commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2020-08-28 21:39:51
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.3399 (New)
Package is "ghc-tls"
Fri Aug 28 21:39:51 2020 rev:24 rq:829457 version:1.5.4
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2020-06-19
17:20:06.599326104 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.3399/ghc-tls.changes
2020-08-28 21:39:51.688851244 +0200
@@ -1,0 +2,5 @@
+Tue Aug 18 10:46:20 UTC 2020 - Peter Simons
+
+- Replace %setup -q with the more modern %autosetup macro.
+
+---
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.Ya1l00/_old 2020-08-28 21:39:52.192851483 +0200
+++ /var/tmp/diff_new_pack.Ya1l00/_new 2020-08-28 21:39:52.196851485 +0200
@@ -73,7 +73,7 @@
This package provides the Haskell %{pkg_name} library development files.
%prep
-%setup -q -n %{pkg_name}-%{version}
+%autosetup -n %{pkg_name}-%{version}
%build
%ghc_lib_build
commit ghc-tls for openSUSE:Factory
Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2020-06-19 17:20:03 Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new.3606 (New) Package is "ghc-tls" Fri Jun 19 17:20:03 2020 rev:23 rq:815198 version:1.5.4 Changes: --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2020-03-09 14:17:07.714654712 +0100 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new.3606/ghc-tls.changes 2020-06-19 17:20:06.599326104 +0200 @@ -1,0 +2,5 @@ +Tue Jun 16 11:14:43 UTC 2020 - Peter Simons + +- Re-generate file with latest version of spec-cleaner. + +--- Other differences: -- ++ ghc-tls.spec ++ --- /var/tmp/diff_new_pack.knUDkX/_old 2020-06-19 17:20:07.391328185 +0200 +++ /var/tmp/diff_new_pack.knUDkX/_new 2020-06-19 17:20:07.395328196 +0200 @@ -1,7 +1,7 @@ # # spec file for package ghc-tls # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2020-03-09 14:17:05
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.26092 (New)
Package is "ghc-tls"
Mon Mar 9 14:17:05 2020 rev:22 rq:780038 version:1.5.4
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2020-01-29
13:14:44.070057996 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.26092/ghc-tls.changes
2020-03-09 14:17:07.714654712 +0100
@@ -1,0 +2,11 @@
+Thu Feb 27 14:16:56 UTC 2020 - psim...@suse.com
+
+- Update tls to version 1.5.4.
+ ## Version 1.5.4
+
+ - Restore interoperability with early Java 6
+[#422](https://github.com/vincenthz/hs-tls/pull/422)
+ - Test cleanups for timeout and async usage
+[#416](https://github.com/vincenthz/hs-tls/pull/416)
+
+---
Old:
tls-1.5.3.tar.gz
New:
tls-1.5.4.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.9Q1QRK/_old 2020-03-09 14:17:09.026655577 +0100
+++ /var/tmp/diff_new_pack.9Q1QRK/_new 2020-03-09 14:17:09.034655583 +0100
@@ -19,7 +19,7 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.5.3
+Version:1.5.4
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.5.3.tar.gz -> tls-1.5.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.5.3/Benchmarks/Benchmarks.hs
new/tls-1.5.4/Benchmarks/Benchmarks.hs
--- old/tls-1.5.3/Benchmarks/Benchmarks.hs 2020-01-07 11:30:51.0
+0100
+++ new/tls-1.5.4/Benchmarks/Benchmarks.hs 2020-02-19 08:33:54.0
+0100
@@ -62,9 +62,9 @@
-> a
-> IO b
runTLSPipe params tlsServer tlsClient d = do
-(writeStart, readResult) <- establishDataPipe params tlsServer tlsClient
-writeStart d
-readResult
+withDataPipe params tlsServer tlsClient $ \(writeStart, readResult) -> do
+writeStart d
+readResult
runTLSPipeSimple :: (ClientParams, ServerParams) -> B.ByteString -> IO
B.ByteString
runTLSPipeSimple params = runTLSPipe params tlsServer tlsClient
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.5.3/CHANGELOG.md new/tls-1.5.4/CHANGELOG.md
--- old/tls-1.5.3/CHANGELOG.md 2020-01-07 11:30:51.0 +0100
+++ new/tls-1.5.4/CHANGELOG.md 2020-02-19 08:33:54.0 +0100
@@ -1,3 +1,10 @@
+## Version 1.5.4
+
+- Restore interoperability with early Java 6
+ [#422](https://github.com/vincenthz/hs-tls/pull/422)
+- Test cleanups for timeout and async usage
+ [#416](https://github.com/vincenthz/hs-tls/pull/416)
+
## Version 1.5.3
- Additional verification regarding EC signatures
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.5.3/Network/TLS/Handshake/Client.hs
new/tls-1.5.4/Network/TLS/Handshake/Client.hs
--- old/tls-1.5.3/Network/TLS/Handshake/Client.hs 2020-01-07
11:30:51.0 +0100
+++ new/tls-1.5.4/Network/TLS/Handshake/Client.hs 2020-02-19
08:33:54.0 +0100
@@ -120,6 +120,15 @@
tls13 = highestVer >= TLS13
ems = supportedExtendedMasterSec $ ctxSupported ctx
groupToSend = listToMaybe groups
+
+-- List of extensions to send in ClientHello, ordered such that we
never
+-- terminate with a zero-length extension. Some buggy implementations
+-- are allergic to an extension with empty data at final position.
+--
+-- Without TLS 1.3, the list ends with extension "signature_algorithms"
+-- with length >= 2 bytes. When TLS 1.3 is enabled, extensions
+-- "psk_key_exchange_modes" (currently always sent) and
"pre_shared_key"
+-- (not always present) have length > 0.
getExtensions pskInfo rtt0 = sequence
[ sniExtension
, secureReneg
@@ -133,10 +142,10 @@
, versionExtension
, earlyDataExtension rtt0
, keyshareExtension
-, pskExchangeModeExtension
, cookieExtension
, postHandshakeAuthExtension
-, preSharedKeyExtension pskInfo -- MUST be last
+, pskExchangeModeExtension
+, preSharedKeyExtension pskInfo -- MUST be last (RFC 8446)
]
toExtensionRaw :: Extension e => e -> ExtensionRaw
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.5.3/Tests/Connection.hs
new/tls-1.5.4/Tests/Connection.hs
---
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2020-01-29 13:13:22
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.26092 (New)
Package is "ghc-tls"
Wed Jan 29 13:13:22 2020 rev:21 rq:766990 version:1.5.3
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2019-12-27
13:58:36.488810211 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.26092/ghc-tls.changes
2020-01-29 13:14:44.070057996 +0100
@@ -1,0 +2,29 @@
+Thu Jan 9 03:03:11 UTC 2020 - psim...@suse.com
+
+- Update tls to version 1.5.3.
+ ## Version 1.5.3
+
+ - Additional verification regarding EC signatures
+[#412](https://github.com/vincenthz/hs-tls/pull/412)
+ - Fixing ALPN
+[#411](https://github.com/vincenthz/hs-tls/pull/411)
+ - Check SSLv3 padding length
+[#410](https://github.com/vincenthz/hs-tls/pull/410)
+ - Exposing getClientCertificateChain
+[#407](https://github.com/vincenthz/hs-tls/pull/407)
+ - Extended Master Secret
+[#406](https://github.com/vincenthz/hs-tls/pull/406)
+ - Brushing up the documentation
+[#404](https://github.com/vincenthz/hs-tls/pull/404)
+[#408](https://github.com/vincenthz/hs-tls/pull/408)
+ - Improving tests
+[#403](https://github.com/vincenthz/hs-tls/pull/403)
+ - Avoid calling onServerNameIndication twice with HRR
+[#402](https://github.com/vincenthz/hs-tls/pull/402)
+ - Enable X448 and FFDHE groups
+[#401](https://github.com/vincenthz/hs-tls/pull/401)
+ - Refactoring
+[#400](https://github.com/vincenthz/hs-tls/pull/400)
+[#399](https://github.com/vincenthz/hs-tls/pull/399)
+
+---
Old:
tls-1.5.2.tar.gz
New:
tls-1.5.3.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.OiS920/_old 2020-01-29 13:14:48.922060476 +0100
+++ /var/tmp/diff_new_pack.OiS920/_new 2020-01-29 13:14:48.922060476 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghc-tls
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.5.2
+Version:1.5.3
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.5.2.tar.gz -> tls-1.5.3.tar.gz ++
3016 lines of diff (skipped)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2019-12-27 13:58:34
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.6675 (New)
Package is "ghc-tls"
Fri Dec 27 13:58:34 2019 rev:20 rq:759541 version:1.5.2
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2019-08-13
13:15:33.701501572 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.6675/ghc-tls.changes
2019-12-27 13:58:36.488810211 +0100
@@ -1,0 +2,14 @@
+Fri Nov 8 16:15:03 UTC 2019 - Peter Simons
+
+- Drop obsolete group attributes.
