Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghc-warp-tls for openSUSE:Factory checked in at 2022-10-13 15:44:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-warp-tls" Thu Oct 13 15:44:20 2022 rev:7 rq:1009720 version:3.3.4 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes 2021-10-12 21:50:25.991964474 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.2275/ghc-warp-tls.changes 2022-10-13 15:44:57.743067897 +0200 @@ -1,0 +2,24 @@ +Wed Sep 28 00:41:23 UTC 2022 - Peter Simons <[email protected]> + +- Update warp-tls to version 3.3.4. + ## 3.3.4 + + * Integrated customizable `accept` hook from `Network.Wai.Handler.Warp.Settings` (cf. `setAccept`) + [#912](https://github.com/yesodweb/wai/pull/912) + * Adjusted `httpOverTls` because of the factoring out of `Network.Wai.Handler.Warp.Recv` to its own package `recv` in the `warp` package. + [#899](https://github.com/yesodweb/wai/pull/899) + +------------------------------------------------------------------- +Wed Aug 10 00:24:49 UTC 2022 - Peter Simons <[email protected]> + +- Update warp-tls to version 3.3.3. + # ChangeLog + + ## 3.3.3 + + * Creating a bigger buffer when the current one is too small to fit the Builder + [#895](https://github.com/yesodweb/wai/pull/895) + * Expose TLS.supportedHashSignatures via TLSSettings + [#872](https://github.com/yesodweb/wai/pull/872) + +------------------------------------------------------------------- Old: ---- warp-tls-3.3.2.tar.gz New: ---- warp-tls-3.3.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-warp-tls.spec ++++++ --- /var/tmp/diff_new_pack.r2SEtH/_old 2022-10-13 15:44:58.323069029 +0200 +++ /var/tmp/diff_new_pack.r2SEtH/_new 2022-10-13 15:44:58.323069029 +0200 @@ -1,7 +1,7 @@ # # spec file for package ghc-warp-tls # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %global pkg_name warp-tls Name: ghc-%{pkg_name} -Version: 3.3.2 +Version: 3.3.4 Release: 0 Summary: HTTP over TLS support for Warp via the TLS package License: MIT ++++++ warp-tls-3.3.2.tar.gz -> warp-tls-3.3.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.2/ChangeLog.md new/warp-tls-3.3.4/ChangeLog.md --- old/warp-tls-3.3.2/ChangeLog.md 2021-09-29 02:39:12.000000000 +0200 +++ new/warp-tls-3.3.4/ChangeLog.md 2001-09-09 03:46:40.000000000 +0200 @@ -1,3 +1,19 @@ +# ChangeLog + +## 3.3.4 + +* Integrated customizable `accept` hook from `Network.Wai.Handler.Warp.Settings` (cf. `setAccept`) + [#912](https://github.com/yesodweb/wai/pull/912) +* Adjusted `httpOverTls` because of the factoring out of `Network.Wai.Handler.Warp.Recv` to its own package `recv` in the `warp` package. + [#899](https://github.com/yesodweb/wai/pull/899) + +## 3.3.3 + +* Creating a bigger buffer when the current one is too small to fit the Builder + [#895](https://github.com/yesodweb/wai/pull/895) +* Expose TLS.supportedHashSignatures via TLSSettings + [#872](https://github.com/yesodweb/wai/pull/872) + ## 3.3.2 * Providing the Internal module. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS/Internal.hs new/warp-tls-3.3.4/Network/Wai/Handler/WarpTLS/Internal.hs --- old/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS/Internal.hs 2021-09-29 02:39:12.000000000 +0200 +++ new/warp-tls-3.3.4/Network/Wai/Handler/WarpTLS/Internal.hs 2001-09-09 03:46:40.000000000 +0200 @@ -17,9 +17,9 @@ ---------------------------------------------------------------- --- | Determines where to load the certificate, chain +-- | Determines where to load the certificate, chain -- certificates, and key from. -data CertSettings +data CertSettings = CertFromFile !FilePath ![FilePath] !FilePath | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString) @@ -41,7 +41,7 @@ -- -- >>> certSettings defaultTlsSettings -- tlsSettings "certificate.pem" "key.pem" - -- + -- -- @since 3.3.0 , onInsecure :: OnInsecure -- ^ Do we allow insecure connections with this server as well? @@ -131,6 +131,11 @@ -- specified, 'tlsSessionManagerConfig' is ignored. -- -- Since 3.2.12 + , tlsSupportedHashSignatures :: [TLS.HashAndSignatureAlgorithm] + -- ^ Specifying supported hash/signature