Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghc-warp-tls for openSUSE:Factory checked in at 2021-10-12 21:49:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-warp-tls" Tue Oct 12 21:49:10 2021 rev:6 rq:923803 version:3.3.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes 2021-06-01 10:40:49.665156888 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.2443/ghc-warp-tls.changes 2021-10-12 21:50:25.991964474 +0200 @@ -1,0 +2,9 @@ +Wed Sep 29 07:15:05 UTC 2021 - psim...@suse.com + +- Update warp-tls to version 3.3.2. + ## 3.3.2 + + * Providing the Internal module. + [#841](https://github.com/yesodweb/wai/issues/841) + +------------------------------------------------------------------- Old: ---- warp-tls-3.3.1.tar.gz New: ---- warp-tls-3.3.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-warp-tls.spec ++++++ --- /var/tmp/diff_new_pack.L27fDs/_old 2021-10-12 21:50:26.531965247 +0200 +++ /var/tmp/diff_new_pack.L27fDs/_new 2021-10-12 21:50:26.531965247 +0200 @@ -18,7 +18,7 @@ %global pkg_name warp-tls Name: ghc-%{pkg_name} -Version: 3.3.1 +Version: 3.3.2 Release: 0 Summary: HTTP over TLS support for Warp via the TLS package License: MIT ++++++ warp-tls-3.3.1.tar.gz -> warp-tls-3.3.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.1/ChangeLog.md new/warp-tls-3.3.2/ChangeLog.md --- old/warp-tls-3.3.1/ChangeLog.md 2021-05-27 02:13:54.000000000 +0200 +++ new/warp-tls-3.3.2/ChangeLog.md 2021-09-29 02:39:12.000000000 +0200 @@ -1,3 +1,8 @@ +## 3.3.2 + +* Providing the Internal module. + [#841](https://github.com/yesodweb/wai/issues/841) + ## 3.3.1 * Move exception handling over to `unliftio` for better async exception support [#845](https://github.com/yesodweb/wai/issues/845) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.1/Network/Wai/Handler/WarpTLS/Internal.hs new/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS/Internal.hs --- old/warp-tls-3.3.1/Network/Wai/Handler/WarpTLS/Internal.hs 1970-01-01 01:00:00.000000000 +0100 +++ new/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS/Internal.hs 2021-09-29 02:39:12.000000000 +0200 @@ -0,0 +1,141 @@ +{-# LANGUAGE CPP #-} + +module Network.Wai.Handler.WarpTLS.Internal ( + CertSettings(..) + , TLSSettings(..) + , OnInsecure(..) + -- * Accessors + , getCertSettings + ) where + +import qualified Crypto.PubKey.DH as DH +import qualified Data.ByteString as S +import qualified Data.ByteString.Lazy as L +import qualified Data.IORef as I +import qualified Network.TLS as TLS +import qualified Network.TLS.SessionManager as SM + +---------------------------------------------------------------- + +-- | Determines where to load the certificate, chain +-- certificates, and key from. +data CertSettings + = CertFromFile !FilePath ![FilePath] !FilePath + | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString + | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString) + +---------------------------------------------------------------- + +-- | An action when a plain HTTP comes to HTTP over TLS/SSL port. +data OnInsecure = DenyInsecure L.ByteString + | AllowInsecure + deriving (Show) + +---------------------------------------------------------------- + +-- | Settings for WarpTLS. +data TLSSettings = TLSSettings { + certSettings :: CertSettings + -- ^ Where are the certificate, chain certificates, and key + -- loaded from? + -- + -- >>> certSettings defaultTlsSettings + -- tlsSettings "certificate.pem" "key.pem" + -- + -- @since 3.3.0 + , onInsecure :: OnInsecure + -- ^ Do we allow insecure connections with this server as well? + -- + -- >>> onInsecure defaultTlsSettings + -- DenyInsecure "This server only accepts secure HTTPS connections." + -- + -- Since 1.4.0 + , tlsLogging :: TLS.Logging + -- ^ The level of logging to turn on. + -- + -- Default: 'TLS.defaultLogging'. + -- + -- Since 1.4.0 + , tlsAllowedVersions :: [TLS.Version] +#if MIN_VERSION_tls(1,5,0) + -- ^ The TLS