+
+---
+Tue Oct 15 02:03:13 UTC 2019 - psim...@suse.com
+
+- Update tls to version 1.5.2.
+ Upstream has edited the change log file since the last release in
+ a non-trivial way, i.e. they did more than just add a new entry
+ at the top. You can review the file at:
+ http://hackage.haskell.org/package/tls-1.5.2/src/CHANGELOG.md
+
+---
Old:
tls-1.5.1.tar.gz
New:
tls-1.5.2.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.0aFWLL/_old 2019-12-27 13:58:37.396810650 +0100
+++ /var/tmp/diff_new_pack.0aFWLL/_new 2019-12-27 13:58:37.396810650 +0100
@@ -19,11 +19,10 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.5.1
+Version:1.5.2
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
-Group: Development/Libraries/Haskell
URL:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRequires: ghc-Cabal-devel
@@ -65,7 +64,6 @@
%package devel
Summary:Haskell %{pkg_name} library development files
-Group: Development/Libraries/Haskell
Requires: %{name} = %{version}-%{release}
Requires: ghc-compiler = %{ghc_version}
Requires(post): ghc-compiler = %{ghc_version}
++ tls-1.5.1.tar.gz -> tls-1.5.2.tar.gz ++
1793 lines of diff (skipped)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2019-08-13 13:15:33
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.9556 (New)
Package is "ghc-tls"
Tue Aug 13 13:15:33 2019 rev:19 rq:721038 version:1.5.1
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2019-06-12
13:18:51.876563565 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.9556/ghc-tls.changes
2019-08-13 13:15:33.701501572 +0200
@@ -1,0 +2,12 @@
+Sun Jul 28 02:01:08 UTC 2019 - psim...@suse.com
+
+- Update tls to version 1.5.1.
+ ## Version 1.5.1
+
+ - Post-handshake authentication
[#363](https://github.com/vincenthz/hs-tls/pull/363)
+ - Fixing memory leak [#366](https://github.com/vincenthz/hs-tls/pull/366)
+ - Improve version negotiation
[#368](https://github.com/vincenthz/hs-tls/pull/368)
+ - Don't send 0-RTT data when ticket is expired
[#370](https://github.com/vincenthz/hs-tls/pull/370)
+ - Handshake packet fragmentation
[#371](https://github.com/vincenthz/hs-tls/pull/371)
+
+---
Old:
tls-1.5.0.tar.gz
New:
tls-1.5.1.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.YtEqce/_old 2019-08-13 13:15:34.369501417 +0200
+++ /var/tmp/diff_new_pack.YtEqce/_new 2019-08-13 13:15:34.381501415 +0200
@@ -19,7 +19,7 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.5.0
+Version:1.5.1
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.5.0.tar.gz -> tls-1.5.1.tar.gz ++
3728 lines of diff (skipped)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2019-06-12 13:18:48
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.4811 (New)
Package is "ghc-tls"
Wed Jun 12 13:18:48 2019 rev:18 rq:709204 version:1.5.0
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2018-10-25
09:06:33.982496903 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.4811/ghc-tls.changes
2019-06-12 13:18:51.876563565 +0200
@@ -1,0 +2,9 @@
+Sun Jun 2 02:01:34 UTC 2019 - psim...@suse.com
+
+- Update tls to version 1.5.0.
+ Upstream has edited the change log file since the last release in
+ a non-trivial way, i.e. they did more than just add a new entry
+ at the top. You can review the file at:
+ http://hackage.haskell.org/package/tls-1.5.0/src/CHANGELOG.md
+
+---
Old:
tls-1.4.1.tar.gz
New:
tls-1.5.0.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.AJG1pC/_old 2019-06-12 13:18:52.884563104 +0200
+++ /var/tmp/diff_new_pack.AJG1pC/_new 2019-06-12 13:18:52.884563104 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-tls
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.4.1
+Version:1.5.0
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
@@ -34,6 +34,7 @@
BuildRequires: ghc-cereal-devel
BuildRequires: ghc-cryptonite-devel
BuildRequires: ghc-data-default-class-devel
+BuildRequires: ghc-hourglass-devel
BuildRequires: ghc-memory-devel
BuildRequires: ghc-mtl-devel
BuildRequires: ghc-network-devel
@@ -44,7 +45,6 @@
BuildRequires: ghc-x509-validation-devel
%if %{with tests}
BuildRequires: ghc-QuickCheck-devel
-BuildRequires: ghc-hourglass-devel
BuildRequires: ghc-tasty-devel
BuildRequires: ghc-tasty-quickcheck-devel
%endif
@@ -56,9 +56,9 @@
eliminating a common set of security issues through the use of the advanced
type system, high level constructions and common Haskell features.
-Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support
-RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges,
-and many extensions.
+Currently implement the SSL3.0, TLS1.0, TLS1.1, TLS1.2 and TLS 1.3 protocol,
+and support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key
+exchanges, and many extensions.
Some debug tools linked with tls, are available through the
commit ghc-tls for openSUSE:Factory
Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2018-10-25 09:06:31 Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new (New) Package is "ghc-tls" Thu Oct 25 09:06:31 2018 rev:17 rq:643476 version:1.4.1 Changes: --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2018-07-21 10:23:51.874977149 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2018-10-25 09:06:33.982496903 +0200 @@ -1,0 +2,5 @@ +Sat Oct 20 11:32:09 UTC 2018 - Peter Simons + +- Use https URL to refer to bugs.opensuse.org. + +--- Other differences: -- ++ ghc-tls.spec ++ --- /var/tmp/diff_new_pack.yjYaNt/_old 2018-10-25 09:06:34.354496682 +0200 +++ /var/tmp/diff_new_pack.yjYaNt/_new 2018-10-25 09:06:34.354496682 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ #
commit ghc-tls for openSUSE:Factory
Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2018-07-21 10:23:49 Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new (New) Package is "ghc-tls" Sat Jul 21 10:23:49 2018 rev:16 rq:623879 version:1.4.1 Changes: --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2018-05-30 12:27:40.701500439 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2018-07-21 10:23:51.874977149 +0200 @@ -1,0 +2,6 @@ +Wed Jul 18 14:26:45 UTC 2018 - psim...@suse.com + +- Cosmetic: replace tabs with blanks, strip trailing white space, + and update copyright headers with spec-cleaner. + +--- @@ -177 +182,0 @@ - Other differences: --
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2018-05-30 12:14:54
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Wed May 30 12:14:54 2018 rev:15 rq:607909 version:1.4.1
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2017-09-15
22:19:45.777076093 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2018-05-30
12:27:40.701500439 +0200
@@ -1,0 +2,39 @@
+Mon May 14 17:02:11 UTC 2018 - psim...@suse.com
+
+- Update tls to version 1.4.1.
+ - Enable X25519 in default parameters
[#265](https://github.com/vincenthz/hs-tls/pull/265)
+ - Checking EOF in bye [#262] (https://github.com/vincenthz/hs-tls/pull/262)
+ - Improving validation in DH key exchange
[#256](https://github.com/vincenthz/hs-tls/pull/256)
+ - Handle TCP reset during handshake
[#251](https://github.com/vincenthz/hs-tls/pull/251)
+ - Accepting hlint suggestions.
+ - Wrap renegotiation failures with HandshakeFailed
[#237](https://github.com/vincenthz/hs-tls/pull/237)
+ - Improve selection of server certificate and use "signature_algorithms"
extension [#236](https://github.com/vincenthz/hs-tls/pull/236)
+ - Change Bytes to ByteString and deprecate the Bytes type alias
[#230](https://github.com/vincenthz/hs-tls/pull/230)
+ - Session compression and SNI
[#223](https://github.com/vincenthz/hs-tls/pull/223)
+ - Deprecating ciphersuite_medium. Putting WARNING to ciphersuite_all since
this includes RC4 [#153](https://github.com/vincenthz/hs-tls/pull/153)
[#222](https://github.com/vincenthz/hs-tls/pull/222)
+ - Removing NPN [#214](https://github.com/vincenthz/hs-tls/pull/214)
+ - Supporting RSAPSS defined in TLS 1.3
[#207](https://github.com/vincenthz/hs-tls/pull/207)
+ - Supporting X25519 and X448 in the IES style.
