September 2015 - openSUSE Commits - openSUSE Mailing Lists

commit tesseract-ocr for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package tesseract-ocr for openSUSE:Factory checked in at 2015-09-02 00:36:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tesseract-ocr (Old) and /work/SRC/openSUSE:Factory/.tesseract-ocr.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tesseract-ocr" Changes: -------- New Changes file: --- /dev/null 2015-08-24 19:43:32.284261900 +0200 +++ /work/SRC/openSUSE:Factory/.tesseract-ocr.new/tesseract-ocr.changes 2015-09-02 00:36:41.000000000 +0200 @@ -0,0 +1,108 @@ +------------------------------------------------------------------- +Sat Jun 20 10:27:29 UTC 2015 - mailaender(a)opensuse.org + +- rename to match upstream tarball and fix boo#900303 + +------------------------------------------------------------------- +Sat Jun 22 20:00:58 UTC 2013 - asterios.dramis(a)gmail.com + +- Split library into separate package (libtesseract3). +- Removed debuginfo package (not needed). +- There is no need anymore to regenerate the build system (removed automake and + libtool build requirements). +- Added pkg-config build requirement (fix for rpmlint error + "no-pkg-config-provides"). Removed also not needed + "Provides: pkgconfig(%{name})" entry. + +------------------------------------------------------------------- +Mon May 6 11:33:54 UTC 2013 - idonmez(a)suse.com + +- Update license, some files are GPL-2.0+ licensed + +------------------------------------------------------------------- +Mon Oct 29 11:36:22 UTC 2012 - jw(a)suse.com + +- Update to version 3.02.02 + * untested +- Notable features: + * Hebrew with BiDi support. + * More languages. +- removed upstreamed patch0 + +------------------------------------------------------------------- +Mon Jun 25 18:35:52 UTC 2012 - asterios.dramis(a)gmail.com + +- Update to version 3.01: + * Removed old/dead serialise/deserialze methods on *LISTIZED classes. + * Total rewrite of DENORM to better encapsulate operation and make + for potential to extract features from images. + * Thread-safety! Moved all critical globals and statics to + members of the appropriate class. Tesseract is now + thread-safe (multiple instances can be used in parallel + in multiple threads.) with the minor exception that some + control parameters are still global and affect all threads. + * Added Cube, a new recognizer for Arabic. Cube can also be + used in combination with normal Tesseract for other languages + with an improvement in accuracy at the cost of (much) lower speed. + There is no training module for Cube yet. + * OcrEngineMode in Init replaces AccuracyVSpeed to control cube. + * Greatly improved segmentation search with consequent accuracy and + speed improvements, especially for Chinese. + * Added PageIterator and ResultIterator as cleaner ways to get the + full results out of Tesseract, that are not currently provided + by any of the TessBaseAPI::Get* methods. + All other methods, such as the ETEXT_STRUCT in particular are + deprecated and will be deleted in the future. + * ApplyBoxes totally rewritten to make training easier. + It can now cope with touching/overlapping training characters, + and a new boxfile format allows word boxes instead of character + boxes, BUT to use that you have to have already boostrapped the + language with character boxes. "Cyclic dependency" on traineddata. + * Auto orientation and script detection added to page layout analysis. + * Deleted *lots* of dead code. + * Fixxht module replaced with scalable data-driven module. + * Output font characteristics accuracy improved. + * Removed the double conversion at each classification. + * Upgraded oldest structs to be classes and deprecated PBLOB. + * Removed non-deterministic baseline fit. + * Added fixed length dawgs for Chinese. + * Handling of vertical text improved. + * Handling of leader dots improved. + * Table detection greatly improved. +- Removed the various languages traineddata subpackages (to be included in a + separate package "tesseract-traineddata"). +- Changed License to Apache-2.0 (SPDX style). +- Removed libtiff-devel build dependency (not needed anymore). +- Added new build dependency liblept-devel, required now by the package. +- Added automake and libtool build dependencies in order to regenerate the + build system because of missing Makefile.in. +- Removed tesseract-traineddata-deu from recommended entries. +- Removed nonvoid.patch (fixed upstream). +- Added a patch (svutil.cpp_fix.patch) to fix compilation due to missing + includes (taken from upstream). +- Disabled compilation of static libraries. + +------------------------------------------------------------------- +Mon Oct 25 08:29:19 UTC 2010 - prusnak(a)opensuse.org + +- fixed missing returns in nonvoid functions (nonvoid.patch) +- added missing post/postun scripts calling ldconfig + +------------------------------------------------------------------- +Sat Sep 23 22:20:00 CEST 2010 - michal.smrz(a)opensuse.cz + +- update to tesseract-3.00 +- added plenty od new supported languages +- created tesseract-package-creator.py which will, hopefully, make future + updates easier + +------------------------------------------------------------------- +Fri Jul 10 12:13:04 CEST 2009 - puzel(a)novell.com + +- update to tesseract-2.04 + * Integrated bug fixes and patches and misc changes for portability. + * Integrated a patch to remove some of the "access" macros. + * Removed dependence on lua from the viewer, speeding it up + dramatically. + * Fixed the viewer so it compiles and runs properly! + New: ---- tesseract-ocr-3.02.02-doc-html.tar.gz tesseract-ocr-3.02.02.tar.gz tesseract-ocr.changes tesseract-ocr.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tesseract-ocr.spec ++++++ # # spec file for package tesseract-ocr # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define so_ver 3 Name: tesseract-ocr Version: 3.02.02 Release: 0 Summary: Open Source OCR Engine License: Apache-2.0 and GPL-2.0+ Group: Productivity/Graphics/Other Url: http://code.google.com/p/tesseract-ocr/ Source0: http://tesseract-ocr.googlecode.com/files/%{name}-%{version}.tar.gz Source1: http://tesseract-ocr.googlecode.com/files/%{name}-%{version}-doc-html.tar.gz BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: liblept-devel BuildRequires: pkg-config Recommends: tesseract-traineddata-american BuildRoot: %{_tmppath}/%{name}-%{version}-build %description A commercial quality OCR engine originally developed at HP between 1985 and 1995. In 1995, this engine was among the top 3 evaluated by UNLV. It was open-sourced by HP and UNLV in 2005. From 2007 it is developed by Google. %package devel Summary: Tesseract Open Source OCR Engine Development files Group: Development/Libraries/Other Requires: liblept-devel Requires: libtesseract%{so_ver} = %{version} %description devel This package contains development files for the Tesseract Open Source OCR Engine. %package -n libtesseract%{so_ver} Summary: Open Source OCR Engine Group: System/Libraries %description -n libtesseract%{so_ver} A commercial quality OCR engine originally developed at HP between 1985 and 1995. In 1995, this engine was among the top 3 evaluated by UNLV. It was open-sourced by HP and UNLV in 2005. From 2007 it is developed by Google. %prep %setup -q -b1 -n %{name} %build export CXXFLAGS="%{optflags} -fno-strict-aliasing -fPIC" %configure --disable-static make %{?_smp_mflags} %install %make_install # Remove libtool config files rm -f %{buildroot}%{_libdir}/libtesseract.la # Manually install the devel docs in order to fix rpmlint warnings "files-duplicate" and "doc-file-dependency" mkdir -p %{buildroot}%{_defaultdocdir}/%{name}-devel cp -a doc/html/ %{buildroot}%{_defaultdocdir}/%{name}-devel/ # Fix rpmlint warning "doc-file-dependency" rm -f %{buildroot}%{_defaultdocdir}/%{name}-devel/html/installdox # Fix rpmlint warning "files-duplicate" %fdupes -s %{buildroot} %post -n libtesseract%{so_ver} -p /sbin/ldconfig %postun -n libtesseract%{so_ver} -p /sbin/ldconfig %files %defattr(-,root,root,-) %doc AUTHORS COPYING ChangeLog README ReleaseNotes %{_bindir}/* %dir %{_datadir}/tessdata %{_datadir}/tessdata/configs/ %{_datadir}/tessdata/tessconfigs/ %{_mandir}/man1/*.1%{ext_man} %{_mandir}/man5/*.5%{ext_man} %files devel %defattr(-,root,root,-) %doc %{_defaultdocdir}/tesseract-ocr-devel/ %{_includedir}/tesseract/ %{_libdir}/libtesseract*.so %{_libdir}/pkgconfig/*.pc %files -n libtesseract%{so_ver} %defattr(-,root,root,-) %{_libdir}/libtesseract.so.%{so_ver}* %changelog

