diff --git a/ghc-tls.changes b/ghc-tls.changes index 19ed611..c85e2c4 100644 --- a/ghc-tls.changes +++ b/ghc-tls.changes @@ -1,5 +1,10 @@ ------------------------------------------------------------------- -Tue Oct 15 02:02:59 UTC 2019 - psimons@suse.com +Fri Nov 8 16:15:03 UTC 2019 - Peter Simons + +- Drop obsolete group attributes. + +------------------------------------------------------------------- +Tue Oct 15 02:03:13 UTC 2019 - psimons@suse.com - Update tls to version 1.5.2. Upstream has edited the change log file since the last release in @@ -8,7 +13,210 @@ Tue Oct 15 02:02:59 UTC 2019 - psimons@suse.com http://hackage.haskell.org/package/tls-1.5.2/src/CHANGELOG.md ------------------------------------------------------------------- -Wed Aug 28 17:31:17 UTC 2019 - psimons@suse.com +Sun Jul 28 02:01:08 UTC 2019 - psimons@suse.com -- Add tls at version 1.5.1. +- Update tls to version 1.5.1. + ## Version 1.5.1 + - Post-handshake authentication [#363](https://github.com/vincenthz/hs-tls/pull/363) + - Fixing memory leak [#366](https://github.com/vincenthz/hs-tls/pull/366) + - Improve version negotiation [#368](https://github.com/vincenthz/hs-tls/pull/368) + - Don't send 0-RTT data when ticket is expired [#370](https://github.com/vincenthz/hs-tls/pull/370) + - Handshake packet fragmentation [#371](https://github.com/vincenthz/hs-tls/pull/371) + +------------------------------------------------------------------- +Sun Jun 2 02:01:34 UTC 2019 - psimons@suse.com + +- Update tls to version 1.5.0. + Upstream has edited the change log file since the last release in + a non-trivial way, i.e. they did more than just add a new entry + at the top. You can review the file at: + http://hackage.haskell.org/package/tls-1.5.0/src/CHANGELOG.md + +------------------------------------------------------------------- +Sat Oct 20 11:32:09 UTC 2018 - Peter Simons + +- Use https URL to refer to bugs.opensuse.org. + +------------------------------------------------------------------- +Wed Jul 18 14:26:45 UTC 2018 - psimons@suse.com + +- Cosmetic: replace tabs with blanks, strip trailing white space, + and update copyright headers with spec-cleaner. + +------------------------------------------------------------------- +Mon May 14 17:02:11 UTC 2018 - psimons@suse.com + +- Update tls to version 1.4.1. + - Enable X25519 in default parameters [#265](https://github.com/vincenthz/hs-tls/pull/265) + - Checking EOF in bye [#262] (https://github.com/vincenthz/hs-tls/pull/262) + - Improving validation in DH key exchange [#256](https://github.com/vincenthz/hs-tls/pull/256) + - Handle TCP reset during handshake [#251](https://github.com/vincenthz/hs-tls/pull/251) + - Accepting hlint suggestions. + - Wrap renegotiation failures with HandshakeFailed [#237](https://github.com/vincenthz/hs-tls/pull/237) + - Improve selection of server certificate and use "signature_algorithms" extension [#236](https://github.com/vincenthz/hs-tls/pull/236) + - Change Bytes to ByteString and deprecate the Bytes type alias [#230](https://github.com/vincenthz/hs-tls/pull/230) + - Session compression and SNI [#223](https://github.com/vincenthz/hs-tls/pull/223) + - Deprecating ciphersuite_medium. Putting WARNING to ciphersuite_all since this includes RC4 [#153](https://github.com/vincenthz/hs-tls/pull/153) [#222](https://github.com/vincenthz/hs-tls/pull/222) + - Removing NPN [#214](https://github.com/vincenthz/hs-tls/pull/214) + - Supporting RSAPSS defined in TLS 1.3 [#207](https://github.com/vincenthz/hs-tls/pull/207) + - Supporting X25519 and X448 in the IES style. [#205](https://github.com/vincenthz/hs-tls/pull/205) + - Strip leading zeros in DHE premaster secret [#201](https://github.com/vincenthz/hs-tls/pull/201) + - RSASSA-PSS signatures can be enabled with `supportedHashSignatures`. This + uses assignments from TLS 1.3, for example `(HashIntrinsic, SignatureRSApssSHA256)`. + - Diffie-Hellman with elliptic curves X25519 and X448: This can be enabled with + `supportedGroups`, which also gives control over curve preference. + - ECDH with curve P-256 now uses optimized C implementation from package `cryptonite`. + + API CHANGES: + + - Cipher list `ciphersuite_medium` is now deprecated, users are advised to use + `ciphersuite_default` or `ciphersuite_strong`. List `ciphersuite_all` is kept + for compatibility with old servers but this is discouraged and generates a + warning (this includes RC4 ciphers, see [#153](https://github.com/vincenthz/hs-tls/pull/153) + for reference). + - Support for NPN (Next Protocol Negotiation) has been removed. The replacement + is ALPN (Application-Layer Protocol Negotiation). + - Data type `SessionData` now contains fields for compression algorithm and + client SNI. A `SessionManager` implementation that serializes/deserializes + `SessionData` values must deal with the new fields. + - Module `Network.TLS` exports a type alias named `Bytes` which is now deprecated. + The replacement is to use strict `ByteString` directly. + +------------------------------------------------------------------- +Thu Aug 3 15:38:38 UTC 2017 - psimons@suse.com + +- Updated with latest spec-cleaner version 0.9.8-8-geadfbbf. + +------------------------------------------------------------------- +Fri Jun 30 03:01:57 UTC 2017 - psimons@suse.com + +- Update