[#205](https://github.com/vincenthz/hs-tls/pull/205)
+ - Strip leading zeros in DHE premaster secret
[#201](https://github.com/vincenthz/hs-tls/pull/201)
+ - RSASSA-PSS signatures can be enabled with `supportedHashSignatures`. This
+uses assignments from TLS 1.3, for example `(HashIntrinsic,
SignatureRSApssSHA256)`.
+ - Diffie-Hellman with elliptic curves X25519 and X448: This can be enabled
with
+`supportedGroups`, which also gives control over curve preference.
+ - ECDH with curve P-256 now uses optimized C implementation from package
`cryptonite`.
+
+ API CHANGES:
+
+ - Cipher list `ciphersuite_medium` is now deprecated, users are advised to
use
+`ciphersuite_default` or `ciphersuite_strong`. List `ciphersuite_all` is
kept
+for compatibility with old servers but this is discouraged and generates a
+warning (this includes RC4 ciphers, see
[#153](https://github.com/vincenthz/hs-tls/pull/153)
+for reference).
+ - Support for NPN (Next Protocol Negotiation) has been removed. The
replacement
+is ALPN (Application-Layer Protocol Negotiation).
+ - Data type `SessionData` now contains fields for compression algorithm and
+client SNI. A `SessionManager` implementation that serializes/deserializes
+`SessionData` values must deal with the new fields.
+ - Module `Network.TLS` exports a type alias named `Bytes` which is now
deprecated.
+The replacement is to use strict `ByteString` directly.
+
+---
Old:
tls-1.3.11.tar.gz
New:
tls-1.4.1.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.0O6SAG/_old 2018-05-30 12:27:41.221482226 +0200
+++ /var/tmp/diff_new_pack.0O6SAG/_new 2018-05-30 12:27:41.225482086 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-tls
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.3.11
+Version:1.4.1
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
@@ -93,7 +93,7 @@
%ghc_pkg_recache
%files -f %{name}.files
-%doc LICENSE
+%license LICENSE
%files devel -f %{name}-devel.files
%doc CHANGELOG.md
++ tls-1.3.11.tar.gz -> tls-1.4.1.tar.gz ++
6332 lines of diff (skipped)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2017-09-15 22:19:44
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Fri Sep 15 22:19:44 2017 rev:14 rq:525553 version:1.3.11
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2017-07-11
08:27:01.905407361 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2017-09-15
22:19:45.777076093 +0200
@@ -1,0 +2,5 @@
+Thu Aug 3 15:38:38 UTC 2017 - psim...@suse.com
+
+- Updated with latest spec-cleaner version 0.9.8-8-geadfbbf.
+
+---
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.XmqU0x/_old 2017-09-15 22:19:46.305001731 +0200
+++ /var/tmp/diff_new_pack.XmqU0x/_new 2017-09-15 22:19:46.305001731 +0200
@@ -23,8 +23,8 @@
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
-Group: Development/Languages/Other
-Url:https://hackage.haskell.org/package/%{pkg_name}
+Group: Development/Libraries/Haskell
+URL:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
@@ -42,7 +42,6 @@
BuildRequires: ghc-x509-devel
BuildRequires: ghc-x509-store-devel
BuildRequires: ghc-x509-validation-devel
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with tests}
BuildRequires: ghc-QuickCheck-devel
BuildRequires: ghc-hourglass-devel
@@ -66,7 +65,7 @@
%package devel
Summary:Haskell %{pkg_name} library development files
-Group: Development/Libraries/Other
+Group: Development/Libraries/Haskell
Requires: %{name} = %{version}-%{release}
Requires: ghc-compiler = %{ghc_version}
Requires(post): ghc-compiler = %{ghc_version}
@@ -94,11 +93,9 @@
%ghc_pkg_recache
%files -f %{name}.files
-%defattr(-,root,root,-)
%doc LICENSE
%files devel -f %{name}-devel.files
-%defattr(-,root,root,-)
%doc CHANGELOG.md
%changelog
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2017-07-11 08:27:00
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Tue Jul 11 08:27:00 2017 rev:13 rq:509061 version:1.3.11
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2017-06-04
01:55:38.335718009 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2017-07-11
08:27:01.905407361 +0200
@@ -1,0 +2,5 @@
+Fri Jun 30 03:01:57 UTC 2017 - psim...@suse.com
+
+- Update to version 1.3.11.
+
+---
Old:
tls-1.3.10.tar.gz
tls.cabal
New:
tls-1.3.11.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.lcysA3/_old 2017-07-11 08:27:04.868989343 +0200
+++ /var/tmp/diff_new_pack.lcysA3/_new 2017-07-11 08:27:04.868989343 +0200
@@ -19,14 +19,13 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.3.10
+Version:1.3.11
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
Group: Development/Languages/Other
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
-Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/2.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-types-devel
@@ -78,7 +77,6 @@
%prep
%setup -q -n %{pkg_name}-%{version}
-cp -p %{SOURCE1} %{pkg_name}.cabal
%build
%ghc_lib_build
++ tls-1.3.10.tar.gz -> tls-1.3.11.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.10/tls.cabal new/tls-1.3.11/tls.cabal
--- old/tls-1.3.10/tls.cabal2017-03-14 08:08:04.0 +0100
+++ new/tls-1.3.11/tls.cabal2017-06-28 19:08:29.0 +0200
@@ -1,5 +1,5 @@
Name:tls
-Version: 1.3.10
+version: 1.3.11
Description:
Native Haskell TLS and SSL protocol implementation for server and client.
.
@@ -40,21 +40,21 @@
Default: False
Library
- Build-Depends: base >= 4.3 && < 5
+ Build-Depends: base >= 4.7 && < 5
, mtl >= 2
, transformers
, cereal >= 0.4
, bytestring
, data-default-class
-- crypto related
- , memory
+ , memory >= 0.14.6
, cryptonite >= 0.21
-- certificate related
, asn1-types >= 0.2.0
, asn1-encoding
- , x509 >= 1.6.5 && < 1.7.0
+ , x509 >= 1.6.5
, x509-store >= 1.6
- , x509-validation >= 1.6.5 && < 1.7.0
+ , x509-validation >= 1.6.5
, async >= 2.0
if flag(network)
Build-Depends: network >= 2.4.0.0
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2017-06-04 01:55:37
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Sun Jun 4 01:55:37 2017 rev:12 rq:494196 version:1.3.10
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2017-04-14
13:38:50.793847363 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2017-06-04
01:55:38.335718009 +0200
@@ -1,0 +2,5 @@
+Wed Apr 26 15:04:39 UTC 2017 - psim...@suse.com
+
+- Update to version 1.3.10 revision 2 with cabal2obs.
+
+---
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.85muk7/_old 2017-06-04 01:55:38.891639470 +0200
+++ /var/tmp/diff_new_pack.85muk7/_new 2017-06-04 01:55:38.895638905 +0200
@@ -26,7 +26,7 @@
Group: Development/Languages/Other
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
-Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
+Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/2.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-types-devel
++ tls.cabal ++
--- /var/tmp/diff_new_pack.85muk7/_old 2017-06-04 01:55:38.947631559 +0200
+++ /var/tmp/diff_new_pack.85muk7/_new 2017-06-04 01:55:38.951630994 +0200
@@ -1,6 +1,6 @@
Name:tls
Version: 1.3.10
-x-revision: 1
+x-revision: 2
Description:
Native Haskell TLS and SSL protocol implementation for server and client.
.
@@ -31,6 +31,7 @@
Flag compat
Description: Accept SSLv2 client hello for beginning SSLv3 / TLS
handshake
Default: True
+ Manual:True
Flag network
Description: Use the base network library
@@ -48,14 +49,14 @@
, bytestring < 0.11
, data-default-class < 0.2
-- crypto related
- , memory < 0.15
- , cryptonite >= 0.21 && < 0.23
+ , memory
+ , cryptonite >= 0.21
-- certificate related
- , asn1-types >= 0.2.0 && < 0.4
- , asn1-encoding < 0.10
- , x509 >= 1.6.5 && < 1.7
- , x509-store >= 1.6 && < 1.7
- , x509-validation >= 1.6.5 && < 1.7
+ , asn1-types >= 0.2.0
+ , asn1-encoding
+ , x509 >= 1.6.5
+ , x509-store >= 1.6
+ , x509-validation >= 1.6.5
, async >= 2.0 && < 2.2
if flag(network)
Build-Depends: network >= 2.4.0.0 && < 2.7
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2017-04-14 13:38:49
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Fri Apr 14 13:38:49 2017 rev:11 rq:485164 version:1.3.10
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2017-02-03
17:40:18.222598923 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2017-04-14
13:38:50.793847363 +0200
@@ -1,0 +2,5 @@
+Mon Mar 27 12:38:43 UTC 2017 - psim...@suse.com
+
+- Update to version 1.3.10 revision 1 with cabal2obs.
