From 8d953b28b029a8a83e541d43ae7b8daa6a79de79006c226afcba251c30b3691d Mon Sep 17 00:00:00 2001
From: Peter Trommler <ptrommler@icloud.com>
Date: Mon, 4 May 2015 17:56:37 +0000
Subject: [PATCH] Accepting request 304633 from devel:languages:haskell:lts

- update to 1.2.17
* Fix an issue with stream cipher not correctly calculating the internal state,
      resulting systematically in bad record mac failure during handshake
* support chain certificate in credentials
* adding ALPN extension
* adding support for AEAD, and particularly AES128-GCM
* Adding support for ECDH
* Do not support SSL3 by default for security reason.
* add EnumSafe8 and 16 for specific sized Enum instance that are safer
* export signatureAndHash parser/encoder
* add a "known" list of extensions
* add SignatureAlgorithms extension
* add Heartbeat extension
* add support for EC curves and point format extensions
* add preliminary SessionTicket extension
* Propagate asynchronous exception
* Export TLSParams and HasBackend type names
* Added FlexibleContexts flag required by ghc-7.9
* debug: add support for specifying the timeout length in milliseconds.
* debug: add support for 3DES in simple client
* add support for 3DES-EDE-CBC-SHA1 (cipher 0xa)
* repair retrieve certificate validation, and improve fingerprints
* remove groom from dependency
* make RecordM an instance of Applicative
* Fixes the Error_EOF partial pattern match error in exception handling
* Fixed socket backend endless loop when the server does not close connection
     properly at the TLS level with the close notify alert.
* Catch Error_EOF in recvData and return empty data.
* Fixed Server key exchange data being parsed without the correct
    context, leading to not knowing how to parse the structure.

OBS-URL: https://build.opensuse.org/request/show/304633
OBS-URL: https://build.opensuse.org/package/show/devel:languages:haskell/ghc-tls?expand=0&rev=3
---
 _service          |  3 ---
 ghc-tls.changes   | 41 +++++++++++++++++++++++++++++
 ghc-tls.spec      | 66 ++++++++++++++++++++++++++++++++++++-----------
 tls-1.1.5.tar.gz  |  3 ---
 tls-1.2.17.tar.gz |  3 +++
 5 files changed, 95 insertions(+), 21 deletions(-)
 delete mode 100644 _service
 delete mode 100644 tls-1.1.5.tar.gz
 create mode 100644 tls-1.2.17.tar.gz

diff --git a/_service b/_service
deleted file mode 100644
index 76e23bd..0000000
--- a/_service
+++ /dev/null
@@ -1,3 +0,0 @@
-<services>
-  <service name="download_files" mode="localonly" />
-</services>
diff --git a/ghc-tls.changes b/ghc-tls.changes
index 9573dae..e7c7472 100644
--- a/ghc-tls.changes
+++ b/ghc-tls.changes
@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Thu Apr 23 18:32:31 UTC 2015 - mimi.vx@gmail.com
+
+- update to 1.2.17
+* Fix an issue with stream cipher not correctly calculating the internal state,
+      resulting systematically in bad record mac failure during handshake
+* support chain certificate in credentials
+* adding ALPN extension
+* adding support for AEAD, and particularly AES128-GCM
+* Adding support for ECDH
+* Do not support SSL3 by default for security reason.
+* add EnumSafe8 and 16 for specific sized Enum instance that are safer
+* export signatureAndHash parser/encoder
+* add a "known" list of extensions
+* add SignatureAlgorithms extension
+* add Heartbeat extension
+* add support for EC curves and point format extensions
+* add preliminary SessionTicket extension
+* Propagate asynchronous exception
+* Export TLSParams and HasBackend type names
+* Added FlexibleContexts flag required by ghc-7.9
+* debug: add support for specifying the timeout length in milliseconds.
+* debug: add support for 3DES in simple client
+* add support for 3DES-EDE-CBC-SHA1 (cipher 0xa)
+* repair retrieve certificate validation, and improve fingerprints
+* remove groom from dependency
+* make RecordM an instance of Applicative
+* Fixes the Error_EOF partial pattern match error in exception handling
+* Fixed socket backend endless loop when the server does not close connection
+     properly at the TLS level with the close notify alert.
+* Catch Error_EOF in recvData and return empty data.
+* Fixed Server key exchange data being parsed without the correct
+    context, leading to not knowing how to parse the structure.
+    The bug happens on efficient server that happens to send the ServerKeyXchg
+    message together with the ServerHello in the same handshake packet.
+    This trigger parsing of all the messages without having set the pending cipher.
+    Delay parsing, when this happen, until we know what to do with it.
+* Fixed unrecognized name non-fatal alert after client hello.
+* Add SSL3 to the supported list of version by default.
+* Fixed handshake records not being able to span multiples records.
+
 -------------------------------------------------------------------
 Mon Oct  7 07:12:32 UTC 2013 - sbahling@suse.com
 
diff --git a/ghc-tls.spec b/ghc-tls.spec
index 987467d..8b07384 100644
--- a/ghc-tls.spec
+++ b/ghc-tls.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ghc-tls
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,31 +15,53 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
 %global pkg_name tls
 
