diff --git a/ghc-tls.changes b/ghc-tls.changes index c85e2c4..19ed611 100644 --- a/ghc-tls.changes +++ b/ghc-tls.changes @@ -1,10 +1,5 @@ ------------------------------------------------------------------- -Fri Nov 8 16:15:03 UTC 2019 - Peter Simons - -- Drop obsolete group attributes. - -------------------------------------------------------------------- -Tue Oct 15 02:03:13 UTC 2019 - psimons@suse.com +Tue Oct 15 02:02:59 UTC 2019 - psimons@suse.com - Update tls to version 1.5.2. Upstream has edited the change log file since the last release in @@ -13,210 +8,7 @@ Tue Oct 15 02:03:13 UTC 2019 - psimons@suse.com http://hackage.haskell.org/package/tls-1.5.2/src/CHANGELOG.md ------------------------------------------------------------------- -Sun Jul 28 02:01:08 UTC 2019 - psimons@suse.com +Wed Aug 28 17:31:17 UTC 2019 - psimons@suse.com -- Update tls to version 1.5.1. - ## Version 1.5.1 +- Add tls at version 1.5.1. - - Post-handshake authentication [#363](https://github.com/vincenthz/hs-tls/pull/363) - - Fixing memory leak [#366](https://github.com/vincenthz/hs-tls/pull/366) - - Improve version negotiation [#368](https://github.com/vincenthz/hs-tls/pull/368) - - Don't send 0-RTT data when ticket is expired [#370](https://github.com/vincenthz/hs-tls/pull/370) - - Handshake packet fragmentation [#371](https://github.com/vincenthz/hs-tls/pull/371) - -------------------------------------------------------------------- -Sun Jun 2 02:01:34 UTC 2019 - psimons@suse.com - -- Update tls to version 1.5.0. - Upstream has edited the change log file since the last release in - a non-trivial way, i.e. they did more than just add a new entry - at the top. You can review the file at: - http://hackage.haskell.org/package/tls-1.5.0/src/CHANGELOG.md - -------------------------------------------------------------------- -Sat Oct 20 11:32:09 UTC 2018 - Peter Simons - -- Use https URL to refer to bugs.opensuse.org. - -------------------------------------------------------------------- -Wed Jul 18 14:26:45 UTC 2018 - psimons@suse.com - -- Cosmetic: replace tabs with blanks, strip trailing white space, - and update copyright headers with spec-cleaner. - -------------------------------------------------------------------- -Mon May 14 17:02:11 UTC 2018 - psimons@suse.com - -- Update tls to version 1.4.1. - - Enable X25519 in default parameters [#265](https://github.com/vincenthz/hs-tls/pull/265) - - Checking EOF in bye [#262] (https://github.com/vincenthz/hs-tls/pull/262) - - Improving validation in DH key exchange [#256](https://github.com/vincenthz/hs-tls/pull/256) - - Handle TCP reset during handshake [#251](https://github.com/vincenthz/hs-tls/pull/251) - - Accepting hlint suggestions. - - Wrap renegotiation failures with HandshakeFailed [#237](https://github.com/vincenthz/hs-tls/pull/237) - - Improve selection of server certificate and use "signature_algorithms" extension [#236](https://github.com/vincenthz/hs-tls/pull/236) - - Change Bytes to ByteString and deprecate the Bytes type alias [#230](https://github.com/vincenthz/hs-tls/pull/230) - - Session compression and SNI [#223](https://github.com/vincenthz/hs-tls/pull/223) - - Deprecating ciphersuite_medium. Putting WARNING to ciphersuite_all since this includes RC4 [#153](https://github.com/vincenthz/hs-tls/pull/153) [#222](https://github.com/vincenthz/hs-tls/pull/222) - - Removing NPN [#214](https://github.com/vincenthz/hs-tls/pull/214) - - Supporting RSAPSS defined in TLS 1.3 [#207](https://github.com/vincenthz/hs-tls/pull/207) - - Supporting X25519 and X448 in the IES style. [#205](https://github.com/vincenthz/hs-tls/pull/205) - - Strip leading zeros in DHE premaster secret [#201](https://github.com/vincenthz/hs-tls/pull/201) - - RSASSA-PSS signatures can be enabled with `supportedHashSignatures`. This - uses assignments from TLS 1.3, for example `(HashIntrinsic, SignatureRSApssSHA256)`. - - Diffie-Hellman with elliptic curves X25519 and X448: This can be enabled with - `supportedGroups`, which also gives control over curve preference. - - ECDH with curve P-256 now uses optimized C implementation from package `cryptonite`. - - API CHANGES: - - - Cipher list `ciphersuite_medium` is now deprecated, users are advised to use - `ciphersuite_default` or `ciphersuite_strong`. List `ciphersuite_all` is kept - for compatibility with old servers but this is discouraged and generates a - warning (this includes RC4 ciphers, see [#153](https://github.com/vincenthz/hs-tls/pull/153) - for reference). - - Support for NPN (Next Protocol Negotiation) has been removed. The replacement - is ALPN (Application-Layer Protocol Negotiation). - - Data type `SessionData` now contains fields for compression algorithm and - client SNI. A `SessionManager` implementation that serializes/deserializes - `SessionData` values must deal with the new fields. - - Module `Network.TLS` exports a type alias named `Bytes` which is now deprecated. - The replacement is to use strict `ByteString` directly. - -------------------------------------------------------------------- -Thu Aug 3 15:38:38 UTC 2017 - psimons@suse.com - -- Updated with latest spec-cleaner version 0.9.8-8-geadfbbf. - -------------------------------------------------------------------- -Fri Jun 30 03:01:57 UTC 2017 - psimons@suse.com - -- Update