+
+---
Old:
tls-1.3.9.tar.gz
New:
tls-1.3.10.tar.gz
tls.cabal
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.p8UVUD/_old 2017-04-14 13:38:52.237643311 +0200
+++ /var/tmp/diff_new_pack.p8UVUD/_new 2017-04-14 13:38:52.241642746 +0200
@@ -19,13 +19,14 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.3.9
+Version:1.3.10
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
Group: Development/Languages/Other
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
+Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-types-devel
@@ -77,6 +78,7 @@
%prep
%setup -q -n %{pkg_name}-%{version}
+cp -p %{SOURCE1} %{pkg_name}.cabal
%build
%ghc_lib_build
++ tls-1.3.9.tar.gz -> tls-1.3.10.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.9/Network/TLS/Backend.hs
new/tls-1.3.10/Network/TLS/Backend.hs
--- old/tls-1.3.9/Network/TLS/Backend.hs2016-07-30 12:11:49.0
+0200
+++ new/tls-1.3.10/Network/TLS/Backend.hs 2016-12-20 08:24:41.0
+0100
@@ -27,7 +27,7 @@
#ifdef INCLUDE_NETWORK
import Control.Monad
-import qualified Network.Socket as Network (Socket, sClose)
+import qualified Network.Socket as Network (Socket, close)
import qualified Network.Socket.ByteString as Network
#endif
@@ -72,7 +72,7 @@
#ifdef INCLUDE_NETWORK
instance HasBackend Network.Socket where
initializeBackend _ = return ()
-getBackend sock = Backend (return ()) (Network.sClose sock)
(Network.sendAll sock) recvAll
+getBackend sock = Backend (return ()) (Network.close sock)
(Network.sendAll sock) recvAll
where recvAll n = B.concat `fmap` loop n
where loop 0= return []
loop left = do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.9/Network/TLS/Cipher.hs
new/tls-1.3.10/Network/TLS/Cipher.hs
--- old/tls-1.3.9/Network/TLS/Cipher.hs 2016-12-17 12:09:25.0 +0100
+++ new/tls-1.3.10/Network/TLS/Cipher.hs2017-03-14 07:12:25.0
+0100
@@ -32,8 +32,7 @@
) where
import Crypto.Cipher.Types (AuthTag)
-import Network.TLS.Types (CipherID)
-import Network.TLS.Struct (Version(..))
+import Network.TLS.Types (CipherID, Version(..))
import Network.TLS.Crypto (Hash(..), hashDigestSize)
import qualified Data.ByteString as B
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.9/Network/TLS/Core.hs
new/tls-1.3.10/Network/TLS/Core.hs
--- old/tls-1.3.9/Network/TLS/Core.hs 2016-12-04 07:54:32.0 +0100
+++ new/tls-1.3.10/Network/TLS/Core.hs 2016-12-20 08:24:41.0 +0100
@@ -88,10 +88,10 @@
where doRecv = do
pkt <- withReadLock ctx $ recvPacket ctx
either onError process pkt
-
+
safeHandleError_EOF Error_EOF = Just ()
safeHandleError_EOF _ = Nothing
-
+
onError err@(Error_Protocol (reason,fatal,desc)) =
terminate err (if fatal then AlertLevel_Fatal else
AlertLevel_Warning) desc reason
onError err =
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.9/Network/TLS/Credentials.hs
new/tls-1.3.10/Network/TLS/Credentials.hs
--- old/tls-1.3.9/Network/TLS/Credentials.hs2015-01-16 20:44:32.0
+0100
+++ new/tls-1.3.10/Network/TLS/Credentials.hs 2017-03-14 07:12:25.0
+0100
@@ -95,14 +95,14 @@
-- this change in future.
credentialCanDecrypt :: Credential -> Maybe ()
credentialCanDecrypt (chain, priv) =
-case
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2017-02-01 09:52:28
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-07-20
09:20:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2017-02-03
17:40:18.222598923 +0100
@@ -1,0 +2,5 @@
+Wed Jan 18 09:00:21 UTC 2017 - psim...@suse.com
+
+- Update to version 1.3.9 with cabal2obs.
+
+---
Old:
tls-1.3.8.tar.gz
New:
tls-1.3.9.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.PIEHad/_old 2017-02-03 17:40:18.602545145 +0100
+++ /var/tmp/diff_new_pack.PIEHad/_new 2017-02-03 17:40:18.606544579 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghc-tls
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,15 +19,14 @@
%global pkg_name tls
%bcond_with tests
Name: ghc-%{pkg_name}
-Version:1.3.8
+Version:1.3.9
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
-Group: System/Libraries
+Group: Development/Languages/Other
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRequires: ghc-Cabal-devel
-# Begin cabal-rpm deps:
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-types-devel
BuildRequires: ghc-async-devel
@@ -50,7 +49,6 @@
BuildRequires: ghc-tasty-devel
BuildRequires: ghc-tasty-quickcheck-devel
%endif
-# End cabal-rpm deps
%description
Native Haskell TLS and SSL protocol implementation for server and client.
@@ -80,20 +78,14 @@
%prep
%setup -q -n %{pkg_name}-%{version}
-
%build
%ghc_lib_build
-
%install
%ghc_lib_install
-
%check
-%if %{with tests}
-%{cabal} test
-%endif
-
+%cabal_test
%post devel
%ghc_pkg_recache
++ tls-1.3.8.tar.gz -> tls-1.3.9.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.8/CHANGELOG.md new/tls-1.3.9/CHANGELOG.md
--- old/tls-1.3.8/CHANGELOG.md 2016-05-12 08:01:28.0 +0200
+++ new/tls-1.3.9/CHANGELOG.md 2016-05-14 18:46:17.0 +0200
@@ -1,3 +1,7 @@
+## Version 1.3.8
+
+- Fix older GHC builds
+
## Version 1.3.7
- Disable SHA384 based cipher, as they don't work properly yet.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.8/Network/TLS/Backend.hs
new/tls-1.3.9/Network/TLS/Backend.hs
--- old/tls-1.3.8/Network/TLS/Backend.hs2016-05-12 08:01:28.0
+0200
+++ new/tls-1.3.9/Network/TLS/Backend.hs2016-07-30 12:11:49.0
+0200
@@ -52,6 +52,23 @@
initializeBackend _ = return ()
getBackend = id
+#if defined(__GLASGOW_HASKELL__) && WINDOWS
+-- Socket recv and accept calls on Windows platform cannot be interrupted when
compiled with -threaded.
+-- See https://ghc.haskell.org/trac/ghc/ticket/5797 for details.
+-- The following enables simple workaround
+#define SOCKET_ACCEPT_RECV_WORKAROUND
+#endif
+
+safeRecv :: Network.Socket -> Int -> IO ByteString
+#ifndef SOCKET_ACCEPT_RECV_WORKAROUND
+safeRecv = Network.recv
+#else
+safeRecv s buf = do
+var <- newEmptyMVar
+forkIO $ Network.recv s buf `E.catch` (\(_::IOException) -> return
S8.empty) >>= putMVar var
+takeMVar var
+#endif
+
#ifdef INCLUDE_NETWORK
instance HasBackend Network.Socket where
initializeBackend _ = return ()
@@ -59,7 +76,7 @@
where recvAll n = B.concat `fmap` loop n
where loop 0= return []
loop left = do
-r <- Network.recv sock left
+r <- safeRecv sock left
if B.null r
then return []
else liftM (r:) (loop (left - B.length r))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.8/Network/TLS/Cipher.hs
new/tls-1.3.9/Network/TLS/Cipher.hs
--- old/tls-1.3.8/Network/TLS/Cipher.hs 2016-05-12 08:01:28.0 +0200
+++ new/tls-1.3.9/Network/TLS/Cipher.hs 2016-12-17 12:09:25.0 +0100
@@ -125,6 +125,7 @@
, cipherBulk :: Bulk
, cipherKeyExchange
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2016-07-20 09:20:12
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-05-17
17:16:03.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-07-20
09:20:15.0 +0200
@@ -1,0 +2,5 @@
+Sun Jul 10 16:56:12 UTC 2016 - psim...@suse.com
+
+- Update to version 1.3.8 revision 0 with cabal2obs.
