Fix changes check

.codespellrc

@@ -332,6 +332,7 @@ skip =
     *.asc,
     *.bin,
     *.crt,
+    *.csr,
     *.css.map,
     *.eps,
     *.fr.utf-8,
@@ -441,6 +442,7 @@ skip =
     CREDITS,
     CREDITS.TXT,
     DONATIONS,
+    external/*,
     jquery.js,
     jquery.min.map,
     localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*,

.ctags.d/exclude.ctags

@@ -10,4 +10,3 @@
 # List file names or patterns you want ctags to ignore.
 --exclude=.ctags.d
 --exclude=test
---exclude=check-format-test-positives.c

.git-blame-ignore-revs

@@ -1,2 +1,4 @@
 # Run util/openssl-format-source -v -c .
 0f113f3ee4d629ef9a4a30911b22b224772085e5
+# 4.0-POST-CLANG-FORMAT-WEBKIT
+2fab90bb5e1937f1c2125eab144f7f6c39e70087

.github/workflows/check-news-changes.yml

@@ -0,0 +1,91 @@
+# Copyright 2026 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+name: "Scan to check for NEWS/CHANGES suggestions"
+
+on: pull_request
+env:
+  NEED_NEWS_CHANGES: "no"
+permissions: {}
+
+jobs:
+  scan_for_news_changes:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - name: "Check if we already have a NEWS/CHANGES entry"
+        run: |
+          git diff --name-only ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} > ./names.txt
+          set +e
+          grep -q "NEWS\.md" names.txt
+          if [ $? -eq 0 ]; then
+            echo "FOUND_NEWS_CHANGES_ADDITION=yes" >> $GITHUB_ENV
+          else
+            grep -q "CHANGES\.md" names.txt
+            if [ $? -eq 0 ]; then
+              echo "FOUND_NEWS_CHANGES_ADDITION=yes" >> $GITHUB_ENV
+            else
+              echo "FOUND_NEWS_CHANGES_ADDITION=no" >> $GITHUB_ENV
+            fi
+          fi
+      - name: "Check if this PR affects a CVE"
+        if: ${{ env.FOUND_NEWS_CHANGES_ADDITION == 'no' }}
+        run: |
+          git log ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} > ./log.txt
+          set +e
+          grep -q "CVE-" ./log.txt
+          if [ $? -eq 0 ]; then
+            echo "Changes in this PR reference a CVE"
+            echo "NEED_NEWS_CHANGES=yes" >> $GITHUB_ENV
+          fi
+      - name: "Check if this PR impacts a public API"
+        if: ${{ env.FOUND_NEWS_CHANGES_ADDITION == 'no' }}
+        run: |
+          set +e
+          cat ./names.txt
+          git diff --name-only ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} > ./names.txt
+          grep -q "include/openssl" ./names.txt
+          if [ $? -eq 0 ]; then
+            echo "Changes in this PR may impact public APIS's"
+            echo "NEED_NEWS_CHANGES=yes" >> $GITHUB_ENV
+          fi
+      - name: "Check if this is a feature branch merge"
+        if: ${{ env.FOUND_NEWS_CHANGES_ADDITION == 'no' }}
+        run: |
+          set +e
+          echo ${{ github.head_ref }} | grep -q "feature"
+          if [ $? -eq 0 ]; then
+            echo "Feature branch found"
+            echo "NEED_NEWS_CHANGES=yes" >> $GITHUB_ENV
+          fi
+      - name: "Check if configuration options have changed"
+        if: ${{ env.FOUND_NEWS_CHANGES_ADDITION == 'no' }}
+        run: | 
+          git checkout ${{ github.event.pull_request.base.sha }}
+          set +e
+          ./Configure --help > ./before.txt 2>&1
+          git checkout ${{ github.event.pull_request.head.sha }}
+          ./Configure --help > ./after.txt 2>&1
+          set -e
+          CONF_CHANGE=$(diff ./before.txt ./after.txt | wc -l)
+          if [ $CONF_CHANGE -ne 0 ]; then
+            echo "Configuration options changes"
+            echo "NEED_NEWS_CHANGES=yes" >> $GITHUB_ENV
+          fi
+      - name: "Report Results"
+        if: ${{ !contains(github.event.pull_request.labels.*.name, 'no_news_changes_needed') }}
+        run: |
+          if [ "${{ env.NEED_NEWS_CHANGES }}" == "yes" ]; then
+            echo "Suggest that you add a NEWS/CHANGES entry for this PR"
+            echo "Alternatively, quiet this suggestion by applying the no_news_changes_needed label"
+            exit 1
+          fi
+
+