Prepare 0.15.1 release

.github/workflows/artifacts.yaml

@@ -80,6 +80,8 @@ jobs:
   linux-deb:
     name: Linux (x86-64 GNU Deb)
     runs-on: ubuntu-22.04 # x86_64.
+    outputs:
+      version: ${{ steps.version.outputs.version }}
     steps:
       - uses: actions/checkout@v6
         with:
@@ -95,14 +97,20 @@ jobs:
         run: |
           curl -L $LINK/$CARGO_C_FILE | tar xz -C ~/.cargo/bin
 
+      - name: Extract version
+        id: version
+        run: |
+          VERSION=$(cargo pkgid -p rustls-ffi | sed 's/.*@//')
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
       - name: Build deb
         run: ./debian/build.sh
 
       - name: Upload deb
         uses: actions/upload-artifact@v7
         with:
-          name: librustls_0.15.0_amd64.deb
-          path: librustls_0.15.0_amd64.deb
+          name: librustls_${{ steps.version.outputs.version }}_amd64.deb
+          path: librustls_${{ steps.version.outputs.version }}_amd64.deb
 
   macos-binaries:
     name: MacOS (Arm64 and x86_64)
@@ -281,9 +289,9 @@ jobs:
       - name: Download rustls-ffi deb artifact
         uses: actions/download-artifact@v8
         with:
-          name: librustls_0.15.0_amd64.deb
+          name: librustls_${{ needs.linux-deb.outputs.version }}_amd64.deb
       - name: Install deb
-        run: sudo dpkg --install ./librustls_0.15.0_amd64.deb
+        run: sudo dpkg --install ./librustls_${{ needs.linux-deb.outputs.version }}_amd64.deb
       - name: Check copyright exists
         run: test -f /usr/share/doc/librustls/COPYRIGHT
       # Dump out what pkg-config says about the rustls package.

CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## 0.15.1 (2026-03-13)
+
+This is a minor release, updating rustls to 0.23.37 and updating other dependencies.
+
+* Build artifacts on ubuntu-22 by @ctz in https://github.com/rustls/rustls-ffi/pull/561
+* rustls 0.23.25 -> 0.23.27 by @cpu in https://github.com/rustls/rustls-ffi/pull/566
+* Update rustls 0.23.27 -> 0.23.28, expose new API surface & errors by @cpu in https://github.com/rustls/rustls-ffi/pull/574
+* website: Remove backdrop-filter: blur from items by @yedayak in https://github.com/rustls/rustls-ffi/pull/577
+* docgen: skip over cpp attributes before decl by @ctz in https://github.com/rustls/rustls-ffi/pull/581
+* cbindgen: Add version defines by @yedayak in https://github.com/rustls/rustls-ffi/pull/576
+* librustls: rustls 0.23.28 -> 0.23.29 by @cpu in https://github.com/rustls/rustls-ffi/pull/583
+* librustls: update rustls 0.23.29 -> 0.23.31 by @cpu in https://github.com/rustls/rustls-ffi/pull/589
+* Bump rust-version to 1.73 by @djc in https://github.com/rustls/rustls-ffi/pull/607
+* upgrade rustls 0.23.31 -> 0.23.33 by @cpu in https://github.com/rustls/rustls-ffi/pull/614
+* error: use decl+proc macro to generate u32 mapping  by @ctz in https://github.com/rustls/rustls-ffi/pull/618
+* librustls: fix typo in server cert verifier builder docs by @cpu in https://github.com/rustls/rustls-ffi/pull/620
+* Bump macos versions for artifacts by @ctz in https://github.com/rustls/rustls-ffi/pull/623
+* docgen/website: show deprecated function warnings on docs website by @cpu in https://github.com/rustls/rustls-ffi/pull/584
+
 ## 0.15.0 (2025-03-25)
 
