commit 43b005b0c2f73db9dcffd0768a7ada324cc1f3a7ea2b65f9f9c1ccc451908fea
Author: Peter Simons <peter.simons@suse.com>
Date:   Tue Jan 28 10:11:51 2025 +0000

    osc copypac from project:devel:languages:haskell:ghc-9.10.x package:ghc-tls revision:4, using keep-link
    
    OBS-URL: https://build.opensuse.org/package/show/devel:languages:haskell/ghc-tls?expand=0&rev=104

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/ghc-tls.changes b/ghc-tls.changes
new file mode 100644
index 0000000..a893961
--- /dev/null
+++ b/ghc-tls.changes
@@ -0,0 +1,547 @@
+-------------------------------------------------------------------
+Sun Jan 26 03:30:15 UTC 2025 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.1.7.
+  # Change log for "tls"
+
+  ## Version 2.1.7
+
+  * Introducing `Limit` parameter.
+  * Implementing "Record Size Limit Extension for TLS" (RFC8449).
+    Set `limitRecordSize` use it.
+  * Implementing "TLS Certificate Compression" (RFC 8879).
+    This feature is automatically used if the peer supports it.
+  * More tests with `tlsfuzzer` especially for client authentication
+    and 0-RTT.
+  * Implementing a utility funcation, `validateClientCertificate`, for
+    client authentication.
+  * Bug fix for echo back logic of Cookie extension.
+  * More pretty show for the internal `Handshake` structure for debugging.
+
+-------------------------------------------------------------------
+Tue Jan  7 00:19:23 UTC 2025 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.1.6.
+  ## Version 2.1.6
+
+  * Testing with "tlsfuzzer" again. Now don't send an alert agaist to
+    peer's alert. Double locking (aka self dead-lock) is fixed. Sending
+    an alert for known-but-cannot-parse extensions. Other corner cases
+    are also fixed.
+  * `tls-client -d` and `tls-server -d` pretty-prints `Handshake`.
+
+-------------------------------------------------------------------
+Mon Nov 18 02:13:36 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.1.5.
+  ## Version 2.1.5
+
+  * Removing the dependency on the async package.
+  * Restore a few DHE_RSA ciphers.
+    [#493](https://github.com/haskell-tls/hs-tls/pull/493)
+
+  ## Version 2.1.4
+
+  * Exporting defaultValidationCache.
+
+  ## Version 2.1.3
+
+  * Remove `data-default` version constraint.
+    [#492](https://github.com/haskell-tls/hs-tls/pull/492)
+  * Exporting default variables.
+    [#448](https://github.com/haskell-tls/hs-tls/pull/488)
+
+  ## Version 2.1.2
+
+  * Using data-default instead of data-default-class.
+
+  ## Version 2.1.1
+
+  * `bye` directly calls `timeout recvHS13`, not spawning a thread for
+    `timeout recvHS13`. So, `bye` can receive an exception if thrown.
+
+  ## Version 2.1.0
+
+  * Breaking change: stop exporting constructors to maintain future
+    compatibilities. Field names are still exported, and values can be updated
+    with them using record syntax. Use `def` and `noSessionManager` as initial
+    values.
+  * `onServerFinished` is added to `ClientHooks`.
+  * `clientWantSessionResumeList` is added to `ClientParams` to support
+    multiple tickets for TLS 1.3.
+
+-------------------------------------------------------------------
+Wed May 22 04:38:33 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.6.
+  ## Version 2.0.6
+
+  * Setting `supportedCiphers` in `defaultSupported` to `ciphersuite_default`.
+    So, users don't have to override this value anymore by exporting
+    `Network.TLS.Extra.Cipher`.
+    [#471](https://github.com/haskell-tls/hs-tls/pull/471)
+  * `ciphersuite_default` is the same as `ciphersuite_strong`.
+    So, the duplicated definition is removed.
+  * Add missing modules for util/tls-client and util/tls-server.
+
+-------------------------------------------------------------------
+Fri Apr 26 05:59:56 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.5 revision 1.
+  Upstream has revised the Cabal build instructions on Hackage.
+
+-------------------------------------------------------------------
+Mon Apr 22 06:16:57 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.5.
+  ## Version 2.0.5
+
+  * Fixing handshake13_0rtt_fallback
+  * Client checks if the group of PSK is contained in Supported_Groups.
+  * HRR is not allowed for 0-RTT.
