commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2020-08-28 21:41:11
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3399 (New)
Package is "ghc-warp-tls"
Fri Aug 28 21:41:11 2020 rev:3 rq:829492 version:3.3.0
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2020-07-09 13:20:16.945443098 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3399/ghc-warp-tls.changes
2020-08-28 21:41:14.084884096 +0200
@@ -1,0 +2,5 @@
+Tue Aug 18 10:46:37 UTC 2020 - Peter Simons
+
+- Replace %setup -q with the more modern %autosetup macro.
+
+---
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.elbjdP/_old 2020-08-28 21:41:14.876884388 +0200
+++ /var/tmp/diff_new_pack.elbjdP/_new 2020-08-28 21:41:14.880884389 +0200
@@ -52,7 +52,7 @@
This package provides the Haskell %{pkg_name} library development files.
%prep
-%setup -q -n %{pkg_name}-%{version}
+%autosetup -n %{pkg_name}-%{version}
%build
%ghc_lib_build
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2020-07-09 13:19:46
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3060 (New)
Package is "ghc-warp-tls"
Thu Jul 9 13:19:46 2020 rev:2 rq:819594 version:3.3.0
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2020-06-19 17:05:52.256888546 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new.3060/ghc-warp-tls.changes
2020-07-09 13:20:16.945443098 +0200
@@ -1,0 +2,10 @@
+Fri Jun 26 02:00:24 UTC 2020 - psim...@suse.com
+
+- Update warp-tls to version 3.3.0.
+ ## 3.3.0
+
+ * Breaking changes: certFile and keyFile are not exported anymore.
+ * Allow TLS credentials to be retrieved from an IORef.
+[#806](https://github.com/yesodweb/wai/pull/806)
+
+---
Old:
warp-tls-3.2.12.tar.gz
New:
warp-tls-3.3.0.tar.gz
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.WmCE1a/_old 2020-07-09 13:20:17.585445120 +0200
+++ /var/tmp/diff_new_pack.WmCE1a/_new 2020-07-09 13:20:17.589445134 +0200
@@ -18,7 +18,7 @@
%global pkg_name warp-tls
Name: ghc-%{pkg_name}
-Version:3.2.12
+Version:3.3.0
Release:0
Summary:HTTP over TLS support for Warp via the TLS package
License:MIT
++ warp-tls-3.2.12.tar.gz -> warp-tls-3.3.0.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.12/ChangeLog.md
new/warp-tls-3.3.0/ChangeLog.md
--- old/warp-tls-3.2.12/ChangeLog.md2020-05-28 03:18:01.0 +0200
+++ new/warp-tls-3.3.0/ChangeLog.md 2020-06-25 03:58:59.0 +0200
@@ -1,3 +1,9 @@
+## 3.3.0
+
+* Breaking changes: certFile and keyFile are not exported anymore.
+* Allow TLS credentials to be retrieved from an IORef.
+ [#806](https://github.com/yesodweb/wai/pull/806)
+
## 3.2.12
* A config field: tlsCredentials and tlsSessionManager.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.12/Network/Wai/Handler/WarpTLS.hs
new/warp-tls-3.3.0/Network/Wai/Handler/WarpTLS.hs
--- old/warp-tls-3.2.12/Network/Wai/Handler/WarpTLS.hs 2020-05-28
03:18:01.0 +0200
+++ new/warp-tls-3.3.0/Network/Wai/Handler/WarpTLS.hs 2020-06-25
03:58:59.0 +0200
@@ -13,17 +13,23 @@
-- Support for SSL is now obsoleted.
module Network.Wai.Handler.WarpTLS (
+-- * Runner
+ runTLS
+, runTLSSocket
-- * Settings
- TLSSettings
+, TLSSettings
, defaultTlsSettings
-- * Smart constructors
+-- ** From files
, tlsSettings
-, tlsSettingsMemory
, tlsSettingsChain
+-- ** From memory
+, tlsSettingsMemory
, tlsSettingsChainMemory
+-- ** From references
+, tlsSettingsRef
+, tlsSettingsChainRef
-- * Accessors
-, certFile
-, keyFile
, tlsCredentials
, tlsLogging
, tlsAllowedVersions
@@ -35,11 +41,12 @@
, tlsSessionManager
, onInsecure
, OnInsecure (..)