1 0

commit xf86-input-libinput for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package xf86-input-libinput for openSUSE:Factory checked in at 2015-09-02 00:36:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xf86-input-libinput (Old) and /work/SRC/openSUSE:Factory/.xf86-input-libinput.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xf86-input-libinput" Changes: -------- --- /work/SRC/openSUSE:Factory/xf86-input-libinput/xf86-input-libinput.changes 2015-08-10 09:15:54.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xf86-input-libinput.new/xf86-input-libinput.changes 2015-09-02 00:36:37.000000000 +0200 @@ -1,0 +2,17 @@ +Mon Aug 31 21:30:30 UTC 2015 - zaitor(a)opensuse.org + +- Update to version 0.14.0: + + Rename a local variable to not shadow the BSD strmode(3) + function. + + Remove unneeded header, epoll(7) interface is not directly + used. + + Rename main source file to x86libinput.c. + + gitignore: add patterns for automake test suite and misc other + bits. + + Add drag lock support. + + Add an option to disable horizontal scrolling. + + Revamp server fd opening. + + Use xf86OpenSerial instead of a direct open() call. + + Fix typo in libinput.man. + +------------------------------------------------------------------- Old: ---- xf86-input-libinput-0.13.0.tar.bz2 New: ---- xf86-input-libinput-0.14.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xf86-input-libinput.spec ++++++ --- /var/tmp/diff_new_pack.9kaUWy/_old 2015-09-02 00:36:38.000000000 +0200 +++ /var/tmp/diff_new_pack.9kaUWy/_new 2015-09-02 00:36:38.000000000 +0200 @@ -17,7 +17,7 @@ Name: xf86-input-libinput -Version: 0.13.0 +Version: 0.14.0 Release: 0 Summary: Libinput driver for the Xorg X server License: MIT ++++++ xf86-input-libinput-0.13.0.tar.bz2 -> xf86-input-libinput-0.14.0.tar.bz2 ++++++ ++++ 14621 lines of diff (skipped)

1 0

commit plowshare for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package plowshare for openSUSE:Factory checked in at 2015-09-02 00:36:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/plowshare (Old) and /work/SRC/openSUSE:Factory/.plowshare.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "plowshare" Changes: -------- --- /work/SRC/openSUSE:Factory/plowshare/plowshare.changes 2015-05-10 10:46:09.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.plowshare.new/plowshare.changes 2015-09-02 00:36:35.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Sep 1 07:26:24 UTC 2015 - mpluskal(a)suse.com + +- Update to 2.1.2 + * [core] Minor fixes. More cygwin/bsd friendly. +- Merge bash completion to main package + +------------------------------------------------------------------- Old: ---- v2.1.1.tar.gz New: ---- v2.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ plowshare.spec ++++++ --- /var/tmp/diff_new_pack.Ks0iL8/_old 2015-09-02 00:36:36.000000000 +0200 +++ /var/tmp/diff_new_pack.Ks0iL8/_new 2015-09-02 00:36:36.000000000 +0200 @@ -17,7 +17,7 @@ Name: plowshare -Version: 2.1.1 +Version: 2.1.2 Release: 0 Summary: Download and upload files from file-sharing websites License: GPL-3.0+ @@ -29,7 +29,8 @@ Requires: bash >= 4.1 Requires: curl >= 7.24 Requires: recode -Recommends: %{name}-bash-completion +Provides: %{name}-bash-completion = %{version} +Obsoletes: %{name}-bash-completion < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -39,23 +40,13 @@ files and manage remote folders and link deletion. It runs on Linux/BSD/Unix operating system. The basic concept is that files can be downloaded and uploaded though command line as easily as wget (or curl). -%package bash-completion -Summary: Bash-completion for plowshare -Group: Productivity/Networking/Web/Utilities -Requires: %{name} = %{version} -Requires: bash-completion -BuildArch: noarch - -%description bash-completion -This package contains bash-completion support for plowshare utility. - %prep %setup -q %build %install -%make_install PREFIX=%{_prefix} %{?_smp_mflags} +make DESTDIR=%{buildroot} install %{?_smp_mflags} install -D -m 0644 scripts/%{name}.completion %{buildroot}%{_sysconfdir}/bash_completion.d/%{name} sed -i 's|/local||g' %{buildroot}%{_sysconfdir}/bash_completion.d/%{name} @@ -68,9 +59,6 @@ %{_datadir}/%{name} %{_mandir}/man1/* %{_mandir}/man5/%{name}.conf.5.* - -%files bash-completion -%defattr(-,root,root,-) %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/* %config %{_sysconfdir}/bash_completion.d/plowshare ++++++ v2.1.1.tar.gz -> v2.1.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/CHANGELOG new/plowshare-2.1.2/CHANGELOG --- old/plowshare-2.1.1/CHANGELOG 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/CHANGELOG 2015-08-15 12:20:49.000000000 +0200 @@ -1,3 +1,9 @@ +plowshare (2.1.2) stable; urgency=low + + * [core] Minor fixes. More cygwin/bsd friendly. + + -- Matthieu Crapet <mcrapet(a)gmail.com> Sat, 15 Aug 2015 12:17:36 +0200 + plowshare (2.1.1) stable; urgency=medium * [plowmod] Fixes with git (requires git v1.8.5+) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/INSTALL new/plowshare-2.1.2/INSTALL --- old/plowshare-2.1.1/INSTALL 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/INSTALL 2015-08-15 12:20:49.000000000 +0200 @@ -62,6 +62,8 @@ 2) Manual method: from git sources +$ git clone https://github.com/mcrapet/plowshare.git + # If you have root privileges (like Ubuntu) $ sudo make install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/README.md new/plowshare-2.1.2/README.md --- old/plowshare-2.1.1/README.md 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/README.md 2015-08-15 12:20:49.000000000 +0200 @@ -177,6 +177,19 @@ **Remark**: Be aware that cURL is not capable of uploading files containing a comma `,` in their name, so make sure to rename them before using *plowup*. +Use cache over sessions to avoid multiple logins: + +```sh +$ plowup --cache=shared -a 'user:pasword' 1fichier file1.zip +$ plowup --cache=shared 1fichier file2.zip +``` + +On first command line, login stage will be performed and session (token or cookie) will be saved in +`~/.config/plowshare/storage/module-name.txt`. +On second command line, *plowup* will reuse the data stored to bypass login step. You don't have to specify credentials. + +**Note**: Only few hosters currently support cache mecanism. + ### Plowdel Delete a file from MegaShares (*delete link* required): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/core.sh new/plowshare-2.1.2/src/core.sh --- old/plowshare-2.1.1/src/core.sh 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/src/core.sh 2015-08-15 12:20:49.000000000 +0200 @@ -1003,8 +1003,7 @@ # # $1: filename basename_file() { - # `basename -- "$1"` may be screwed on some BusyBox versions - echo "${1##*/}" + basename -- "$1" || return $ERR_SYSTEM } # HTML entities will be translated @@ -2396,7 +2395,7 @@ ;; # kibibyte (KiB) KiB|Ki|K|KB) - echo $(( 1024 * R + F)) + echo $(( 1024 * R + 1024 * F / 1000)) ;; # megabyte (10^6) M|MB) @@ -2404,7 +2403,7 @@ ;; # mebibyte (MiB) MiB|Mi|m|mB) - echo $(( 1048576 * R + 1000 * F)) + echo $(( 1048576 * R + 1048576 * F / 1000)) ;; # gigabyte (10^9) G|GB) @@ -2412,7 +2411,7 @@ ;; # gibibyte (GiB) GiB|Gi) - echo $(( 1073741824 * R + 1000000 * F)) + echo $(( 1073741824 * R + 1073741824 * F / 1000)) ;; # bytes B|'') @@ -2450,7 +2449,7 @@ CONFIG="$PLOWSHARE_CONFDIR/storage" if [ ! -d "$CONFIG" ]; then - mkdir --parents "$CONFIG" + mkdir -p "$CONFIG" chmod 700 "$CONFIG" fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/download.sh new/plowshare-2.1.2/src/download.sh --- old/plowshare-2.1.1/src/download.sh 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/src/download.sh 2015-08-15 12:20:49.000000000 +0200 @@ -612,12 +612,12 @@ return $ERR_NETWORK fi - chmod 644 "$FILENAME_TMP" || log_error "chmod failed: $FILENAME_TMP" + chmod 644 "$FILENAME_TMP" 2>/dev/null || log_error "chmod failed: $FILENAME_TMP" if [ "$FILENAME_TMP" != "$FILENAME_OUT" ]; then test "$TEMP_RENAME" || \ log_notice "Moving file to output directory: ${OUT_DIR:-.}" - mv -f "$FILENAME_TMP" "$FILENAME_OUT" + mv -f "$FILENAME_TMP" "$FILENAME_OUT" 2>/dev/null || log_error "mv failed: $FILENAME_TMP" fi mark_queue "$TYPE" "$MARK_DOWN" "$ITEM" "$URL_RAW" OK "$FILENAME_OUT" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/mod.sh new/plowshare-2.1.2/src/mod.sh --- old/plowshare-2.1.1/src/mod.sh 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/src/mod.sh 2015-08-15 12:20:49.000000000 +0200 @@ -299,7 +299,7 @@ fi log_debug "modules directory: $DDIR" -[ -d "$DDIR" ] || mkdir --parents "$DDIR" +[ -d "$DDIR" ] || mkdir -p "$DDIR" if [ ! -w "$DDIR" ]; then log_error 'ERROR: Modules directory is not writable, abort.' exit $ERR_BAD_COMMAND_LINE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/plowshare-2.1.1/src/upload.sh new/plowshare-2.1.2/src/upload.sh --- old/plowshare-2.1.1/src/upload.sh 2015-05-03 08:45:53.000000000 +0200 +++ new/plowshare-2.1.2/src/upload.sh 2015-08-15 12:20:49.000000000 +0200 @@ -508,6 +508,13 @@ log_debug 'arbitrary wait (from module)' fi wait ${AWAIT:-60} || { URETVAL=$?; break; } + + # Unspecified retry but this error does not count as a retry + if [[ $MAXRETRIES -eq 0 ]]; then + log_notice "Starting upload ($MODULE): retry (after wait request)" + continue + fi + elif [[ $MAXRETRIES -eq 0 ]]; then break elif [ $URETVAL -ne $ERR_FATAL -a $URETVAL -ne $ERR_NETWORK -a \