+
+-------------------------------------------------------------------
+Fri Apr 19 10:33:27 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.4.
+  ## Version 2.0.4
+
+  * More fix for 0-RTT when application data is available while receiving CF.
+  * New util/tls-client and util/tls-server.
+
+-------------------------------------------------------------------
+Thu Apr 18 05:42:44 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.3.
+  ## Version 2.0.3
+
+  * Fixing a bug where `timeout` in `bye` does not work.
+  * util/client -> util/tls-client
+  * util/server -> util/tls-server
+
+-------------------------------------------------------------------
+Thu Mar 28 04:03:13 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.2.
+  ## Version 2.0.2
+
+  * Client checks sessionMaxEarlyDataSize to decide 0-RTT
+  * Client checks the resumption cipher properly.
+
+-------------------------------------------------------------------
+Tue Mar 26 05:57:23 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.1 revision 2.
+  Upstream has revised the Cabal build instructions on Hackage.
+
+-------------------------------------------------------------------
+Fri Mar  1 03:31:34 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.1 revision 1.
+  Upstream has revised the Cabal build instructions on Hackage.
+
+-------------------------------------------------------------------
+Sun Feb 18 22:15:12 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.1.
+  ## Version 2.0.1
+
+  * Fix a leak of pending data to be sent.
+
+  ## Version 2.0.0
+
+  * `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
+  * Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
+  * Security: BREAKING CHANGE: all CBC cipher suite are removed.
+  * Security: BREAKING CHANGE: RC4 and 3DES are removed.
+  * Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
+  * Security: BREAKING CHANGE: TLS 1.2 servers require
+    EMS(extended main secret) by default.
+    `supportedExtendedMasterSec` is renamed to
+    `supportedExtendedMainSecret`.
+  * BREAKING CHANGE: the package is now complied with `Strict` and `StrictData`.
+  * BREAKING CHANGE: Many data structures are re-defined with
+   `PatternSynonyms` for extensibility.
+  * BREAKING CHANGE: the structure of `SessionManager` is changed
+    to support session tickets.
+  * API: BREAKING CHANGE: `sendData` can send early data (0-RTT).
+    `clientEarlyData` is removed.
+    To send early data via `sendData`, set `clientUseEarlyData` to `True`.
+    [#466](https://github.com/haskell-tls/hs-tls/issues/466)
+  * API: `handshake` can receive an alert of client authentication failure
+    for TLS 1.3.
+    [#463](https://github.com/haskell-tls/hs-tls/pull/463)
+  * API: `bye` can receive NewSessionTicket for TLS 1.3.
+  * Channel binding: `getFinished` and `getPeerFinished` are deprecated.
+    Use `getTLSUnique` instead.
+    [#462](https://github.com/haskell-tls/hs-tls/pull/462)
+  * Channel binding: `getTLSExporter` and `getTLSServerEndPoint` are provided.
+    [#462](https://github.com/haskell-tls/hs-tls/pull/462)
+  * Refactoring: the monolithic `handshake` is divided to follow
+    the diagram of TLS 1.2 and 1.3 for readability.
+  * Refactoring: test cases are refactored for maintenability
+    and readablity. `hspec` is used instead of `tasty`.
+  * Code format: `fourmolu` is used as an official formatter.
+  * Catching up RFC8446bis-09.
+    [#467](https://github.com/haskell-tls/hs-tls/issues/467)
+
+-------------------------------------------------------------------
+Tue Sep  5 05:49:20 UTC 2023 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 1.9.0.
+  ## Version 1.9.0
+
+  * BREAKING CHANGE: The type of the `Error_Protocol` constructor of `TLSError` has changed.
+    The "warning" case has been split off into a new `Error_Protocol_Warning` constructor.
+    [#460](https://github.com/haskell-tls/hs-tls/pull/460)
+
+  ## Version 1.8.0
+
+  * BREAKING CHANGE: Remove `Exception` instance for `TLSError`.
+    The library now throws `TLSException` only.
+    If you need to change your code, please refer to
+    [this example](https://github.com/snoyberg/http-client/commit/73d1a4eb451c089878ba95e96371d0b18287ffb8) first.
