diff --git a/ghc-tls.changes b/ghc-tls.changes index 66dd206..7f9ce3d 100644 --- a/ghc-tls.changes +++ b/ghc-tls.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Fri Mar 1 03:31:34 UTC 2024 - Peter Simons + +- Update tls to version 2.0.1 revision 1. + Upstream has revised the Cabal build instructions on Hackage. + +------------------------------------------------------------------- +Sun Feb 18 22:15:12 UTC 2024 - Peter Simons + +- Update tls to version 2.0.1. + ## Version 2.0.1 + + * Fix a leak of pending data to be sent. + + ## Version 2.0.0 + + * `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites. + * Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed. + * Security: BREAKING CHANGE: all CBC cipher suite are removed. + * Security: BREAKING CHANGE: RC4 and 3DES are removed. + * Security: BREAKING CHANGE: DSS(digital signature standard) is removed. + * Security: BREAKING CHANGE: TLS 1.2 servers require + EMS(extended main secret) by default. + `supportedExtendedMasterSec` is renamed to + `supportedExtendedMainSecret`. + * BREAKING CHANGE: the package is now complied with `Strict` and `StrictData`. + * BREAKING CHANGE: Many data structures are re-defined with + `PatternSynonyms` for extensibility. + * BREAKING CHANGE: the structure of `SessionManager` is changed + to support session tickets. + * API: BREAKING CHANGE: `sendData` can send early data (0-RTT). + `clientEarlyData` is removed. + To send early data via `sendData`, set `clientUseEarlyData` to `True`. + [#466](https://github.com/haskell-tls/hs-tls/issues/466) + * API: `handshake` can receive an alert of client authentication failure + for TLS 1.3. + [#463](https://github.com/haskell-tls/hs-tls/pull/463) + * API: `bye` can receive NewSessionTicket for TLS 1.3. + * Channel binding: `getFinished` and `getPeerFinished` are deprecated. + Use `getTLSUnique` instead. + [#462](https://github.com/haskell-tls/hs-tls/pull/462) + * Channel binding: `getTLSExporter` and `getTLSServerEndPoint` are provided. + [#462](https://github.com/haskell-tls/hs-tls/pull/462) + * Refactoring: the monolithic `handshake` is divided to follow + the diagram of TLS 1.2 and 1.3 for readability. + * Refactoring: test cases are refactored for maintenability + and readablity. `hspec` is used instead of `tasty`. + * Code format: `fourmolu` is used as an official formatter. + * Catching up RFC8446bis-09. + [#467](https://github.com/haskell-tls/hs-tls/issues/467) + ------------------------------------------------------------------- Tue Sep 5 05:49:20 UTC 2023 - Peter Simons diff --git a/ghc-tls.spec b/ghc-tls.spec index 25beac7..d7aebda 100644 --- a/ghc-tls.spec +++ b/ghc-tls.spec @@ -1,7 +1,7 @@ # # spec file for package ghc-tls # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,13 @@ %global pkgver %{pkg_name}-%{version} %bcond_with tests Name: ghc-%{pkg_name} -Version: 1.9.0 +Version: 2.0.1 Release: 0 -Summary: TLS/SSL protocol native implementation (Server and Client) +Summary: TLS protocol native implementation License: BSD-3-Clause URL: https://hackage.haskell.org/package/%{pkg_name} Source0: https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz +Source1: https://hackage.haskell.org/package/%{pkg_name}-%{version}/revision/1.cabal#/%{pkg_name}.cabal BuildRequires: ghc-Cabal-devel BuildRequires: ghc-asn1-encoding-devel BuildRequires: ghc-asn1-encoding-prof @@ -35,6 +36,8 @@ BuildRequires: ghc-async-devel BuildRequires: ghc-async-prof BuildRequires: ghc-base-devel BuildRequires: ghc-base-prof +BuildRequires: ghc-base16-bytestring-devel +BuildRequires: ghc-base16-bytestring-prof