1 0

commit nghttp2 for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package nghttp2 for openSUSE:Factory checked in at 2015-09-02 00:36:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nghttp2 (Old) and /work/SRC/openSUSE:Factory/.nghttp2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "nghttp2" Changes: -------- --- /work/SRC/openSUSE:Factory/nghttp2/nghttp2.changes 2015-08-17 15:35:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nghttp2.new/nghttp2.changes 2015-09-02 00:36:33.000000000 +0200 @@ -1,0 +2,25 @@ +Tue Sep 1 06:59:43 UTC 2015 - mpluskal(a)suse.com + +- Update to 1.3. + * Limit the number of incoming reserved (remote) streams + * Add stream public API + * Rewrite priority tree handling + * Fix parallel make distcheck + * Define it and itprep recursive target if + AM_EXTRA_RECURSIVE_TARGETS is defined + * fetch-ocsp-response: Handle spurious openssl exist status 0 + * nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS + connection + * nghttpx: Don't allow blacked listed cipher suites for HTTP/2 + connection + * nghttpx: better handle /dev/stderr and /dev/stdout (Patch from + Tomasz Buchert) + * nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met + * nghttpd: Return date header field for 304 + * nghttpd: Support HEAD request + * h2load: Add Timing-script and base URI support (Patch from + Lucas Pardue) + * h2load: Add timeout options (Patch from Nora) +- Fix typo in changelog + +------------------------------------------------------------------- @@ -4 +29 @@ -- Update to 1.2. +- Update to 1.2.1 Old: ---- nghttp2-1.2.1.tar.xz New: ---- nghttp2-1.3.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nghttp2.spec ++++++ --- /var/tmp/diff_new_pack.dhVoXq/_old 2015-09-02 00:36:34.000000000 +0200 +++ /var/tmp/diff_new_pack.dhVoXq/_new 2015-09-02 00:36:34.000000000 +0200 @@ -19,7 +19,7 @@ %define lib_name lib%{name}-14 %define lib_name_asio lib%{name}_asio1 Name: nghttp2 -Version: 1.2.1 +Version: 1.3.0 Release: 0 Summary: Implementation of Hypertext Transfer Protocol version 2 in C License: MIT ++++++ nghttp2-1.2.1.tar.xz -> nghttp2-1.3.0.tar.xz ++++++ ++++ 9693 lines of diff (skipped)

1 0

commit xfce4-vala for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package xfce4-vala for openSUSE:Factory checked in at 2015-09-02 00:36:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xfce4-vala (Old) and /work/SRC/openSUSE:Factory/.xfce4-vala.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xfce4-vala" Changes: -------- --- /work/SRC/openSUSE:Factory/xfce4-vala/xfce4-vala.changes 2015-08-13 18:10:53.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xfce4-vala.new/xfce4-vala.changes 2015-09-02 00:36:27.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Aug 31 11:22:41 CEST 2015 - tiwai(a)suse.de + +- Use is_opensuse macro instead for opensuse_bs (boo#940315) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xfce4-vala.spec ++++++ --- /var/tmp/diff_new_pack.8v0y4O/_old 2015-09-02 00:36:28.000000000 +0200 +++ /var/tmp/diff_new_pack.8v0y4O/_new 2015-09-02 00:36:28.000000000 +0200 @@ -23,7 +23,7 @@ %define vala_version 0.22 %endif %if 0%{?suse_version} == 1315 -%if 0%{?opensuse_bs} +%if 0%{?is_opensuse} # openSUSE Leap %define vala_version 0.28 %else