--- * Runner
-, runTLS
-, runTLSSocket
-- * Exception
, WarpTLSException (..)
+-- * DH parameters (re-exports)
+--
+-- | This custom DH parameters are not necessary anymore because
+-- pre-defined DH parameters are supported in the TLS package.
, DH.Params
, DH.generateParams
) where
@@ -71,17 +78,29 @@
+-- | Determines where to load the certificate, chain
+-- certificates, and key from.
+data CertSettings
+ = CertFromFile !FilePath ![FilePath] !FilePath
+ | CertFromMemory !S.ByteString ![S.ByteString] !S.ByteString
+ | CertFromRef !(I.IORef S.ByteString) ![I.IORef S.ByteString] !(I.IORef
S.ByteString)
+
+-- | The default 'CertSettings'.
+defaultCertSettings :: CertSettings
+defaultCertSettings = CertFromFile "certificate.pem" [] "key.pem"
+
+
+
-- | Settings for WarpTLS.
data TLSSettings = TLSSettings {
-certFile :: FilePath
--- ^ File containing the certificate.
- , chainCertFiles :: [FilePath]
--- ^ Files containing chain certificates.
- , keyFile :: FilePath
--- ^ File containing the key
- , certMemory :: Maybe S.ByteString
- , chainCertsMemory :: [S.ByteString]
- , keyMemory :: Maybe S.ByteString
+certSettings :: CertSettings
+-- ^ Where are the certificate, chain certificates, and key
+-- loaded from?
+--
+-- >>> certSettings defaultTlsSettings
+-- tlsSettings "certificate.pem" "key.pem"
+-
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2017-09-15 22:24:47
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
Package is "ghc-warp-tls"
Fri Sep 15 22:24:47 2017 rev:6 rq:525680 version:3.2.4
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2017-07-21 22:48:19.921761005 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes
2017-09-15 22:24:48.474434727 +0200
@@ -1,0 +2,5 @@
+Thu Aug 3 15:38:38 UTC 2017 - psim...@suse.com
+
+- Updated with latest spec-cleaner version 0.9.8-8-geadfbbf.
+
+---
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.y55kKQ/_old 2017-09-15 22:24:49.142340631 +0200
+++ /var/tmp/diff_new_pack.y55kKQ/_new 2017-09-15 22:24:49.146340068 +0200
@@ -22,8 +22,8 @@
Release:0
Summary:HTTP over TLS support for Warp via the TLS package
License:MIT
-Group: Development/Languages/Other
-Url:https://hackage.haskell.org/package/%{pkg_name}
+Group: Development/Libraries/Haskell
+URL:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRequires: ghc-Cabal-devel
BuildRequires: ghc-bytestring-devel
@@ -36,7 +36,6 @@
BuildRequires: ghc-tls-session-manager-devel
BuildRequires: ghc-wai-devel
BuildRequires: ghc-warp-devel
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS 1.1 or TLS
@@ -45,7 +44,7 @@
%package devel
Summary:Haskell %{pkg_name} library development files
-Group: Development/Libraries/Other
+Group: Development/Libraries/Haskell
Requires: %{name} = %{version}-%{release}
Requires: ghc-compiler = %{ghc_version}
Requires(post): ghc-compiler = %{ghc_version}
@@ -70,11 +69,9 @@
%ghc_pkg_recache
%files -f %{name}.files
-%defattr(-,root,root,-)
%doc LICENSE
%files devel -f %{name}-devel.files
-%defattr(-,root,root,-)
%doc ChangeLog.md README.md
%changelog
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2017-07-21 22:48:16
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
Package is "ghc-warp-tls"
Fri Jul 21 22:48:16 2017 rev:5 rq:511248 version:3.2.4
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2017-02-22 13:53:41.354995817 +0100
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes
2017-07-21 22:48:19.921761005 +0200
@@ -1,0 +2,5 @@
+Tue Jul 11 03:02:25 UTC 2017 - psim...@suse.com
+
+- Update to version 3.2.4.
