openSUSE Commits
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
September 2015
- 1 participants
- 1128 discussions
Hello community,
here is the log from the commit of package tesseract-ocr for openSUSE:Factory checked in at 2015-09-02 00:36:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tesseract-ocr (Old)
and /work/SRC/openSUSE:Factory/.tesseract-ocr.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tesseract-ocr"
Changes:
--------
New Changes file:
--- /dev/null 2015-08-24 19:43:32.284261900 +0200
+++ /work/SRC/openSUSE:Factory/.tesseract-ocr.new/tesseract-ocr.changes 2015-09-02 00:36:41.000000000 +0200
@@ -0,0 +1,108 @@
+-------------------------------------------------------------------
+Sat Jun 20 10:27:29 UTC 2015 - mailaender(a)opensuse.org
+
+- rename to match upstream tarball and fix boo#900303
+
+-------------------------------------------------------------------
+Sat Jun 22 20:00:58 UTC 2013 - asterios.dramis(a)gmail.com
+
+- Split library into separate package (libtesseract3).
+- Removed debuginfo package (not needed).
+- There is no need anymore to regenerate the build system (removed automake and
+ libtool build requirements).
+- Added pkg-config build requirement (fix for rpmlint error
+ "no-pkg-config-provides"). Removed also not needed
+ "Provides: pkgconfig(%{name})" entry.
+
+-------------------------------------------------------------------
+Mon May 6 11:33:54 UTC 2013 - idonmez(a)suse.com
+
+- Update license, some files are GPL-2.0+ licensed
+
+-------------------------------------------------------------------
+Mon Oct 29 11:36:22 UTC 2012 - jw(a)suse.com
+
+- Update to version 3.02.02
+ * untested
+- Notable features:
+ * Hebrew with BiDi support.
+ * More languages.
+- removed upstreamed patch0
+
+-------------------------------------------------------------------
+Mon Jun 25 18:35:52 UTC 2012 - asterios.dramis(a)gmail.com
+
+- Update to version 3.01:
+ * Removed old/dead serialise/deserialze methods on *LISTIZED classes.
+ * Total rewrite of DENORM to better encapsulate operation and make
+ for potential to extract features from images.
+ * Thread-safety! Moved all critical globals and statics to
+ members of the appropriate class. Tesseract is now
+ thread-safe (multiple instances can be used in parallel
+ in multiple threads.) with the minor exception that some
+ control parameters are still global and affect all threads.
+ * Added Cube, a new recognizer for Arabic. Cube can also be
+ used in combination with normal Tesseract for other languages
+ with an improvement in accuracy at the cost of (much) lower speed.
+ There is no training module for Cube yet.
+ * OcrEngineMode in Init replaces AccuracyVSpeed to control cube.
+ * Greatly improved segmentation search with consequent accuracy and
+ speed improvements, especially for Chinese.
+ * Added PageIterator and ResultIterator as cleaner ways to get the
+ full results out of Tesseract, that are not currently provided
+ by any of the TessBaseAPI::Get* methods.
+ All other methods, such as the ETEXT_STRUCT in particular are
+ deprecated and will be deleted in the future.
+ * ApplyBoxes totally rewritten to make training easier.
+ It can now cope with touching/overlapping training characters,
+ and a new boxfile format allows word boxes instead of character
+ boxes, BUT to use that you have to have already boostrapped the
+ language with character boxes. "Cyclic dependency" on traineddata.
+ * Auto orientation and script detection added to page layout analysis.
+ * Deleted *lots* of dead code.
+ * Fixxht module replaced with scalable data-driven module.
+ * Output font characteristics accuracy improved.
+ * Removed the double conversion at each classification.
+ * Upgraded oldest structs to be classes and deprecated PBLOB.
+ * Removed non-deterministic baseline fit.
+ * Added fixed length dawgs for Chinese.
+ * Handling of vertical text improved.
+ * Handling of leader dots improved.
+ * Table detection greatly improved.
+- Removed the various languages traineddata subpackages (to be included in a
+ separate package "tesseract-traineddata").
+- Changed License to Apache-2.0 (SPDX style).
+- Removed libtiff-devel build dependency (not needed anymore).
+- Added new build dependency liblept-devel, required now by the package.
+- Added automake and libtool build dependencies in order to regenerate the
+ build system because of missing Makefile.in.
+- Removed tesseract-traineddata-deu from recommended entries.
+- Removed nonvoid.patch (fixed upstream).
+- Added a patch (svutil.cpp_fix.patch) to fix compilation due to missing
+ includes (taken from upstream).
+- Disabled compilation of static libraries.
+
+-------------------------------------------------------------------
+Mon Oct 25 08:29:19 UTC 2010 - prusnak(a)opensuse.org
+
+- fixed missing returns in nonvoid functions (nonvoid.patch)
+- added missing post/postun scripts calling ldconfig
+
+-------------------------------------------------------------------
+Sat Sep 23 22:20:00 CEST 2010 - michal.smrz(a)opensuse.cz
+
+- update to tesseract-3.00
+- added plenty od new supported languages
+- created tesseract-package-creator.py which will, hopefully, make future
+ updates easier
+
+-------------------------------------------------------------------
+Fri Jul 10 12:13:04 CEST 2009 - puzel(a)novell.com
+
+- update to tesseract-2.04
+ * Integrated bug fixes and patches and misc changes for portability.
+ * Integrated a patch to remove some of the "access" macros.
+ * Removed dependence on lua from the viewer, speeding it up
+ dramatically.
+ * Fixed the viewer so it compiles and runs properly!
+
New:
----
tesseract-ocr-3.02.02-doc-html.tar.gz
tesseract-ocr-3.02.02.tar.gz
tesseract-ocr.changes
tesseract-ocr.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tesseract-ocr.spec ++++++
#
# spec file for package tesseract-ocr
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define so_ver 3
Name: tesseract-ocr
Version: 3.02.02
Release: 0
Summary: Open Source OCR Engine
License: Apache-2.0 and GPL-2.0+
Group: Productivity/Graphics/Other
Url: http://code.google.com/p/tesseract-ocr/
Source0: http://tesseract-ocr.googlecode.com/files/%{name}-%{version}.tar.gz
Source1: http://tesseract-ocr.googlecode.com/files/%{name}-%{version}-doc-html.tar.gz
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: liblept-devel
BuildRequires: pkg-config
Recommends: tesseract-traineddata-american
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
A commercial quality OCR engine originally developed at HP between 1985 and
1995. In 1995, this engine was among the top 3 evaluated by UNLV. It was
open-sourced by HP and UNLV in 2005. From 2007 it is developed by Google.
%package devel
Summary: Tesseract Open Source OCR Engine Development files
Group: Development/Libraries/Other
Requires: liblept-devel
Requires: libtesseract%{so_ver} = %{version}
%description devel
This package contains development files for the Tesseract Open Source OCR
Engine.
%package -n libtesseract%{so_ver}
Summary: Open Source OCR Engine
Group: System/Libraries
%description -n libtesseract%{so_ver}
A commercial quality OCR engine originally developed at HP between 1985 and
1995. In 1995, this engine was among the top 3 evaluated by UNLV. It was
open-sourced by HP and UNLV in 2005. From 2007 it is developed by Google.
%prep
%setup -q -b1 -n %{name}
%build
export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC"
%configure --disable-static
make %{?_smp_mflags}
%install
%make_install
# Remove libtool config files
rm -f %{buildroot}%{_libdir}/libtesseract.la
# Manually install the devel docs in order to fix rpmlint warnings "files-duplicate" and "doc-file-dependency"
mkdir -p %{buildroot}%{_defaultdocdir}/%{name}-devel
cp -a doc/html/ %{buildroot}%{_defaultdocdir}/%{name}-devel/
# Fix rpmlint warning "doc-file-dependency"
rm -f %{buildroot}%{_defaultdocdir}/%{name}-devel/html/installdox
# Fix rpmlint warning "files-duplicate"
%fdupes -s %{buildroot}
%post -n libtesseract%{so_ver} -p /sbin/ldconfig
%postun -n libtesseract%{so_ver} -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%doc AUTHORS COPYING ChangeLog README ReleaseNotes
%{_bindir}/*
%dir %{_datadir}/tessdata
%{_datadir}/tessdata/configs/
%{_datadir}/tessdata/tessconfigs/
%{_mandir}/man1/*.1%{ext_man}
%{_mandir}/man5/*.5%{ext_man}
%files devel
%defattr(-,root,root,-)
%doc %{_defaultdocdir}/tesseract-ocr-devel/
%{_includedir}/tesseract/
%{_libdir}/libtesseract*.so
%{_libdir}/pkgconfig/*.pc
%files -n libtesseract%{so_ver}
%defattr(-,root,root,-)
%{_libdir}/libtesseract.so.%{so_ver}*
%changelog
1
0
Hello community,
here is the log from the commit of package xf86-input-libinput for openSUSE:Factory checked in at 2015-09-02 00:36:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xf86-input-libinput (Old)
and /work/SRC/openSUSE:Factory/.xf86-input-libinput.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xf86-input-libinput"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xf86-input-libinput/xf86-input-libinput.changes 2015-08-10 09:15:54.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xf86-input-libinput.new/xf86-input-libinput.changes 2015-09-02 00:36:37.000000000 +0200
@@ -1,0 +2,17 @@
+Mon Aug 31 21:30:30 UTC 2015 - zaitor(a)opensuse.org
+
+- Update to version 0.14.0:
+ + Rename a local variable to not shadow the BSD strmode(3)
+ function.
+ + Remove unneeded header, epoll(7) interface is not directly
+ used.
+ + Rename main source file to x86libinput.c.
+ + gitignore: add patterns for automake test suite and misc other
+ bits.
+ + Add drag lock support.
+ + Add an option to disable horizontal scrolling.
+ + Revamp server fd opening.
+ + Use xf86OpenSerial instead of a direct open() call.
+ + Fix typo in libinput.man.