to version 1.3.11. + +------------------------------------------------------------------- +Wed Apr 26 15:04:39 UTC 2017 - psimons@suse.com + +- Update to version 1.3.10 revision 2 with cabal2obs. + +------------------------------------------------------------------- +Mon Mar 27 12:38:43 UTC 2017 - psimons@suse.com + +- Update to version 1.3.10 revision 1 with cabal2obs. + +------------------------------------------------------------------- +Wed Jan 18 09:00:21 UTC 2017 - psimons@suse.com + +- Update to version 1.3.9 with cabal2obs. + +------------------------------------------------------------------- +Sun Jul 10 16:56:12 UTC 2016 - psimons@suse.com + +- Update to version 1.3.8 revision 0 with cabal2obs. + +------------------------------------------------------------------- +Fri May 13 12:53:41 UTC 2016 - mimi.vx@gmail.com + +- update to 1.3.8 + +------------------------------------------------------------------- +Wed May 11 15:35:33 UTC 2016 - mimi.vx@gmail.com + +- update to 1.3.7 +* Disable SHA384 based cipher, as they don't work properly yet. + +------------------------------------------------------------------- +Sun May 8 11:22:31 UTC 2016 - mimi.vx@gmail.com + +- update to 1.3.6 +* Add new ciphers +* Improve some debugging and outputs + +------------------------------------------------------------------- +Sun Apr 10 19:02:03 UTC 2016 - mimi.vx@gmail.com + +- update to 1.3.5 +* Fix a bug with ECDHE based cipher where serialization +* Improve tests +* Debugging: Add a way to print random seed and a way to side-load + a seed for replayability + +------------------------------------------------------------------- +Tue Dec 15 20:50:00 UTC 2015 - mimi.vx@gmail.com + +- update to 1.3.4 +* Add support for Hans (Haskell Network Stack) +* Add support for ECDSA signature +* Add support for ECDSA-ECDHE Cipher +* Improve parsing of ECC related structure + +------------------------------------------------------------------- +Mon Aug 31 08:14:19 UTC 2015 - mimi.vx@gmail.com + +- update to 1.3.2 +* Add cipher suites for forward secrecy on more clients (Aaron Friel) +* Maintain more handshake information to be queried by protocol (Adam Wick) +* handle SCSV on client and server side (Kazu Yamamoto) +* Cleanup renegotiation logic (Kazu Yamamoto) +* Various testing improvements with the openssl test parts +* Cleanup AEAD handling for future support of other ciphers + +------------------------------------------------------------------- +Thu Aug 6 20:43:26 UTC 2015 - mimi.vx@gmail.com + +- update to 1.3.1 +* Repair DHE RSA handling on the cipher by creating signature properly +* modernize the crypto stack by using cryptonite. + +------------------------------------------------------------------- +Sun Jun 21 16:56:51 UTC 2015 - mimi.vx@gmail.com + +- update to 1.2.18 +* add more tests (network, local) +* cleanup cipher / bulk code, certificate verify / creation, and digitall signed handling +* fix handling of DHE ciphers with MS SSL stack that serialize leading zero. + +------------------------------------------------------------------- +Thu Apr 23 18:32:31 UTC 2015 - mimi.vx@gmail.com + +- update to 1.2.17 +* Fix an issue with stream cipher not correctly calculating the internal state, + resulting systematically in bad record mac failure during handshake +* support chain certificate in credentials +* adding ALPN extension +* adding support for AEAD, and particularly AES128-GCM +* Adding support for ECDH +* Do not support SSL3 by default for security reason. +* add EnumSafe8 and 16 for specific sized Enum instance that are safer +* export signatureAndHash parser/encoder +* add a "known" list of extensions +* add SignatureAlgorithms extension +* add Heartbeat extension +* add support for EC curves and point format extensions +* add preliminary SessionTicket extension +* Propagate asynchronous exception +* Export TLSParams and HasBackend type names +* Added FlexibleContexts flag required by ghc-7.9 +* debug: add support for specifying the timeout length in milliseconds. +* debug: add support for 3DES in simple client +* add support for 3DES-EDE-CBC-SHA1 (cipher 0xa) +* repair retrieve certificate validation, and improve fingerprints +* remove groom from dependency +* make RecordM an instance of Applicative +* Fixes the Error_EOF partial pattern match error in exception handling +* Fixed socket backend endless loop when the server does not close connection + properly at the TLS level with the close notify alert. +* Catch Error_EOF in recvData and return empty data. +* Fixed Server key exchange data being parsed without the correct + context, leading to not knowing how to parse the structure. + The bug happens on efficient server that happens to send the ServerKeyXchg + message together with the ServerHello in the same handshake packet. + This trigger parsing of all the messages without having set the pending cipher. + Delay parsing, when this happen, until we know what to do with it. +* Fixed unrecognized name non-fatal alert after client hello. +* Add SSL3 to the supported list of version by default. +* Fixed handshake records not being able to span multiples records. + +------------------------------------------------------------------- +Mon Oct 7 07:12:32 UTC 2013 - sbahling@suse.com + +- Initial package - version 1.1.5