+
+---
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.R3Ag0J/_old 2016-07-20 09:20:17.0 +0200
+++ /var/tmp/diff_new_pack.R3Ag0J/_new 2016-07-20 09:20:17.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ghc-tls
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,40 +17,35 @@
%global pkg_name tls
-
%bcond_with tests
-
-Name: ghc-tls
+Name: ghc-%{pkg_name}
Version:1.3.8
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
Group: System/Libraries
-
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-
BuildRequires: ghc-Cabal-devel
-BuildRequires: ghc-rpm-macros
# Begin cabal-rpm deps:
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-types-devel
BuildRequires: ghc-async-devel
-BuildRequires: ghc-byteable-devel
BuildRequires: ghc-bytestring-devel
BuildRequires: ghc-cereal-devel
BuildRequires: ghc-cryptonite-devel
BuildRequires: ghc-data-default-class-devel
+BuildRequires: ghc-memory-devel
BuildRequires: ghc-mtl-devel
BuildRequires: ghc-network-devel
+BuildRequires: ghc-rpm-macros
BuildRequires: ghc-transformers-devel
BuildRequires: ghc-x509-devel
BuildRequires: ghc-x509-store-devel
BuildRequires: ghc-x509-validation-devel
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with tests}
BuildRequires: ghc-QuickCheck-devel
-BuildRequires: ghc-cprng-aes-devel
BuildRequires: ghc-hourglass-devel
BuildRequires: ghc-tasty-devel
BuildRequires: ghc-tasty-quickcheck-devel
@@ -71,33 +66,35 @@
Some debug tools linked with tls, are available through the
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2016-05-17 17:16:01
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-05-12
09:34:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-05-17
17:16:03.0 +0200
@@ -1,0 +2,5 @@
+Fri May 13 12:53:41 UTC 2016 - mimi...@gmail.com
+
+- update to 1.3.8
+
+---
Old:
tls-1.3.7.tar.gz
New:
tls-1.3.8.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.mamkNS/_old 2016-05-17 17:16:04.0 +0200
+++ /var/tmp/diff_new_pack.mamkNS/_new 2016-05-17 17:16:04.0 +0200
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version:1.3.7
+Version:1.3.8
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.3.7.tar.gz -> tls-1.3.8.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.7/Network/TLS/Handshake/Common.hs
new/tls-1.3.8/Network/TLS/Handshake/Common.hs
--- old/tls-1.3.7/Network/TLS/Handshake/Common.hs 2016-05-08
07:10:23.0 +0200
+++ new/tls-1.3.8/Network/TLS/Handshake/Common.hs 2016-05-12
08:01:28.0 +0200
@@ -135,5 +135,6 @@
, sessionSecret = ms
}
+extensionLookup :: ExtensionID -> [ExtensionRaw] -> Maybe Bytes
extensionLookup toFind = fmap (\(ExtensionRaw _ content) -> content)
- . find (\(ExtensionRaw eid content) -> eid == toFind)
+ . find (\(ExtensionRaw eid _) -> eid == toFind)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.7/Network/TLS/Handshake/Signature.hs
new/tls-1.3.8/Network/TLS/Handshake/Signature.hs
--- old/tls-1.3.7/Network/TLS/Handshake/Signature.hs2016-05-08
07:10:23.0 +0200
+++ new/tls-1.3.8/Network/TLS/Handshake/Signature.hs2016-05-12
08:01:28.0 +0200
@@ -83,7 +83,7 @@
Just HashSHA256 -> SHA256
Just HashSHA1 -> SHA1
Nothing -> SHA1_MD5
-Just hash -> error ("unimplemented RSA signature hash type: " ++
show hash)
+Just hsh-> error ("unimplemented RSA signature hash type: " ++
show hsh)
signatureHashData SignatureDSS mhash =
case mhash of
Nothing -> SHA1
@@ -96,7 +96,7 @@
Just HashSHA256 -> SHA256
Just HashSHA1 -> SHA1
Nothing -> SHA1_MD5
-Just hash -> error ("unimplemented ECDSA signature hash type: "
++ show hash)
+Just hsh-> error ("unimplemented ECDSA signature hash type: "
++ show hsh)
signatureHashData sig _ = error ("unimplemented signature type: " ++ show sig)
--signatureCreate :: Context -> Maybe HashAndSignatureAlgorithm -> HashDescr
-> Bytes -> IO DigitallySigned
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.7/Network/TLS/Parameters.hs
new/tls-1.3.8/Network/TLS/Parameters.hs
--- old/tls-1.3.7/Network/TLS/Parameters.hs 2016-05-08 07:10:23.0
+0200
+++ new/tls-1.3.8/Network/TLS/Parameters.hs 2016-05-12 08:01:28.0
+0200
@@ -1,3 +1,5 @@
+ {-# LANGUAGE CPP #-}
+
-- |
-- Module : Network.TLS.Parameters
-- License : BSD-style
@@ -36,6 +38,9 @@
import Network.TLS.RNG (Seed)
import Data.Default.Class
import qualified Data.ByteString as B
+#if __GLASGOW_HASKELL__ < 710
+import Data.Monoid (mempty)
+#endif
type HostName = String
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.7/tls.cabal new/tls-1.3.8/tls.cabal
--- old/tls-1.3.7/tls.cabal 2016-05-08 07:10:23.0 +0200
+++ new/tls-1.3.8/tls.cabal 2016-05-12 08:01:28.0 +0200
@@ -1,5 +1,5 @@
Name:tls
-Version: 1.3.7
+Version: 1.3.8
Description:
Native Haskell TLS and SSL protocol implementation for server and client.
.
@@ -23,6 +23,7 @@
Category:Network
stability: experimental
Cabal-Version: >=1.8
+Tested-With: GHC == 7.0.4, GHC == 7.4.2, GHC == 7.6.3, GHC == 7.8.4,
GHC == 7.10.3, GHC == 8.0.1
Homepage:http://github.com/vincenthz/hs-tls
extra-source-files: Tests/*.hs
CHANGELOG.md
@@ -40,7 +41,7 @@
Default: False
Library
- Build-Depends: base
commit ghc-tls for openSUSE:Factory
Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2016-05-12 09:34:09 Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new (New) Package is "ghc-tls" Changes: --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-04-30 23:30:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-05-12 09:34:10.0 +0200 @@ -1,0 +2,13 @@ +Wed May 11 15:35:33 UTC 2016 - mimi...@gmail.com + +- update to 1.3.7 +* Disable SHA384 based cipher, as they don't work properly yet. + +--- +Sun May 8 11:22:31 UTC 2016 - mimi...@gmail.com + +- update to 1.3.6 +* Add new ciphers +* Improve some debugging and outputs + +--- Old: tls-1.3.5.tar.gz New: tls-1.3.7.tar.gz Other differences: -- ++ ghc-tls.spec ++ --- /var/tmp/diff_new_pack.B4HGvy/_old 2016-05-12 09:34:11.0 +0200 +++ /var/tmp/diff_new_pack.B4HGvy/_new 2016-05-12 09:34:11.0 +0200 @@ -21,7 +21,7 @@ %bcond_with tests Name: ghc-tls -Version:1.3.5 +Version:1.3.7 Release:0 Summary:TLS/SSL protocol native implementation (Server and Client) License:BSD-3-Clause ++ tls-1.3.5.tar.gz -> tls-1.3.7.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.5/CHANGELOG.md new/tls-1.3.7/CHANGELOG.md --- old/tls-1.3.5/CHANGELOG.md 2016-04-09 15:47:25.0 +0200 +++ new/tls-1.3.7/CHANGELOG.md 2016-05-08 07:10:23.0 +0200 @@ -1,3 +1,12 @@ +## Version 1.3.7 + +- Disable SHA384 based cipher, as they don't work properly yet. + +## Version 1.3.6 + +- Add new ciphers +- Improve some debugging and outputs + ## Version 1.3.5 - Fix a bug with ECDHE based cipher where serialization diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.5/Network/TLS/Extension/EC.hs new/tls-1.3.7/Network/TLS/Extension/EC.hs --- old/tls-1.3.5/Network/TLS/Extension/EC.hs 2016-04-09 15:47:25.0 +0200 +++ new/tls-1.3.7/Network/TLS/Extension/EC.hs 2016-05-08 07:10:23.0 +0200 @@ -33,6 +33,9 @@ toCurveName 23 = Just SEC_p256r1 toCurveName 24 = Just SEC_p384r1 toCurveName 25 = Just SEC_p521r1 +--toCurveName 26 = Just Brainpool_P256r1 +--toCurveName 27 = Just Brainpool_P384r1 +--toCurveName 28 = Just Brainpool_P512r1 toCurveName _ = Nothing fromCurveName :: CurveName -> Maybe Word16 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.5/Network/TLS/Extension.hs new/tls-1.3.7/Network/TLS/Extension.hs --- old/tls-1.3.5/Network/TLS/Extension.hs 2016-04-09 15:47:25.0 +0200 +++ new/tls-1.3.7/Network/TLS/Extension.hs 2016-05-08 07:10:23.0 +0200 @@ -41,7 +41,6 @@ , availableEllipticCurves ) where -import Control.Applicative ((<$>),(<*>)) import Control.Monad import Data.Word @@ -53,6 +52,7 @@ import Network.TLS.Extension.EC import Network.TLS.Struct (ExtensionID, EnumSafe8(..), EnumSafe16(..), HashAndSignatureAlgorithm) import Network.TLS.Wire +import Network.TLS.Imports import Network.TLS.Packet (putSignatureHashAlgorithm, getSignatureHashAlgorithm) type HostName = String @@ -258,21 +258,32 @@ data NamedCurve = SEC CurveName +| BrainPool BrainPoolCurve | NamedCurve_arbitrary_explicit_prime_curves | NamedCurve_arbitrary_explicit_char2_curves deriving (Show,Eq) --- FIXME: currently maximum crypto strength of our supported ---cipher suite is 128 bits. Not support 384 and 512. +data BrainPoolCurve = + BrainPoolP512R1 -- 28 +| BrainPoolP384R1 -- 27 +| BrainPoolP256R1 -- 26 +deriving (Show,Eq) + availableEllipticCurves :: [NamedCurve] -availableEllipticCurves = [SEC SEC_p160r1, SEC SEC_p224r1, SEC SEC_p256r1] +availableEllipticCurves = [SEC SEC_p256r1, SEC SEC_p521r1] instance EnumSafe16 NamedCurve where fromEnumSafe16 NamedCurve_arbitrary_explicit_prime_curves = 0xFF01 fromEnumSafe16 NamedCurve_arbitrary_explicit_char2_curves = 0xFF02 fromEnumSafe16 (SEC nc) = maybe (error "named curve: internal error") id $ fromCurveName nc +fromEnumSafe16 (BrainPool BrainPoolP512R1) = 28 +fromEnumSafe16 (BrainPool BrainPoolP384R1) = 27 +fromEnumSafe16 (BrainPool BrainPoolP256R1) = 26 toEnumSafe16 0xFF01 = Just NamedCurve_arbitrary_explicit_prime_curves toEnumSafe16 0xFF02 = Just NamedCurve_arbitrary_explicit_char2_curves +toEnumSafe16 26 = Just (BrainPool BrainPoolP256R1) +
commit ghc-tls for openSUSE:Factory
Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2016-04-30 23:30:40 Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new (New) Package is "ghc-tls" Changes: --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2016-01-08 15:22:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-04-30 23:30:42.0 +0200 @@ -1,0 +2,9 @@ +Sun Apr 10 19:02:03 UTC 2016 - mimi...@gmail.com + +- update to 1.3.5 +* Fix a bug with ECDHE based cipher where serialization +* Improve tests +* Debugging: Add a way to print random seed and a way to side-load +a seed for replayability + +--- Old: tls-1.3.4.tar.gz New: tls-1.3.5.tar.gz Other differences: -- ++ ghc-tls.spec ++ --- /var/tmp/diff_new_pack.0jmYOG/_old 2016-04-30 23:30:43.0 +0200 +++ /var/tmp/diff_new_pack.0jmYOG/_new 2016-04-30 23:30:43.0 +0200 @@ -21,7 +21,7 @@ %bcond_with tests Name: ghc-tls -Version:1.3.4 +Version:1.3.5 Release:0 Summary:TLS/SSL protocol native implementation (Server and Client) License:BSD-3-Clause ++ tls-1.3.4.tar.gz -> tls-1.3.5.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.4/Benchmarks/Benchmarks.hs new/tls-1.3.5/Benchmarks/Benchmarks.hs --- old/tls-1.3.4/Benchmarks/Benchmarks.hs 2015-12-12 15:51:40.0 +0100 +++ new/tls-1.3.5/Benchmarks/Benchmarks.hs 2016-04-09 15:47:25.0 +0200 @@ -35,7 +35,7 @@ } (pubKey, privKey) = getGlobalRSAPair -runTLSPipe params tlsServer tlsClient d name = bench name $ do +runTLSPipe params tlsServer tlsClient d name = bench name . nfIO $ do (startQueue, resultQueue) <- establishDataPipe params tlsServer tlsClient writeChan startQueue d readChan resultQueue diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.4/CHANGELOG.md new/tls-1.3.5/CHANGELOG.md --- old/tls-1.3.4/CHANGELOG.md 2015-12-12 15:51:40.0 +0100 +++ new/tls-1.3.5/CHANGELOG.md 2016-04-09 15:47:25.0 +0200 @@ -1,3 +1,17 @@ +## Version 1.3.5 + +- Fix a bug with ECDHE based cipher where serialization +- Debugging: Add a way to print random seed and a way to side-load a seed for replayability +- Improve tests + +## Version 1.3.4 + +- Fix tests on 32 bits `time_t` machines (time not within bound) +- VirtualHost: Add a way to load credentials related to the hostname used by the client (Julian Beaumont) +- VirtualHost: Expose an API to query which hostname the client has contacted (Julian Beaumont) +- Add a way to disable empty packet that are use for security when + using old versions + old CBC based cipher (Anton Dessiatov) + ## Version 1.3.3 - Add support for Hans (Haskell Network Stack) (Adam Wick) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.4/Network/TLS/Context.hs new/tls-1.3.5/Network/TLS/Context.hs --- old/tls-1.3.4/Network/TLS/Context.hs2015-12-12 15:51:40.0 +0100 +++ new/tls-1.3.5/Network/TLS/Context.hs2016-04-09 15:47:25.0 +0200 @@ -98,6 +98,7 @@ instance TLSParams ClientParams where getTLSCommonParams cparams = ( clientSupported cparams , clientShared cparams + , clientDebug cparams ) getTLSRole _ = ClientRole getCiphers cparams = supportedCiphers $ clientSupported cparams @@ -107,6 +108,7 @@ instance TLSParams ServerParams where getTLSCommonParams sparams = ( serverSupported sparams , serverShared sparams + , serverDebug sparams ) getTLSRole _ = ServerRole -- on the server we filter our allowed ciphers here according @@ -144,11 +146,17 @@ contextNew backend params = liftIO $ do initializeBackend backend -rng <- newStateRNG +let (supported, shared, debug) = getTLSCommonParams params + +seed <- case debugSeed debug of +Nothing -> do seed <- seedNew + debugPrintSeed debug $ seed + return seed +Just determ -> return determ +let rng = newStateRNG seed let role = getTLSRole params st = newTLSState rng role -(supported, shared) = getTLSCommonParams params ciphers = getCiphers params when (null ciphers)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2016-01-08 15:22:40
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-09-02
00:36:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2016-01-08
15:22:41.0 +0100
@@ -1,0 +2,9 @@
+Tue Dec 15 20:50:00 UTC 2015 - mimi...@gmail.com
+
+- update to 1.3.4
+* Add support for Hans (Haskell Network Stack)
+* Add support for ECDSA signature
+* Add support for ECDSA-ECDHE Cipher
+* Improve parsing of ECC related structure
+
+---
Old:
tls-1.3.2.tar.gz
New:
tls-1.3.4.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.IsnVCZ/_old 2016-01-08 15:22:42.0 +0100
+++ /var/tmp/diff_new_pack.IsnVCZ/_new 2016-01-08 15:22:42.0 +0100
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version:1.3.2
+Version:1.3.4
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.3.2.tar.gz -> tls-1.3.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.2/CHANGELOG.md new/tls-1.3.4/CHANGELOG.md
--- old/tls-1.3.2/CHANGELOG.md 2015-08-24 07:44:53.0 +0200
+++ new/tls-1.3.4/CHANGELOG.md 2015-12-12 15:51:40.0 +0100
@@ -1,3 +1,19 @@
+## Version 1.3.3
+
+- Add support for Hans (Haskell Network Stack) (Adam Wick)
+- Add support for ECDSA signature
+- Add support for ECDSA-ECDHE Cipher
+- Improve parsing of ECC related structure
+
+## Version 1.3.2
+
+- Add cipher suites for forward secrecy on more clients (Aaron Friel)
+- Maintain more handshake information to be queried by protocol (Adam Wick)
+- handle SCSV on client and server side (Kazu Yamamoto)
+- Cleanup renegotiation logic (Kazu Yamamoto)
+- Various testing improvements with the openssl test parts
+- Cleanup AEAD handling for future support of other ciphers
+
## Version 1.3.1
- Repair DHE RSA handling on the cipher by creating signature properly
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.2/Network/TLS/Backend.hs
new/tls-1.3.4/Network/TLS/Backend.hs
--- old/tls-1.3.2/Network/TLS/Backend.hs2015-08-24 07:44:53.0
+0200
+++ new/tls-1.3.4/Network/TLS/Backend.hs2015-12-12 15:51:40.0
+0100
@@ -1,3 +1,4 @@
+{-# LANGUAGE CPP #-}
-- |
-- Module : Network.TLS.Backend
-- License : BSD-style
@@ -20,13 +21,21 @@
, Backend(..)