+
+-------------------------------------------------------------------
Old:
----
xf86-input-libinput-0.13.0.tar.bz2
New:
----
xf86-input-libinput-0.14.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xf86-input-libinput.spec ++++++
--- /var/tmp/diff_new_pack.9kaUWy/_old 2015-09-02 00:36:38.000000000 +0200
+++ /var/tmp/diff_new_pack.9kaUWy/_new 2015-09-02 00:36:38.000000000 +0200
@@ -17,7 +17,7 @@
Name: xf86-input-libinput
-Version: 0.13.0
+Version: 0.14.0
Release: 0
Summary: Libinput driver for the Xorg X server
License: MIT
++++++ xf86-input-libinput-0.13.0.tar.bz2 -> xf86-input-libinput-0.14.0.tar.bz2 ++++++
++++ 14621 lines of diff (skipped)
1
0
Hello community,
here is the log from the commit of package plowshare for openSUSE:Factory checked in at 2015-09-02 00:36:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plowshare (Old)
and /work/SRC/openSUSE:Factory/.plowshare.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plowshare"
Changes:
--------
--- /work/SRC/openSUSE:Factory/plowshare/plowshare.changes 2015-05-10 10:46:09.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.plowshare.new/plowshare.changes 2015-09-02 00:36:35.000000000 +0200
@@ -1,0 +2,7 @@
+Tue Sep 1 07:26:24 UTC 2015 - mpluskal(a)suse.com
+
+- Update to 2.1.2
+ * [core] Minor fixes. More cygwin/bsd friendly.
+- Merge bash completion to main package
+
+-------------------------------------------------------------------
Old:
----
v2.1.1.tar.gz
New:
----
v2.1.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plowshare.spec ++++++
--- /var/tmp/diff_new_pack.Ks0iL8/_old 2015-09-02 00:36:36.000000000 +0200
+++ /var/tmp/diff_new_pack.Ks0iL8/_new 2015-09-02 00:36:36.000000000 +0200
@@ -17,7 +17,7 @@
Name: plowshare
-Version: 2.1.1
+Version: 2.1.2
Release: 0
Summary: Download and upload files from file-sharing websites
License: GPL-3.0+
@@ -29,7 +29,8 @@
Requires: bash >= 4.1
Requires: curl >= 7.24
Requires: recode
-Recommends: %{name}-bash-completion
+Provides: %{name}-bash-completion = %{version}
+Obsoletes: %{name}-bash-completion < %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -39,23 +40,13 @@
files and manage remote folders and link deletion. It runs on Linux/BSD/Unix operating system.
The basic concept is that files can be downloaded and uploaded though command line as easily as wget (or curl).
-%package bash-completion
-Summary: Bash-completion for plowshare
-Group: Productivity/Networking/Web/Utilities
-Requires: %{name} = %{version}
-Requires: bash-completion
-BuildArch: noarch
-
-%description bash-completion
-This package contains bash-completion support for plowshare utility.
-
%prep
%setup -q
%build
%install
-%make_install PREFIX=%{_prefix} %{?_smp_mflags}
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
install -D -m 0644 scripts/%{name}.completion %{buildroot}%{_sysconfdir}/bash_completion.d/%{name}
sed -i 's|/local||g' %{buildroot}%{_sysconfdir}/bash_completion.d/%{name}
@@ -68,9 +59,6 @@
%{_datadir}/%{name}
%{_mandir}/man1/*
%{_mandir}/man5/%{name}.conf.5.*
-
-%files bash-completion
-%defattr(-,root,root,-)
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/*
%config %{_sysconfdir}/bash_completion.d/plowshare
++++++ v2.1.1.tar.gz -> v2.1.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/CHANGELOG new/plowshare-2.1.2/CHANGELOG
--- old/plowshare-2.1.1/CHANGELOG 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/CHANGELOG 2015-08-15 12:20:49.000000000 +0200
@@ -1,3 +1,9 @@
+plowshare (2.1.2) stable; urgency=low
+
+ * [core] Minor fixes. More cygwin/bsd friendly.
+
+ -- Matthieu Crapet <mcrapet(a)gmail.com> Sat, 15 Aug 2015 12:17:36 +0200
+
plowshare (2.1.1) stable; urgency=medium
* [plowmod] Fixes with git (requires git v1.8.5+)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/INSTALL new/plowshare-2.1.2/INSTALL
--- old/plowshare-2.1.1/INSTALL 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/INSTALL 2015-08-15 12:20:49.000000000 +0200
@@ -62,6 +62,8 @@
2) Manual method: from git sources
+$ git clone https://github.com/mcrapet/plowshare.git
+
# If you have root privileges (like Ubuntu)
$ sudo make install
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/README.md new/plowshare-2.1.2/README.md
--- old/plowshare-2.1.1/README.md 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/README.md 2015-08-15 12:20:49.000000000 +0200
@@ -177,6 +177,19 @@
**Remark**: Be aware that cURL is not capable of uploading files containing a comma `,` in their name, so make sure to rename them before using *plowup*.
+Use cache over sessions to avoid multiple logins:
+
+```sh
+$ plowup --cache=shared -a 'user:pasword' 1fichier file1.zip
+$ plowup --cache=shared 1fichier file2.zip
+```
+
+On first command line, login stage will be performed and session (token or cookie) will be saved in
+`~/.config/plowshare/storage/module-name.txt`.
+On second command line, *plowup* will reuse the data stored to bypass login step. You don't have to specify credentials.
+
+**Note**: Only few hosters currently support cache mecanism.
+
### Plowdel
Delete a file from MegaShares (*delete link* required):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/core.sh new/plowshare-2.1.2/src/core.sh
--- old/plowshare-2.1.1/src/core.sh 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/src/core.sh 2015-08-15 12:20:49.000000000 +0200
@@ -1003,8 +1003,7 @@
#
# $1: filename
basename_file() {
- # `basename -- "$1"` may be screwed on some BusyBox versions
- echo "${1##*/}"
+ basename -- "$1" || return $ERR_SYSTEM
}
# HTML entities will be translated
@@ -2396,7 +2395,7 @@
;;
# kibibyte (KiB)
KiB|Ki|K|KB)
- echo $(( 1024 * R + F))
+ echo $(( 1024 * R + 1024 * F / 1000))
;;
# megabyte (10^6)
M|MB)
@@ -2404,7 +2403,7 @@
;;
# mebibyte (MiB)
MiB|Mi|m|mB)
- echo $(( 1048576 * R + 1000 * F))
+ echo $(( 1048576 * R + 1048576 * F / 1000))
;;
# gigabyte (10^9)
G|GB)
@@ -2412,7 +2411,7 @@
;;
# gibibyte (GiB)
GiB|Gi)
- echo $(( 1073741824 * R + 1000000 * F))
+ echo $(( 1073741824 * R + 1073741824 * F / 1000))
;;
# bytes
B|'')
@@ -2450,7 +2449,7 @@
CONFIG="$PLOWSHARE_CONFDIR/storage"
if [ ! -d "$CONFIG" ]; then
- mkdir --parents "$CONFIG"
+ mkdir -p "$CONFIG"
chmod 700 "$CONFIG"
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/download.sh new/plowshare-2.1.2/src/download.sh
--- old/plowshare-2.1.1/src/download.sh 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/src/download.sh 2015-08-15 12:20:49.000000000 +0200
@@ -612,12 +612,12 @@
return $ERR_NETWORK
fi
- chmod 644 "$FILENAME_TMP" || log_error "chmod failed: $FILENAME_TMP"
+ chmod 644 "$FILENAME_TMP" 2>/dev/null || log_error "chmod failed: $FILENAME_TMP"
if [ "$FILENAME_TMP" != "$FILENAME_OUT" ]; then
test "$TEMP_RENAME" || \
log_notice "Moving file to output directory: ${OUT_DIR:-.}"
- mv -f "$FILENAME_TMP" "$FILENAME_OUT"
+ mv -f "$FILENAME_TMP" "$FILENAME_OUT" 2>/dev/null || log_error "mv failed: $FILENAME_TMP"
fi
mark_queue "$TYPE" "$MARK_DOWN" "$ITEM" "$URL_RAW" OK "$FILENAME_OUT"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/mod.sh new/plowshare-2.1.2/src/mod.sh
--- old/plowshare-2.1.1/src/mod.sh 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/src/mod.sh 2015-08-15 12:20:49.000000000 +0200
@@ -299,7 +299,7 @@
fi
log_debug "modules directory: $DDIR"
-[ -d "$DDIR" ] || mkdir --parents "$DDIR"
+[ -d "$DDIR" ] || mkdir -p "$DDIR"
if [ ! -w "$DDIR" ]; then
log_error 'ERROR: Modules directory is not writable, abort.'
exit $ERR_BAD_COMMAND_LINE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/upload.sh new/plowshare-2.1.2/src/upload.sh
--- old/plowshare-2.1.1/src/upload.sh 2015-05-03 08:45:53.000000000 +0200
+++ new/plowshare-2.1.2/src/upload.sh 2015-08-15 12:20:49.000000000 +0200
@@ -508,6 +508,13 @@
log_debug 'arbitrary wait (from module)'
fi
wait ${AWAIT:-60} || { URETVAL=$?; break; }
+
+ # Unspecified retry but this error does not count as a retry
+ if [[ $MAXRETRIES -eq 0 ]]; then
+ log_notice "Starting upload ($MODULE): retry (after wait request)"
+ continue
+ fi
+
elif [[ $MAXRETRIES -eq 0 ]]; then
break
elif [ $URETVAL -ne $ERR_FATAL -a $URETVAL -ne $ERR_NETWORK -a \
1
0
Hello community,
here is the log from the commit of package nghttp2 for openSUSE:Factory checked in at 2015-09-02 00:36:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nghttp2 (Old)
and /work/SRC/openSUSE:Factory/.nghttp2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nghttp2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/nghttp2/nghttp2.changes 2015-08-17 15:35:31.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nghttp2.new/nghttp2.changes 2015-09-02 00:36:33.000000000 +0200
@@ -1,0 +2,25 @@
+Tue Sep 1 06:59:43 UTC 2015 - mpluskal(a)suse.com
+
+- Update to 1.3.
+ * Limit the number of incoming reserved (remote) streams
+ * Add stream public API
+ * Rewrite priority tree handling
+ * Fix parallel make distcheck
+ * Define it and itprep recursive target if
+ AM_EXTRA_RECURSIVE_TARGETS is defined
+ * fetch-ocsp-response: Handle spurious openssl exist status 0
+ * nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS
+ connection
+ * nghttpx: Don't allow blacked listed cipher suites for HTTP/2
+ connection
+ * nghttpx: better handle /dev/stderr and /dev/stdout (Patch from
+ Tomasz Buchert)
+ * nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met
+ * nghttpd: Return date header field for 304
+ * nghttpd: Support HEAD request
+ * h2load: Add Timing-script and base URI support (Patch from
+ Lucas Pardue)
+ * h2load: Add timeout options (Patch from Nora)
+- Fix typo in changelog
+
+-------------------------------------------------------------------
@@ -4 +29 @@
-- Update to 1.2.