 This release updates to [Rustls 0.23.25][] and increases the project minimum
@@ -184,7 +203,7 @@ requirements.
   * Ciphersuites supported by a specific `rustls_crypto_provider` can be retrieved with
     `rustls_crypto_provider_ciphersuites_len()` and `rustls_crypto_provider_ciphersuites_get()`.
   * Ciphersuites supported by the current process-wide default crypto provider (if any) can
-    be retrieved with `rustls_default_crypto_provider_ciphersuites_len()` and 
+    be retrieved with `rustls_default_crypto_provider_ciphersuites_len()` and
     `rustls_default_crypto_provider_ciphersuites_get()`.
   * A buffer can be filled with cryptographically secure random data from
     a specific `rustls_crypto_provider` using `rustls_crypto_provider_random()`,
@@ -201,7 +220,7 @@ requirements.
      based on the current process-wide default.
    * `rustls_crypto_provider_builder_new_with_base` will construct a builder
      based on a specified `rustls_crypto_provider`.
-   * Customization of supported ciphersuites can be achieved with 
+   * Customization of supported ciphersuites can be achieved with
      `rustls_crypto_provider_builder_set_cipher_suites()`.
    * The default process-wide provider can be installed from a builder using
      `rustls_crypto_provider_builder_build_as_default()`, if it has not already
@@ -231,7 +250,7 @@ requirements.
   more information on supported platforms.
     * Use `rustls_platform_server_cert_verifier()` to construct a platform verifier
       that uses the default crypto provider.
-    * Use `rustls_platform_server_cert_verifier_with_provider()` to construct a 
+    * Use `rustls_platform_server_cert_verifier_with_provider()` to construct a
       platform verifier that uses the specified `rustls_crypto_provider`.
     * The returned `rustls_server_cert_verifier` can be used with
       a `rustls_client_config_builder` with
@@ -264,7 +283,7 @@ requirements.
 
 * `rustls_server_config_builder_build()` and
   `rustls_client_config_builder_build()` now use out-parameters for the
-  `rustls_server_config` or `rustls_client_config`, and return a `rustls_result`. 
+  `rustls_server_config` or `rustls_client_config`, and return a `rustls_result`.
   This allows returning an error if the build operation fails because a suitable
   crypto provider was not available.
 
@@ -286,7 +305,7 @@ requirements.
   functions (`rustls_all_ciphersuites_len()`,
   `rustls_all_ciphersuites_get_entry()`, `rustls_default_ciphersuites_len()` and
   `rustls_default_ciphersuites_get_entry()`) have been
-  removed. Ciphersuite support is dictated by the `rustls_crypto_provider`. 
+  removed. Ciphersuite support is dictated by the `rustls_crypto_provider`.
   * Use `rustls_default_supported_ciphersuites()` to retrieve
     a `rustls_supported_ciphersuites` for the default `rustls_crypto_provider`.
   * Use `rustls_crypto_provider_ciphersuites()` to retrieve a
@@ -307,7 +326,7 @@ only cryptographic provider.
 * A new `rustls_accepted_alert` type is added. Calling
   `rustls_accepted_alert_bytes` on this type produces TLS data to write
   in the case where a server acceptor encountered an error accepting a client.
-  The returned TLS data should be written to the connection before freeing 
+  The returned TLS data should be written to the connection before freeing
   the `rustls_accepted_alert` by calling `rustls_accepted_alert_write_tls` with
   a `rustls_write_callback` implementation.
 