to version 1.3.11. - -------------------------------------------------------------------- -Wed Apr 26 15:04:39 UTC 2017 - psimons@suse.com - -- Update to version 1.3.10 revision 2 with cabal2obs. - -------------------------------------------------------------------- -Mon Mar 27 12:38:43 UTC 2017 - psimons@suse.com - -- Update to version 1.3.10 revision 1 with cabal2obs. - -------------------------------------------------------------------- -Wed Jan 18 09:00:21 UTC 2017 - psimons@suse.com - -- Update to version 1.3.9 with cabal2obs. - -------------------------------------------------------------------- -Sun Jul 10 16:56:12 UTC 2016 - psimons@suse.com - -- Update to version 1.3.8 revision 0 with cabal2obs. - -------------------------------------------------------------------- -Fri May 13 12:53:41 UTC 2016 - mimi.vx@gmail.com - -- update to 1.3.8 - -------------------------------------------------------------------- -Wed May 11 15:35:33 UTC 2016 - mimi.vx@gmail.com - -- update to 1.3.7 -* Disable SHA384 based cipher, as they don't work properly yet. - -------------------------------------------------------------------- -Sun May 8 11:22:31 UTC 2016 - mimi.vx@gmail.com - -- update to 1.3.6 -* Add new ciphers -* Improve some debugging and outputs - -------------------------------------------------------------------- -Sun Apr 10 19:02:03 UTC 2016 - mimi.vx@gmail.com - -- update to 1.3.5 -* Fix a bug with ECDHE based cipher where serialization -* Improve tests -* Debugging: Add a way to print random seed and a way to side-load - a seed for replayability - -------------------------------------------------------------------- -Tue Dec 15 20:50:00 UTC 2015 - mimi.vx@gmail.com - -- update to 1.3.4 -* Add support for Hans (Haskell Network Stack) -* Add support for ECDSA signature -* Add support for ECDSA-ECDHE Cipher -* Improve parsing of ECC related structure - -------------------------------------------------------------------- -Mon Aug 31 08:14:19 UTC 2015 - mimi.vx@gmail.com - -- update to 1.3.2 -* Add cipher suites for forward secrecy on more clients (Aaron Friel) -* Maintain more handshake information to be queried by protocol (Adam Wick) -* handle SCSV on client and server side (Kazu Yamamoto) -* Cleanup renegotiation logic (Kazu Yamamoto) -* Various testing improvements with the openssl test parts -* Cleanup AEAD handling for future support of other ciphers - -------------------------------------------------------------------- -Thu Aug 6 20:43:26 UTC 2015 - mimi.vx@gmail.com - -- update to 1.3.1 -* Repair DHE RSA handling on the cipher by creating signature properly -* modernize the crypto stack by using cryptonite. - -------------------------------------------------------------------- -Sun Jun 21 16:56:51 UTC 2015 - mimi.vx@gmail.com - -- update to 1.2.18 -* add more tests (network, local) -* cleanup cipher / bulk code, certificate verify / creation, and digitall signed handling -* fix handling of DHE ciphers with MS SSL stack that serialize leading zero. - -------------------------------------------------------------------- -Thu Apr 23 18:32:31 UTC 2015 - mimi.vx@gmail.com - -- update to 1.2.17 -* Fix an issue with stream cipher not correctly calculating the internal state, - resulting systematically in bad record mac failure during handshake -* support chain certificate in credentials -* adding ALPN extension -* adding support for AEAD, and particularly AES128-GCM -* Adding support for ECDH -* Do not support SSL3 by default for security reason. -* add EnumSafe8 and 16 for specific sized Enum instance that are safer -* export signatureAndHash parser/encoder -* add a "known" list of extensions -* add SignatureAlgorithms extension -* add Heartbeat extension -* add support for EC curves and point format extensions -* add preliminary SessionTicket extension -* Propagate asynchronous exception -* Export TLSParams and HasBackend type names -* Added FlexibleContexts flag required by ghc-7.9 -* debug: add support for specifying the timeout length in milliseconds. -* debug: add support for 3DES in simple client -* add support for 3DES-EDE-CBC-SHA1 (cipher 0xa) -* repair retrieve certificate validation, and improve fingerprints -* remove groom from dependency -* make RecordM an instance of Applicative -* Fixes the Error_EOF partial pattern match error in exception handling -* Fixed socket backend endless loop when the server does not close connection - properly at the TLS level with the close notify alert. -* Catch Error_EOF in recvData and return empty data. -* Fixed Server key exchange data being parsed without the correct - context, leading to not knowing how to parse the structure. - The bug happens on efficient server that happens to send the ServerKeyXchg - message together with the ServerHello in the same handshake packet. - This trigger parsing of all the messages without having set the pending cipher. - Delay parsing, when this happen, until we know what to do with it. -* Fixed unrecognized name non-fatal alert after client hello. -* Add SSL3 to the supported list of version by default. -* Fixed handshake records not being able to span multiples records. - -------------------------------------------------------------------- -Mon Oct 7 07:12:32 UTC 2013 - sbahling@suse.com - -- Initial package - version 1.1.5