+- Update to 1.2.1
Old:
----
nghttp2-1.2.1.tar.xz
New:
----
nghttp2-1.3.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nghttp2.spec ++++++
--- /var/tmp/diff_new_pack.dhVoXq/_old 2015-09-02 00:36:34.000000000 +0200
+++ /var/tmp/diff_new_pack.dhVoXq/_new 2015-09-02 00:36:34.000000000 +0200
@@ -19,7 +19,7 @@
%define lib_name lib%{name}-14
%define lib_name_asio lib%{name}_asio1
Name: nghttp2
-Version: 1.2.1
+Version: 1.3.0
Release: 0
Summary: Implementation of Hypertext Transfer Protocol version 2 in C
License: MIT
++++++ nghttp2-1.2.1.tar.xz -> nghttp2-1.3.0.tar.xz ++++++
++++ 9693 lines of diff (skipped)
1
0
Hello community,
here is the log from the commit of package xfce4-vala for openSUSE:Factory checked in at 2015-09-02 00:36:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xfce4-vala (Old)
and /work/SRC/openSUSE:Factory/.xfce4-vala.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xfce4-vala"
Changes:
--------
--- /work/SRC/openSUSE:Factory/xfce4-vala/xfce4-vala.changes 2015-08-13 18:10:53.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.xfce4-vala.new/xfce4-vala.changes 2015-09-02 00:36:27.000000000 +0200
@@ -1,0 +2,5 @@
+Mon Aug 31 11:22:41 CEST 2015 - tiwai(a)suse.de
+
+- Use is_opensuse macro instead for opensuse_bs (boo#940315)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xfce4-vala.spec ++++++
--- /var/tmp/diff_new_pack.8v0y4O/_old 2015-09-02 00:36:28.000000000 +0200
+++ /var/tmp/diff_new_pack.8v0y4O/_new 2015-09-02 00:36:28.000000000 +0200
@@ -23,7 +23,7 @@
%define vala_version 0.22
%endif
%if 0%{?suse_version} == 1315
-%if 0%{?opensuse_bs}
+%if 0%{?is_opensuse}
# openSUSE Leap
%define vala_version 0.28
%else
1
0
Hello community,
here is the log from the commit of package mysql-community-server for openSUSE:Factory checked in at 2015-09-02 00:36:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mysql-community-server (Old)
and /work/SRC/openSUSE:Factory/.mysql-community-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mysql-community-server"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mysql-community-server/mysql-community-server.changes 2015-07-14 17:46:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-community-server.changes 2015-09-02 00:36:23.000000000 +0200
@@ -1,0 +2,41 @@
+Fri Aug 28 14:49:57 UTC 2015 - kstreitova(a)suse.com
+
+- update to MySQL 5.6.26
+ * changes:
+ * http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
+ * fixed CVEs:
+ CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582
+ CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772
+ CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771
+ CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641
+ CVE-2015-2661, CVE-2015-4767
+ * fix [bnc#938412]
+ * remove the following patches (changes were merged upstream):
+ * mysql-community-server-5.6.24-regex_heap_overflow.patch
+ * mysql-5.6.25-logjam.patch
+- disable Performance Schema by default. Since MySQL 5.6.6 upstream
+ enabled Performance Schema by default which results in increased
+ memory usage. The added option disable Performance Schema again in
+ order to decrease MySQL memory usage [bnc#852477].
+- fix spurious macro expansion in comment in specfile
+- install INFO_BIN and INFO_SRC, noticed in MDEV-6912
+- use spec-cleaner
+- tweak some cmake switches to enable more things
+ * WITH_ASAN=ON adress sanitization
+ WITH_LIBWRAP=ON tcp wrappers
+ ENABLED_PROFILING=OFF profiling disable
+ ENABLE_DEBUG_SYNC=OFF debug testing sync disable
+ WITH_PIC=ON by default we want pic generated binaries
+- remove superfluous '--group' parameter from mysql-systemd-helper
+- make -devel package installable in the presence of LibreSSL
+- cleanup after the update-message if it was displayed
+- add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly
+ [bnc#943096]
+- remove redundant entry from %{_tmpfilesdir}/mysql.conf. Using both
+ 'x' and 'X' options is redundant and causes a warning message.
+ Leaving only the 'x' line fixes this problem. [bnc#942908]
+- mariadb: replace readline-devel for readline5-devel (MDEV-6912)
+ [bnc#902396]
+- mariadb-101: set cmake options for MariaDB Galera Cluster
+
+-------------------------------------------------------------------
Old:
----
mysql-5.6.25.tar.gz
New:
----
mysql-5.6.26.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mysql-community-server.spec ++++++
--- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200
+++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200
@@ -27,13 +27,14 @@
%define builtin_plugins partition,csv,heap,myisam,innobase
%define extra_provides mysql-community-server_56
%define with_mandatory_boost 0
+%define build_extras 0
# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
%{!?_tmpfilesdir: %global _tmpfilesdir %{_libexecdir}/tmpfiles.d }
# Remove when 13.1 is out of support scope
%if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run
%endif
-%if 0 > 0
+%if 0%{build_extras} > 0
%define with_jemalloc 1
%define with_oqgraph 1
%define with_cassandra 1
@@ -43,7 +44,7 @@
%define with_cassandra 0
%endif
Name: mysql-community-server
-Version: 5.6.25
+Version: 5.6.26
Release: 0
Summary: Server part of %{pretty_name}
License: SUSE-GPL-2.0-with-FLOSS-exception
@@ -71,7 +72,6 @@
BuildRequires: gcc-c++
BuildRequires: libaio-devel
BuildRequires: libbz2-devel
-BuildRequires: libedit-devel
BuildRequires: libevent-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
@@ -81,17 +81,6 @@
BuildRequires: pam-devel
BuildRequires: pcre-devel
BuildRequires: pkgconfig
-BuildRequires: procps
-BuildRequires: pwdutils
-BuildRequires: readline-devel
-BuildRequires: sqlite
-BuildRequires: tcpd-devel
-BuildRequires: zlib-devel
-BuildRequires: pkgconfig(systemd)
-# Tests requires time and ps and some perl modules
-# Keep in sync with Requires of mysql-testsuite
-BuildRequires: procps
-BuildRequires: time
BuildRequires: perl(Data::Dumper)
BuildRequires: perl(Env)
BuildRequires: perl(Exporter)
@@ -103,6 +92,15 @@
BuildRequires: perl(Sys::Hostname)
BuildRequires: perl(Test::More)
BuildRequires: perl(Time::HiRes)
+# Tests requires time and ps and some perl modules
+# Keep in sync with Requires of mysql-testsuite
+BuildRequires: procps
+BuildRequires: pwdutils
+BuildRequires: sqlite
+BuildRequires: tcpd-devel
+BuildRequires: time
+BuildRequires: zlib-devel
+BuildRequires: pkgconfig(systemd)
# required by rcmysql
Requires: %{name}-client
Requires: %{name}-errormessages = %{version}
@@ -129,6 +127,12 @@
Obsoletes: %{extra_provides}-debug-version < %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
+# On mariadb we want readline5 and on mysql we use libedit from system
+%if "%{name}" == "mariadb"
+BuildRequires: readline5-devel
+%else
+BuildRequires: libedit-devel
+%endif
%if 0%{with_mandatory_boost} > 0
BuildRequires: boost-devel >= 1.57.0
%endif
@@ -180,8 +184,8 @@
Requires: glibc-devel
Requires: libmysqlclient%{soname} = %{version}
Requires: libmysqlclient_r%{soname} = %{version}
-Requires: openssl-devel
Requires: zlib-devel
+Requires: pkgconfig(libssl)
# mysql-devel needs to be provided as some pkgs still depend on it
Provides: mysql-devel = %{version}
Obsoletes: mysql-devel < %{version}
@@ -368,11 +372,17 @@
export CFLAGS="%{optflags} -DOPENSSL_LOAD_CONF -DPIC -fPIC -DFORCE_INIT_OF_VARS $EXTRA_FLAGS"
export CXXFLAGS="$CFLAGS -felide-constructors"
%cmake -DWITH_SSL=system \
+ -DWITH_ASAN=OFF \
+ -DWITH_LIBWRAP=ON \
+ -DENABLED_PROFILING=OFF \
+ -DENABLE_DEBUG_SYNC=OFF \
+ -DWITH_PIC=ON \
-DWITH_ZLIB=system \
-DWITH_LIBEVENT=system \
-DWITH_JEMALLOC=auto \
-DWITH_READLINE=0 \
-DWITH_LIBEDIT=0 \
+ -DWITH_EDITLINE=system \
-DINSTALL_LAYOUT=RPM \
-DMYSQL_UNIX_ADDR="%{_localstatedir}/run/mysql/mysql.sock" \
-DINSTALL_UNIX_ADDRDIR="%{_localstatedir}/run/mysql/mysql.sock" \
@@ -392,6 +402,8 @@
-DWITH_CSV_STORAGE_ENGINE=1 \
-DWITH_HANDLERSOCKET_STORAGE_ENGINE=1 \
-DWITH_EMBEDDED_SERVER=true \
+ -DWITH_WSREP=ON \
+ -DWITH_INNODB_DISALLOW_WRITES=1 \
-DCOMPILATION_COMMENT="openSUSE package" \
-DDENABLE_DOWNLOADS=false \
-DINSTALL_PLUGINDIR_RPM="%{_lib}/mysql/plugin" \
@@ -399,7 +411,8 @@
-DINSTALL_SYSCONF2DIR="%{_sysconfdir}/my.cnf.d" \
-DCMAKE_C_FLAGS_RELWITHDEBINFO="$CFLAGS" \
-DCMAKE_CXX_FLAGS_RELWITHDEBINFO="$CXXFLAGS" \
- -DCMAKE_BUILD_TYPE=RelWithDebInfo -DINSTALL_SQLBENCHDIR=share \
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+ -DINSTALL_SQLBENCHDIR=share \
-DCMAKE_C_FLAGS="$CFLAGS" \
-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
-DCMAKE_EXE_LINKER_FLAGS="-Wl,--as-needed -pie -Wl,-z,relro,-z,now" \
@@ -450,6 +463,9 @@
# Symbols from build to go into libdir
install -m 644 build/sql/mysqld.sym %{buildroot}%{_libdir}/mysql/mysqld.sym
+# INFO_BIN and INFO_SRC binaries
+install -p -m 644 build/Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/
+install -p -m 644 build/Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/
# Remove handler socket client
rm -f %{buildroot}%{_libdir}/mysql/plugin/handlersocket.so
@@ -476,7 +492,7 @@
filelist mysql mysqladmin mysqlcheck mysqldump mysqlimport mysqlshow mysql_config_editor >mysql-client.files
# The dialog stuff is mariadb only
-if [ "`ls '%buildroot'%_libdir/mysql/plugin/dialog*.so 2> /dev/null`" ]; then
+if [ "`ls '%{buildroot}'%{_libdir}/mysql/plugin/dialog*.so 2> /dev/null`" ]; then
echo '%%dir %%_libdir/mysql' >> mysql-client.files
echo '%%dir %%_libdir/mysql/plugin' >> mysql-client.files
echo '%%_libdir/mysql/plugin/dialog*.so' >> mysql-client.files
@@ -548,8 +564,7 @@
# bnc#852451
mkdir -p %{buildroot}%{_tmpfilesdir}
cat > %{buildroot}%{_tmpfilesdir}/mysql.conf <<EOF
-x /var/tmp/mysql.*
-X /var/tmp/mysql.*
+x %{_localstatedir}/tmp/mysql.*
EOF
# SuSEfirewall service description
@@ -628,6 +643,7 @@
--max-test-fail=0 || :
# client does not require server and needs the user too
+
%pre client
getent group mysql >/dev/null || groupadd -r mysql
getent passwd mysql >/dev/null || useradd -r -o -g mysql -u 60 -c "MySQL database admin" \
@@ -645,8 +661,8 @@
%post
%service_add_post mysql.service mysql@.service mysql.target mysql(a)default.service
-# Use %tmpfiles_create when 13.2 is oldest in support scope
-/usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/mysql.conf || :
+# Use %%tmpfiles_create when 13.2 is oldest in support scope
+%{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/mysql.conf || :
# SLE11 Migration support
for i in protected tmp; do
@@ -707,6 +723,8 @@
%postun
%service_del_postun mysql.service mysql@.service mysql.target mysql(a)default.service
+# Remove the /var/adm updatemsg that was hand-created and thus not on filelist
+rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
%post -n lib%{libname}%{soname} -p /sbin/ldconfig
@@ -744,6 +762,8 @@
%{_datadir}/%{name}/*.sql
%dir %{_libdir}/mysql
%{_libdir}/mysql/mysqld.sym
+%{_libdir}/mysql/INFO_BIN
+%{_libdir}/mysql/INFO_SRC
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/mysql
%dir %{_libdir}/mysql/plugin
%{_libdir}/mysql/plugin/[!d]*.so
++++++ configuration-tweaks.tar.bz2 ++++++
++++++ my.ini ++++++
--- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200
+++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200
@@ -55,6 +55,10 @@
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
+# The following option disables Performance Schema in order to decrease
+# MySQL memory usage.