+
+---
Old:
warp-tls-3.2.3.tar.gz
New:
warp-tls-3.2.4.tar.gz
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.6WtT5W/_old 2017-07-21 22:48:22.161445070 +0200
+++ /var/tmp/diff_new_pack.6WtT5W/_new 2017-07-21 22:48:22.161445070 +0200
@@ -18,7 +18,7 @@
%global pkg_name warp-tls
Name: ghc-%{pkg_name}
-Version:3.2.3
+Version:3.2.4
Release:0
Summary:HTTP over TLS support for Warp via the TLS package
License:MIT
@@ -33,6 +33,7 @@
BuildRequires: ghc-rpm-macros
BuildRequires: ghc-streaming-commons-devel
BuildRequires: ghc-tls-devel
+BuildRequires: ghc-tls-session-manager-devel
BuildRequires: ghc-wai-devel
BuildRequires: ghc-warp-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++ warp-tls-3.2.3.tar.gz -> warp-tls-3.2.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs
new/warp-tls-3.2.4/Network/Wai/Handler/WarpTLS.hs
--- old/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs 2017-01-27
04:25:50.0 +0100
+++ new/warp-tls-3.2.4/Network/Wai/Handler/WarpTLS.hs 2017-07-04
04:48:27.0 +0200
@@ -31,6 +31,7 @@
, tlsWantClientCert
, tlsServerHooks
, tlsServerDHEParams
+, tlsSessionManagerConfig
, onInsecure
, OnInsecure (..)
-- * Runner
@@ -60,6 +61,7 @@
import qualified Network.TLS as TLS
import qualified Crypto.PubKey.DH as DH
import qualified Network.TLS.Extra as TLSExtra
+import qualified Network.TLS.SessionManager as SM
import Network.Wai (Application)
import Network.Wai.Handler.Warp
import Network.Wai.Handler.Warp.Internal
@@ -102,7 +104,7 @@
-- ^ The TLS ciphers this server accepts.
--
-- >>> tlsCiphers defaultTlsSettings
---
[ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA1,DHE-RSA-AES128-SHA1,DHE-DSA-AES128-SHA1,DHE-DSA-AES256-SHA1,RSA-aes128-sha1,RSA-aes256-sha1]
+--
[ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1]
--
-- Since 1.4.2
, tlsWantClientCert :: Bool
@@ -129,6 +131,15 @@
-- Default: Nothing
--
-- Since 3.2.2
+ , tlsSessionManagerConfig :: Maybe SM.Config
+-- ^ Configuration for in-memory TLS session manager.
+-- If Nothing, 'TLS.noSessionManager' is used.
+-- Otherwise, an in-memory TLS session manager is created
+-- according to 'Config'.
+--
+-- Default: Nothing
+--
+-- Since 3.2.4
}
-- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field
record name (aka accessors).