1 0

commit mysql-community-server for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package mysql-community-server for openSUSE:Factory checked in at 2015-09-02 00:36:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mysql-community-server (Old) and /work/SRC/openSUSE:Factory/.mysql-community-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mysql-community-server" Changes: -------- --- /work/SRC/openSUSE:Factory/mysql-community-server/mysql-community-server.changes 2015-07-14 17:46:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-community-server.changes 2015-09-02 00:36:23.000000000 +0200 @@ -1,0 +2,41 @@ +Fri Aug 28 14:49:57 UTC 2015 - kstreitova(a)suse.com + +- update to MySQL 5.6.26 + * changes: + * http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html + * fixed CVEs: + CVE-2015-2617, CVE-2015-2648, CVE-2015-2611, CVE-2015-2582 + CVE-2015-4752, CVE-2015-4756, CVE-2015-2643, CVE-2015-4772 + CVE-2015-4761, CVE-2015-4757, CVE-2015-4737, CVE-2015-4771 + CVE-2015-4769, CVE-2015-2639, CVE-2015-2620, CVE-2015-2641 + CVE-2015-2661, CVE-2015-4767 + * fix [bnc#938412] + * remove the following patches (changes were merged upstream): + * mysql-community-server-5.6.24-regex_heap_overflow.patch + * mysql-5.6.25-logjam.patch +- disable Performance Schema by default. Since MySQL 5.6.6 upstream + enabled Performance Schema by default which results in increased + memory usage. The added option disable Performance Schema again in + order to decrease MySQL memory usage [bnc#852477]. +- fix spurious macro expansion in comment in specfile +- install INFO_BIN and INFO_SRC, noticed in MDEV-6912 +- use spec-cleaner +- tweak some cmake switches to enable more things + * WITH_ASAN=ON adress sanitization + WITH_LIBWRAP=ON tcp wrappers + ENABLED_PROFILING=OFF profiling disable + ENABLE_DEBUG_SYNC=OFF debug testing sync disable + WITH_PIC=ON by default we want pic generated binaries +- remove superfluous '--group' parameter from mysql-systemd-helper +- make -devel package installable in the presence of LibreSSL +- cleanup after the update-message if it was displayed +- add 'exec' to mysql-systemd-helper to shutdown mysql/mariadb cleanly + [bnc#943096] +- remove redundant entry from %{_tmpfilesdir}/mysql.conf. Using both + 'x' and 'X' options is redundant and causes a warning message. + Leaving only the 'x' line fixes this problem. [bnc#942908] +- mariadb: replace readline-devel for readline5-devel (MDEV-6912) + [bnc#902396] +- mariadb-101: set cmake options for MariaDB Galera Cluster + +------------------------------------------------------------------- Old: ---- mysql-5.6.25.tar.gz New: ---- mysql-5.6.26.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mysql-community-server.spec ++++++ --- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200 +++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200 @@ -27,13 +27,14 @@ %define builtin_plugins partition,csv,heap,myisam,innobase %define extra_provides mysql-community-server_56 %define with_mandatory_boost 0 +%define build_extras 0 # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir %{_libexecdir}/tmpfiles.d } # Remove when 13.1 is out of support scope %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif -%if 0 > 0 +%if 0%{build_extras} > 0 %define with_jemalloc 1 %define with_oqgraph 1 %define with_cassandra 1 @@ -43,7 +44,7 @@ %define with_cassandra 0 %endif Name: mysql-community-server -Version: 5.6.25 +Version: 5.6.26 Release: 0 Summary: Server part of %{pretty_name} License: SUSE-GPL-2.0-with-FLOSS-exception @@ -71,7 +72,6 @@ BuildRequires: gcc-c++ BuildRequires: libaio-devel BuildRequires: libbz2-devel -BuildRequires: libedit-devel BuildRequires: libevent-devel BuildRequires: libtool BuildRequires: libxml2-devel @@ -81,17 +81,6 @@ BuildRequires: pam-devel BuildRequires: pcre-devel BuildRequires: pkgconfig -BuildRequires: procps -BuildRequires: pwdutils -BuildRequires: readline-devel -BuildRequires: sqlite -BuildRequires: tcpd-devel -BuildRequires: zlib-devel -BuildRequires: pkgconfig(systemd) -# Tests requires time and ps and some perl modules -# Keep in sync with Requires of mysql-testsuite -BuildRequires: procps -BuildRequires: time BuildRequires: perl(Data::Dumper) BuildRequires: perl(Env) BuildRequires: perl(Exporter) @@ -103,6 +92,15 @@ BuildRequires: perl(Sys::Hostname) BuildRequires: perl(Test::More) BuildRequires: perl(Time::HiRes) +# Tests requires time and ps and some perl modules +# Keep in sync with Requires of mysql-testsuite +BuildRequires: procps +BuildRequires: pwdutils +BuildRequires: sqlite +BuildRequires: tcpd-devel +BuildRequires: time +BuildRequires: zlib-devel +BuildRequires: pkgconfig(systemd) # required by rcmysql Requires: %{name}-client Requires: %{name}-errormessages = %{version} @@ -129,6 +127,12 @@ Obsoletes: %{extra_provides}-debug-version < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_requires} +# On mariadb we want readline5 and on mysql we use libedit from system +%if "%{name}" == "mariadb" +BuildRequires: readline5-devel +%else +BuildRequires: libedit-devel +%endif %if 0%{with_mandatory_boost} > 0 BuildRequires: boost-devel >= 1.57.0 %endif @@ -180,8 +184,8 @@ Requires: glibc-devel Requires: libmysqlclient%{soname} = %{version} Requires: libmysqlclient_r%{soname} = %{version} -Requires: openssl-devel Requires: zlib-devel +Requires: pkgconfig(libssl) # mysql-devel needs to be provided as some pkgs still depend on it Provides: mysql-devel = %{version} Obsoletes: mysql-devel < %{version} @@ -368,11 +372,17 @@ export CFLAGS="%{optflags} -DOPENSSL_LOAD_CONF -DPIC -fPIC -DFORCE_INIT_OF_VARS $EXTRA_FLAGS" export CXXFLAGS="$CFLAGS -felide-constructors" %cmake -DWITH_SSL=system \ + -DWITH_ASAN=OFF \ + -DWITH_LIBWRAP=ON \ + -DENABLED_PROFILING=OFF \ + -DENABLE_DEBUG_SYNC=OFF \ + -DWITH_PIC=ON \ -DWITH_ZLIB=system \ -DWITH_LIBEVENT=system \ -DWITH_JEMALLOC=auto \ -DWITH_READLINE=0 \ -DWITH_LIBEDIT=0 \ + -DWITH_EDITLINE=system \ -DINSTALL_LAYOUT=RPM \ -DMYSQL_UNIX_ADDR="%{_localstatedir}/run/mysql/mysql.sock" \ -DINSTALL_UNIX_ADDRDIR="%{_localstatedir}/run/mysql/mysql.sock" \ @@ -392,6 +402,8 @@ -DWITH_CSV_STORAGE_ENGINE=1 \ -DWITH_HANDLERSOCKET_STORAGE_ENGINE=1 \ -DWITH_EMBEDDED_SERVER=true \ + -DWITH_WSREP=ON \ + -DWITH_INNODB_DISALLOW_WRITES=1 \ -DCOMPILATION_COMMENT="openSUSE package" \ -DDENABLE_DOWNLOADS=false \ -DINSTALL_PLUGINDIR_RPM="%{_lib}/mysql/plugin" \ @@ -399,7 +411,8 @@ -DINSTALL_SYSCONF2DIR="%{_sysconfdir}/my.cnf.d" \ -DCMAKE_C_FLAGS_RELWITHDEBINFO="$CFLAGS" \ -DCMAKE_CXX_FLAGS_RELWITHDEBINFO="$CXXFLAGS" \ - -DCMAKE_BUILD_TYPE=RelWithDebInfo -DINSTALL_SQLBENCHDIR=share \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DINSTALL_SQLBENCHDIR=share \ -DCMAKE_C_FLAGS="$CFLAGS" \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ -DCMAKE_EXE_LINKER_FLAGS="-Wl,--as-needed -pie -Wl,-z,relro,-z,now" \ @@ -450,6 +463,9 @@ # Symbols from build to go into libdir install -m 644 build/sql/mysqld.sym %{buildroot}%{_libdir}/mysql/mysqld.sym +# INFO_BIN and INFO_SRC binaries +install -p -m 644 build/Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/ +install -p -m 644 build/Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/ # Remove handler socket client rm -f %{buildroot}%{_libdir}/mysql/plugin/handlersocket.so @@ -476,7 +492,7 @@ filelist mysql mysqladmin mysqlcheck mysqldump mysqlimport mysqlshow mysql_config_editor >mysql-client.files # The dialog stuff is mariadb only -if [ "`ls '%buildroot'%_libdir/mysql/plugin/dialog*.so 2> /dev/null`" ]; then +if [ "`ls '%{buildroot}'%{_libdir}/mysql/plugin/dialog*.so 2> /dev/null`" ]; then echo '%%dir %%_libdir/mysql' >> mysql-client.files echo '%%dir %%_libdir/mysql/plugin' >> mysql-client.files echo '%%_libdir/mysql/plugin/dialog*.so' >> mysql-client.files @@ -548,8 +564,7 @@ # bnc#852451 mkdir -p %{buildroot}%{_tmpfilesdir} cat > %{buildroot}%{_tmpfilesdir}/mysql.conf <<EOF -x /var/tmp/mysql.* -X /var/tmp/mysql.* +x %{_localstatedir}/tmp/mysql.* EOF # SuSEfirewall service description @@ -628,6 +643,7 @@ --max-test-fail=0 || : # client does not require server and needs the user too + %pre client getent group mysql >/dev/null || groupadd -r mysql getent passwd mysql >/dev/null || useradd -r -o -g mysql -u 60 -c "MySQL database admin" \ @@ -645,8 +661,8 @@ %post %service_add_post mysql.service mysql@.service mysql.target mysql(a)default.service -# Use %tmpfiles_create when 13.2 is oldest in support scope -/usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/mysql.conf || : +# Use %%tmpfiles_create when 13.2 is oldest in support scope +%{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/mysql.conf || : # SLE11 Migration support for i in protected tmp; do @@ -707,6 +723,8 @@ %postun %service_del_postun mysql.service mysql@.service mysql.target mysql(a)default.service +# Remove the /var/adm updatemsg that was hand-created and thus not on filelist +rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} %post -n lib%{libname}%{soname} -p /sbin/ldconfig @@ -744,6 +762,8 @@ %{_datadir}/%{name}/*.sql %dir %{_libdir}/mysql %{_libdir}/mysql/mysqld.sym +%{_libdir}/mysql/INFO_BIN +%{_libdir}/mysql/INFO_SRC %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/mysql %dir %{_libdir}/mysql/plugin %{_libdir}/mysql/plugin/[!d]*.so ++++++ configuration-tweaks.tar.bz2 ++++++ ++++++ my.ini ++++++ --- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200 +++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200 @@ -55,6 +55,10 @@ # sort_buffer_size = 2M # read_rnd_buffer_size = 2M +# The following option disables Performance Schema in order to decrease +# MySQL memory usage. +performance_schema=OFF + sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES [mysqld_multi] ++++++ mysql-5.6.25.tar.gz -> mysql-5.6.26.tar.gz ++++++ /work/SRC/openSUSE:Factory/mysql-community-server/mysql-5.6.25.tar.gz /work/SRC/openSUSE:Factory/.mysql-community-server.new/mysql-5.6.26.tar.gz differ: char 5, line 1 ++++++ mysql-patches.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch new/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch --- old/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch 2015-07-07 10:39:15.000000000 +0200 +++ new/mysql-patches/mysql-patches/mysql-5.6.25-logjam.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,132 +0,0 @@ -PATCH-P1-FIX-UPSTREAM: Logjam patch for mysql bnc#934789 - -From 866b988a76e8e7e217017a7883a52a12ec5024b9 Mon Sep 17 00:00:00 2001 -From: Marek Szymczak <marek.szymczak(a)oracle.com> -Date: Thu, 9 Oct 2014 16:39:43 +0200 -Subject: [PATCH] Bug#18367167 DH KEY LENGTH OF 1024 BITS TO MEET MINIMUM REQ - OF FIPS 140-2 - -Perfect Forward Secrecy (PFS) requires Diffie-Hellman (DH) parameters to be set. Current implementation uses DH key of 512 bit. ---- - include/violite.h | 3 ++- - vio/viosslfactories.c | 70 ++++++++++++++++++++++++++++++++++++++++----------- - 2 files changed, 57 insertions(+), 16 deletions(-) - -Index: mysql-5.6.25/include/violite.h -=================================================================== ---- mysql-5.6.25.orig/include/violite.h -+++ mysql-5.6.25/include/violite.h -@@ -147,7 +147,8 @@ enum enum_ssl_init_error - { - SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, - SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, -- SSL_INITERR_MEMFAIL, SSL_INITERR_LASTERR -+ SSL_INITERR_MEMFAIL, SSL_INITERR_NO_USABLE_CTX, SSL_INITERR_DHFAIL, -+ SSL_INITERR_LASTERR - }; - const char* sslGetErrString(enum enum_ssl_init_error err); - -Index: mysql-5.6.25/vio/viosslfactories.c -=================================================================== ---- mysql-5.6.25.orig/vio/viosslfactories.c -+++ mysql-5.6.25/vio/viosslfactories.c -@@ -20,27 +20,56 @@ - static my_bool ssl_algorithms_added = FALSE; - static my_bool ssl_error_strings_loaded= FALSE; - --static unsigned char dh512_p[]= -+/* -+ Diffie-Hellman key. -+ Generated using: >openssl dhparam -5 -C 2048 -+ -+ -----BEGIN DH PARAMETERS----- -+ MIIBCAKCAQEAil36wGZ2TmH6ysA3V1xtP4MKofXx5n88xq/aiybmGnReZMviCPEJ -+ 46+7VCktl/RZ5iaDH1XNG1dVQmznt9pu2G3usU+k1/VB4bQL4ZgW4u0Wzxh9PyXD -+ glm99I9Xyj4Z5PVE4MyAsxCRGA1kWQpD9/zKAegUBPLNqSo886Uqg9hmn8ksyU9E -+ BV5eAEciCuawh6V0O+Sj/C3cSfLhgA0GcXp3OqlmcDu6jS5gWjn3LdP1U0duVxMB -+ h/neTSCSvtce4CAMYMjKNVh9P1nu+2d9ZH2Od2xhRIqMTfAS1KTqF3VmSWzPFCjG -+ mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ== -+ -----END DH PARAMETERS----- -+ */ -+static unsigned char dh2048_p[]= - { -- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, -- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, -- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, -- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, -- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, -- 0x47,0x74,0xE8,0x33, -+ 0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37, -+ 0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C, -+ 0xC6, 0xAF, 0xDA, 0x8B, 0x26, 0xE6, 0x1A, 0x74, 0x5E, 0x64, 0xCB, 0xE2, -+ 0x08, 0xF1, 0x09, 0xE3, 0xAF, 0xBB, 0x54, 0x29, 0x2D, 0x97, 0xF4, 0x59, -+ 0xE6, 0x26, 0x83, 0x1F, 0x55, 0xCD, 0x1B, 0x57, 0x55, 0x42, 0x6C, 0xE7, -+ 0xB7, 0xDA, 0x6E, 0xD8, 0x6D, 0xEE, 0xB1, 0x4F, 0xA4, 0xD7, 0xF5, 0x41, -+ 0xE1, 0xB4, 0x0B, 0xE1, 0x98, 0x16, 0xE2, 0xED, 0x16, 0xCF, 0x18, 0x7D, -+ 0x3F, 0x25, 0xC3, 0x82, 0x59, 0xBD, 0xF4, 0x8F, 0x57, 0xCA, 0x3E, 0x19, -+ 0xE4, 0xF5, 0x44, 0xE0, 0xCC, 0x80, 0xB3, 0x10, 0x91, 0x18, 0x0D, 0x64, -+ 0x59, 0x0A, 0x43, 0xF7, 0xFC, 0xCA, 0x01, 0xE8, 0x14, 0x04, 0xF2, 0xCD, -+ 0xA9, 0x2A, 0x3C, 0xF3, 0xA5, 0x2A, 0x83, 0xD8, 0x66, 0x9F, 0xC9, 0x2C, -+ 0xC9, 0x4F, 0x44, 0x05, 0x5E, 0x5E, 0x00, 0x47, 0x22, 0x0A, 0xE6, 0xB0, -+ 0x87, 0xA5, 0x74, 0x3B, 0xE4, 0xA3, 0xFC, 0x2D, 0xDC, 0x49, 0xF2, 0xE1, -+ 0x80, 0x0D, 0x06, 0x71, 0x7A, 0x77, 0x3A, 0xA9, 0x66, 0x70, 0x3B, 0xBA, -+ 0x8D, 0x2E, 0x60, 0x5A, 0x39, 0xF7, 0x2D, 0xD3, 0xF5, 0x53, 0x47, 0x6E, -+ 0x57, 0x13, 0x01, 0x87, 0xF9, 0xDE, 0x4D, 0x20, 0x92, 0xBE, 0xD7, 0x1E, -+ 0xE0, 0x20, 0x0C, 0x60, 0xC8, 0xCA, 0x35, 0x58, 0x7D, 0x3F, 0x59, 0xEE, -+ 0xFB, 0x67, 0x7D, 0x64, 0x7D, 0x8E, 0x77, 0x6C, 0x61, 0x44, 0x8A, 0x8C, -+ 0x4D, 0xF0, 0x12, 0xD4, 0xA4, 0xEA, 0x17, 0x75, 0x66, 0x49, 0x6C, 0xCF, -+ 0x14, 0x28, 0xC6, 0x9A, 0x3C, 0x71, 0xFD, 0xB8, 0x3A, 0x6C, 0xE3, 0xA3, -+ 0xA6, 0x06, 0x5A, 0xA6, 0xF0, 0x7A, 0x00, 0x15, 0xA5, 0x5A, 0x64, 0x66, -+ 0x00, 0x05, 0x85, 0xB7, - }; - --static unsigned char dh512_g[]={ -- 0x02, -+static unsigned char dh2048_g[]={ -+ 0x05, - }; - --static DH *get_dh512(void) -+static DH *get_dh2048(void) - { - DH *dh; - if ((dh=DH_new())) - { -- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); -- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); -+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); -+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if (! dh->p || ! dh->g) - { - DH_free(dh); -@@ -81,7 +110,9 @@ ssl_error_string[] = - "Private key does not match the certificate public key", - "SSL_CTX_set_default_verify_paths failed", - "Failed to set ciphers to use", -- "SSL_CTX_new failed" -+ "SSL_CTX_new failed", -+ "SSL context is not usable without certificate and private key", -+ "SSL_CTX_set_tmp_dh failed" - }; - - const char* -@@ -285,8 +316,17 @@ new_VioSSLFd(const char *key_file, const - } - - /* DH stuff */ -- dh=get_dh512(); -- SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); -+ dh= get_dh2048(); -+ if (SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh) == 0) -+ { -+ *error= SSL_INITERR_DHFAIL; -+ DBUG_PRINT("error", ("%s", sslGetErrString(*error))); -+ report_errors(); -+ DH_free(dh); -+ SSL_CTX_free(ssl_fd->ssl_context); -+ my_free(ssl_fd); -+ DBUG_RETURN(0); -+ } - DH_free(dh); - - DBUG_PRINT("exit", ("OK 1")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch new/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch --- old/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch 2015-07-07 10:39:15.000000000 +0200 +++ new/mysql-patches/mysql-patches/mysql-community-server-5.6.24-regex_heap_overflow.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -PATCH-P1-FIX-UPSTREAM: Fix heap overflow vulnerability in regex library -BUGS: bnc#922043 - -Description of the vulnerability from -https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ -"Fix heap overflow vulnerability in Henry Spencer’s regex library, -affecting 32 bit systems only. Variable ‘len’ is here enlarged to such -an extent that, in the process of enlarging (multiplication and addition), -causes the 32 bit register/variable to overflow." - -Maintainer: Kristyna Streitova <kstreitova(a)suse.com> - -Index: mysql-5.5.43/regex/regcomp.c -=================================================================== ---- mysql-5.5.43.orig/regex/regcomp.c -+++ mysql-5.5.43/regex/regcomp.c -@@ -138,7 +138,15 @@ CHARSET_INFO *charset; - (NC-1)*sizeof(cat_t)); - if (g == NULL) - return(MY_REG_ESPACE); -- p->ssize = (long) (len/(size_t)2*(size_t)3 + (size_t)1); /* ugh */ -+ { -+ /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */ -+ size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */ -+ if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) { -+ free((char *) g); -+ return MY_REG_INVARG; -+ } -+ p->ssize = (long) new_ssize; -+ } - p->strip = (sop *)malloc(p->ssize * sizeof(sop)); - p->slen = 0; - if (p->strip == NULL) { ++++++ mysql-systemd-helper ++++++ --- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:25.000000000 +0200 +++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:25.000000000 +0200 @@ -34,7 +34,6 @@ --socket=*) socket="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; --datadir=*) datadir="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; --user=*) mysql_daemon_user="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; - --group=*) mysql_daemon_group="$(echo "$arg" | sed -e 's/^[^=]*=//')" ;; esac done } @@ -88,7 +87,7 @@ # Run protected MySQL accessible only though socket in our directory echo "Running protected MySQL... " /usr/sbin/mysqld \ - --user="$mysql_daemon_user" --group="$mysql_daemon_group" \ + --user="$mysql_daemon_user" \ $opts \ --skip-networking \ --skip-grant-tables \ @@ -145,7 +144,7 @@ } mysql_start() { - /usr/sbin/mysqld --user="$mysql_daemon_user" --group="$mysql_daemon_group" $opts + exec /usr/sbin/mysqld --user="$mysql_daemon_user" $opts } # We rely on output in english at some points ++++++ series ++++++ --- /var/tmp/diff_new_pack.ruNF5q/_old 2015-09-02 00:36:26.000000000 +0200 +++ /var/tmp/diff_new_pack.ruNF5q/_new 2015-09-02 00:36:26.000000000 +0200 @@ -10,6 +10,4 @@ mysql-community-server-5.6.12-upgrade-datadir.patch mysql-community-server-5.6.12-srv_buf_size.patch mysql-community-server-5.6.12-logrotate-su.patch -mysql-community-server-5.6.24-regex_heap_overflow.patch mysql-community-server-5.6.24-static_library.patch -mysql-5.6.25-logjam.patch