+performance_schema=OFF
+
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
[mysqld_multi]
++++++ mysql-5.6.25.tar.gz -> mysql-5.6.26.tar.gz ++++++
/work/SRC/openSUSE:Factory/mysql-community-server/mysql-5.6.25.tar.gz /work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-5.6.26.tar.gz differ: char 5, line 1
++++++ mysql-patches.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch new/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch
--- old/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch 2015-07-07 10:39:15.000000000 +0200
+++ new/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,132 +0,0 @@
-PATCH-P1-FIX-UPSTREAM: Logjam patch for mysql bnc#934789
-
-From 866b988a76e8e7e217017a7883a52a12ec5024b9 Mon Sep 17 00:00:00 2001
-From: Marek Szymczak <marek.szymczak(a)oracle.com>
-Date: Thu, 9 Oct 2014 16:39:43 +0200
-Subject: [PATCH] Bug#18367167 DH KEY LENGTH OF 1024 BITS TO MEET MINIMUM REQ
- OF FIPS 140-2
-
-Perfect Forward Secrecy (PFS) requires Diffie-Hellman (DH) parameters to be set. Current implementation uses DH key of 512 bit.
----
- include/violite.h | 3 ++-
- vio/viosslfactories.c | 70 ++++++++++++++++++++++++++++++++++++++++-----------
- 2 files changed, 57 insertions(+), 16 deletions(-)
-
-Index: mysql-5.6.25/include/violite.h
-===================================================================
---- mysql-5.6.25.orig/include/violite.h
-+++ mysql-5.6.25/include/violite.h
-@@ -147,7 +147,8 @@ enum enum_ssl_init_error
- {
- SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY,
- SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS,
-- SSL_INITERR_MEMFAIL, SSL_INITERR_LASTERR
-+ SSL_INITERR_MEMFAIL, SSL_INITERR_NO_USABLE_CTX, SSL_INITERR_DHFAIL,
-+ SSL_INITERR_LASTERR
- };
- const char* sslGetErrString(enum enum_ssl_init_error err);
-
-Index: mysql-5.6.25/vio/viosslfactories.c
-===================================================================
---- mysql-5.6.25.orig/vio/viosslfactories.c
-+++ mysql-5.6.25/vio/viosslfactories.c
-@@ -20,27 +20,56 @@
- static my_bool ssl_algorithms_added = FALSE;
- static my_bool ssl_error_strings_loaded= FALSE;
-
--static unsigned char dh512_p[]=
-+/*
-+ Diffie-Hellman key.
-+ Generated using: >openssl dhparam -5 -C 2048
-+
-+ -----BEGIN DH PARAMETERS-----
-+ MIIBCAKCAQEAil36wGZ2TmH6ysA3V1xtP4MKofXx5n88xq/aiybmGnReZMviCPEJ
-+ 46+7VCktl/RZ5iaDH1XNG1dVQmznt9pu2G3usU+k1/VB4bQL4ZgW4u0Wzxh9PyXD
-+ glm99I9Xyj4Z5PVE4MyAsxCRGA1kWQpD9/zKAegUBPLNqSo886Uqg9hmn8ksyU9E
-+ BV5eAEciCuawh6V0O+Sj/C3cSfLhgA0GcXp3OqlmcDu6jS5gWjn3LdP1U0duVxMB
-+ h/neTSCSvtce4CAMYMjKNVh9P1nu+2d9ZH2Od2xhRIqMTfAS1KTqF3VmSWzPFCjG
-+ mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ==
-+ -----END DH PARAMETERS-----
-+ */
-+static unsigned char dh2048_p[]=
- {
-- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-- 0x47,0x74,0xE8,0x33,
-+ 0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37,
-+ 0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C,
-+ 0xC6, 0xAF, 0xDA, 0x8B, 0x26, 0xE6, 0x1A, 0x74, 0x5E, 0x64, 0xCB, 0xE2,
-+ 0x08, 0xF1, 0x09, 0xE3, 0xAF, 0xBB, 0x54, 0x29, 0x2D, 0x97, 0xF4, 0x59,
-+ 0xE6, 0x26, 0x83, 0x1F, 0x55, 0xCD, 0x1B, 0x57, 0x55, 0x42, 0x6C, 0xE7,
-+ 0xB7, 0xDA, 0x6E, 0xD8, 0x6D, 0xEE, 0xB1, 0x4F, 0xA4, 0xD7, 0xF5, 0x41,
-+ 0xE1, 0xB4, 0x0B, 0xE1, 0x98, 0x16, 0xE2, 0xED, 0x16, 0xCF, 0x18, 0x7D,
-+ 0x3F, 0x25, 0xC3, 0x82, 0x59, 0xBD, 0xF4, 0x8F, 0x57, 0xCA, 0x3E, 0x19,
-+ 0xE4, 0xF5, 0x44, 0xE0, 0xCC, 0x80, 0xB3, 0x10, 0x91, 0x18, 0x0D, 0x64,
-+ 0x59, 0x0A, 0x43, 0xF7, 0xFC, 0xCA, 0x01, 0xE8, 0x14, 0x04, 0xF2, 0xCD,
-+ 0xA9, 0x2A, 0x3C, 0xF3, 0xA5, 0x2A, 0x83, 0xD8, 0x66, 0x9F, 0xC9, 0x2C,
-+ 0xC9, 0x4F, 0x44, 0x05, 0x5E, 0x5E, 0x00, 0x47, 0x22, 0x0A, 0xE6, 0xB0,
-+ 0x87, 0xA5, 0x74, 0x3B, 0xE4, 0xA3, 0xFC, 0x2D, 0xDC, 0x49, 0xF2, 0xE1,
-+ 0x80, 0x0D, 0x06, 0x71, 0x7A, 0x77, 0x3A, 0xA9, 0x66, 0x70, 0x3B, 0xBA,
-+ 0x8D, 0x2E, 0x60, 0x5A, 0x39, 0xF7, 0x2D, 0xD3, 0xF5, 0x53, 0x47, 0x6E,
-+ 0x57, 0x13, 0x01, 0x87, 0xF9, 0xDE, 0x4D, 0x20, 0x92, 0xBE, 0xD7, 0x1E,
-+ 0xE0, 0x20, 0x0C, 0x60, 0xC8, 0xCA, 0x35, 0x58, 0x7D, 0x3F, 0x59, 0xEE,
-+ 0xFB, 0x67, 0x7D, 0x64, 0x7D, 0x8E, 0x77, 0x6C, 0x61, 0x44, 0x8A, 0x8C,
-+ 0x4D, 0xF0, 0x12, 0xD4, 0xA4, 0xEA, 0x17, 0x75, 0x66, 0x49, 0x6C, 0xCF,
-+ 0x14, 0x28, 0xC6, 0x9A, 0x3C, 0x71, 0xFD, 0xB8, 0x3A, 0x6C, 0xE3, 0xA3,
-+ 0xA6, 0x06, 0x5A, 0xA6, 0xF0, 0x7A, 0x00, 0x15, 0xA5, 0x5A, 0x64, 0x66,
-+ 0x00, 0x05, 0x85, 0xB7,
- };
-
--static unsigned char dh512_g[]={
-- 0x02,
-+static unsigned char dh2048_g[]={
-+ 0x05,
- };
-
--static DH *get_dh512(void)
-+static DH *get_dh2048(void)
- {
- DH *dh;
- if ((dh=DH_new()))
- {
-- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if (! dh->p || ! dh->g)
- {
- DH_free(dh);
-@@ -81,7 +110,9 @@ ssl_error_string[] =
- "Private key does not match the certificate public key",
- "SSL_CTX_set_default_verify_paths failed",
- "Failed to set ciphers to use",
-- "SSL_CTX_new failed"
-+ "SSL_CTX_new failed",
-+ "SSL context is not usable without certificate and private key",
-+ "SSL_CTX_set_tmp_dh failed"
- };
-
- const char*
-@@ -285,8 +316,17 @@ new_VioSSLFd(const char *key_file, const
- }
-
- /* DH stuff */
-- dh=get_dh512();
-- SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
-+ dh= get_dh2048();
-+ if (SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh) == 0)
-+ {
-+ *error= SSL_INITERR_DHFAIL;
-+ DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-+ report_errors();
-+ DH_free(dh);
-+ SSL_CTX_free(ssl_fd->ssl_context);
-+ my_free(ssl_fd);
-+ DBUG_RETURN(0);
-+ }
- DH_free(dh);
-
- DBUG_PRINT("exit", ("OK 1"));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch new/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch
--- old/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch 2015-07-07 10:39:15.000000000 +0200
+++ new/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-PATCH-P1-FIX-UPSTREAM: Fix heap overflow vulnerability in regex library
-BUGS: bnc#922043
-
-Description of the vulnerability from
-https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
-"Fix heap overflow vulnerability in Henry Spencer’s regex library,
-affecting 32 bit systems only. Variable ‘len’ is here enlarged to such
-an extent that, in the process of enlarging (multiplication and addition),
-causes the 32 bit register/variable to overflow."