@@ -147,24 +158,12 @@
, tlsWantClientCert = False
, tlsServerHooks = def
, tlsServerDHEParams = Nothing
+ , tlsSessionManagerConfig = Nothing
}
-- taken from stunnel example in tls-extra
ciphers :: [TLS.Cipher]
-ciphers =
-[ TLSExtra.cipher_ECDHE_RSA_AES128GCM_SHA256
-, TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA256
-, TLSExtra.cipher_ECDHE_RSA_AES128CBC_SHA
-, TLSExtra.cipher_DHE_RSA_AES128GCM_SHA256
-, TLSExtra.cipher_DHE_RSA_AES256_SHA256
-, TLSExtra.cipher_DHE_RSA_AES128_SHA256
-, TLSExtra.cipher_DHE_RSA_AES256_SHA1
-, TLSExtra.cipher_DHE_RSA_AES128_SHA1
-, TLSExtra.cipher_DHE_DSS_AES128_SHA1
-, TLSExtra.cipher_DHE_DSS_AES256_SHA1
-, TLSExtra.cipher_AES128_SHA1
-, TLSExtra.cipher_AES256_SHA1
-]
+ciphers = TLSExtra.ciphersuite_strong
@@ -252,10 +251,13 @@
key <- maybe (S.readFile keyFile) return mkey
either error return $
TLS.credentialLoadX5
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2017-02-22 13:53:40
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
Package is "ghc-warp-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2016-07-20 09:20:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes
2017-02-22 13:53:41.354995817 +0100
@@ -1,0 +2,5 @@
+Mon Jan 30 09:29:32 UTC 2017 - psim...@suse.com
+
+- Update to version 3.2.3 with cabal2obs.
+
+---
Old:
warp-tls-3.2.2.tar.gz
New:
warp-tls-3.2.3.tar.gz
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.XIrVL4/_old 2017-02-22 13:53:41.834927524 +0100
+++ /var/tmp/diff_new_pack.XIrVL4/_new 2017-02-22 13:53:41.838926954 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ghc-warp-tls
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,15 +18,14 @@
%global pkg_name warp-tls
Name: ghc-%{pkg_name}
-Version:3.2.2
+Version:3.2.3
Release:0
Summary:HTTP over TLS support for Warp via the TLS package
License:MIT
-Group: System/Libraries
+Group: Development/Languages/Other
Url:https://hackage.haskell.org/package/%{pkg_name}
Source0:
https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
BuildRequires: ghc-Cabal-devel
-# Begin cabal-rpm deps:
BuildRequires: ghc-bytestring-devel
BuildRequires: ghc-cryptonite-devel
BuildRequires: ghc-data-default-class-devel
@@ -37,12 +36,11 @@
BuildRequires: ghc-wai-devel
BuildRequires: ghc-warp-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-# End cabal-rpm deps
%description
-Support for SSL is now obsoleted. HTTP/2 can be negotiated by ALPN.
-API docs and the README are available at
-.
+SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS 1.1 or TLS
+1.0 if necessary). HTTP/2 can be negotiated by ALPN. API docs and the README
+are available at .
%package devel
Summary:Haskell %{pkg_name} library development files
@@ -58,15 +56,12 @@
%prep
%setup -q -n %{pkg_name}-%{version}
-
%build
%ghc_lib_build
-
%install
%ghc_lib_install
-
%post devel
%ghc_pkg_recache
++ warp-tls-3.2.2.tar.gz -> warp-tls-3.2.3.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.2/Network/Wai/Handler/WarpTLS.hs
new/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs
--- old/warp-tls-3.2.2/Network/Wai/Handler/WarpTLS.hs 2016-06-22
07:54:17.0 +0200
+++ new/warp-tls-3.2.3/Network/Wai/Handler/WarpTLS.hs 2017-01-27
04:25:50.0 +0100
@@ -55,7 +55,7 @@