-Name:           ghc-tls
-Version:        1.1.5
+%bcond_with tests
+
+Name:           ghc-%{pkg_name}
+Version:        1.2.17
 Release:        0
 Summary:        TLS/SSL protocol native implementation (Server and Client)
-License:        BSD-3-Clause
 Group:          System/Libraries
 
-Url:            http://hackage.haskell.org/package/%{pkg_name}
-Source0:        http://hackage.haskell.org/packages/archive/%{pkg_name}/%{version}/%{pkg_name}-%{version}.tar.gz
+License:        BSD-3-Clause
+Url:            https://hackage.haskell.org/package/%{pkg_name}
+Source0:        https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 BuildRequires:  ghc-Cabal-devel
 BuildRequires:  ghc-rpm-macros
 # Begin cabal-rpm deps:
+BuildRequires:  ghc-asn1-encoding-devel
+BuildRequires:  ghc-asn1-types-devel
+BuildRequires:  ghc-async-devel
+BuildRequires:  ghc-byteable-devel
 BuildRequires:  ghc-bytestring-devel
 BuildRequires:  ghc-cereal-devel
-BuildRequires:  ghc-certificate-devel
+BuildRequires:  ghc-cipher-aes-devel
+BuildRequires:  ghc-cipher-des-devel
+BuildRequires:  ghc-cipher-rc4-devel
+BuildRequires:  ghc-crypto-cipher-types-devel
+BuildRequires:  ghc-crypto-numbers-devel
 BuildRequires:  ghc-crypto-pubkey-devel
+BuildRequires:  ghc-crypto-pubkey-types-devel
 BuildRequires:  ghc-crypto-random-devel
 BuildRequires:  ghc-cryptohash-devel
+BuildRequires:  ghc-data-default-class-devel
 BuildRequires:  ghc-mtl-devel
 BuildRequires:  ghc-network-devel
+BuildRequires:  ghc-transformers-devel
+BuildRequires:  ghc-x509-devel
+BuildRequires:  ghc-x509-store-devel
+BuildRequires:  ghc-x509-validation-devel
+%if %{with tests}
+BuildRequires:  ghc-QuickCheck-devel
+BuildRequires:  ghc-cprng-aes-devel
+BuildRequires:  ghc-hourglass-devel
+BuildRequires:  ghc-tasty-devel
+BuildRequires:  ghc-tasty-quickcheck-devel
+%endif
 # End cabal-rpm deps
 
 %description
@@ -49,20 +71,21 @@ This provides a high-level implementation of a sensitive security protocol,
 eliminating a common set of security issues through the use of the advanced
 type system, high level constructions and common Haskell features.
 
-Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, with only
-RSA supported for Key Exchange.
+Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol, and support
+RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges,
+and many extensions.
 
-Only core protocol available here, have a look at the
-<http://hackage.haskell.org/package/tls-extra/> package for default ciphers,
-compressions and certificates functions.
+Some debug tools linked with tls, are available through the
+<http://hackage.haskell.org/package/tls-debug/>.
 
 
 %package devel
 Summary:        Haskell %{pkg_name} library development files
 Group:          Development/Libraries/Other
-Provides:       %{name}-static = %{version}-%{release}
-Requires:       %{name} = %{version}-%{release}
 Requires:       ghc-compiler = %{ghc_version}
+Requires(post): ghc-compiler = %{ghc_version}
+Requires(postun): ghc-compiler = %{ghc_version}
+Requires:       %{name} = %{version}-%{release}
 
 %description devel
 This package provides the Haskell %{pkg_name} library development files.
@@ -71,23 +94,36 @@ This package provides the Haskell %{pkg_name} library development files.
 %prep
 %setup -q -n %{pkg_name}-%{version}
 
+
 %build
 %ghc_lib_build
 
+
 %install
 %ghc_lib_install
 
+
+%check
+%if %{with tests}
+%cabal test
+%endif
+
+
 %post devel
 %ghc_pkg_recache
 
+
 %postun devel
 %ghc_pkg_recache
 
+
 %files -f %{name}.files
 %defattr(-,root,root,-)
 %doc LICENSE
 
+
 %files devel -f %{name}-devel.files
 %defattr(-,root,root,-)
 
+
 %changelog
diff --git a/tls-1.1.5.tar.gz b/tls-1.1.5.tar.gz
deleted file mode 100644
index 4bcebb3..0000000
--- a/tls-1.1.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8c2046cabff84a8b30664c118c228297ea1ea2b550132884bff2b513471f40c9
-size 47674
diff --git a/tls-1.2.17.tar.gz b/tls-1.2.17.tar.gz
new file mode 100644
index 0000000..f12fe28
--- /dev/null
+++ b/tls-1.2.17.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c6fe7c428237246034958e3258bda4a1eda2d9cd202ba9730397f9cbbf090a48
+size 73525