1 0

commit python-unicodecsv for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package python-unicodecsv for openSUSE:Factory checked in at 2015-09-02 00:36:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-unicodecsv (Old) and /work/SRC/openSUSE:Factory/.python-unicodecsv.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-unicodecsv" Changes: -------- New Changes file: --- /dev/null 2015-08-24 19:43:32.284261900 +0200 +++ /work/SRC/openSUSE:Factory/.python-unicodecsv.new/python-unicodecsv.changes 2015-09-02 00:36:18.000000000 +0200 @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Thu Oct 2 16:20:47 UTC 2014 - toddrme2178(a)gmail.com + +- Initial version + New: ---- python-unicodecsv.changes python-unicodecsv.spec unicodecsv-0.9.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-unicodecsv.spec ++++++ # # spec file for package python-unicodecsv # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: python-unicodecsv Version: 0.9.4 Release: 0 Summary: Drop-in replacment for python's csv module with unicode support License: BSD-2-Clause Group: Development/Languages/Python Url: https://github.com/jdunck/python-unicodecsv Source: https://pypi.python.org/packages/source/u/unicodecsv/unicodecsv-%{version}.… BuildRequires: python-devel BuildRequires: python-setuptools BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif %description Python 2's csv module doesn't easily deal with unicode strings, leading to the dreaded "'ascii' codec can't encode characters in position ..." exception. The unicodecsv is a drop-in replacement for Python 2's csv module which supports unicode strings without a hassle. %prep %setup -q -n unicodecsv-%{version} %build python setup.py build %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} %files %defattr(-,root,root,-) %doc README.rst %{python_sitelib}/* %changelog