+    [#457](https://github.com/haskell-tls/hs-tls/pull/457)
+
+  ## Version 1.7.1
+
+  * NOP on UserCanceled event
+    [#454](https://github.com/haskell-tls/hs-tls/pull/454)
+
+  ## Version 1.7.0
+
+  * Major version up because "crypton" is used instead of "cryptonite"
+
+-------------------------------------------------------------------
+Thu Mar 30 17:08:41 UTC 2023 - Peter Simons <psimons@suse.com>
+
+- Updated spec file to conform with ghc-rpm-macros-2.5.2.
+
+-------------------------------------------------------------------
+Mon Jun  6 02:45:15 UTC 2022 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 1.6.0.
+  ## Version 1.6.0
+
+  - Major version up because of disabling SSL3
+  - Some fixes against tlsfuzzer
+
+  ## Version 1.5.8
+
+  - Require mtl-2.2.1 or newer
+    [#448](https://github.com/haskell-tls/hs-tls/pull/448)
+
+-------------------------------------------------------------------
+Thu Jan 20 00:35:33 UTC 2022 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 1.5.7.
+  ## Version 1.5.7
+
+  - New APIs: getFinished and getPeerFinished
+    [#445](https://github.com/vincenthz/hs-tls/pull/445)
+
+  ## Version 1.5.6
+
+  - Dynamically setting enctypted extensions
+    [#444](https://github.com/vincenthz/hs-tls/pull/444)
+
+-------------------------------------------------------------------
+Mon Feb  8 22:08:42 UTC 2021 - psimons@suse.com
+
+- Update tls to version 1.5.5.
+  ## Version 1.5.5
+
+  - QUIC support
+    [#419](https://github.com/vincenthz/hs-tls/pull/419)
+    [#427](https://github.com/vincenthz/hs-tls/pull/427)
+    [#428](https://github.com/vincenthz/hs-tls/pull/428)
+    [#430](https://github.com/vincenthz/hs-tls/pull/430)
+    [#433](https://github.com/vincenthz/hs-tls/pull/433)
+    [#441](https://github.com/vincenthz/hs-tls/pull/441)
+  - Server ECDSA for P-256
+    [#436](https://github.com/vincenthz/hs-tls/pull/436)
+  - Sort ciphersuites based on hardware-acceleration support
+    [#439](https://github.com/vincenthz/hs-tls/pull/439)
+  - Sending no_application_protocol
+    [#440](https://github.com/vincenthz/hs-tls/pull/440)
+  - Internal improvements
+    [#426](https://github.com/vincenthz/hs-tls/pull/426)
+    [#431](https://github.com/vincenthz/hs-tls/pull/431)
+
+-------------------------------------------------------------------
+Thu Dec 17 12:20:00 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+ 
+- disable %{ix86} build
+ 
+-------------------------------------------------------------------
+Tue Aug 18 10:46:20 UTC 2020 - Peter Simons <psimons@suse.com>
+
+- Replace %setup -q with the more modern %autosetup macro.
+
+-------------------------------------------------------------------
+Tue Jun 16 11:14:43 UTC 2020 - Peter Simons <psimons@suse.com>
+
+- Re-generate file with latest version of spec-cleaner.
+
+-------------------------------------------------------------------
+Thu Feb 27 14:16:56 UTC 2020 - psimons@suse.com
+
+- Update tls to version 1.5.4.
+  ## Version 1.5.4
+
+  - Restore interoperability with early Java 6
+    [#422](https://github.com/vincenthz/hs-tls/pull/422)
+  - Test cleanups for timeout and async usage
+    [#416](https://github.com/vincenthz/hs-tls/pull/416)
+
+-------------------------------------------------------------------
+Thu Jan  9 03:03:11 UTC 2020 - psimons@suse.com
+
+- Update tls to version 1.5.3.
+  ## Version 1.5.3
+
+  - Additional verification regarding EC signatures
+    [#412](https://github.com/vincenthz/hs-tls/pull/412)
+  - Fixing ALPN
+    [#411](https://github.com/vincenthz/hs-tls/pull/411)
+  - Check SSLv3 padding length
+    [#410](https://github.com/vincenthz/hs-tls/pull/410)
+  - Exposing getClientCertificateChain
+    [#407](https://github.com/vincenthz/hs-tls/pull/407)
+  - Extended Master Secret
+    [#406](https://github.com/vincenthz/hs-tls/pull/406)
+  - Brushing up the documentation
+    [#404](https://github.com/vincenthz/hs-tls/pull/404)
+    [#408](https://github.com/vincenthz/hs-tls/pull/408)
+  - Improving tests
+    [#403](https://github.com/vincenthz/hs-tls/pull/403)
+  - Avoid calling onServerNameIndication twice with HRR
+    [#402](https://github.com/vincenthz/hs-tls/pull/402)
+  - Enable X448 and FFDHE groups
+    [#401](https://github.com/vincenthz/hs-tls/pull/401)
+  - Refactoring
+    [#400](https://github.com/vincenthz/hs-tls/pull/400)
+    [#399](https://github.com/vincenthz/hs-tls/pull/399)
+
+-------------------------------------------------------------------
+Fri Nov  8 16:15:03 UTC 2019 - Peter Simons <psimons@suse.com>
+
+- Drop obsolete group attributes.