-
-Maintainer: Kristyna Streitova <kstreitova(a)suse.com>
-
-Index: mysql-5.5.43/regex/regcomp.c
-===================================================================
---- mysql-5.5.43.orig/regex/regcomp.c
-+++ mysql-5.5.43/regex/regcomp.c
-@@ -138,7 +138,15 @@ CHARSET_INFO *charset;
- (NC-1)*sizeof(cat_t));
- if (g == NULL)
- return(MY_REG_ESPACE);
-- p->ssize = (long) (len/(size_t)2*(size_t)3 + (size_t)1); /* ugh */
-+ {
-+ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */
-+ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */
-+ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) {
-+ free((char *) g);
-+ return MY_REG_INVARG;
-+ }
-+ p->ssize = (long) new_ssize;
-+ }
- p->strip = (sop *)malloc(p->ssize * sizeof(sop));
- p->slen = 0;
- if (p->strip == NULL) {
++++++ mysql-systemd-helper ++++++
--- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200
+++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200
@@ -34,7 +34,6 @@
--socket=*) socket="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;;
--datadir=*) datadir="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;;
--user=*) mysql_daemon_user="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;;
- --group=*) mysql_daemon_group="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;;
esac
done
}
@@ -88,7 +87,7 @@
# Run protected MySQL accessible only though socket in our directory
echo "Running protected MySQL... "
/usr/sbin/mysqld \
- --user="$mysql_daemon_user" --group="$mysql_daemon_group" \
+ --user="$mysql_daemon_user" \
$opts \
--skip-networking \
--skip-grant-tables \
@@ -145,7 +144,7 @@
}
mysql_start() {
- /usr/sbin/mysqld --user="$mysql_daemon_user" --group="$mysql_daemon_group" $opts
+ exec /usr/sbin/mysqld --user="$mysql_daemon_user" $opts
}
# We rely on output in english at some points
++++++ series ++++++
--- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:26.000000000 +0200
+++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:26.000000000 +0200
@@ -10,6 +10,4 @@
mysql-community-server-5.6.12-upgrade-datadir.patch
mysql-community-server-5.6.12-srv_buf_size.patch
mysql-community-server-5.6.12-logrotate-su.patch
-mysql-community-server-5.6.24-regex_heap_overflow.patch
mysql-community-server-5.6.24-static_library.patch
-mysql-5.6.25-logjam.patch
1
0
Hello community,
here is the log from the commit of package python-unicodecsv for openSUSE:Factory checked in at 2015-09-02 00:36:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-unicodecsv (Old)
and /work/SRC/openSUSE:Factory/.python-unicodecsv.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-unicodecsv"
Changes:
--------
New Changes file:
--- /dev/null 2015-08-24 19:43:32.284261900 +0200
+++ /work/SRC/openSUSE:Factory/.python-unicodecsv.new/python-unicodecsv.changes 2015-09-02 00:36:18.000000000 +0200
@@ -0,0 +1,5 @@
+-------------------------------------------------------------------
+Thu Oct 2 16:20:47 UTC 2014 - toddrme2178(a)gmail.com
+
+- Initial version
+
New:
----
python-unicodecsv.changes
python-unicodecsv.spec
unicodecsv-0.9.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-unicodecsv.spec ++++++
#
# spec file for package python-unicodecsv
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: python-unicodecsv
Version: 0.9.4
Release: 0
Summary: Drop-in replacment for python's csv module with unicode support
License: BSD-2-Clause
Group: Development/Languages/Python
Url: https://github.com/jdunck/python-unicodecsv
Source: https://pypi.python.org/packages/source/u/unicodecsv/unicodecsv-%{version}.…
BuildRequires: python-devel
BuildRequires: python-setuptools
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch: noarch
%endif
%description
Python 2's csv module doesn't easily deal with unicode strings,
leading to the dreaded "'ascii' codec can't encode characters
in position ..." exception.
The unicodecsv is a drop-in replacement for Python 2's csv module
which supports unicode strings without a hassle.
%prep
%setup -q -n unicodecsv-%{version}
%build
python setup.py build
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
%files
%defattr(-,root,root,-)
%doc README.rst
%{python_sitelib}/*
%changelog
1
0
Hello community,
here is the log from the commit of package ghc-yaml for openSUSE:Factory checked in at 2015-09-02 00:36:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-yaml (Old)
and /work/SRC/openSUSE:Factory/.ghc-yaml.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-yaml"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-yaml/ghc-yaml.changes 2015-08-27 08:55:36.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-yaml.new/ghc-yaml.changes 2015-09-02 00:36:16.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Aug 31 08:46:59 UTC 2015 - mimi.vx(a)gmail.com
+
+- update to 0.8.14
+* Pretty print improvements for exceptions
+
+-------------------------------------------------------------------
Old:
----
yaml-0.8.13.tar.gz
New:
----
yaml-0.8.14.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-yaml.spec ++++++
--- /var/tmp/diff_new_pack.vv6JmB/_old 2015-09-02 00:36:17.000000000 +0200
+++ /var/tmp/diff_new_pack.vv6JmB/_new 2015-09-02 00:36:17.000000000 +0200
@@ -18,7 +18,7 @@
%global pkg_name yaml
Name: ghc-yaml
-Version: 0.8.13
+Version: 0.8.14
Release: 0
Summary: Support for parsing and rendering YAML documents
License: BSD-3-Clause
++++++ yaml-0.8.13.tar.gz -> yaml-0.8.14.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/ChangeLog.md new/yaml-0.8.14/ChangeLog.md
--- old/yaml-0.8.13/ChangeLog.md 2015-08-13 12:42:36.000000000 +0200
+++ new/yaml-0.8.14/ChangeLog.md 2015-08-30 08:11:27.000000000 +0200
@@ -1,3 +1,7 @@
+## 0.8.14
+
+* Pretty print improvements for exceptions [#67](https://github.com/snoyberg/yaml/pull/67)
+
## 0.8.13
* Pretty module [#66](https://github.com/snoyberg/yaml/pull/66)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/Data/Yaml/Internal.hs new/yaml-0.8.14/Data/Yaml/Internal.hs
--- old/yaml-0.8.13/Data/Yaml/Internal.hs 2015-08-13 12:42:36.000000000 +0200
+++ new/yaml-0.8.14/Data/Yaml/Internal.hs 2015-08-30 08:11:27.000000000 +0200
@@ -19,6 +19,7 @@
import Text.Libyaml hiding (encode, decode, encodeFile, decodeFile)
import Data.ByteString (ByteString)
import qualified Data.Map as Map
+import Data.Maybe (isNothing)
import Control.Exception
import Control.Exception.Enclosed
import Control.Monad.Trans.State
@@ -66,36 +67,44 @@
-- Instead of displaying the data constructors applied to their arguments,
-- a more textual output is returned. For example, instead of printing:
--
--- > AesonException "The key \"foo\" was not found"
+-- > InvalidYaml (Just (YamlParseException {yamlProblem = "did not find expected ',' or '}'", yamlContext = "while parsing a flow mapping", yamlProblemMark = YamlMark {yamlIndex = 42, yamlLine = 2, yamlColumn = 12}})))
--
-- It looks more pleasant to print:
--
--- > Aeson exception: The key "foo" was not found
+-- > YAML parse exception at line 2, column 12,
+-- > while parsing a flow mapping:
+-- > did not find expected ',' or '}'
--
-- Since 0.8.11
prettyPrintParseException :: ParseException -> String
-prettyPrintParseException NonScalarKey = "Non scalar key"
-prettyPrintParseException (UnknownAlias n) =
- "Unknown alias: " ++ n
-prettyPrintParseException (UnexpectedEvent r e) = unlines
- [ "Unexpected event:"
- , " Received: " ++ maybe "None" show r
- , " Expected: " ++ maybe "None" show e
+prettyPrintParseException pe = case pe of
+ NonScalarKey -> "Non scalar key"
+ UnknownAlias anchor -> "Unknown alias `" ++ anchor ++ "`"
+ UnexpectedEvent mbExpected mbUnexpected -> unlines
+ [ "Unexpected event: expected"
+ , " " ++ show mbExpected
+ , "but received"
+ , " " ++ show mbUnexpected
]
-prettyPrintParseException (InvalidYaml mye) =
- case mye of
- Just ye -> "Invalid yaml: " ++ show ye
- _ -> "Invalid yaml"
-prettyPrintParseException (AesonException e) =
- "Aeson exception: " ++ e
-prettyPrintParseException (OtherParseException e) =
- "Parse exception: " ++ show e
-prettyPrintParseException (NonStringKeyAlias n v) = unlines
- [ "Non-string key alias:"
- , " Anchor name: " ++ n
- , " Value: " ++ show v
+ InvalidYaml mbYamlError -> case mbYamlError of
+ Nothing -> "Unspecified YAML error"
+ Just yamlError -> case yamlError of
+ YamlException s -> "YAML exception:\n" ++ s
+ YamlParseException problem context mark -> unlines
+ [ "YAML parse exception at line " ++ show (yamlLine mark) ++
+ ", column " ++ show (yamlColumn mark) ++ ","
+ -- The context seems to include a leading "while" or similar.
