libssl: don't break TLSv1.2 with X25519MLKEM768
If the list of 'groups' starts with X25519MLKEM768 for a TLSv1.2 server,
ssl3_send_server_kex_ecdhe() attempts to use NID_X25519MLKEM768, which
it receives from tls1_get_supported_groups(). This does not work because
it never received the peer's public keys, which causes an error return
from tls_key_share_server_generate_mlkem768x25519().
For a TLSv1.2-only client with custom supported group list we will
currently send ML-KEM if configured. We should not do this.
There is more to fix here: if a TLSv1.2 client is misconfigured with
only X25519MLKEM768, we should not send a supported groups extension
(with this commit we'll send an empty one, which is an RFC violation).
This commit simply filters X25519MLKEM768 out of the supported groups
list if we're configured to be TLSv1.2-only.
feedback/ok jsing kenjiro (on an earlier version)
jujutsu: pull in upstream #9610 to disable mimalloc
I was unsure whether I should disable mimalloc for OpenBSD but then thought
I'd go with upstream's decision despite performance properties of mimalloc
not being great on OpenBSD. While mimalloc has been working fine for me in
the last few weeks and is well tested via python, mimalloc turns out to be
completely broken on illumos, at least the way jujutsu uses it. A day after
release upstream therefore decided not to enable it on platforms they don't
cover in CI. So let just not use this code since it will be disabled again
anyway in a month at the latest.
1.32: Stopped looking for titles in STDs because they went away 2026-05-21
as per usual, upstream doesn't do anything even remotely related to releases,
so pretend one exists and work around that.
OK kn@ (MAINTAINER) sthen@
Implement runtime detection using elf_aux_info(3) instead of getauxval(3)
This commit plus the previous one fix the build on riscv64.
I'm not activating runtime dispatch on arm/arm64/powerpc/powerpc64 yet,
because clang 22 fails to build the tests on arm64 (clang 19 tests were
fine):
... fatal error: error in backend: Cannot implicitly convert a scalable size to a fixed-width size in `TypeSize::operator ScalarTy()`