versions this server accepts. + -- + -- >>> tlsAllowedVersions defaultTlsSettings + -- [TLS13,TLS12,TLS11,TLS10] + -- + -- Since 1.4.2 +#else + -- ^ The TLS versions this server accepts. + -- + -- >>> tlsAllowedVersions defaultTlsSettings + -- [TLS12,TLS11,TLS10] + -- + -- Since 1.4.2 +#endif + , tlsCiphers :: [TLS.Cipher] +#if MIN_VERSION_tls(1,5,0) + -- ^ The TLS ciphers this server accepts. + -- + -- >>> tlsCiphers defaultTlsSettings + -- [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1,AES128GCM-SHA256,AES256GCM-SHA384] + -- + -- Since 1.4.2 +#else + -- ^ The TLS ciphers this server accepts. + -- + -- >>> tlsCiphers defaultTlsSettings + -- [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1] + -- + -- Since 1.4.2 +#endif + , tlsWantClientCert :: Bool + -- ^ Whether or not to demand a certificate from the client. If this + -- is set to True, you must handle received certificates in a server hook + -- or all connections will fail. + -- + -- >>> tlsWantClientCert defaultTlsSettings + -- False + -- + -- Since 3.0.2 + , tlsServerHooks :: TLS.ServerHooks + -- ^ The server-side hooks called by the tls package, including actions + -- to take when a client certificate is received. See the "Network.TLS" + -- module for details. + -- + -- Default: def + -- + -- Since 3.0.2 + , tlsServerDHEParams :: Maybe DH.Params + -- ^ Configuration for ServerDHEParams + -- more function lives in `cryptonite` package + -- + -- Default: Nothing + -- + -- Since 3.2.2 + , tlsSessionManagerConfig :: Maybe SM.Config + -- ^ Configuration for in-memory TLS session manager. + -- If Nothing, 'TLS.noSessionManager' is used. + -- Otherwise, an in-memory TLS session manager is created + -- according to 'Config'. + -- + -- Default: Nothing + -- + -- Since 3.2.4 + , tlsCredentials :: Maybe TLS.Credentials + -- ^ Specifying 'TLS.Credentials' directly. If this value is + -- specified, other fields such as 'certFile' are ignored. + -- + -- Since 3.2.12 + , tlsSessionManager :: Maybe TLS.SessionManager + -- ^ Specifying 'TLS.SessionManager' directly. If this value is + -- specified, 'tlsSessionManagerConfig' is ignored. + -- + -- Since 3.2.12 + } + + +-- Since 3.3.1 +-- | Some programs need access to cert settings +getCertSettings :: TLSSettings -> CertSettings +getCertSettings tlsSetgs = certSettings tlsSetgs + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.1/Network/Wai/Handler/WarpTLS.hs new/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS.hs --- old/warp-tls-3.3.1/Network/Wai/Handler/WarpTLS.hs 2021-05-27 02:13:54.000000000 +0200 +++ new/warp-tls-3.3.2/Network/Wai/Handler/WarpTLS.hs 2021-09-29 02:39:12.000000000 +0200 @@ -29,6 +29,7 @@ -- ** From references , tlsSettingsRef , tlsSettingsChainRef + , CertSettings -- * Accessors , tlsCredentials , tlsLogging @@ -74,123 +75,15 @@ import Network.Wai (Application) import Network.Wai.Handler.Warp import Network.Wai.Handler.Warp.Internal +import Network.Wai.Handler.WarpTLS.Internal(CertSettings(..), TLSSettings(..), OnInsecure(..)) import System.IO.Error (isEOFError, ioeGetErrorType) ----------------------------------------------------------------- - --- | Determines where to load the certificate, chain --- certificates, and key from. -data CertSettings - = CertFromFile !FilePath ![FilePath] !FilePath - | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString - | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef S.ByteString) - -- | The default 'CertSettings'. defaultCertSettings :: CertSettings defaultCertSettings = CertFromFile "certificate.pem" [] "key.pem" ---------------------------------------------------------------- --- | Settings for WarpTLS. -data TLSSettings = TLSSettings { - certSettings :: CertSettings - -- ^ Where are the certificate, chain certificates, and key - -- loaded from? - -- - -- >>> certSettings defaultTlsSettings - -- tlsSettings "certificate.pem" "key.pem" - -- - -- @since 