import qualified Data.IORef as I
import Data.Streaming.Network (bindPortTCP, safeRecv)
import Data.Typeable (Typeable)
-import Network.Socket (Socket, sClose, withSocketsDo, SockAddr, accept)
+import Network.Socket (Socket, close, withSocketsDo, SockAddr, accept)
import Network.Socket.ByteString (sendAll)
import qualified Network.TLS as TLS
import qualified Crypto.PubKey.DH as DH
@@ -234,7 +234,7 @@
runTLS tset set app = withSocketsDo $
bracket
(bindPortTCP (getPort set) (getHost set))
-sClose
+close
(\sock -> runTLSSocket tset set sock app)
@@ -309,7 +309,7 @@
return (mkConn tlsset s params, sa)
mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO
(Connection, Transport)
-mkConn tlsset s params = switch `onException` sClose s
+mkConn tlsset s params = switch `onException` close s
where
switch = do
firstBS <- safeRecv s 4096
@@ -334,7 +334,7 @@
where
backend recvN = TLS.Backend {
TLS.backendFlush = return ()
- , TLS.backendClose = sClose s
+ , TLS.backendClose = close s
, TLS.backendSend = sendAll' s
, TLS.backendRecv = recvN
}
@@ -344,7 +344,8 @@
connSendMany = TLS.sendData ctx . L.fromChunks
, connSendAll = sendall
, connSendFile = sendfile
- , connClose= close
+ , connClose= close'
+ , connFree = freeBuffer writeBu
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2016-07-20 09:20:17
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
Package is "ghc-warp-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2016-07-01 09:58:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes
2016-07-20 09:20:18.0 +0200
@@ -1,0 +2,5 @@
+Sun Jul 10 16:59:25 UTC 2016 - psim...@suse.com
+
+- Update to version 3.2.2 revision 0 with cabal2obs.
+
+---
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.Ba8UDD/_old 2016-07-20 09:20:19.0 +0200
+++ /var/tmp/diff_new_pack.Ba8UDD/_new 2016-07-20 09:20:19.0 +0200
@@ -60,20 +60,18 @@
%build
-%{ghc_lib_build}
+%ghc_lib_build
%install
-%{ghc_lib_install}
+%ghc_lib_install
%post devel
-%{ghc_pkg_recache}
-
+%ghc_pkg_recache
%postun devel
-%{ghc_pkg_recache}
-
+%ghc_pkg_recache
%files -f %{name}.files
%defattr(-,root,root,-)
@@ -81,6 +79,6 @@
%files devel -f %{name}-devel.files
%defattr(-,root,root,-)
-%doc README.md
+%doc ChangeLog.md README.md
%changelog
commit ghc-warp-tls for openSUSE:Factory
Hello community,
here is the log from the commit of package ghc-warp-tls for openSUSE:Factory
checked in at 2016-07-01 09:58:51
Comparing /work/SRC/openSUSE:Factory/ghc-warp-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-warp-tls.new (New)
Package is "ghc-warp-tls"
Changes:
--- /work/SRC/openSUSE:Factory/ghc-warp-tls/ghc-warp-tls.changes
2016-05-03 09:36:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-warp-tls.new/ghc-warp-tls.changes
2016-07-01 09:58:52.0 +0200
@@ -1,0 +2,7 @@
+Mon Jun 27 10:59:54 UTC 2016 - mimi...@gmail.com
+
+- update to 3.2.2
+* New settting parameter: tlsServerDHEParams
+* Preventing socket leakage
+
+---
Old:
warp-tls-3.2.1.tar.gz
New:
warp-tls-3.2.2.tar.gz
Other differences:
--
++ ghc-warp-tls.spec ++
--- /var/tmp/diff_new_pack.ae6F32/_old 2016-07-01 09:58:53.0 +0200
+++ /var/tmp/diff_new_pack.ae6F32/_new 2016-07-01 09:58:53.0 +0200
@@ -18,7 +18,7 @@