1 0

commit ghc-yaml for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package ghc-yaml for openSUSE:Factory checked in at 2015-09-02 00:36:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-yaml (Old) and /work/SRC/openSUSE:Factory/.ghc-yaml.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ghc-yaml" Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-yaml/ghc-yaml.changes 2015-08-27 08:55:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-yaml.new/ghc-yaml.changes 2015-09-02 00:36:16.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 31 08:46:59 UTC 2015 - mimi.vx(a)gmail.com + +- update to 0.8.14 +* Pretty print improvements for exceptions + +------------------------------------------------------------------- Old: ---- yaml-0.8.13.tar.gz New: ---- yaml-0.8.14.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-yaml.spec ++++++ --- /var/tmp/diff_new_pack.vv6JmB/_old 2015-09-02 00:36:17.000000000 +0200 +++ /var/tmp/diff_new_pack.vv6JmB/_new 2015-09-02 00:36:17.000000000 +0200 @@ -18,7 +18,7 @@ %global pkg_name yaml Name: ghc-yaml -Version: 0.8.13 +Version: 0.8.14 Release: 0 Summary: Support for parsing and rendering YAML documents License: BSD-3-Clause ++++++ yaml-0.8.13.tar.gz -> yaml-0.8.14.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/ChangeLog.md new/yaml-0.8.14/ChangeLog.md --- old/yaml-0.8.13/ChangeLog.md 2015-08-13 12:42:36.000000000 +0200 +++ new/yaml-0.8.14/ChangeLog.md 2015-08-30 08:11:27.000000000 +0200 @@ -1,3 +1,7 @@ +## 0.8.14 + +* Pretty print improvements for exceptions [#67](https://github.com/snoyberg/yaml/pull/67) + ## 0.8.13 * Pretty module [#66](https://github.com/snoyberg/yaml/pull/66) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/Data/Yaml/Internal.hs new/yaml-0.8.14/Data/Yaml/Internal.hs --- old/yaml-0.8.13/Data/Yaml/Internal.hs 2015-08-13 12:42:36.000000000 +0200 +++ new/yaml-0.8.14/Data/Yaml/Internal.hs 2015-08-30 08:11:27.000000000 +0200 @@ -19,6 +19,7 @@ import Text.Libyaml hiding (encode, decode, encodeFile, decodeFile) import Data.ByteString (ByteString) import qualified Data.Map as Map +import Data.Maybe (isNothing) import Control.Exception import Control.Exception.Enclosed import Control.Monad.Trans.State @@ -66,36 +67,44 @@ -- Instead of displaying the data constructors applied to their arguments, -- a more textual output is returned. For example, instead of printing: -- --- > AesonException "The key \"foo\" was not found" +-- > InvalidYaml (Just (YamlParseException {yamlProblem = "did not find expected ',' or '}'", yamlContext = "while parsing a flow mapping", yamlProblemMark = YamlMark {yamlIndex = 42, yamlLine = 2, yamlColumn = 12}}))) -- -- It looks more pleasant to print: -- --- > Aeson exception: The key "foo" was not found +-- > YAML parse exception at line 2, column 12, +-- > while parsing a flow mapping: +-- > did not find expected ',' or '}' -- -- Since 0.8.11 prettyPrintParseException :: ParseException -> String -prettyPrintParseException NonScalarKey = "Non scalar key" -prettyPrintParseException (UnknownAlias n) = - "Unknown alias: " ++ n -prettyPrintParseException (UnexpectedEvent r e) = unlines - [ "Unexpected event:" - , " Received: " ++ maybe "None" show r - , " Expected: " ++ maybe "None" show e +prettyPrintParseException pe = case pe of + NonScalarKey -> "Non scalar key" + UnknownAlias anchor -> "Unknown alias `" ++ anchor ++ "`" + UnexpectedEvent mbExpected mbUnexpected -> unlines + [ "Unexpected event: expected" + , " " ++ show mbExpected + , "but received" + , " " ++ show mbUnexpected ] -prettyPrintParseException (InvalidYaml mye) = - case mye of - Just ye -> "Invalid yaml: " ++ show ye - _ -> "Invalid yaml" -prettyPrintParseException (AesonException e) = - "Aeson exception: " ++ e -prettyPrintParseException (OtherParseException e) = - "Parse exception: " ++ show e -prettyPrintParseException (NonStringKeyAlias n v) = unlines - [ "Non-string key alias:" - , " Anchor name: " ++ n - , " Value: " ++ show v + InvalidYaml mbYamlError -> case mbYamlError of + Nothing -> "Unspecified YAML error" + Just yamlError -> case yamlError of + YamlException s -> "YAML exception:\n" ++ s + YamlParseException problem context mark -> unlines + [ "YAML parse exception at line " ++ show (yamlLine mark) ++ + ", column " ++ show (yamlColumn mark) ++ "," + -- The context seems to include a leading "while" or similar. + , context ++ ":" + , problem + ] + AesonException s -> "Aeson exception:\n" ++ s + OtherParseException exc -> "Generic parse exception:\n" ++ show exc + NonStringKeyAlias anchor value -> unlines + [ "Non-string key alias:" + , " Anchor name: " ++ anchor + , " Value: " ++ show value ] -prettyPrintParseException CyclicIncludes = "Cyclic includes" + CyclicIncludes -> "Cyclic includes" newtype PErrorT m a = PErrorT { runPErrorT :: m (Either ParseException a) } instance Monad m => Functor (PErrorT m) where diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/Data/Yaml.hs new/yaml-0.8.14/Data/Yaml.hs --- old/yaml-0.8.13/Data/Yaml.hs 2015-08-13 12:42:36.000000000 +0200 +++ new/yaml-0.8.14/Data/Yaml.hs 2015-08-30 08:11:27.000000000 +0200 @@ -167,7 +167,7 @@ decodeEither :: FromJSON a => ByteString -> Either String a decodeEither bs = unsafePerformIO - $ fmap (either (Left . show) id) + $ fmap (either (Left . prettyPrintParseException) id) $ decodeHelper (Y.decode bs) -- | More helpful version of 'decodeEither' which returns the 'YamlException'. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yaml-0.8.13/yaml.cabal new/yaml-0.8.14/yaml.cabal --- old/yaml-0.8.13/yaml.cabal 2015-08-13 12:42:36.000000000 +0200 +++ new/yaml-0.8.14/yaml.cabal 2015-08-30 08:11:27.000000000 +0200 @@ -1,5 +1,5 @@ name: yaml -version: 0.8.13 +version: 0.8.14 license: BSD3 license-file: LICENSE author: Michael Snoyman <michael(a)snoyman.com>, Anton Ageev <antage(a)gmail.com>,Kirill Simonov