+
+-------------------------------------------------------------------
+Tue Oct 15 02:03:13 UTC 2019 - psimons@suse.com
+
+- Update tls to version 1.5.2.
+  Upstream has edited the change log file since the last release in
+  a non-trivial way, i.e. they did more than just add a new entry
+  at the top. You can review the file at:
+  http://hackage.haskell.org/package/tls-1.5.2/src/CHANGELOG.md
+
+-------------------------------------------------------------------
+Sun Jul 28 02:01:08 UTC 2019 - psimons@suse.com
+
+- Update tls to version 1.5.1.
+  ## Version 1.5.1
+
+  - Post-handshake authentication [#363](https://github.com/vincenthz/hs-tls/pull/363)
+  - Fixing memory leak [#366](https://github.com/vincenthz/hs-tls/pull/366)
+  - Improve version negotiation [#368](https://github.com/vincenthz/hs-tls/pull/368)
+  - Don't send 0-RTT data when ticket is expired [#370](https://github.com/vincenthz/hs-tls/pull/370)
+  - Handshake packet fragmentation [#371](https://github.com/vincenthz/hs-tls/pull/371)
+
+-------------------------------------------------------------------
+Sun Jun  2 02:01:34 UTC 2019 - psimons@suse.com
+
+- Update tls to version 1.5.0.
+  Upstream has edited the change log file since the last release in
+  a non-trivial way, i.e. they did more than just add a new entry
+  at the top. You can review the file at:
+  http://hackage.haskell.org/package/tls-1.5.0/src/CHANGELOG.md
+
+-------------------------------------------------------------------
+Sat Oct 20 11:32:09 UTC 2018 - Peter Simons <psimons@suse.com>
+
+- Use https URL to refer to bugs.opensuse.org.
+
+-------------------------------------------------------------------
+Wed Jul 18 14:26:45 UTC 2018 - psimons@suse.com
+
+- Cosmetic: replace tabs with blanks, strip trailing white space,
+  and update copyright headers with spec-cleaner.
+
+-------------------------------------------------------------------
+Mon May 14 17:02:11 UTC 2018 - psimons@suse.com
+
+- Update tls to version 1.4.1.
+  - Enable X25519 in default parameters [#265](https://github.com/vincenthz/hs-tls/pull/265)
+  - Checking EOF in bye [#262] (https://github.com/vincenthz/hs-tls/pull/262)
+  - Improving validation in DH key exchange [#256](https://github.com/vincenthz/hs-tls/pull/256)
+  - Handle TCP reset during handshake [#251](https://github.com/vincenthz/hs-tls/pull/251)
+  - Accepting hlint suggestions.
+  - Wrap renegotiation failures with HandshakeFailed [#237](https://github.com/vincenthz/hs-tls/pull/237)
+  - Improve selection of server certificate and use "signature_algorithms" extension [#236](https://github.com/vincenthz/hs-tls/pull/236)
+  - Change Bytes to ByteString and deprecate the Bytes type alias [#230](https://github.com/vincenthz/hs-tls/pull/230)
+  - Session compression and SNI [#223](https://github.com/vincenthz/hs-tls/pull/223)
+  - Deprecating ciphersuite_medium. Putting WARNING to ciphersuite_all since this includes RC4 [#153](https://github.com/vincenthz/hs-tls/pull/153) [#222](https://github.com/vincenthz/hs-tls/pull/222)
+  - Removing NPN [#214](https://github.com/vincenthz/hs-tls/pull/214)
+  - Supporting RSAPSS defined in TLS 1.3 [#207](https://github.com/vincenthz/hs-tls/pull/207)
+  - Supporting X25519 and X448 in the IES style. [#205](https://github.com/vincenthz/hs-tls/pull/205)
+  - Strip leading zeros in DHE premaster secret [#201](https://github.com/vincenthz/hs-tls/pull/201)
+  - RSASSA-PSS signatures can be enabled with `supportedHashSignatures`.  This
+    uses assignments from TLS 1.3, for example `(HashIntrinsic, SignatureRSApssSHA256)`.