+ , context ++ ":"
+ , problem
+ ]
+ AesonException s -> "Aeson exception:\n" ++ s
+ OtherParseException exc -> "Generic parse exception:\n" ++ show exc
+ NonStringKeyAlias anchor value -> unlines
+ [ "Non-string key alias:"
+ , " Anchor name: " ++ anchor
+ , " Value: " ++ show value
]
-prettyPrintParseException CyclicIncludes = "Cyclic includes"
+ CyclicIncludes -> "Cyclic includes"
newtype PErrorT m a = PErrorT { runPErrorT :: m (Either ParseException a) }
instance Monad m => Functor (PErrorT m) where
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/Data/Yaml.hs new/yaml-0.8.14/Data/Yaml.hs
--- old/yaml-0.8.13/Data/Yaml.hs 2015-08-13 12:42:36.000000000 +0200
+++ new/yaml-0.8.14/Data/Yaml.hs 2015-08-30 08:11:27.000000000 +0200
@@ -167,7 +167,7 @@
decodeEither :: FromJSON a => ByteString -> Either String a
decodeEither bs = unsafePerformIO
- $ fmap (either (Left . show) id)
+ $ fmap (either (Left . prettyPrintParseException) id)
$ decodeHelper (Y.decode bs)
-- | More helpful version of 'decodeEither' which returns the 'YamlException'.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/yaml.cabal new/yaml-0.8.14/yaml.cabal
--- old/yaml-0.8.13/yaml.cabal 2015-08-13 12:42:36.000000000 +0200
+++ new/yaml-0.8.14/yaml.cabal 2015-08-30 08:11:27.000000000 +0200
@@ -1,5 +1,5 @@
name: yaml
-version: 0.8.13
+version: 0.8.14
license: BSD3
license-file: LICENSE
author: Michael Snoyman <michael(a)snoyman.com>, Anton Ageev <antage(a)gmail.com>,Kirill Simonov
1
0
Hello community,
here is the log from the commit of package ghc-utf8-string for openSUSE:Factory checked in at 2015-09-02 00:36:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-utf8-string (Old)
and /work/SRC/openSUSE:Factory/.ghc-utf8-string.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-utf8-string"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-utf8-string/ghc-utf8-string.changes 2015-08-27 08:56:49.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-utf8-string.new/ghc-utf8-string.changes 2015-09-02 00:36:13.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Aug 31 08:20:53 UTC 2015 - mimi.vx(a)gmail.com
+
+- update to 1.0.1.1
+* fix build under older GHC
+
+-------------------------------------------------------------------
Old:
----
utf8-string-1.0.1.tar.gz
New:
----
utf8-string-1.0.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-utf8-string.spec ++++++
--- /var/tmp/diff_new_pack.Gnp6LQ/_old 2015-09-02 00:36:14.000000000 +0200
+++ /var/tmp/diff_new_pack.Gnp6LQ/_new 2015-09-02 00:36:14.000000000 +0200
@@ -19,7 +19,7 @@
%global pkg_name utf8-string
Name: ghc-utf8-string
-Version: 1.0.1
+Version: 1.0.1.1
Release: 0
Summary: Support for reading and writing UTF8 Strings
License: BSD-3-Clause
++++++ utf8-string-1.0.1.tar.gz -> utf8-string-1.0.1.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/CHANGELOG.markdown new/utf8-string-1.0.1.1/CHANGELOG.markdown
--- old/utf8-string-1.0.1/CHANGELOG.markdown 2015-08-22 00:38:06.000000000 +0200
+++ new/utf8-string-1.0.1.1/CHANGELOG.markdown 2015-08-23 18:19:40.000000000 +0200
@@ -1,3 +1,7 @@
+1.0.1.1
+-----
+* Build correctly on GHC-7.0 (#14)
+
1.0.1
-----
* Improve the performance of Data.ByteString.Lazy.UTF8.fromString. (Thanks, ndmitchell)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/Data/ByteString/Lazy/UTF8.hs new/utf8-string-1.0.1.1/Data/ByteString/Lazy/UTF8.hs
--- old/utf8-string-1.0.1/Data/ByteString/Lazy/UTF8.hs 2015-08-22 00:38:06.000000000 +0200
+++ new/utf8-string-1.0.1.1/Data/ByteString/Lazy/UTF8.hs 2015-08-23 18:19:40.000000000 +0200
@@ -46,11 +46,16 @@
import qualified Data.ByteString.Lazy as B
import qualified Data.ByteString.Lazy.Internal as B
import qualified Data.ByteString.Internal as S
-import System.IO.Unsafe
import Prelude hiding (take,drop,splitAt,span,break,foldr,foldl,length,lines)
import Codec.Binary.UTF8.Generic (buncons)
+#if MIN_VERSION_base(4,4,0)
+import System.IO.Unsafe (unsafeDupablePerformIO)
+#else
+import GHC.IO (unsafeDupablePerformIO)
+#endif
+
---------------------------------------------------------------------
-- ENCODING
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/utf8-string.cabal new/utf8-string-1.0.1.1/utf8-string.cabal
--- old/utf8-string-1.0.1/utf8-string.cabal 2015-08-22 00:38:06.000000000 +0200
+++ new/utf8-string-1.0.1.1/utf8-string.cabal 2015-08-23 18:19:40.000000000 +0200
@@ -1,5 +1,5 @@
Name: utf8-string
-Version: 1.0.1
+Version: 1.0.1.1
Author: Eric Mertens
Maintainer: emertens(a)galois.com
License: BSD3
@@ -14,6 +14,7 @@
Build-type: Simple
cabal-version: >= 1.2
Extra-Source-Files: CHANGELOG.markdown
+Tested-With: GHC==7.0.4, GHC==7.4.2, GHC==7.6.3, GHC==7.8.4, GHC==7.10.2
library
Ghc-options: -W -O2
1
0
Hello community,
here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2015-09-02 00:36:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old)
and /work/SRC/openSUSE:Factory/.ghc-tls.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-tls"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-08-25 08:48:26.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2015-09-02 00:36:11.000000000 +0200
@@ -1,0 +2,11 @@
+Mon Aug 31 08:14:19 UTC 2015 - mimi.vx(a)gmail.com
+
+- update to 1.3.2
+* Add cipher suites for forward secrecy on more clients (Aaron Friel)
+* Maintain more handshake information to be queried by protocol (Adam Wick)
+* handle SCSV on client and server side (Kazu Yamamoto)
+* Cleanup renegotiation logic (Kazu Yamamoto)
+* Various testing improvements with the openssl test parts
+* Cleanup AEAD handling for future support of other ciphers
+
+-------------------------------------------------------------------
Old:
----
tls-1.3.1.tar.gz
New:
----
tls-1.3.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-tls.spec ++++++
--- /var/tmp/diff_new_pack.hUQrlS/_old 2015-09-02 00:36:11.000000000 +0200
+++ /var/tmp/diff_new_pack.hUQrlS/_new 2015-09-02 00:36:11.000000000 +0200
@@ -21,7 +21,7 @@
%bcond_with tests
Name: ghc-tls
-Version: 1.3.1
+Version: 1.3.2
Release: 0
Summary: TLS/SSL protocol native implementation (Server and Client)
License: BSD-3-Clause
++++++ tls-1.3.1.tar.gz -> tls-1.3.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Cipher.hs new/tls-1.3.2/Network/TLS/Cipher.hs
--- old/tls-1.3.1/Network/TLS/Cipher.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Cipher.hs 2015-08-24 07:44:53.000000000 +0200
@@ -102,6 +102,8 @@
{ bulkName :: String
, bulkKeySize :: Int
, bulkIVSize :: Int
+ , bulkExplicitIV :: Int -- Explicit size for IV for AEAD Cipher, 0 otherwise
+ , bulkAuthTagLen :: Int -- Authentication tag length in bytes for AEAD Cipher, 0 otherwise
, bulkBlockSize :: Int
, bulkF :: BulkFunctions
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Context/Internal.hs new/tls-1.3.2/Network/TLS/Context/Internal.hs
--- old/tls-1.3.1/Network/TLS/Context/Internal.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Context/Internal.hs 2015-08-24 07:44:53.000000000 +0200
@@ -76,9 +76,12 @@
-- | Information related to a running context, e.g. current cipher
data Information = Information
- { infoVersion :: Version
- , infoCipher :: Cipher
- , infoCompression :: Compression
+ { infoVersion :: Version
+ , infoCipher :: Cipher
+ , infoCompression :: Compression
+ , infoMasterSecret :: Maybe Bytes
+ , infoClientRandom :: Maybe ClientRandom
+ , infoServerRandom :: Maybe ServerRandom
} deriving (Show,Eq)
-- | A TLS Context keep tls specific state, parameters and backend information.
@@ -125,9 +128,15 @@
contextGetInformation :: Context -> IO (Maybe Information)
contextGetInformation ctx = do
ver <- usingState_ ctx $ gets stVersion
+ hstate <- getHState ctx
+ let (ms, cr, sr) = case hstate of
+ Just st -> (hstMasterSecret st,
+ Just (hstClientRandom st),
+ hstServerRandom st)
+ Nothing -> (Nothing, Nothing, Nothing)
(cipher,comp) <- failOnEitherError $ runRxState ctx $ gets $ \st -> (stCipher st, stCompression st)
case (ver, cipher) of
- (Just v, Just c) -> return $ Just $ Information v c comp
+ (Just v, Just c) -> return $ Just $ Information v c comp ms cr sr
_ -> return Nothing
contextSend :: Context -> Bytes -> IO ()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Extra/Cipher.hs new/tls-1.3.2/Network/TLS/Extra/Cipher.hs
--- old/tls-1.3.1/Network/TLS/Extra/Cipher.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Extra/Cipher.hs 2015-08-24 07:44:53.000000000 +0200
@@ -35,6 +35,8 @@
, cipher_DHE_DSS_RC4_SHA1
, cipher_DHE_RSA_AES128GCM_SHA256
, cipher_ECDHE_RSA_AES128GCM_SHA256
+ , cipher_ECDHE_RSA_AES128CBC_SHA256
+ , cipher_ECDHE_RSA_AES128CBC_SHA
) where
import qualified Data.ByteString as B
@@ -151,6 +153,8 @@
{ bulkName = "null"
, bulkKeySize = 0
, bulkIVSize = 0
+ , bulkExplicitIV = 0
+ , bulkAuthTagLen = 0
, bulkBlockSize = 0
, bulkF = BulkStreamF passThrough
}
@@ -161,6 +165,8 @@
{ bulkName = "RC4-128"
, bulkKeySize = 16
, bulkIVSize = 0
+ , bulkExplicitIV = 0
+ , bulkAuthTagLen = 0
, bulkBlockSize = 0
, bulkF = BulkStreamF rc4
}
@@ -169,6 +175,8 @@
{ bulkName = "AES128"
, bulkKeySize = 16
, bulkIVSize = 16
+ , bulkExplicitIV = 0
+ , bulkAuthTagLen = 0
, bulkBlockSize = 16
, bulkF = BulkBlockF aes128cbc
}
@@ -177,6 +185,8 @@
{ bulkName = "AES128GCM"
, bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN
, bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length
+ , bulkExplicitIV = 8
+ , bulkAuthTagLen = 16
, bulkBlockSize = 0 -- dummy, not used
, bulkF = BulkAeadF aes128gcm
}
@@ -185,6 +195,8 @@
{ bulkName = "AES256"
, bulkKeySize = 32
, bulkIVSize = 16
+ , bulkExplicitIV = 0
+ , bulkAuthTagLen = 0
, bulkBlockSize = 16
, bulkF = BulkBlockF aes256cbc
}
@@ -193,6 +205,8 @@
{ bulkName = "3DES-EDE-CBC"
, bulkKeySize = 24
, bulkIVSize = 8
+ , bulkExplicitIV = 0
+ , bulkAuthTagLen = 0
, bulkBlockSize = 8
, bulkF = BulkBlockF tripledes_ede
}
@@ -374,6 +388,27 @@
, cipherHash = SHA256
, cipherKeyExchange = CipherKeyExchange_ECDHE_RSA
, cipherMinVer = Just TLS12 -- RFC 5288 Sec 4
+ }
+
+cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher
+cipher_ECDHE_RSA_AES128CBC_SHA = Cipher
+ { cipherID = 0xc013
+ , cipherName = "ECDHE-RSA-AES128CBC-SHA"
+ , cipherBulk = bulk_aes128
+ , cipherHash = SHA1
+ , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA
+ , cipherMinVer = Just TLS10
+ }
+
+--TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher
+cipher_ECDHE_RSA_AES128CBC_SHA256 = Cipher
+ { cipherID = 0xc027
+ , cipherName = "ECDHE-RSA-AES128CBC-SHA"
+ , cipherBulk = bulk_aes128
+ , cipherHash = SHA256
+ , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA
+ , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4
}
{-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Common.hs new/tls-1.3.2/Network/TLS/Handshake/Common.hs
--- old/tls-1.3.1/Network/TLS/Handshake/Common.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Handshake/Common.hs 2015-08-24 07:44:53.000000000 +0200
@@ -60,8 +60,15 @@
sessionData <- getSessionData ctx
liftIO $ sessionEstablish (sharedSessionManager $ ctxShared ctx) sessionId (fromJust "session-data" sessionData)
_ -> return ()
- -- forget all handshake data now and reset bytes counters.