algorithms, ordered by decreasing + -- priority. See the "Network.TLS" module for details + -- + -- Since 3.3.3 } @@ -138,4 +143,3 @@ -- | Some programs need access to cert settings getCertSettings :: TLSSettings -> CertSettings getCertSettings tlsSetgs = certSettings tlsSetgs - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS.hs new/warp-tls-3.3.4/Network/Wai/Handler/WarpTLS.hs --- old/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS.hs 2021-09-29 02:39:12.000000000 +0200 +++ new/warp-tls-3.3.4/Network/Wai/Handler/WarpTLS.hs 2001-09-09 03:46:40.000000000 +0200 @@ -53,7 +53,7 @@ ) where import Control.Applicative ((<|>)) -import UnliftIO.Exception (Exception, throwIO, bracket, finally, handle, fromException, try, IOException, onException, SomeException(..), handleJust) +import UnliftIO.Exception (Exception, throwIO, bracket, finally, handle, handleAny, fromException, try, IOException, onException, SomeException(..), handleJust) import qualified UnliftIO.Exception as E import Control.Monad (void, guard) import qualified Data.ByteString as S @@ -63,10 +63,15 @@ import Data.Streaming.Network (bindPortTCP, safeRecv) import Data.Typeable (Typeable) import GHC.IO.Exception (IOErrorType(..)) -import Network.Socket (Socket, close, withSocketsDo, SockAddr, accept) +import Network.Socket ( + SockAddr, + Socket, + close, #if MIN_VERSION_network(3,1,1) -import Network.Socket (gracefulClose) + gracefulClose, #endif + withSocketsDo, + ) import Network.Socket.ByteString (sendAll) import qualified Network.TLS as TLS import qualified Crypto.PubKey.DH as DH @@ -102,6 +107,7 @@ , tlsSessionManagerConfig = Nothing , tlsCredentials = Nothing , tlsSessionManager = Nothing + , tlsSupportedHashSignatures = TLS.supportedHashSignatures def } -- taken from stunnel example in tls-extra @@ -139,7 +145,7 @@ :: S.ByteString -- ^ Certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings -tlsSettingsMemory cert key = defaultTlsSettings { +tlsSettingsMemory cert key = defaultTlsSettings { certSettings = CertFromMemory cert [] key } @@ -152,7 +158,7 @@ -> [S.ByteString] -- ^ Chain certificate bytes -> S.ByteString -- ^ Key bytes -> TLSSettings -tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { +tlsSettingsChainMemory cert chainCerts key = defaultTlsSettings { certSettings = CertFromMemory cert chainCerts key } @@ -160,11 +166,11 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0 -tlsSettingsRef +tlsSettingsRef :: I.IORef S.ByteString -- ^ Reference to certificate bytes - -> I.IORef (S.ByteString) -- ^ Reference to key bytes - -> TLSSettings -tlsSettingsRef cert key = defaultTlsSettings { + -> I.IORef S.ByteString -- ^ Reference to key bytes + -> TLSSettings +tlsSettingsRef cert key = defaultTlsSettings { certSettings = CertFromRef cert [] key } @@ -172,12 +178,12 @@ -- representations of the certificate and key based on 'defaultTlsSettings'. -- -- @since 3.3.0 -tlsSettingsChainRef +tlsSettingsChainRef :: I.IORef S.ByteString -- ^ Reference to certificate bytes -> [I.IORef S.ByteString] -- ^ Reference to chain certificate bytes - -> I.IORef (S.ByteString) -- ^ Reference to key bytes - -> TLSSettings -tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { + -> I.IORef S.ByteString -- ^ Reference to key bytes + -> TLSSettings +tlsSettingsChainRef cert chainCerts key = defaultTlsSettings { certSettings = CertFromRef cert chainCerts key } @@ -195,11 +201,11 @@ loadCredentials :: TLSSettings -> IO TLS.Credentials loadCredentials TLSSettings{ tlsCredentials = Just creds } = return creds -loadCredentials TLSSettings{..} = case certSettings of +loadCredentials TLSSettings{..} = case certSettings of CertFromFile cert chainFiles key -> do cred <- either error id <$> TLS.credentialLoadX509Chain cert chainFiles key return $ TLS.Credentials [cred] - CertFromRef certRef chainCertsRef keyRef -> do + CertFromRef certRef chainCertsRef keyRef -> do cert <- I.readIORef certRef chainCerts <- mapM I.readIORef chainCertsRef key <- I.readIORef keyRef @@ -224,8 +230,8 @@ runTLSSocket' tlsset set credentials mgr sock app runTLSSocket' :: TLSSettings -> Settings -> TLS.Credentials -> TLS.SessionManager -> Socket -> Application -> IO () -runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock app = - runSettingsConnectionMakerSecure set get app +runTLSSocket' tlsset@TLSSettings{..