LibRdKafka to our CI (#2225) > Add public wrapper to internal bn_minimal_width function (#2245) > Prepare v1.48.1 (#2252) > Make BIO_get_mem_data a function again (#2246) > Move OCSP ASN1 type functions to public header (#2239) > Prepare for release v.1.48.0 (#2248) > Migrate last batch of jobs (#2214) > Enforce FIPS callback is only enabled for static builds (#2241) > Update to using Clang 18 on Windows (#2240) > Don't 'dllexport' Windows symbols on static build (#2238) > Check pagesize is non-negative in AES-XTS test (#2237) > Coverity Fix (#2236) > Increase required CMake version to 3.5 (#2219) > Remove BORINGSSL_FIPS_BREAK_FFC_DH (#2216) > Bump version, preparing for release v1.47.0 (#2229) > Add support to export ML-DSA key-pairs in seed format (#2194) > Integration test for libgit2 (#2215) > Fix out-of-bound (OOB) input read in AES-XTS Decrypt in AVX-512 implementation (#2227) > Integration test for libssh2 (#2222) > Reset DTLS1_BITMAP without resorting to memset (#2223) > Use AWSLC_SOURCE_DIR and AWSLC_BINARY_DIR (#2208) > Update ABI Diff Action to work correctly on push events (#2188) > Add SSL_CTX_use_cert_and_key (#2163) > Add support to define a callback for FIPS test failures instead of aborting the process (#2162) > Move Ed25519ph into module boundary (#2186) > Add utility for querying and comparing the BORINGSSL_bcm_text_hash (#2217) > Add guidance around certificate auto-chaining in TLS (#2205) > SHAKE Incremental Byte Squeezes && EVP_ Tests (#2155) > Migrate 3rd batch of CI jobs (#2183) > Avoid duplicated definition of standalone test executable variables (#2212) > Modify SSL to inherit ciphersuites from SSL_CTX at initialization (#2198) > Prepare release v1.46.1 (#2210) > Remove access() call from Snapsafe detection (#2197) > Simplify IsFlag check logic (#2209) > Update pairwise consistency test failures to support gracefully continiung (#2201) > Enable RSA keygen becnhmarks by default (#2206) > Fix C++98 compatibility in our header files (#2193) > Add pq-tls interop test with BoringSSL (#2199) > Refactor AWS_LC_FIPS_failure to always exist (#2200) > Improve tool-openssl compatability for x509 and verify subcommands (#2196) > Prepare release v1.46.0 (#2204) > Add SPARCV9 target (#2202) > Simplify OpenSSH mainline build (#2158) > ML-KEM: Move FIPS-abort upon PCT failure to top-level ML-KEM API (#2195) > Add runtime options to break the pairwise consistency test for Ed, ML-KEM, and ML-DSA (#2192) > Update pkcs8_corpus files to include ML-DSA (#2191) > Refactor TLS 1.3 cipher selection and fix SSL_get_ciphers (#2092) > Add suport for asl and rol to match existing support for asr and ror (#2185) > SCRUTINICE fixes (#2180) > Make install_shared_and_static test more robust (#2179) > MacOS-12 GH runner no longer supported (#2190) > Add integration patches/CI for Ruby main and 3.3 (#2071) > Move ML-DSA to fipsmodule (#2175) > Expand spki fuzz corpus (#2187) > Update PQREADME.md (#2151) > Setup X509 CodeBuild Project for Limbo Report Generation (#2171) > Add msl to ARMConstantTweak and recognise ldrsw to prevent delocator errors (#2177) > Remove DEPENDS from add_custom_command as CMake made the behavior clear (#2178) > Update BORINGSSL_FIPS_abort to AWS_LC_FIPS_failure which takes a message (#2182) > Fix Nginx build (#2181) > Add EVP API Support for ED25519ph (#2144) > Update benchmark to skip chunk sizes that doesn't work with the algorithm (#2146) > Add new CAST tests to break-kat.go (#2173) > Migrate 2nd batch of CI jobs (#2091) > Ensure enabling local symbols doesn't change the module hash (#2169) > Move PQDSA to FIPSMODULE (#2166) > Ensure service indicator is incremented only once, update RSA and ED25519 to ensure the state is locked (#2112) > CAST and PCT for ML-DSA (#2148) > Validate or define ARM HWCAP2_XXX macros (#2164) > Prepare AWS-LC v1.45.0 (#2172) > Wrap pointers to s2n-bignum functions - delocator fix (#2165) > ML-DSA private keys from seeds (#2157) > SHA3 and SHAKE - New API Design (#2098) > Add support for PKCS12_set_mac (#2128) > Fix policy grant on ECR resource policy (#2159) > Cross library PQ interop test with s2n-tls (#2138) Submodule mountpoint-s3-crt-sys/crt/s2n-tls 6cc9f53d..4ed4f1a6: > tests: try to make s2n_mem_usage_test more useful (#5139) > chore: git-blame-ignore ruff formatting (#5151) > chore(bindings): change in rustup behavior (#5160) > refactor: remove unused prf hmac impls (#5148) > chore(ci): make the awslc fips install script