%global pkg_name warp-tls
Name: ghc-%{pkg_name}
-Version:3.2.1
+Version:3.2.2
Release:0
Summary:HTTP over TLS support for Warp via the TLS package
License:MIT
@@ -28,6 +28,7 @@
BuildRequires: ghc-Cabal-devel
# Begin cabal-rpm deps:
BuildRequires: ghc-bytestring-devel
+BuildRequires: ghc-cryptonite-devel
BuildRequires: ghc-data-default-class-devel
BuildRequires: ghc-network-devel
BuildRequires: ghc-rpm-macros
++ warp-tls-3.2.1.tar.gz -> warp-tls-3.2.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.1/ChangeLog.md
new/warp-tls-3.2.2/ChangeLog.md
--- old/warp-tls-3.2.1/ChangeLog.md 2016-02-27 00:24:38.0 +0100
+++ new/warp-tls-3.2.2/ChangeLog.md 2016-06-22 07:54:17.0 +0200
@@ -1,3 +1,8 @@
+## 3.2.2
+
+* New settting parameter: tlsServerDHEParams
[#556](https://github.com/yesodweb/wai/pull/556)
+* Preventing socket leakage [#559](https://github.com/yesodweb/wai/pull/559)
+
## 3.2.1
* Removing dependency to cprng-aes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/warp-tls-3.2.1/Network/Wai/Handler/WarpTLS.hs
new/warp-tls-3.2.2/Network/Wai/Handler/WarpTLS.hs
--- old/warp-tls-3.2.1/Network/Wai/Handler/WarpTLS.hs 2016-02-27
00:24:38.0 +0100
+++ new/warp-tls-3.2.2/Network/Wai/Handler/WarpTLS.hs 2016-06-22
07:54:17.0 +0200
@@ -30,6 +30,7 @@
, tlsCiphers
, tlsWantClientCert
, tlsServerHooks
+, tlsServerDHEParams
, onInsecure
, OnInsecure (..)
-- * Runner
@@ -37,6 +38,8 @@
, runTLSSocket
-- * Exception
, WarpTLSException (..)
+, DH.Params
+, DH.generateParams
) where
#if __GLASGOW_HASKELL__ < 709
@@ -55,6 +58,7 @@
import Network.Socket (Socket, sClose, withSocketsDo, SockAddr, accept)
import Network.Socket.ByteString (sendAll)
import qualified Network.TLS as TLS
+import qualified Crypto.PubKey.DH as DH
import qualified Network.TLS.Extra as TLSExtra
import Network.Wai (Application)
import Network.Wai.Handler.Warp
@@ -118,6 +122,13 @@
-- Default: def
--
-- Since 3.0.2
+ , tlsServerDHEParams :: Maybe DH.Params
+-- ^ Configuration for ServerDHEParams
+-- more function lives in `cryptonite` package
+--
+-- Default: Nothing
+--
+-- Since 3.2.2
}
-- | Default 'TLSSettings'. Use this to create 'TLSSettings' with the field
record name (aka accessors).
@@ -135,6 +146,7 @@
, tlsCiphers = ciphers
, tlsWantClientCert = False
, tlsServerHooks = def
+ , tlsServerDHEParams = Nothing
}
-- taken from stunnel example in tls-extra
@@ -250,7 +262,7 @@
params = def { -- TLS.ServerParams
TLS.serverWantClientCert = tlsWantClientCert
, TLS.serverCACertificates = []
- , TLS.serverDHEParams = Nothing
+ , TLS.serverDHEParams = tlsServerDHEParams
, TLS.serverHooks = hooks
, TLS.serverShared = shared
, TLS.serverSupported = supported
@@ -297,12 +309,14 @@
return (mkConn tlsset s params, sa)
mkConn :: TLS.TLSParams params => TLSSettings -> Socket -> params -> IO
(Connection, Transport)
-mkConn tlsset s params = do
-firstBS <- safeRecv s 4096
-(if not (S.null firstBS) && S.head firstBS == 0x16 then
-httpOverTls tlsset s firstBS params
- else
-plainHTTP tlsset s firstBS) `onException` sClose s
+mkConn tlsset s params = switch `onException` sClose s
+ where
+switch = do
+firstBS <- safeRecv s 4096
+if not (S.null firstBS) && S.head firstBS == 0x16 then
+httpOverTls tlsset s f