+  - Diffie-Hellman with elliptic curves X25519 and X448: This can be enabled with
+    `supportedGroups`, which also gives control over curve preference.
+  - ECDH with curve P-256 now uses optimized C implementation from package `cryptonite`.
+
+  API CHANGES:
+
+  - Cipher list `ciphersuite_medium` is now deprecated, users are advised to use
+    `ciphersuite_default` or `ciphersuite_strong`.  List `ciphersuite_all` is kept
+    for compatibility with old servers but this is discouraged and generates a
+    warning (this includes RC4 ciphers, see [#153](https://github.com/vincenthz/hs-tls/pull/153)
+    for reference).
+  - Support for NPN (Next Protocol Negotiation) has been removed. The replacement
+    is ALPN (Application-Layer Protocol Negotiation).
+  - Data type `SessionData` now contains fields for compression algorithm and
+    client SNI.  A `SessionManager` implementation that serializes/deserializes
+    `SessionData` values must deal with the new fields.
+  - Module `Network.TLS` exports a type alias named `Bytes` which is now deprecated.
+    The replacement is to use strict `ByteString` directly.
+
+-------------------------------------------------------------------
+Thu Aug  3 15:38:38 UTC 2017 - psimons@suse.com
+
+- Updated with latest spec-cleaner version 0.9.8-8-geadfbbf.
+
+-------------------------------------------------------------------
+Fri Jun 30 03:01:57 UTC 2017 - psimons@suse.com
+
+- Update to version 1.3.11.
+
+-------------------------------------------------------------------
+Wed Apr 26 15:04:39 UTC 2017 - psimons@suse.com
+
+- Update to version 1.3.10 revision 2 with cabal2obs.
+
+-------------------------------------------------------------------
+Mon Mar 27 12:38:43 UTC 2017 - psimons@suse.com
+
+- Update to version 1.3.10 revision 1 with cabal2obs.
+
+-------------------------------------------------------------------
+Wed Jan 18 09:00:21 UTC 2017 - psimons@suse.com
+
+- Update to version 1.3.9 with cabal2obs.
+
+-------------------------------------------------------------------
+Sun Jul 10 16:56:12 UTC 2016 - psimons@suse.com
+
+- Update to version 1.3.8 revision 0 with cabal2obs.
+
+-------------------------------------------------------------------
+Fri May 13 12:53:41 UTC 2016 - mimi.vx@gmail.com
+
+- update to 1.3.8
+
+-------------------------------------------------------------------
+Wed May 11 15:35:33 UTC 2016 - mimi.vx@gmail.com
+
+- update to 1.3.7
+* Disable SHA384 based cipher, as they don't work properly yet.
+
+-------------------------------------------------------------------
+Sun May  8 11:22:31 UTC 2016 - mimi.vx@gmail.com
+
+- update to 1.3.6
+* Add new ciphers
+* Improve some debugging and outputs
+
+-------------------------------------------------------------------
+Sun Apr 10 19:02:03 UTC 2016 - mimi.vx@gmail.com
+
+- update to 1.3.5
+* Fix a bug with ECDHE based cipher where serialization
+* Improve tests
+* Debugging: Add a way to print random seed and a way to side-load
+    a seed for replayability
+
+-------------------------------------------------------------------
+Tue Dec 15 20:50:00 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.3.4
+* Add support for Hans (Haskell Network Stack)
+* Add support for ECDSA signature
+* Add support for ECDSA-ECDHE Cipher
+* Improve parsing of ECC related structure
+
+-------------------------------------------------------------------
+Mon Aug 31 08:14:19 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.3.2
+* Add cipher suites for forward secrecy on more clients (Aaron Friel)
+* Maintain more handshake information to be queried by protocol (Adam Wick)
+* handle SCSV on client and server side (Kazu Yamamoto)
+* Cleanup renegotiation logic (Kazu Yamamoto)
+* Various testing improvements with the openssl test parts
+* Cleanup AEAD handling for future support of other ciphers
+
+-------------------------------------------------------------------
+Thu Aug  6 20:43:26 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.3.1
+* Repair DHE RSA handling on the cipher by creating signature properly
+* modernize the crypto stack by using cryptonite.