1 0

commit ghc-utf8-string for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package ghc-utf8-string for openSUSE:Factory checked in at 2015-09-02 00:36:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-utf8-string (Old) and /work/SRC/openSUSE:Factory/.ghc-utf8-string.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ghc-utf8-string" Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-utf8-string/ghc-utf8-string.changes 2015-08-27 08:56:49.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-utf8-string.new/ghc-utf8-string.changes 2015-09-02 00:36:13.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 31 08:20:53 UTC 2015 - mimi.vx(a)gmail.com + +- update to 1.0.1.1 +* fix build under older GHC + +------------------------------------------------------------------- Old: ---- utf8-string-1.0.1.tar.gz New: ---- utf8-string-1.0.1.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-utf8-string.spec ++++++ --- /var/tmp/diff_new_pack.Gnp6LQ/_old 2015-09-02 00:36:14.000000000 +0200 +++ /var/tmp/diff_new_pack.Gnp6LQ/_new 2015-09-02 00:36:14.000000000 +0200 @@ -19,7 +19,7 @@ %global pkg_name utf8-string Name: ghc-utf8-string -Version: 1.0.1 +Version: 1.0.1.1 Release: 0 Summary: Support for reading and writing UTF8 Strings License: BSD-3-Clause ++++++ utf8-string-1.0.1.tar.gz -> utf8-string-1.0.1.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/CHANGELOG.markdown new/utf8-string-1.0.1.1/CHANGELOG.markdown --- old/utf8-string-1.0.1/CHANGELOG.markdown 2015-08-22 00:38:06.000000000 +0200 +++ new/utf8-string-1.0.1.1/CHANGELOG.markdown 2015-08-23 18:19:40.000000000 +0200 @@ -1,3 +1,7 @@ +1.0.1.1 +----- +* Build correctly on GHC-7.0 (#14) + 1.0.1 ----- * Improve the performance of Data.ByteString.Lazy.UTF8.fromString. (Thanks, ndmitchell) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/Data/ByteString/Lazy/UTF8.hs new/utf8-string-1.0.1.1/Data/ByteString/Lazy/UTF8.hs --- old/utf8-string-1.0.1/Data/ByteString/Lazy/UTF8.hs 2015-08-22 00:38:06.000000000 +0200 +++ new/utf8-string-1.0.1.1/Data/ByteString/Lazy/UTF8.hs 2015-08-23 18:19:40.000000000 +0200 @@ -46,11 +46,16 @@ import qualified Data.ByteString.Lazy as B import qualified Data.ByteString.Lazy.Internal as B import qualified Data.ByteString.Internal as S -import System.IO.Unsafe import Prelude hiding (take,drop,splitAt,span,break,foldr,foldl,length,lines) import Codec.Binary.UTF8.Generic (buncons) +#if MIN_VERSION_base(4,4,0) +import System.IO.Unsafe (unsafeDupablePerformIO) +#else +import GHC.IO (unsafeDupablePerformIO) +#endif + --------------------------------------------------------------------- -- ENCODING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/utf8-string-1.0.1/utf8-string.cabal new/utf8-string-1.0.1.1/utf8-string.cabal --- old/utf8-string-1.0.1/utf8-string.cabal 2015-08-22 00:38:06.000000000 +0200 +++ new/utf8-string-1.0.1.1/utf8-string.cabal 2015-08-23 18:19:40.000000000 +0200 @@ -1,5 +1,5 @@ Name: utf8-string -Version: 1.0.1 +Version: 1.0.1.1 Author: Eric Mertens Maintainer: emertens(a)galois.com License: BSD3 @@ -14,6 +14,7 @@ Build-type: Simple cabal-version: >= 1.2 Extra-Source-Files: CHANGELOG.markdown +Tested-With: GHC==7.0.4, GHC==7.4.2, GHC==7.6.3, GHC==7.8.4, GHC==7.10.2 library Ghc-options: -W -O2