- liftIO $ modifyMVar_ (ctxHandshake ctx) (return . const Nothing)
+ -- forget most handshake data and reset bytes counters.
+ liftIO $ modifyMVar_ (ctxHandshake ctx) $ \ mhshake ->
+ case mhshake of
+ Nothing -> return Nothing
+ Just hshake ->
+ return $ Just (newEmptyHandshake (hstClientVersion hshake) (hstClientRandom hshake))
+ { hstServerRandom = hstServerRandom hshake
+ , hstMasterSecret = hstMasterSecret hshake
+ }
updateMeasure ctx resetBytesCounters
-- mark the secure connection up and running.
setEstablished ctx True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Process.hs new/tls-1.3.2/Network/TLS/Handshake/Process.hs
--- old/tls-1.3.1/Network/TLS/Handshake/Process.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Handshake/Process.hs 2015-08-24 07:44:53.000000000 +0200
@@ -30,14 +30,19 @@
import Network.TLS.Handshake.State
import Network.TLS.Handshake.Key
import Network.TLS.Extension
+import Network.TLS.Parameters
import Data.X509 (CertificateChain(..), Certificate(..), getCertificate)
processHandshake :: Context -> Handshake -> IO ()
processHandshake ctx hs = do
role <- usingState_ ctx isClientContext
case hs of
- ClientHello cver ran _ _ _ ex _ -> when (role == ServerRole) $ do
+ ClientHello cver ran _ cids _ ex _ -> when (role == ServerRole) $ do
mapM_ (usingState_ ctx . processClientExtension) ex
+ -- RFC 5746: secure renegotiation
+ -- TLS_EMPTY_RENEGOTIATION_INFO_SCSV: {0x00, 0xFF}
+ when (secureRenegotiation && (0xff `elem` cids)) $
+ usingState_ ctx $ setSecureRenegotiation True
startHandshake ctx cver ran
Certificates certs -> processCertificates role certs
ClientKeyXchg content -> when (role == ServerRole) $ do
@@ -49,8 +54,10 @@
let encoded = encodeHandshake hs
when (certVerifyHandshakeMaterial hs) $ usingHState ctx $ addHandshakeMessage encoded
when (finishHandshakeTypeMaterial $ typeOfHandshake hs) $ usingHState ctx $ updateHandshakeDigest encoded
- where -- secure renegotiation
- processClientExtension (0xff01, content) = do
+ where secureRenegotiation = supportedSecureRenegotiation $ ctxSupported ctx
+ -- RFC5746: secure renegotiation
+ -- the renegotiation_info extension: 0xff01
+ processClientExtension (0xff01, content) | secureRenegotiation = do
v <- getVerifiedData ClientRole
let bs = extensionEncode (SecureRenegotiation v Nothing)
unless (bs `bytesEq` content) $ throwError $ Error_Protocol ("client verified data not matching: " ++ show v ++ ":" ++ show content, True, HandshakeFailure)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Server.hs new/tls-1.3.2/Network/TLS/Handshake/Server.hs
--- old/tls-1.3.1/Network/TLS/Handshake/Server.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Handshake/Server.hs 2015-08-24 07:44:53.000000000 +0200
@@ -81,6 +81,12 @@
--
handshakeServerWith :: ServerParams -> Context -> Handshake -> IO ()
handshakeServerWith sparams ctx clientHello@(ClientHello clientVersion _ clientSession ciphers compressions exts _) = do
+ -- rejecting client initiated renegotiation to prevent DOS.
+ unless (supportedClientInitiatedRenegotiation (ctxSupported ctx)) $ do
+ established <- ctxEstablished ctx
+ eof <- ctxEOF ctx
+ when (established && not eof) $
+ throwCore $ Error_Protocol ("renegotiation is not allowed", False, NoRenegotiation)
-- check if policy allow this new handshake to happens
handshakeAuthorized <- withMeasure ctx (onNewHandshake $ serverHooks sparams)
unless handshakeAuthorized (throwCore $ Error_HandshakePolicy "server: handshake denied")
@@ -90,6 +96,12 @@
processHandshake ctx clientHello
when (clientVersion == SSL2) $ throwCore $ Error_Protocol ("ssl2 is not supported", True, ProtocolVersion)
+ -- Fallback SCSV: RFC7507
+ -- TLS_FALLBACK_SCSV: {0x56, 0x00}
+ when (supportedFallbackScsv (ctxSupported ctx) &&
+ (0x5600 `elem` ciphers) &&
+ clientVersion /= maxBound) $
+ throwCore $ Error_Protocol ("fallback is not allowed", True, InappropriateFallback)
chosenVersion <- case findHighestVersionFrom clientVersion (supportedVersions $ ctxSupported ctx) of
Nothing -> throwCore $ Error_Protocol ("client version " ++ show clientVersion ++ " is not supported", True, ProtocolVersion)
Just v -> return v
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Parameters.hs new/tls-1.3.2/Network/TLS/Parameters.hs
--- old/tls-1.3.1/Network/TLS/Parameters.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Parameters.hs 2015-08-24 07:44:53.000000000 +0200
@@ -118,10 +118,22 @@
-- | All supported hash/signature algorithms pair for client
-- certificate verification, ordered by decreasing priority.
, supportedHashSignatures :: [HashAndSignatureAlgorithm]
- -- | Set if we support secure renegotiation.
+ -- | Secure renegotiation defined in RFC5746.
+ -- If 'True', clients send the renegotiation_info extension.
+ -- If 'True', servers handle the extension or the renegotiation SCSV
+ -- then send the renegotiation_info extension.
, supportedSecureRenegotiation :: Bool
+ -- | If 'True', renegotiation is allowed from the client side.
+ -- This is vulnerable to DOS attacks.
+ -- If 'False', renegotiation is allowed only from the server side
+ -- via HelloRequest.
+ , supportedClientInitiatedRenegotiation :: Bool
-- | Set if we support session.
, supportedSession :: Bool
+ -- | Support for fallback SCSV defined in RFC7507.
+ -- If 'True', servers reject handshakes which suggest
+ -- a lower protocol than the highest protocol supported.
+ , supportedFallbackScsv :: Bool
} deriving (Show,Eq)
defaultSupported :: Supported
@@ -137,7 +149,9 @@
, (Struct.HashSHA1, SignatureDSS)
]
, supportedSecureRenegotiation = True
+ , supportedClientInitiatedRenegotiation = False
, supportedSession = True
+ , supportedFallbackScsv = True
}
instance Default Supported where
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Receiving.hs new/tls-1.3.2/Network/TLS/Receiving.hs
--- old/tls-1.3.1/Network/TLS/Receiving.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Receiving.hs 2015-08-24 07:44:53.000000000 +0200
@@ -28,16 +28,14 @@
import Network.TLS.Cipher
import Network.TLS.Util
-import Data.Byteable
-
processPacket :: Context -> Record Plaintext -> IO (Either TLSError Packet)
-processPacket _ (Record ProtocolType_AppData _ fragment) = return $ Right $ AppData $ toBytes fragment
+processPacket _ (Record ProtocolType_AppData _ fragment) = return $ Right $ AppData $ fragmentGetBytes fragment
-processPacket _ (Record ProtocolType_Alert _ fragment) = return (Alert `fmapEither` (decodeAlerts $ toBytes fragment))
+processPacket _ (Record ProtocolType_Alert _ fragment) = return (Alert `fmapEither` (decodeAlerts $ fragmentGetBytes fragment))
processPacket ctx (Record ProtocolType_ChangeCipherSpec _ fragment) =
- case decodeChangeCipherSpec $ toBytes fragment of
+ case decodeChangeCipherSpec $ fragmentGetBytes fragment of
Left err -> return $ Left err
Right _ -> do switchRxEncryption ctx
return $ Right ChangeCipherSpec
@@ -54,7 +52,7 @@
-- get back the optional continuation, and parse as many handshake record as possible.