@@ -367,19 +386,19 @@ and 0.12.0 continues to use `*ring*` as the only cryptographic provider.
   `rustls_root_cert_store_builder_add_pem` and
   `rustls_root_cert_store_builder_load_roots_from_file`.
 * The client verifier builders (
-  `rustls_allow_any_anonymous_or_authenticated_client_builder`, and 
+  `rustls_allow_any_anonymous_or_authenticated_client_builder`, and
   `rustls_allow_any_authenticated_client_builder`) as well as the client
-  verifier types (`rustls_allow_any_anonymous_or_authenticated_client_verifier`, 
+  verifier types (`rustls_allow_any_anonymous_or_authenticated_client_verifier`,
   `rustls_allow_any_authenticated_client_verifier`) have been replaced with
   `rustls_web_pki_client_cert_verifier_builder` and `rustls_client_cert_verifier`.
-* The server config client verifier setters 
+* The server config client verifier setters
   (`rustls_server_config_builder_set_client_verifier` and
   `rustls_server_config_builder_set_client_verifier_optional`) have been
   replaced with `rustls_server_config_builder_set_client_verifier`.
-* The client config builder functions for specifying root trust anchors 
+* The client config builder functions for specifying root trust anchors
   (`rustls_client_config_builder_use_roots` and
   `rustls_client_config_builder_load_roots_from_file`) have been replaced
-  with a server certificate verifier builder 
+  with a server certificate verifier builder
   (`rustls_web_pki_server_cert_verifier_builder`) constructed with
   `rustls_web_pki_server_cert_verifier_builder_new` and
   a `rustls_root_cert_store`. The built `rustls_web_pki_server_cert_verifier`

debian/build.sh

@@ -4,7 +4,7 @@ set -x
 
 cd "$(dirname "$0")"
 
-VERSION=$(sed -n 's/^version = "\(.*\)"$/\1/p' ../librustls/Cargo.toml)
+VERSION=$(cargo pkgid -p rustls-ffi | sed 's/.*@//')
 if [ -z "$VERSION" ]; then
     echo "Failed to extract version from Cargo.toml" >&2
     exit 1

librustls/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "rustls-ffi"
 # Keep in sync with defines in cbindgen.toml
-version = "0.15.0"
+version = "0.15.1"
 license = "Apache-2.0 OR ISC OR MIT"
 readme = "../README-crates.io.md"
 description = "Rustls bindings for non-Rust languages"
@@ -30,7 +30,7 @@ prefer-post-quantum = ["aws-lc-rs", "rustls/prefer-post-quantum"]
 
 [dependencies]
 # Keep in sync with RUSTLS_CRATE_VERSION in build.rs
-rustls = { version = "=0.23.36", default-features = false, features = ["std", "tls12"] }
+rustls = { version = "=0.23.37", default-features = false, features = ["std", "tls12"] }
 webpki  = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }

librustls/build.rs

@@ -2,14 +2,6 @@ use std::fs::File;
 use std::io::Write;
 use std::{env, fs, path::PathBuf};
 
-// Keep in sync with Cargo.toml.
-//
-// We don't populate this automatically from the Cargo.toml at build time
-// because doing so would require a heavy-weight deserialization lib dependency
-// (and it couldn't be a _dev_ dep for use in a build script) or doing brittle
-// by-hand parsing.
-const RUSTLS_CRATE_VERSION: &str = "0.23.36";
-
 fn main() {
     let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
     let include_dir = out_dir.join("include");
@@ -38,3 +30,11 @@ fn main() {
 
     println!("cargo:rerun-if-env-changed=CARGO_PKG_VERSION");
 }
+
+// Keep in sync with Cargo.toml.
+//
+// We don't populate this automatically from the Cargo.toml at build time
+// because doing so would require a heavy-weight deserialization lib dependency
+// (and it couldn't be a _dev_ dep for use in a build script) or doing brittle
+// by-hand parsing.
+const RUSTLS_CRATE_VERSION: &str = "0.23.37";

librustls/cbindgen.toml

@@ -5,7 +5,7 @@ after_includes = """
 
 #define RUSTLS_VERSION_MAJOR 0
 #define RUSTLS_VERSION_MINOR 15
-#define RUSTLS_VERSION_PATCH 0
+#define RUSTLS_VERSION_PATCH 1
 
 /**
  * This gives each version part 8 bits, and leaves the 8 least significant bits

librustls/src/rustls.h

@@ -9,7 +9,7 @@
 
 #define RUSTLS_VERSION_MAJOR 0
 #define RUSTLS_VERSION_MINOR 15
-#define RUSTLS_VERSION_PATCH 0
+#define RUSTLS_VERSION_PATCH 1
 
 /**
  * This gives each version part 8 bits, and leaves the 8 least significant bits