version aware (#5100) > fix: memory leak during STEK rotation (#5146) > refactor: add alternative EVP signing method (#5141) > refactor: cleanup prf header (#5144) > feat(bindings): expose context on cert chain (#5132) > Ruff Formatting and add to CI (#5138) > chore(nix): Add aws-lc-fips 2022/4 (#5109) > test(integv2): fixes to allow test_record_padding to partially run (#5099) > build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap in the all-cargo-updates group across 1 directory (#5087) > tests: use sig schemes as source of truth for valid hash+sig algs (#5129) > ci: always set values for command line defines (#5126) > fix: update callback return value (#5136) > refactor: always use EVP hashing (#5121) > ci: add check for third-party-src in disable rand override buildspec (#5137) > feat: add async cert validation support (#5110) > chore: remove unused well-known-endpoints.py (#5127) > fix(bindings): remove mutation behind Arc (#5124) > chore: binding release 0.3.12 (#5128) > refactor: use EVP_MD_fetch() if available (#5116) > feat: Option to disable RAND engine override (#5108) > fix(bindings): make Context borrow immutable (#5071) > build(deps): update rand requirement (#5125) > chore: fix a typo in API comments (#5123) > bindings: unpin openssl crate from a specific patch version (#5120) > refactor: move "s2n_libcrypto_is" methods into s2n_libcrypto.h (#5117) > Add new security policy (20250211) (#5111) > Revert "refactor: remove unused evp support for md5+sha1 (#5106)" (#5118) > ci: add default provider to openssl-3.0-fips (#5114) > fix: don't enable custom random for openssl fips (#5093) > fix: allow b64 decoding using libcrypto for sidechannel resistance (#5103) > refactor: remove unused evp support for md5+sha1 (#5106) > refactor: remove s2n_hmac_is_available (#5104) > build(deps): bump aws-actions/configure-aws-credentials from 4.0.2 to 4.1.0 in /.github/workflows in the all-gha-updates group across 1 directory (#5107) > fix(integrationv2): Skip unsupported client auth tests (#5096) > chore: bindings release 0.3.11 (#5098) > chore: ktls buildspec (#5083) > Fixed formatting for debugging statements (#5094) > feat(bindings): add external psk apis (#5061) > test: add minimal openssl-3.0-fips test (#5081) > fix(ci): Allow validate_start_codebuild to run on pushes to main (#5080) > fix: don't use DEPENDS with add_custom_command(TARGET) (#5074) > fix: error for uninit psk, check for all-zero psk (#5084) > fix: calculation of session ticket age (#5001) > fix: add support for `S2N_INTERN_LIBCRYPTO` with FetchContent (#5076) > fix(integration): Update PQ integration test expectations (#5082) > ci: fix dependabot, commit & check Cargo.toml (#5065) > docs(s2n-tls-hyper): Add hyper client/server example (#5069) > docs(integv2): add architecture diagram (#5072) > fix(bindings): prevent temp connection free after panic (#5067) > ci: Emit benchmark metrics from scheduled runs (#5064) > ci: change rust-toolchain format to toml (#5070) > Revert "ci: remove openssl-1.0.2-fips builds (#4995)" (#5060) > feat(bench): impl into for base config type (#5056) > refactor: cleanup CBMC proofs after #5048 (#5058) > ci: Adding integ tests back to integv2 (#5054) > refactor: remove openssl-1.0.2-fips 'allow md5' logic (#5048) > ci: pin duvet version (#5057) > build(deps): bump cross-platform-actions/action from 0.26.0 to 0.27.0 in /.github/workflows in the all-gha-updates group (#5053) > chore: fix typos (#5052) > chore: bump osx Openssl to latest (#5041) > chore: bindings release for 0.3.10 (#5046) > fix: initial config should not influence sslv2 (#4987) > ci: add openssl-3.0-fips builds (#5037) > Add Security Policy Deprecation API (#5034) > docs: add C / s2n-tls-sys doc references to s2n-tls docs (#5012) > test: add sslv2 client hello test w/ jvm (#5019) > ci: add timeout for cbmc proof (#5038) > fix(bindings): Specify correct minimum versions (#5028) ``` </details> ## Does this change impact existing behavior? Nothing expected. ## Does this change need a changelog entry in any of the crates? Updated --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). Signed-off-by: Burak Varlı <burakvar@amazon.co.uk>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of change
Just added ##Unreleased section as described in the Cookbook.
Relevant issues:
NA
Does this change impact existing behavior?
No
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the Developer Certificate of Origin (DCO).