} set credentials mgr sock = + runSettingsConnectionMakerSecure set get where get = getter tlsset set sock params params = def { -- TLS.ServerParams @@ -256,6 +262,7 @@ , TLS.supportedClientInitiatedRenegotiation = False , TLS.supportedSession = True , TLS.supportedFallbackScsv = True + , TLS.supportedHashSignatures = tlsSupportedHashSignatures #if MIN_VERSION_tls(1,5,0) , TLS.supportedGroups = [TLS.X25519,TLS.P256,TLS.P384] #endif @@ -269,12 +276,8 @@ ---------------------------------------------------------------- getter :: TLS.TLSParams params => TLSSettings -> Settings -> Socket -> params -> IO (IO (Connection, Transport), SockAddr) -getter tlsset set sock params = do -#if WINDOWS - (s, sa) <- windowsThreadBlockHack $ accept sock -#else - (s, sa) <- accept sock -#endif +getter tlsset set@Settings{settingsAccept = accept'} sock params = do + (s, sa) <- accept' sock setSocketCloseOnExec s return (mkConn tlsset set s params, sa) @@ -290,17 +293,19 @@ httpOverTls :: TLS.TLSParams params => TLSSettings -> Settings -> Socket -> S.ByteString -> params -> IO (Connection, Transport) httpOverTls TLSSettings{..} _set s bs0 params = do - recvN <- makePlainReceiveN s bs0 + rawRecvN <- makePlainReceiveN s 2048 16384 bs0 + let recvN = wrappedRecvN rawRecvN ctx <- TLS.contextNew (backend recvN) params TLS.contextHookSetLogging ctx tlsLogging TLS.handshake ctx h2 <- (== Just "h2") <$> TLS.getNegotiatedProtocol ctx isH2 <- I.newIORef h2 - writeBuf <- allocateBuffer bufferSize + writeBuffer <- createWriteBuffer 16384 + writeBufferRef <- I.newIORef writeBuffer -- Creating a cache for leftover input data. ref <- I.newIORef "" tls <- getTLSinfo ctx - return (conn ctx writeBuf ref isH2, tls) + return (conn ctx writeBufferRef ref isH2, tls) where backend recvN = TLS.Backend { TLS.backendFlush = return () @@ -318,22 +323,21 @@ else Nothing) throwIO $ sendAll sock bs - conn ctx writeBuf ref isH2 = Connection { + conn ctx writeBufferRef ref isH2 = Connection { connSendMany = TLS.sendData ctx . L.fromChunks , connSendAll = sendall , connSendFile = sendfile , connClose = close' - , connFree = freeBuffer writeBuf , connRecv = recv ref , connRecvBuf = recvBuf ref - , connWriteBuffer = writeBuf - , connBufferSize = bufferSize + , connWriteBuffer = writeBufferRef , connHTTP2 = isH2 } where sendall = TLS.sendData ctx . L.fromChunks . return - sendfile fid offset len hook headers = - readSendFile writeBuf bufferSize sendall fid offset len hook headers + sendfile fid offset len hook headers = do + writeBuffer <- I.readIORef writeBufferRef + readSendFile (bufBuffer writeBuffer) (bufSize writeBuffer) sendall fid offset len hook headers close' = void (tryIO sendBye) `finally` TLS.contextClose ctx @@ -376,6 +380,10 @@ I.writeIORef cref leftover return ret + wrappedRecvN recvN n = handleAny handler $ recvN n + handler :: SomeException -> IO S.ByteString + handler _ = return "" + fill :: S.ByteString -> Buffer -> BufSize -> Recv -> IO (Bool,S.ByteString) fill bs0 buf0 siz0 recv | siz0 <= len0 = do @@ -392,7 +400,7 @@ bs <- recv let len = S.length bs if len == 0 then return (False, "") - else if (len <= siz) then do + else if len <= siz then do buf' <- copy buf bs loop buf' (siz - len) else do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.2/warp-tls.cabal new/warp-tls-3.3.4/warp-tls.cabal --- old/warp-tls-3.3.2/warp-tls.cabal 2021-09-29 02:39:12.000000000 +0200 +++ new/warp-tls-3.3.4/warp-tls.cabal 2001-09-09 03:46:40.000000000 +0200 @@ -1,5 +1,5 @@ Name: warp-tls -Version: 3.3.2 +Version: 3.3.4 Synopsis: HTTP over TLS support for Warp via the TLS package License: MIT License-file: LICENSE @@ -21,7 +21,7 @@ Build-Depends: base >= 4.12 && < 5 , bytestring >= 0.9 , wai >= 3.2 && < 3.3 - , warp >= 3.3.6 && < 3.4 + , warp >= 3.3.23 && < 3.4 , data-default-class >= 0.0.1 , tls >= 1.5.3 , cryptonite >= 0.12