+
+-------------------------------------------------------------------
+Sun Jun 21 16:56:51 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.2.18
+* add more tests (network, local)
+* cleanup cipher / bulk code, certificate verify / creation, and digitall signed handling
+* fix handling of DHE ciphers with MS SSL stack that serialize leading zero.
+
+-------------------------------------------------------------------
+Thu Apr 23 18:32:31 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.2.17
+* Fix an issue with stream cipher not correctly calculating the internal state,
+      resulting systematically in bad record mac failure during handshake
+* support chain certificate in credentials
+* adding ALPN extension
+* adding support for AEAD, and particularly AES128-GCM
+* Adding support for ECDH
+* Do not support SSL3 by default for security reason.
+* add EnumSafe8 and 16 for specific sized Enum instance that are safer
+* export signatureAndHash parser/encoder
+* add a "known" list of extensions
+* add SignatureAlgorithms extension
+* add Heartbeat extension
+* add support for EC curves and point format extensions
+* add preliminary SessionTicket extension
+* Propagate asynchronous exception
+* Export TLSParams and HasBackend type names
+* Added FlexibleContexts flag required by ghc-7.9
+* debug: add support for specifying the timeout length in milliseconds.
+* debug: add support for 3DES in simple client
+* add support for 3DES-EDE-CBC-SHA1 (cipher 0xa)
+* repair retrieve certificate validation, and improve fingerprints
+* remove groom from dependency
+* make RecordM an instance of Applicative
+* Fixes the Error_EOF partial pattern match error in exception handling
+* Fixed socket backend endless loop when the server does not close connection
+     properly at the TLS level with the close notify alert.
+* Catch Error_EOF in recvData and return empty data.
+* Fixed Server key exchange data being parsed without the correct
+    context, leading to not knowing how to parse the structure.
+    The bug happens on efficient server that happens to send the ServerKeyXchg
+    message together with the ServerHello in the same handshake packet.
+    This trigger parsing of all the messages without having set the pending cipher.
+    Delay parsing, when this happen, until we know what to do with it.
+* Fixed unrecognized name non-fatal alert after client hello.
+* Add SSL3 to the supported list of version by default.
+* Fixed handshake records not being able to span multiples records.
+
+-------------------------------------------------------------------
+Mon Oct  7 07:12:32 UTC 2013 - sbahling@suse.com
+
+- Initial package - version 1.1.5
diff --git a/ghc-tls.spec b/ghc-tls.spec
new file mode 100644
index 0000000..f36d49b
--- /dev/null
+++ b/ghc-tls.spec
@@ -0,0 +1,137 @@
+#
+# spec file for package ghc-tls
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global pkg_name tls
+%global pkgver %{pkg_name}-%{version}
+%bcond_with tests
+Name:           ghc-%{pkg_name}
+Version:        2.1.7
+Release:        0
+Summary:        TLS protocol native implementation
+License:        BSD-3-Clause
+URL:            https://hackage.haskell.org/package/%{pkg_name}
+Source0:        https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
+BuildRequires:  ghc-Cabal-devel
+BuildRequires:  ghc-asn1-encoding-devel
+BuildRequires:  ghc-asn1-encoding-prof
+BuildRequires:  ghc-asn1-types-devel
+BuildRequires:  ghc-asn1-types-prof
+BuildRequires:  ghc-base-devel
+BuildRequires:  ghc-base-prof
+BuildRequires:  ghc-base16-bytestring-devel
+BuildRequires:  ghc-base16-bytestring-prof
+BuildRequires:  ghc-bytestring-devel
+BuildRequires:  ghc-bytestring-prof
+BuildRequires:  ghc-cereal-devel
+BuildRequires:  ghc-cereal-prof