3.3.0 - , onInsecure :: OnInsecure - -- ^ Do we allow insecure connections with this server as well? - -- - -- >>> onInsecure defaultTlsSettings - -- DenyInsecure "This server only accepts secure HTTPS connections." - -- - -- Since 1.4.0 - , tlsLogging :: TLS.Logging - -- ^ The level of logging to turn on. - -- - -- Default: 'TLS.defaultLogging'. - -- - -- Since 1.4.0 - , tlsAllowedVersions :: [TLS.Version] -#if MIN_VERSION_tls(1,5,0) - -- ^ The TLS versions this server accepts. - -- - -- >>> tlsAllowedVersions defaultTlsSettings - -- [TLS13,TLS12,TLS11,TLS10] - -- - -- Since 1.4.2 -#else - -- ^ The TLS versions this server accepts. - -- - -- >>> tlsAllowedVersions defaultTlsSettings - -- [TLS12,TLS11,TLS10] - -- - -- Since 1.4.2 -#endif - , tlsCiphers :: [TLS.Cipher] -#if MIN_VERSION_tls(1,5,0) - -- ^ The TLS ciphers this server accepts. - -- - -- >>> tlsCiphers defaultTlsSettings - -- [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1,AES128GCM-SHA256,AES256GCM-SHA384] - -- - -- Since 1.4.2 -#else - -- ^ The TLS ciphers this server accepts. - -- - -- >>> tlsCiphers defaultTlsSettings - -- [ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1] - -- - -- Since 1.4.2 -#endif - , tlsWantClientCert :: Bool - -- ^ Whether or not to demand a certificate from the client. If this - -- is set to True, you must handle received certificates in a server hook - -- or all connections will fail. - -- - -- >>> tlsWantClientCert defaultTlsSettings - -- False - -- - -- Since 3.0.2 - , tlsServerHooks :: TLS.ServerHooks - -- ^ The server-side hooks called by the tls package, including actions - -- to take when a client certificate is received. See the "Network.TLS" - -- module for details. - -- - -- Default: def - -- - -- Since 3.0.2 - , tlsServerDHEParams :: Maybe DH.Params - -- ^ Configuration for ServerDHEParams - -- more function lives in `cryptonite` package - -- - -- Default: Nothing - -- - -- Since 3.2.2 - , tlsSessionManagerConfig :: Maybe SM.Config - -- ^ Configuration for in-memory TLS session manager. - -- If Nothing, 'TLS.noSessionManager' is used. - -- Otherwise, an in-memory TLS session manager is created - -- according to 'Config'. - -- - -- Default: Nothing - -- - -- Since 3.2.4 - , tlsCredentials :: Maybe TLS.Credentials - -- ^ Specifying 'TLS.Credentials' directly. If this value is - -- specified, other fields such as 'certFile' are ignored. - -- - -- Since 3.2.12 - , tlsSessionManager :: Maybe TLS.SessionManager - -- ^ Specifying 'TLS.SessionManager' directly. If this value is - -- specified, 'tlsSessionManagerConfig' is ignored. - -- - -- Since 3.2.12 - } - -- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field record name (aka accessors). defaultTlsSettings :: TLSSettings defaultTlsSettings = TLSSettings { @@ -217,13 +110,6 @@ ---------------------------------------------------------------- --- | An action when a plain HTTP comes to HTTP over TLS/SSL port. -data OnInsecure = DenyInsecure L.ByteString - | AllowInsecure - deriving (Show) - ----------------------------------------------------------------- - -- | A smart constructor for 'TLSSettings' based on 'defaultTlsSettings'. tlsSettings :: FilePath -- ^ Certificate file -> FilePath -- ^ Key file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/warp-tls-3.3.1/warp-tls.cabal new/warp-tls-3.3.2/warp-tls.cabal --- old/warp-tls-3.3.1/warp-tls.cabal 2021-05-27 02:13:54.000000000 +0200 +++ new/warp-tls-3.3.2/warp-tls.cabal 2021-09-29 02:39:12.000000000 +0200 @@ -1,5 +1,5 @@ Name: warp-tls -Version: 3.3.1 +Version: 3.3.2 Synopsis: HTTP over TLS support for Warp via the TLS package License: MIT License-file: LICENSE @@ -29,7 +29,7 @@ , streaming-commons , tls-session-manager >= 0.0.4 , unliftio - Exposed-modules: Network.Wai.Handler.WarpTLS + Exposed-modules: Network.Wai.Handler.WarpTLS, Network.Wai.Handler.WarpTLS.Internal ghc-options: -Wall if os(windows) Cpp-Options: -DWINDOWS