) where
-import Control.Monad
-import Network.Socket (Socket, sClose)
-import qualified Network.Socket.ByteString as Socket
import Data.ByteString (ByteString)
import qualified Data.ByteString as B
import System.IO (Handle, hSetBuffering, BufferMode(..), hFlush, hClose)
+#ifdef INCLUDE_NETWORK
+import Control.Monad
+import qualified Network.Socket as Network (Socket, sClose)
+import qualified Network.Socket.ByteString as Network
+#endif
+
+#ifdef INCLUDE_HANS
+import qualified Data.ByteString.Lazy as L
+import qualified Hans.NetworkStack as Hans
+#endif
+
-- | Connection IO backend
data Backend = Backend
{ backendFlush :: IO ()-- ^ Flush the connection sending
buffer, if any.
@@ -43,16 +52,36 @@
initializeBackend _ = return ()
getBackend = id
-instance HasBackend Socket where
+#ifdef INCLUDE_NETWORK
+instance HasBackend Network.Socket where
initializeBackend _ = return ()
-getBackend sock = Backend (return ()) (sClose sock) (Socket.sendAll sock)
recvAll
+getBackend sock = Backend (return ()) (Network.sClose sock)
(Network.sendAll sock) recvAll
where recvAll n = B.concat `fmap` loop n
where loop 0= return []
loop left = do
-r <- Socket.recv sock left
+r <- Network.recv sock left
if B.null r
then return []
else liftM (r:) (loop (left - B.length r))
+#endif
+
+#ifdef INCLUDE_HANS
+instance HasBackend Hans.Socket where
+initializeBackend _ = return ()
+getBackend sock = Backend (return ()) (Hans.close sock) sendAll recvAll
+ where sendAll x = do
+ amt <- fromIntegral `fmap` Hans.sendBytes sock (L.fromStrict x)
+ if (amt == 0) || (amt == B.length x)
+ then return ()
+ else sendAll (B.drop amt x)
+recvAll n =
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2015-09-02 00:36:10
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is "ghc-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-08-25
08:48:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2015-09-02
00:36:11.0 +0200
@@ -1,0 +2,11 @@
+Mon Aug 31 08:14:19 UTC 2015 - mimi...@gmail.com
+
+- update to 1.3.2
+* Add cipher suites for forward secrecy on more clients (Aaron Friel)
+* Maintain more handshake information to be queried by protocol (Adam Wick)
+* handle SCSV on client and server side (Kazu Yamamoto)
+* Cleanup renegotiation logic (Kazu Yamamoto)
+* Various testing improvements with the openssl test parts
+* Cleanup AEAD handling for future support of other ciphers
+
+---
Old:
tls-1.3.1.tar.gz
New:
tls-1.3.2.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.hUQrlS/_old 2015-09-02 00:36:11.0 +0200
+++ /var/tmp/diff_new_pack.hUQrlS/_new 2015-09-02 00:36:11.0 +0200
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version:1.3.1
+Version:1.3.2
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
++ tls-1.3.1.tar.gz -> tls-1.3.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Cipher.hs
new/tls-1.3.2/Network/TLS/Cipher.hs
--- old/tls-1.3.1/Network/TLS/Cipher.hs 2015-06-20 09:31:09.0 +0200
+++ new/tls-1.3.2/Network/TLS/Cipher.hs 2015-08-24 07:44:53.0 +0200
@@ -102,6 +102,8 @@
{ bulkName :: String
, bulkKeySize :: Int
, bulkIVSize :: Int
+, bulkExplicitIV :: Int -- Explicit size for IV for AEAD Cipher, 0
otherwise
+, bulkAuthTagLen :: Int -- Authentication tag length in bytes for AEAD
Cipher, 0 otherwise
, bulkBlockSize:: Int
, bulkF:: BulkFunctions
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Context/Internal.hs
new/tls-1.3.2/Network/TLS/Context/Internal.hs
--- old/tls-1.3.1/Network/TLS/Context/Internal.hs 2015-06-20
09:31:09.0 +0200
+++ new/tls-1.3.2/Network/TLS/Context/Internal.hs 2015-08-24
07:44:53.0 +0200
@@ -76,9 +76,12 @@
-- | Information related to a running context, e.g. current cipher
data Information = Information
-{ infoVersion :: Version
-, infoCipher :: Cipher
-, infoCompression :: Compression
+{ infoVersion :: Version
+, infoCipher :: Cipher
+, infoCompression :: Compression
+, infoMasterSecret :: Maybe Bytes
+, infoClientRandom :: Maybe ClientRandom
+, infoServerRandom :: Maybe ServerRandom
} deriving (Show,Eq)
-- | A TLS Context keep tls specific state, parameters and backend information.
@@ -125,9 +128,15 @@
contextGetInformation :: Context -> IO (Maybe Information)
contextGetInformation ctx = do
ver<- usingState_ ctx $ gets stVersion
+hstate <- getHState ctx
+let (ms, cr, sr) = case hstate of
+ Just st -> (hstMasterSecret st,
+ Just (hstClientRandom st),
+ hstServerRandom st)
+ Nothing -> (Nothing, Nothing, Nothing)
(cipher,comp) <- failOnEitherError $ runRxState ctx $ gets $ \st ->
(stCipher st, stCompression st)
case (ver, cipher) of
-(Just v, Just c) -> return $ Just $ Information v c comp
+(Just v, Just c) -> return $ Just $ Information v c comp ms cr sr
_-> return Nothing
contextSend :: Context -> Bytes -> IO ()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Extra/Cipher.hs
new/tls-1.3.2/Network/TLS/Extra/Cipher.hs
--- old/tls-1.3.1/Network/TLS/Extra/Cipher.hs 2015-06-20 09:31:09.0
+0200
+++ new/tls-1.3.2/Network/TLS/Extra/Cipher.hs 2015-08-24 07:44:53.0
+0200
@@ -35,6 +35,8 @@
, cipher_DHE_DSS_RC4_SHA1
, cipher_DHE_RSA_AES128GCM_SHA256
, cipher_ECDHE_RSA_AES128GCM_SHA256
+, cipher_ECDHE_RSA_AES128CBC_SHA256
+, cipher_ECDHE_RSA_AES128CBC_SHA
) where
import qualified Data.ByteString as B
@@ -151,6 +153,8 @@
{ bulkName = "null"
, bulkKeySize = 0
, bulkIVSize = 0
+,
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2015-08-25 07:19:21
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is ghc-tls
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-06-23
11:59:32.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2015-08-25
08:48:26.0 +0200
@@ -1,0 +2,7 @@
+Thu Aug 6 20:43:26 UTC 2015 - mimi...@gmail.com
+
+- update to 1.3.1
+* Repair DHE RSA handling on the cipher by creating signature properly
+* modernize the crypto stack by using cryptonite.