+BuildRequires:  ghc-crypton-devel
+BuildRequires:  ghc-crypton-prof
+BuildRequires:  ghc-crypton-x509-devel
+BuildRequires:  ghc-crypton-x509-prof
+BuildRequires:  ghc-crypton-x509-store-devel
+BuildRequires:  ghc-crypton-x509-store-prof
+BuildRequires:  ghc-crypton-x509-validation-devel
+BuildRequires:  ghc-crypton-x509-validation-prof
+BuildRequires:  ghc-data-default-devel
+BuildRequires:  ghc-data-default-prof
+BuildRequires:  ghc-memory-devel
+BuildRequires:  ghc-memory-prof
+BuildRequires:  ghc-mtl-devel
+BuildRequires:  ghc-mtl-prof
+BuildRequires:  ghc-network-devel
+BuildRequires:  ghc-network-prof
+BuildRequires:  ghc-rpm-macros
+BuildRequires:  ghc-serialise-devel
+BuildRequires:  ghc-serialise-prof
+BuildRequires:  ghc-transformers-devel
+BuildRequires:  ghc-transformers-prof
+BuildRequires:  ghc-unix-time-devel
+BuildRequires:  ghc-unix-time-prof
+BuildRequires:  ghc-zlib-devel
+BuildRequires:  ghc-zlib-prof
+ExcludeArch:    %{ix86}
+%if %{with tests}
+BuildRequires:  ghc-QuickCheck-devel
+BuildRequires:  ghc-QuickCheck-prof
+BuildRequires:  ghc-async-devel
+BuildRequires:  ghc-async-prof
+BuildRequires:  ghc-hourglass-devel
+BuildRequires:  ghc-hourglass-prof
+BuildRequires:  ghc-hspec-devel
+BuildRequires:  ghc-hspec-prof
+%endif
+
+%description
+Native Haskell TLS 1.2/1.3 protocol implementation for servers and clients.
+
+%package devel
+Summary:        Haskell %{pkg_name} library development files
+Requires:       %{name} = %{version}-%{release}
+Requires:       ghc-compiler = %{ghc_version}
+Requires(post): ghc-compiler = %{ghc_version}
+Requires(postun): ghc-compiler = %{ghc_version}
+
+%description devel
+This package provides the Haskell %{pkg_name} library development files.
+
+%package -n ghc-%{pkg_name}-doc
+Summary:        Haskell %{pkg_name} library documentation
+Requires:       ghc-filesystem
+BuildArch:      noarch
+
+%description -n ghc-%{pkg_name}-doc
+This package provides the Haskell %{pkg_name} library documentation.
+
+%package -n ghc-%{pkg_name}-prof
+Summary:        Haskell %{pkg_name} profiling library
+Requires:       ghc-%{pkg_name}-devel = %{version}-%{release}
+Supplements:    (ghc-%{pkg_name}-devel and ghc-prof)
+
+%description -n ghc-%{pkg_name}-prof
+This package provides the Haskell %{pkg_name} profiling library.
+
+%prep
+%autosetup -n %{pkg_name}-%{version}
+
+%build
+%ghc_lib_build
+
+%install
+%ghc_lib_install
+
+%check
+%cabal_test
+
+%post devel
+%ghc_pkg_recache
+
+%postun devel
+%ghc_pkg_recache
+
+%files -f %{name}.files
+%license LICENSE
+
+%files devel -f %{name}-devel.files
+%doc CHANGELOG.md
+
+%files -n ghc-%{pkg_name}-doc -f ghc-%{pkg_name}-doc.files
+%license LICENSE
+
+%files -n ghc-%{pkg_name}-prof -f ghc-%{pkg_name}-prof.files
+
+%changelog
diff --git a/tls-2.0.6.tar.gz b/tls-2.0.6.tar.gz
new file mode 100644
index 0000000..be6f27a
--- /dev/null
+++ b/tls-2.0.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a3eaba2d45172ac5311e5a0c3833d2947d92d38f090f5cef744e380926b49f1d
+size 160807
diff --git a/tls-2.1.5.tar.gz b/tls-2.1.5.tar.gz
new file mode 100644
index 0000000..ebc22ad
--- /dev/null
+++ b/tls-2.1.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1db76fe10c8288ae9b30ce48ff6f933df1db616c06d0de856d53f1ed0281801
+size 163430
diff --git a/tls-2.1.6.tar.gz b/tls-2.1.6.tar.gz
new file mode 100644
index 0000000..a3c3b3b
--- /dev/null
+++ b/tls-2.1.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2d9571fb47ea1ca7f3009e09eac46ee0ca80d039bbbb092736d810931e03c38
+size 167464
diff --git a/tls-2.1.7.tar.gz b/tls-2.1.7.tar.gz
new file mode 100644
index 0000000..5dd2bce
--- /dev/null
+++ b/tls-2.1.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:92b323450d7282f6c2b0ffcf8814222945e3e0658abca78e10dd5b2f84f8e364
+size 172969