BuildRequires: ghc-bytestring-devel BuildRequires: ghc-bytestring-prof BuildRequires: ghc-cereal-devel @@ -56,6 +59,8 @@ BuildRequires: ghc-mtl-prof BuildRequires: ghc-network-devel BuildRequires: ghc-network-prof BuildRequires: ghc-rpm-macros +BuildRequires: ghc-serialise-devel +BuildRequires: ghc-serialise-prof BuildRequires: ghc-transformers-devel BuildRequires: ghc-transformers-prof BuildRequires: ghc-unix-time-devel @@ -66,25 +71,12 @@ BuildRequires: ghc-QuickCheck-devel BuildRequires: ghc-QuickCheck-prof BuildRequires: ghc-hourglass-devel BuildRequires: ghc-hourglass-prof -BuildRequires: ghc-tasty-devel -BuildRequires: ghc-tasty-prof -BuildRequires: ghc-tasty-quickcheck-devel -BuildRequires: ghc-tasty-quickcheck-prof +BuildRequires: ghc-hspec-devel +BuildRequires: ghc-hspec-prof %endif %description -Native Haskell TLS and SSL protocol implementation for server and client. - -This provides a high-level implementation of a sensitive security protocol, -eliminating a common set of security issues through the use of the advanced -type system, high level constructions and common Haskell features. - -Currently implement the TLS1.0, TLS1.1, TLS1.2 and TLS 1.3 protocol, and -support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key -exchanges, and many extensions. - -Some debug tools linked with tls, are available through the -. +Native Haskell TLS 1.2/1.3 protocol implementation for servers and clients. %package devel Summary: Haskell %{pkg_name} library development files @@ -114,6 +106,7 @@ This package provides the Haskell %{pkg_name} profiling library. %prep %autosetup -n %{pkg_name}-%{version} +cp -p %{SOURCE1} %{pkg_name}.cabal %build %ghc_lib_build diff --git a/tls-1.9.0.tar.gz b/tls-1.9.0.tar.gz deleted file mode 100644 index 27bd340..0000000 --- a/tls-1.9.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5605b9cbe0903b100e9de72800641453f74bf5dade6176dbe10b34ac9353433e -size 159392 diff --git a/tls-2.0.1.tar.gz b/tls-2.0.1.tar.gz new file mode 100644 index 0000000..786d1f3 --- /dev/null +++ b/tls-2.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98658cb0394a9cd08c56c5fe11a6c96f16c892a2a594db421cd72e0e7f7be684 +size 162814 diff --git a/tls.cabal b/tls.cabal new file mode 100644 index 0000000..4626838 --- /dev/null +++ b/tls.cabal @@ -0,0 +1,221 @@ +cabal-version: >=1.10 +name: tls +version: 2.0.1 +x-revision: 1 +license: BSD3 +license-file: LICENSE +copyright: Vincent Hanquez +maintainer: Kazu Yamamoto +author: Vincent Hanquez +homepage: https://github.com/haskell-tls/hs-tls +synopsis: TLS protocol native implementation +description: + Native Haskell TLS 1.2/1.3 protocol implementation for servers and clients. + +category: Network +build-type: Simple +extra-source-files: + test/*.hs + CHANGELOG.md + +source-repository head + type: git + location: https://github.com/haskell-tls/hs-tls + subdir: core + +flag devel + description: Development commands + default: False + +library + exposed-modules: + Network.TLS + Network.TLS.Cipher + Network.TLS.Compression + Network.TLS.Internal + Network.TLS.Extra + Network.TLS.Extra.Cipher + Network.TLS.Extra.FFDHE + Network.TLS.QUIC + + other-modules: + Network.TLS.Struct + Network.TLS.Struct13 + Network.TLS.Core + Network.TLS.Context + Network.TLS.Context.Internal + Network.TLS.Credentials + Network.TLS.Backend + Network.TLS.Crypto + Network.TLS.Crypto.DH + Network.TLS.Crypto.IES + Network.TLS.Crypto.Types + Network.TLS.ErrT + Network.TLS.Extension + Network.TLS.Handshake + Network.TLS.Handshake.Certificate + Network.TLS.Handshake.Client + Network.TLS.Handshake.Client.ClientHello + Network.TLS.Handshake.Client.Common + Network.TLS.Handshake.Client.ServerHello + Network.TLS.Handshake.Client.TLS12 + Network.TLS.Handshake.Client.TLS13 + Network.TLS.Handshake.Common + Network.TLS.Handshake.Common13 + Network.TLS.Handshake.Control + Network.TLS.Handshake.Key + Network.TLS.Handshake.Process + Network.TLS.Handshake.Random + Network.TLS.Handshake.Server + Network.TLS.Handshake.Server.ClientHello + Network.TLS.Handshake.Server.ClientHello12 + Network.TLS.Handshake.Server.ClientHello13 + Network.TLS.Handshake.Server.Common + Network.TLS.Handshake.Server.ServerHello12 + Network.TLS.Handshake.Server.ServerHello13 + Network.TLS.Handshake.Server.TLS12 + Network.TLS.Handshake.Server.TLS13 + Network.TLS.Handshake.Signature + Network.TLS.Handshake.State + Network.TLS.Handshake.State13 + Network.TLS.Hooks + Network.TLS.IO + Network.TLS.Imports + Network.TLS.KeySchedule + Network.TLS.MAC + Network.TLS.Measurement + Network.TLS.Packet + Network.TLS.Packet13 + Network.TLS.Parameters + Network.TLS.PostHandshake + Network.TLS.Record + Network.TLS.Record.Disengage + Network.TLS.Record.Engage + Network.TLS.Record.Layer + Network.TLS.Record.Reading + Network.TLS.Record.Writing + Network.TLS.Record.State + Network.TLS.Record.Types + Network.TLS.RNG + Network.TLS.State + Network.TLS.Session + Network.TLS.Sending + Network.TLS.Receiving + Network.TLS.Util + Network.TLS.Util.ASN1 + Network.TLS.Util.Serialization + Network.TLS.Types + Network.TLS.Wire + Network.TLS.X509 + + default-extensions: Strict StrictData + default-language: Haskell2010 + ghc-options: -Wall + build-depends: + base >=4.9 && <5, + asn1-encoding >= 0.9 && < 0.10, + asn1-types >= 0.3 && < 0.4, + async >= 2.2 && < 2.3, + base16-bytestring, + bytestring >= 0.10 && < 0.13, + cereal >= 0.5.3 && < 0.6, + crypton >= 0.34 && < 0.35, + crypton-x509 >= 1.7 && < 1.8, + crypton-x509-store >= 1.6 && < 1.7, + crypton-x509-validation >= 1.6.5 && < 1.7, + data-default-class >= 0.1 && < 0.2, + memory >= 0.18 && < 0.19, + mtl >= 2.2 && < 2.4, + network >= 3.1 && < 3.2, + serialise >= 0.2 && < 0.3, + transformers >= 0.5 && < 0.7, + unix-time >= 0.4.11 && < 0.5 + +test-suite spec + type: exitcode-stdio-1.0 + main-is: Spec.hs + build-tool-depends: hspec-discover:hspec-discover + hs-source-dirs: test + other-modules: + API + Arbitrary + Certificate + CiphersSpec + EncodeSpec + HandshakeSpec + PipeChan + PubKey + Run + Session + ThreadSpec + + default-extensions: Strict StrictData + default-language: Haskell2010 + ghc-options: -Wall -threaded -rtsopts + build-depends: + base >=4.9 && <5, + QuickCheck, + asn1-types, + async, + bytestring, + crypton, + crypton-x509, + crypton-x509-validation, + data-default-class, + hourglass, + hspec, + serialise, + tls + +executable server + main-is: server.hs + hs-source-dirs: util + other-modules: + Common + HexDump + Imports + + default-language: Haskell2010 + default-extensions: Strict StrictData + ghc-options: -Wall -threaded -rtsopts + build-depends: + base >=4.9 && <5, + bytestring, + containers, + crypton, + crypton-x509-store, + crypton-x509-system, + data-default-class, + network, + tls + + if flag(devel) + + else + buildable: False + +executable client + main-is: client.hs + hs-source-dirs: util + other-modules: + Common + HexDump + Imports + + default-language: Haskell2010 + default-extensions: Strict StrictData + ghc-options: -Wall -threaded -rtsopts + build-depends: + base >=4.9 && <5, + bytestring, + crypton, + crypton-x509-store, + crypton-x509-system, + data-default-class, + network, + tls + + if flag(devel) + + else + buildable: False