mCont <- gets stHandshakeRecordCont
modify (\st -> st { stHandshakeRecordCont = Nothing })
- hss <- parseMany currentParams mCont (toBytes fragment)
+ hss <- parseMany currentParams mCont (fragmentGetBytes fragment)
return $ Handshake hss
where parseMany currentParams mCont bs =
case maybe decodeHandshakeRecord id mCont $ bs of
@@ -68,7 +66,7 @@
Right hh -> (hh:) `fmap` parseMany currentParams Nothing left
processPacket _ (Record ProtocolType_DeprecatedHandshake _ fragment) =
- case decodeDeprecatedHandshake $ toBytes fragment of
+ case decodeDeprecatedHandshake $ fragmentGetBytes fragment of
Left err -> return $ Left err
Right hs -> return $ Right $ Handshake [hs]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Disengage.hs new/tls-1.3.2/Network/TLS/Record/Disengage.hs
--- old/tls-1.3.1/Network/TLS/Record/Disengage.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Record/Disengage.hs 2015-08-24 07:44:53.000000000 +0200
@@ -85,7 +85,10 @@
decryptOf :: BulkState -> RecordM Bytes
decryptOf (BulkStateBlock decryptF) = do
let minContent = (if explicitIV then bulkIVSize bulk else 0) + max (macSize + 1) blockSize
+
+ -- check if we have enough bytes to cover the minimum for this cipher
when ((econtentLen `mod` blockSize) /= 0 || econtentLen < minContent) $ sanityCheckError
+
{- update IV -}
(iv, econtent') <- if explicitIV
then get2 econtent (bulkIVSize bulk, econtentLen - bulkIVSize bulk)
@@ -103,7 +106,9 @@
}
decryptOf (BulkStateStream (BulkStream decryptF)) = do
+ -- check if we have enough bytes to cover the minimum for this cipher
when (econtentLen < macSize) $ sanityCheckError
+
let (content', bulkStream') = decryptF econtent
{- update Ctx -}
let contentlen = B.length content' - macSize
@@ -116,13 +121,17 @@
}
decryptOf (BulkStateAEAD decryptF) = do
- let authtaglen = 16 -- FIXME: fixed_iv_length + record_iv_length
- nonceexplen = 8 -- FIXME: record_iv_length
- econtentlen = B.length econtent - authtaglen - nonceexplen
- (enonce, econtent', authTag) <- get3 econtent (nonceexplen, econtentlen, authtaglen)
+ let authTagLen = bulkAuthTagLen bulk
+ nonceExpLen = bulkExplicitIV bulk
+ cipherLen = econtentLen - authTagLen - nonceExpLen
+
+ -- check if we have enough bytes to cover the minimum for this cipher
+ when (econtentLen < (authTagLen + nonceExpLen)) $ sanityCheckError
+
+ (enonce, econtent', authTag) <- get3 econtent (nonceExpLen, cipherLen, authTagLen)
let encodedSeq = encodeWord64 $ msSequence $ stMacState tst
Header typ v _ = recordToHeader record
- hdr = Header typ v $ fromIntegral econtentlen
+ hdr = Header typ v $ fromIntegral cipherLen
ad = B.concat [ encodedSeq, encodeHeader hdr ]
nonce = cstIV (stCryptState tst) `B.append` enonce
(content, authTag2) = decryptF nonce econtent' ad
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Engage.hs new/tls-1.3.2/Network/TLS/Record/Engage.hs
--- old/tls-1.3.1/Network/TLS/Record/Engage.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Record/Engage.hs 2015-08-24 07:44:53.000000000 +0200
@@ -36,10 +36,9 @@
onRecordFragment record $ fragmentCompress $ \bytes -> do
withCompression $ compressionDeflate bytes
-{-
- - when Tx Encrypted is set, we pass the data through encryptContent, otherwise
- - we just return the packet
- -}
+-- when Tx Encrypted is set, we pass the data through encryptContent, otherwise
+-- we just return the compress payload directly as the ciphered one
+--
encryptRecord :: Record Compressed -> RecordM (Record Ciphertext)
encryptRecord record = onRecordFragment record $ fragmentCipher $ \bytes -> do
st <- get
@@ -100,15 +99,12 @@
cst <- getCryptState
encodedSeq <- encodeWord64 <$> getMacSequence
- let hdr = recordToHeader record
- ad = B.concat [ encodedSeq, encodeHeader hdr ]
- let salt = cstIV cst
- processorNum = encodeWord32 1 -- FIXME
- counter = B.drop 4 encodedSeq -- FIXME: probably OK
- nonce = B.concat [salt, processorNum, counter]
- let (e, AuthTag authtag) = encryptF nonce content ad
+ let hdr = recordToHeader record
+ ad = B.concat [encodedSeq, encodeHeader hdr]
+ nonce = B.concat [cstIV cst, encodedSeq]
+ (e, AuthTag authtag) = encryptF nonce content ad
modify incrRecordState
- return $ B.concat [processorNum, counter, e, B.convert authtag]
+ return $ B.concat [encodedSeq, e, B.convert authtag]
getCryptState :: RecordM CryptState
getCryptState = stCryptState <$> get
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Types.hs new/tls-1.3.2/Network/TLS/Record/Types.hs
--- old/tls-1.3.1/Network/TLS/Record/Types.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Record/Types.hs 2015-08-24 07:44:53.000000000 +0200
@@ -20,6 +20,7 @@
, Record(..)
-- * TLS Record fragment and constructors
, Fragment
+ , fragmentGetBytes
, fragmentPlaintext
, fragmentCiphertext
, Plaintext
@@ -40,13 +41,12 @@
import Network.TLS.Struct
import Network.TLS.Record.State
import qualified Data.ByteString as B
-import Data.Byteable
import Control.Applicative ((<$>))
-- | Represent a TLS record.
data Record a = Record !ProtocolType !Version !(Fragment a) deriving (Show,Eq)
-newtype Fragment a = Fragment Bytes deriving (Show,Eq)
+newtype Fragment a = Fragment { fragmentGetBytes :: Bytes } deriving (Show,Eq)
data Plaintext
data Compressed
@@ -58,9 +58,6 @@
fragmentCiphertext :: Bytes -> Fragment Ciphertext
fragmentCiphertext bytes = Fragment bytes
-instance Byteable (Fragment a) where
- toBytes (Fragment b) = b
-
onRecordFragment :: Record a -> (Fragment a -> RecordM (Fragment b)) -> RecordM (Record b)
onRecordFragment (Record pt ver frag) f = Record pt ver <$> f frag
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record.hs new/tls-1.3.2/Network/TLS/Record.hs
--- old/tls-1.3.1/Network/TLS/Record.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Record.hs 2015-08-24 07:44:53.000000000 +0200
@@ -15,6 +15,7 @@
( Record(..)
-- * Fragment manipulation types
, Fragment
+ , fragmentGetBytes
, fragmentPlaintext
, fragmentCiphertext
, recordToRaw
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Struct.hs new/tls-1.3.2/Network/TLS/Struct.hs
--- old/tls-1.3.1/Network/TLS/Struct.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Struct.hs 2015-08-24 07:44:53.000000000 +0200
@@ -174,8 +174,8 @@
data Header = Header ProtocolType Version Word16 deriving (Show,Eq)
-newtype ServerRandom = ServerRandom Bytes deriving (Show, Eq)
-newtype ClientRandom = ClientRandom Bytes deriving (Show, Eq)
+newtype ServerRandom = ServerRandom { unServerRandom :: Bytes } deriving (Show, Eq)
+newtype ClientRandom = ClientRandom { unClientRandom :: Bytes } deriving (Show, Eq)
newtype Session = Session (Maybe SessionID) deriving (Show, Eq)
type FinishedData = Bytes
@@ -218,6 +218,7 @@
| ProtocolVersion
| InsufficientSecurity
| InternalError
+ | InappropriateFallback -- RFC7507
| UserCanceled
| NoRenegotiation
| UnsupportedExtension
@@ -447,6 +448,7 @@
valOfType ProtocolVersion = 70
valOfType InsufficientSecurity = 71
valOfType InternalError = 80
+ valOfType InappropriateFallback = 86
valOfType UserCanceled = 90
valOfType NoRenegotiation = 100
valOfType UnsupportedExtension = 110
@@ -476,6 +478,7 @@
valToType 70 = Just ProtocolVersion
valToType 71 = Just InsufficientSecurity
valToType 80 = Just InternalError
+ valToType 86 = Just InappropriateFallback
valToType 90 = Just UserCanceled
valToType 100 = Just NoRenegotiation
valToType 110 = Just UnsupportedExtension
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Types.hs new/tls-1.3.2/Network/TLS/Types.hs
--- old/tls-1.3.1/Network/TLS/Types.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS/Types.hs 2015-08-24 07:44:53.000000000 +0200
@@ -22,7 +22,7 @@
-- | Versions known to TLS
--
-- SSL2 is just defined, but this version is and will not be supported.
-data Version = SSL2 | SSL3 | TLS10 | TLS11 | TLS12 deriving (Show, Eq, Ord)
+data Version = SSL2 | SSL3 | TLS10 | TLS11 | TLS12 deriving (Show, Eq, Ord, Bounded)
-- | A session ID
type SessionID = ByteString
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS.hs new/tls-1.3.2/Network/TLS.hs
--- old/tls-1.3.1/Network/TLS.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Network/TLS.hs 2015-08-24 07:44:53.000000000 +0200
@@ -58,6 +58,8 @@
-- * Information gathering
, Information(..)
+ , unClientRandom
+ , unServerRandom
, contextGetInformation
-- * Credentials
@@ -115,7 +117,8 @@
import Network.TLS.Struct ( TLSError(..), TLSException(..)
, HashAndSignatureAlgorithm, HashAlgorithm(..), SignatureAlgorithm(..)
, Header(..), ProtocolType(..), CertificateType(..)
- , AlertDescription(..))
+ , AlertDescription(..)
+ , ClientRandom(..), ServerRandom(..))
import Network.TLS.Crypto (KxError(..))
import Network.TLS.Cipher
import Network.TLS.Hooks
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Tests/Tests.hs new/tls-1.3.2/Tests/Tests.hs
--- old/tls-1.3.1/Tests/Tests.hs 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/Tests/Tests.hs 2015-08-24 07:44:53.000000000 +0200
@@ -100,8 +100,13 @@
prop_handshake_renegociation :: PropertyM IO ()
prop_handshake_renegociation = do
- params <- pick arbitraryPairParams
- runTLSPipe params tlsServer tlsClient
+ (cparams, sparams) <- pick arbitraryPairParams
+ let sparams' = sparams {
+ serverSupported = (serverSupported sparams) {
+ supportedClientInitiatedRenegotiation = True
+ }
+ }
+ runTLSPipe (cparams, sparams') tlsServer tlsClient
where tlsServer ctx queue = do
handshake ctx
d <- recvDataNonNull ctx
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/tls.cabal new/tls-1.3.2/tls.cabal
--- old/tls-1.3.1/tls.cabal 2015-06-20 09:31:09.000000000 +0200
+++ new/tls-1.3.2/tls.cabal 2015-08-24 07:44:53.000000000 +0200
@@ -1,5 +1,5 @@
Name: tls
-Version: 1.3.1
+Version: 1.3.2
Description:
Native Haskell TLS and SSL protocol implementation for server and client.
.
@@ -37,7 +37,6 @@
, transformers
, cereal >= 0.4
, bytestring
- , byteable
, network
, data-default-class
-- crypto related
1
0