+
+---
Old:
tls-1.2.18.tar.gz
New:
tls-1.3.1.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.6HLH8V/_old 2015-08-25 08:48:27.0 +0200
+++ /var/tmp/diff_new_pack.6HLH8V/_new 2015-08-25 08:48:27.0 +0200
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version:1.2.18
+Version:1.3.1
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
License:BSD-3-Clause
@@ -40,15 +40,7 @@
BuildRequires: ghc-byteable-devel
BuildRequires: ghc-bytestring-devel
BuildRequires: ghc-cereal-devel
-BuildRequires: ghc-cipher-aes-devel
-BuildRequires: ghc-cipher-des-devel
-BuildRequires: ghc-cipher-rc4-devel
-BuildRequires: ghc-crypto-cipher-types-devel
-BuildRequires: ghc-crypto-numbers-devel
-BuildRequires: ghc-crypto-pubkey-devel
-BuildRequires: ghc-crypto-pubkey-types-devel
-BuildRequires: ghc-crypto-random-devel
-BuildRequires: ghc-cryptohash-devel
+BuildRequires: ghc-cryptonite-devel
BuildRequires: ghc-data-default-class-devel
BuildRequires: ghc-mtl-devel
BuildRequires: ghc-network-devel
++ tls-1.2.18.tar.gz - tls-1.3.1.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.2.18/CHANGELOG.md new/tls-1.3.1/CHANGELOG.md
--- old/tls-1.2.18/CHANGELOG.md 2015-06-19 15:56:01.0 +0200
+++ new/tls-1.3.1/CHANGELOG.md 2015-06-20 09:31:09.0 +0200
@@ -1,3 +1,11 @@
+## Version 1.3.1
+
+- Repair DHE RSA handling on the cipher by creating signature properly
+
+## Version 1.3.0
+
+- modernize the crypto stack by using cryptonite.
+
## Version 1.2.18
- add more tests (network, local)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.2.18/Network/TLS/Context.hs
new/tls-1.3.1/Network/TLS/Context.hs
--- old/tls-1.2.18/Network/TLS/Context.hs 2015-06-19 15:56:01.0
+0200
+++ new/tls-1.3.1/Network/TLS/Context.hs2015-06-20 09:31:09.0
+0200
@@ -72,10 +72,9 @@
import Network.TLS.Types (Role(..))
import Network.TLS.Handshake (handshakeClient, handshakeClientWith,
handshakeServer, handshakeServerWith)
import Network.TLS.X509
+import Network.TLS.RNG
import Data.Maybe (isJust)
-import Crypto.Random
-
import Control.Concurrent.MVar
import Control.Monad.State
import Data.IORef
@@ -133,14 +132,15 @@
doHandshakeWith = handshakeServerWith
-- | create a new context using the backend and parameters specified.
-contextNew :: (MonadIO m, CPRG rng, HasBackend backend, TLSParams params)
+contextNew :: (MonadIO m, HasBackend backend, TLSParams params)
= backend -- ^ Backend abstraction with specific method to
interact with the connection type.
- params-- ^ Parameters of the context.
- - rng -- ^ Random number generator associated with this
context.
- m Context
-contextNew backend params rng = liftIO $ do
+contextNew backend params = liftIO $ do
initializeBackend backend
+rng - newStateRNG
+
let role = getTLSRole params
st = newTLSState rng role
(supported, shared) = getTLSCommonParams params
@@ -187,21 +187,19 @@
}
-- | create a new context on an handle.
-contextNewOnHandle :: (MonadIO m, CPRG rng, TLSParams params)
+contextNewOnHandle :: (MonadIO m, TLSParams params)
= Handle -- ^ Handle of the connection.
- params -- ^ Parameters of the context.
- - rng-- ^ Random number generator associated with this
context.
- m Context
-contextNewOnHandle handle params st = contextNew handle params st
+contextNewOnHandle handle params = contextNew handle params
{-# DEPRECATED contextNewOnHandle use contextNew #-}
-- | create a new context on a socket.
-contextNewOnSocket :: (MonadIO m, CPRG rng, TLSParams params)
+contextNewOnSocket :: (MonadIO m, TLSParams params)
commit ghc-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2015-06-23 11:59:30
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
Package is ghc-tls
Changes:
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-05-27
12:46:56.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2015-06-23
11:59:32.0 +0200
@@ -1,0 +2,8 @@
+Sun Jun 21 16:56:51 UTC 2015 - mimi...@gmail.com
+
+- update to 1.2.18
+* add more tests (network, local)
+* cleanup cipher / bulk code, certificate verify / creation, and digitall
signed handling
+* fix handling of DHE ciphers with MS SSL stack that serialize leading zero.
+
+---
Old:
tls-1.2.17.tar.gz
New:
tls-1.2.18.tar.gz
Other differences:
--
++ ghc-tls.spec ++
--- /var/tmp/diff_new_pack.okzjLR/_old 2015-06-23 11:59:32.0 +0200
+++ /var/tmp/diff_new_pack.okzjLR/_new 2015-06-23 11:59:32.0 +0200
@@ -15,17 +15,18 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
%global pkg_name tls
%bcond_with tests
-Name: ghc-%{pkg_name}
-Version:1.2.17
+Name: ghc-tls
+Version:1.2.18
Release:0
Summary:TLS/SSL protocol native implementation (Server and Client)
+License:BSD-3-Clause
Group: System/Libraries
-License:BSD-3-Clause
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -94,36 +95,28 @@
%prep
%setup -q -n %{pkg_name}-%{version}
-
%build
%ghc_lib_build
-
%install
%ghc_lib_install
-
%check
%if %{with tests}
%cabal test
%endif
-
%post devel
%ghc_pkg_recache
-
%postun devel
%ghc_pkg_recache
-
%files -f %{name}.files
%defattr(-,root,root,-)
%doc LICENSE
-
%files devel -f %{name}-devel.files
%defattr(-,root,root,-)
-
%changelog
++ tls-1.2.17.tar.gz - tls-1.2.18.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.2.17/CHANGELOG.md new/tls-1.2.18/CHANGELOG.md
--- old/tls-1.2.17/CHANGELOG.md 2015-04-12 08:21:50.0 +0200
+++ new/tls-1.2.18/CHANGELOG.md 2015-06-19 15:56:01.0 +0200
@@ -1,3 +1,13 @@
+## Version 1.2.18
+
+- add more tests (network, local)
+- cleanup cipher / bulk code, certificate verify / creation, and digitall
signed handling
+- fix handling of DHE ciphers with MS SSL stack that serialize leading zero.
+
+## Version 1.2.17
+
+- Fix an issue of type of key / hash that prevented connection with SChannel.
+
## Version 1.2.16
- Fix an issue with stream cipher not correctly calculating the internal state,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-1.2.17/Network/TLS/Cipher.hs
new/tls-1.2.18/Network/TLS/Cipher.hs
--- old/tls-1.2.17/Network/TLS/Cipher.hs2015-04-12 08:21:50.0
+0200
+++ new/tls-1.2.18/Network/TLS/Cipher.hs2015-06-19 15:56:01.0
+0200
@@ -8,17 +8,23 @@
-- Portability : unknown
--
module Network.TLS.Cipher
-( BulkFunctions(..)
-, CipherKeyExchangeType(..)
+( CipherKeyExchangeType(..)
, Bulk(..)
+, BulkFunctions(..)
+, BulkDirection(..)
+, BulkState(..)
+, BulkStream(..)
+, BulkBlock
+, BulkAEAD
+, bulkInit
, Hash(..)
, Cipher(..)
, CipherID
-, Key
-, IV
-, Nonce
-, AdditionalData
, cipherKeyBlockSize
+, BulkKey
+, BulkIV
+, BulkNonce
+, BulkAdditionalData
, cipherAllowedForVersion
, cipherExchangeNeedMoreData
, hasMAC
@@ -28,29 +34,54 @@
import Crypto.Cipher.Types (AuthTag)
import Network.TLS.Types (CipherID)
import Network.TLS.Struct (Version(..))
+import Network.TLS.Crypto (Hash(..), hashDigestSize)
import qualified Data.ByteString as B
-- FIXME convert to newtype
-type Key = B.ByteString
-type IV = B.ByteString
-type Nonce = B.ByteString
-type AdditionalData = B.ByteString
+type BulkKey = B.ByteString
+type BulkIV = B.ByteString
+type BulkNonce = B.ByteString
+type BulkAdditionalData = B.ByteString
+
+data BulkState =
+ BulkStateStream BulkStream
+| BulkStateBlock BulkBlock
+| BulkStateAEAD BulkAEAD
+| BulkStateUninitialized
+
+instance Show BulkState where
+show (BulkStateStream _) = BulkStateStream
+show (BulkStateBlock _) = BulkStateBlock
+show (BulkStateAEAD _)= BulkStateAEAD
+show (BulkStateUninitialized) =
