Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked
in at 2024-04-07 22:10:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-tls"
Sun Apr 7 22:10:29 2024 rev:32 rq:1165386 version:2.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2024-03-20
21:16:30.590797183 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new.1905/ghc-tls.changes
2024-04-07 22:12:44.585405938 +0200
@@ -1,0 +2,15 @@
+Thu Mar 28 04:03:13 UTC 2024 - Peter Simons <psim...@suse.com>
+
+- Update tls to version 2.0.2.
+ ## Version 2.0.2
+
+ * Client checks sessionMaxEarlyDataSize to decide 0-RTT
+ * Client checks the resumption cipher properly.
+
+-------------------------------------------------------------------
+Tue Mar 26 05:57:23 UTC 2024 - Peter Simons <psim...@suse.com>
+
+- Update tls to version 2.0.1 revision 2.
+ Upstream has revised the Cabal build instructions on Hackage.
+
+-------------------------------------------------------------------
Old:
----
tls-2.0.1.tar.gz
tls.cabal
New:
----
tls-2.0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-tls.spec ++++++
--- /var/tmp/diff_new_pack.d4o7PI/_old 2024-04-07 22:12:45.265430842 +0200
+++ /var/tmp/diff_new_pack.d4o7PI/_new 2024-04-07 22:12:45.269430988 +0200
@@ -20,13 +20,12 @@
%global pkgver %{pkg_name}-%{version}
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 2.0.1
+Version: 2.0.2
Release: 0
Summary: TLS protocol native implementation
License: BSD-3-Clause
URL: https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
-Source1:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-asn1-encoding-devel
BuildRequires: ghc-asn1-encoding-prof
@@ -106,7 +105,6 @@
%prep
%autosetup -n %{pkg_name}-%{version}
-cp -p %{SOURCE1} %{pkg_name}.cabal
%build
%ghc_lib_build
++++++ tls-2.0.1.tar.gz -> tls-2.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-2.0.1/CHANGELOG.md new/tls-2.0.2/CHANGELOG.md
--- old/tls-2.0.1/CHANGELOG.md 2001-09-09 03:46:40.000000000 +0200
+++ new/tls-2.0.2/CHANGELOG.md 2001-09-09 03:46:40.000000000 +0200
@@ -1,3 +1,8 @@
+## Version 2.0.2
+
+* Client checks sessionMaxEarlyDataSize to decide 0-RTT
+* Client checks the resumption cipher properly.
+
## Version 2.0.1
* Fix a leak of pending data to be sent.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-2.0.1/Network/TLS/Context/Internal.hs
new/tls-2.0.2/Network/TLS/Context/Internal.hs
--- old/tls-2.0.1/Network/TLS/Context/Internal.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/tls-2.0.2/Network/TLS/Context/Internal.hs 2001-09-09
03:46:40.000000000 +0200
@@ -178,6 +178,7 @@
, cHash :: Hash
, cZero :: ByteString
}
+ deriving (Show)
makeCipherChoice :: Version -> Cipher -> CipherChoice
makeCipherChoice ver cipher = CipherChoice ver cipher h zero
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tls-2.0.1/Network/TLS/Handshake/Client/ClientHello.hs
new/tls-2.0.2/Network/TLS/Handshake/Client/ClientHello.hs
--- old/tls-2.0.1/Network/TLS/Handshake/Client/ClientHello.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/tls-2.0.2/Network/TLS/Handshake/Client/ClientHello.hs 2001-09-09
03:46:40.000000000 +0200
@@ -290,11 +290,8 @@
guard tls13
(sid, sdata) <- clientWantSessionResume cparams
guard (sessionVersion sdata >= TLS13)
- guard (not (null ciphers))
- let sCipher = head ciphers
- -- A keyshare is sent only for the first cipher.
- -- This can induce HRR.
- guard (cipherID sCipher == sessionCipher sdata)
+ let cid = sessionCipher sdata
+ sCipher <- find (\c -> cipherID c == cid) ciphers
return (sid, sdata, sCipher)
getPskInfo =
@@ -307,9 +304,13 @@
if isAgeValid age tinfo
then
Just
- (identity, sdata, makeCipherChoice TLS13
sCipher, ageToObfuscatedAge age tinfo)
+ ( identity
+ , sdata
+ , makeCipherChoice TLS13 sCipher
+ , ageToObfuscatedAge age tinfo
+ )
else Nothing
- get0RTTinfo (_, _, choice, _)
- | clientUseEarlyData cparams = Just choice
+ get0RTTinfo (_, sdata, choice, _)
+ | clientUseEarlyData cparams && sessionMaxEarlyDataSize sdata > 0 =
Just choice
| otherwise = Nothing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/tls-2.0.1/Network/TLS/Handshake/Client/ServerHello.hs
new/tls-2.0.2/Network/TLS/Handshake/Client/ServerHello.hs
--- old/tls-2.0.1/Network/TLS/Handshake/Client/ServerHello.hs 2001-09-09
03:46:40.000000000 +0200
+++ new/tls-2.0.2/Network/TLS/Handshake/Client/ServerHello.hs 2001-09-09
03:46:40.000000000 +0200
@@ -67,9 +67,12 @@
processServerHello
:: ClientParams -> Context -> Handshake -> IO ()
processServerHello cparams ctx (ServerHello rver serverRan serverSession
cipher compression exts) = do
- when (rver < TLS12) $
+ -- A server which receives a legacy_version value not equal to
+ -- 0x0303 MUST abort the handshake with an "illegal_parameter"
+ -- alert.
+ when (rver /= TLS12) $
throwCore $
- Error_Protocol (show rver ++ " is not supported") ProtocolVersion
+ Error_Protocol (show rver ++ " is not supported") IllegalParameter
-- find the compression and cipher methods that the server want to use.
clientSession <- tls13stSession <$> getTLS13State ctx
sentExts <- tls13stSentExtensions <$> getTLS13State ctx
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tls-2.0.1/tls.cabal new/tls-2.0.2/tls.cabal
--- old/tls-2.0.1/tls.cabal 2001-09-09 03:46:40.000000000 +0200
+++ new/tls-2.0.2/tls.cabal 2001-09-09 03:46:40.000000000 +0200
@@ -1,6 +1,6 @@
cabal-version: >=1.10
name: tls
-version: 2.0.1
+version: 2.0.2
license: BSD3
license-file: LICENSE
copyright: Vincent Hanquez <vinc...@snarc.org>
@@ -116,7 +116,7 @@
asn1-types >= 0.3 && < 0.4,
async >= 2.2 && < 2.3,
base16-bytestring,
- bytestring >= 0.10 && < 0.12,
+ bytestring >= 0.10 && < 0.13,
cereal >= 0.5.3 && < 0.6,
crypton >= 0.34 && < 0.35,
crypton-x509 >= 1.7 && < 1.8,
@@ -125,7 +125,7 @@
data-default-class >= 0.1 && < 0.2,
memory >= 0.18 && < 0.19,
mtl >= 2.2 && < 2.4,
- network >= 3.1 && < 3.2,
+ network >= 3.1,
serialise >= 0.2 && < 0.3,
transformers >= 0.5 && < 0.7,
unix-time >= 0.4.11 && < 0.5