1 0

commit ghc-tls for openSUSE:Factory
by root＠hilbert.suse.de 01 Sep '15

01 Sep '15

Hello community, here is the log from the commit of package ghc-tls for openSUSE:Factory checked in at 2015-09-02 00:36:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-tls (Old) and /work/SRC/openSUSE:Factory/.ghc-tls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ghc-tls" Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-tls/ghc-tls.changes 2015-08-25 08:48:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-tls.new/ghc-tls.changes 2015-09-02 00:36:11.000000000 +0200 @@ -1,0 +2,11 @@ +Mon Aug 31 08:14:19 UTC 2015 - mimi.vx(a)gmail.com + +- update to 1.3.2 +* Add cipher suites for forward secrecy on more clients (Aaron Friel) +* Maintain more handshake information to be queried by protocol (Adam Wick) +* handle SCSV on client and server side (Kazu Yamamoto) +* Cleanup renegotiation logic (Kazu Yamamoto) +* Various testing improvements with the openssl test parts +* Cleanup AEAD handling for future support of other ciphers + +------------------------------------------------------------------- Old: ---- tls-1.3.1.tar.gz New: ---- tls-1.3.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-tls.spec ++++++ --- /var/tmp/diff_new_pack.hUQrlS/_old 2015-09-02 00:36:11.000000000 +0200 +++ /var/tmp/diff_new_pack.hUQrlS/_new 2015-09-02 00:36:11.000000000 +0200 @@ -21,7 +21,7 @@ %bcond_with tests Name: ghc-tls -Version: 1.3.1 +Version: 1.3.2 Release: 0 Summary: TLS/SSL protocol native implementation (Server and Client) License: BSD-3-Clause ++++++ tls-1.3.1.tar.gz -> tls-1.3.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Cipher.hs new/tls-1.3.2/Network/TLS/Cipher.hs --- old/tls-1.3.1/Network/TLS/Cipher.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Cipher.hs 2015-08-24 07:44:53.000000000 +0200 @@ -102,6 +102,8 @@ { bulkName :: String , bulkKeySize :: Int , bulkIVSize :: Int + , bulkExplicitIV :: Int -- Explicit size for IV for AEAD Cipher, 0 otherwise + , bulkAuthTagLen :: Int -- Authentication tag length in bytes for AEAD Cipher, 0 otherwise , bulkBlockSize :: Int , bulkF :: BulkFunctions } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Context/Internal.hs new/tls-1.3.2/Network/TLS/Context/Internal.hs --- old/tls-1.3.1/Network/TLS/Context/Internal.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Context/Internal.hs 2015-08-24 07:44:53.000000000 +0200 @@ -76,9 +76,12 @@ -- | Information related to a running context, e.g. current cipher data Information = Information - { infoVersion :: Version - , infoCipher :: Cipher - , infoCompression :: Compression + { infoVersion :: Version + , infoCipher :: Cipher + , infoCompression :: Compression + , infoMasterSecret :: Maybe Bytes + , infoClientRandom :: Maybe ClientRandom + , infoServerRandom :: Maybe ServerRandom } deriving (Show,Eq) -- | A TLS Context keep tls specific state, parameters and backend information. @@ -125,9 +128,15 @@ contextGetInformation :: Context -> IO (Maybe Information) contextGetInformation ctx = do ver <- usingState_ ctx $ gets stVersion + hstate <- getHState ctx + let (ms, cr, sr) = case hstate of + Just st -> (hstMasterSecret st, + Just (hstClientRandom st), + hstServerRandom st) + Nothing -> (Nothing, Nothing, Nothing) (cipher,comp) <- failOnEitherError $ runRxState ctx $ gets $ \st -> (stCipher st, stCompression st) case (ver, cipher) of - (Just v, Just c) -> return $ Just $ Information v c comp + (Just v, Just c) -> return $ Just $ Information v c comp ms cr sr _ -> return Nothing contextSend :: Context -> Bytes -> IO () diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Extra/Cipher.hs new/tls-1.3.2/Network/TLS/Extra/Cipher.hs --- old/tls-1.3.1/Network/TLS/Extra/Cipher.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Extra/Cipher.hs 2015-08-24 07:44:53.000000000 +0200 @@ -35,6 +35,8 @@ , cipher_DHE_DSS_RC4_SHA1 , cipher_DHE_RSA_AES128GCM_SHA256 , cipher_ECDHE_RSA_AES128GCM_SHA256 + , cipher_ECDHE_RSA_AES128CBC_SHA256 + , cipher_ECDHE_RSA_AES128CBC_SHA ) where import qualified Data.ByteString as B @@ -151,6 +153,8 @@ { bulkName = "null" , bulkKeySize = 0 , bulkIVSize = 0 + , bulkExplicitIV = 0 + , bulkAuthTagLen = 0 , bulkBlockSize = 0 , bulkF = BulkStreamF passThrough } @@ -161,6 +165,8 @@ { bulkName = "RC4-128" , bulkKeySize = 16 , bulkIVSize = 0 + , bulkExplicitIV = 0 + , bulkAuthTagLen = 0 , bulkBlockSize = 0 , bulkF = BulkStreamF rc4 } @@ -169,6 +175,8 @@ { bulkName = "AES128" , bulkKeySize = 16 , bulkIVSize = 16 + , bulkExplicitIV = 0 + , bulkAuthTagLen = 0 , bulkBlockSize = 16 , bulkF = BulkBlockF aes128cbc } @@ -177,6 +185,8 @@ { bulkName = "AES128GCM" , bulkKeySize = 16 -- RFC 5116 Sec 5.1: K_LEN , bulkIVSize = 4 -- RFC 5288 GCMNonce.salt, fixed_iv_length + , bulkExplicitIV = 8 + , bulkAuthTagLen = 16 , bulkBlockSize = 0 -- dummy, not used , bulkF = BulkAeadF aes128gcm } @@ -185,6 +195,8 @@ { bulkName = "AES256" , bulkKeySize = 32 , bulkIVSize = 16 + , bulkExplicitIV = 0 + , bulkAuthTagLen = 0 , bulkBlockSize = 16 , bulkF = BulkBlockF aes256cbc } @@ -193,6 +205,8 @@ { bulkName = "3DES-EDE-CBC" , bulkKeySize = 24 , bulkIVSize = 8 + , bulkExplicitIV = 0 + , bulkAuthTagLen = 0 , bulkBlockSize = 8 , bulkF = BulkBlockF tripledes_ede } @@ -374,6 +388,27 @@ , cipherHash = SHA256 , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 + } + +cipher_ECDHE_RSA_AES128CBC_SHA :: Cipher +cipher_ECDHE_RSA_AES128CBC_SHA = Cipher + { cipherID = 0xc013 + , cipherName = "ECDHE-RSA-AES128CBC-SHA" + , cipherBulk = bulk_aes128 + , cipherHash = SHA1 + , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA + , cipherMinVer = Just TLS10 + } + +--TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +cipher_ECDHE_RSA_AES128CBC_SHA256 :: Cipher +cipher_ECDHE_RSA_AES128CBC_SHA256 = Cipher + { cipherID = 0xc027 + , cipherName = "ECDHE-RSA-AES128CBC-SHA" + , cipherBulk = bulk_aes128 + , cipherHash = SHA256 + , cipherKeyExchange = CipherKeyExchange_ECDHE_RSA + , cipherMinVer = Just TLS12 -- RFC 5288 Sec 4 } {- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Common.hs new/tls-1.3.2/Network/TLS/Handshake/Common.hs --- old/tls-1.3.1/Network/TLS/Handshake/Common.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Handshake/Common.hs 2015-08-24 07:44:53.000000000 +0200 @@ -60,8 +60,15 @@ sessionData <- getSessionData ctx liftIO $ sessionEstablish (sharedSessionManager $ ctxShared ctx) sessionId (fromJust "session-data" sessionData) _ -> return () - -- forget all handshake data now and reset bytes counters. - liftIO $ modifyMVar_ (ctxHandshake ctx) (return . const Nothing) + -- forget most handshake data and reset bytes counters. + liftIO $ modifyMVar_ (ctxHandshake ctx) $ \ mhshake -> + case mhshake of + Nothing -> return Nothing + Just hshake -> + return $ Just (newEmptyHandshake (hstClientVersion hshake) (hstClientRandom hshake)) + { hstServerRandom = hstServerRandom hshake + , hstMasterSecret = hstMasterSecret hshake + } updateMeasure ctx resetBytesCounters -- mark the secure connection up and running. setEstablished ctx True diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Process.hs new/tls-1.3.2/Network/TLS/Handshake/Process.hs --- old/tls-1.3.1/Network/TLS/Handshake/Process.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Handshake/Process.hs 2015-08-24 07:44:53.000000000 +0200 @@ -30,14 +30,19 @@ import Network.TLS.Handshake.State import Network.TLS.Handshake.Key import Network.TLS.Extension +import Network.TLS.Parameters import Data.X509 (CertificateChain(..), Certificate(..), getCertificate) processHandshake :: Context -> Handshake -> IO () processHandshake ctx hs = do role <- usingState_ ctx isClientContext case hs of - ClientHello cver ran _ _ _ ex _ -> when (role == ServerRole) $ do + ClientHello cver ran _ cids _ ex _ -> when (role == ServerRole) $ do mapM_ (usingState_ ctx . processClientExtension) ex + -- RFC 5746: secure renegotiation + -- TLS_EMPTY_RENEGOTIATION_INFO_SCSV: {0x00, 0xFF} + when (secureRenegotiation && (0xff `elem` cids)) $ + usingState_ ctx $ setSecureRenegotiation True startHandshake ctx cver ran Certificates certs -> processCertificates role certs ClientKeyXchg content -> when (role == ServerRole) $ do @@ -49,8 +54,10 @@ let encoded = encodeHandshake hs when (certVerifyHandshakeMaterial hs) $ usingHState ctx $ addHandshakeMessage encoded when (finishHandshakeTypeMaterial $ typeOfHandshake hs) $ usingHState ctx $ updateHandshakeDigest encoded - where -- secure renegotiation - processClientExtension (0xff01, content) = do + where secureRenegotiation = supportedSecureRenegotiation $ ctxSupported ctx + -- RFC5746: secure renegotiation + -- the renegotiation_info extension: 0xff01 + processClientExtension (0xff01, content) | secureRenegotiation = do v <- getVerifiedData ClientRole let bs = extensionEncode (SecureRenegotiation v Nothing) unless (bs `bytesEq` content) $ throwError $ Error_Protocol ("client verified data not matching: " ++ show v ++ ":" ++ show content, True, HandshakeFailure) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Handshake/Server.hs new/tls-1.3.2/Network/TLS/Handshake/Server.hs --- old/tls-1.3.1/Network/TLS/Handshake/Server.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Handshake/Server.hs 2015-08-24 07:44:53.000000000 +0200 @@ -81,6 +81,12 @@ -- handshakeServerWith :: ServerParams -> Context -> Handshake -> IO () handshakeServerWith sparams ctx clientHello@(ClientHello clientVersion _ clientSession ciphers compressions exts _) = do + -- rejecting client initiated renegotiation to prevent DOS. + unless (supportedClientInitiatedRenegotiation (ctxSupported ctx)) $ do + established <- ctxEstablished ctx + eof <- ctxEOF ctx + when (established && not eof) $ + throwCore $ Error_Protocol ("renegotiation is not allowed", False, NoRenegotiation) -- check if policy allow this new handshake to happens handshakeAuthorized <- withMeasure ctx (onNewHandshake $ serverHooks sparams) unless handshakeAuthorized (throwCore $ Error_HandshakePolicy "server: handshake denied") @@ -90,6 +96,12 @@ processHandshake ctx clientHello when (clientVersion == SSL2) $ throwCore $ Error_Protocol ("ssl2 is not supported", True, ProtocolVersion) + -- Fallback SCSV: RFC7507 + -- TLS_FALLBACK_SCSV: {0x56, 0x00} + when (supportedFallbackScsv (ctxSupported ctx) && + (0x5600 `elem` ciphers) && + clientVersion /= maxBound) $ + throwCore $ Error_Protocol ("fallback is not allowed", True, InappropriateFallback) chosenVersion <- case findHighestVersionFrom clientVersion (supportedVersions $ ctxSupported ctx) of Nothing -> throwCore $ Error_Protocol ("client version " ++ show clientVersion ++ " is not supported", True, ProtocolVersion) Just v -> return v diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Parameters.hs new/tls-1.3.2/Network/TLS/Parameters.hs --- old/tls-1.3.1/Network/TLS/Parameters.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Parameters.hs 2015-08-24 07:44:53.000000000 +0200 @@ -118,10 +118,22 @@ -- | All supported hash/signature algorithms pair for client -- certificate verification, ordered by decreasing priority. , supportedHashSignatures :: [HashAndSignatureAlgorithm] - -- | Set if we support secure renegotiation. + -- | Secure renegotiation defined in RFC5746. + -- If 'True', clients send the renegotiation_info extension. + -- If 'True', servers handle the extension or the renegotiation SCSV + -- then send the renegotiation_info extension. , supportedSecureRenegotiation :: Bool + -- | If 'True', renegotiation is allowed from the client side. + -- This is vulnerable to DOS attacks. + -- If 'False', renegotiation is allowed only from the server side + -- via HelloRequest. + , supportedClientInitiatedRenegotiation :: Bool -- | Set if we support session. , supportedSession :: Bool + -- | Support for fallback SCSV defined in RFC7507. + -- If 'True', servers reject handshakes which suggest + -- a lower protocol than the highest protocol supported. + , supportedFallbackScsv :: Bool } deriving (Show,Eq) defaultSupported :: Supported @@ -137,7 +149,9 @@ , (Struct.HashSHA1, SignatureDSS) ] , supportedSecureRenegotiation = True + , supportedClientInitiatedRenegotiation = False , supportedSession = True + , supportedFallbackScsv = True } instance Default Supported where diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Receiving.hs new/tls-1.3.2/Network/TLS/Receiving.hs --- old/tls-1.3.1/Network/TLS/Receiving.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Receiving.hs 2015-08-24 07:44:53.000000000 +0200 @@ -28,16 +28,14 @@ import Network.TLS.Cipher import Network.TLS.Util -import Data.Byteable - processPacket :: Context -> Record Plaintext -> IO (Either TLSError Packet) -processPacket _ (Record ProtocolType_AppData _ fragment) = return $ Right $ AppData $ toBytes fragment +processPacket _ (Record ProtocolType_AppData _ fragment) = return $ Right $ AppData $ fragmentGetBytes fragment -processPacket _ (Record ProtocolType_Alert _ fragment) = return (Alert `fmapEither` (decodeAlerts $ toBytes fragment)) +processPacket _ (Record ProtocolType_Alert _ fragment) = return (Alert `fmapEither` (decodeAlerts $ fragmentGetBytes fragment)) processPacket ctx (Record ProtocolType_ChangeCipherSpec _ fragment) = - case decodeChangeCipherSpec $ toBytes fragment of + case decodeChangeCipherSpec $ fragmentGetBytes fragment of Left err -> return $ Left err Right _ -> do switchRxEncryption ctx return $ Right ChangeCipherSpec @@ -54,7 +52,7 @@ -- get back the optional continuation, and parse as many handshake record as possible. mCont <- gets stHandshakeRecordCont modify (\st -> st { stHandshakeRecordCont = Nothing }) - hss <- parseMany currentParams mCont (toBytes fragment) + hss <- parseMany currentParams mCont (fragmentGetBytes fragment) return $ Handshake hss where parseMany currentParams mCont bs = case maybe decodeHandshakeRecord id mCont $ bs of @@ -68,7 +66,7 @@ Right hh -> (hh:) `fmap` parseMany currentParams Nothing left processPacket _ (Record ProtocolType_DeprecatedHandshake _ fragment) = - case decodeDeprecatedHandshake $ toBytes fragment of + case decodeDeprecatedHandshake $ fragmentGetBytes fragment of Left err -> return $ Left err Right hs -> return $ Right $ Handshake [hs] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Disengage.hs new/tls-1.3.2/Network/TLS/Record/Disengage.hs --- old/tls-1.3.1/Network/TLS/Record/Disengage.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Record/Disengage.hs 2015-08-24 07:44:53.000000000 +0200 @@ -85,7 +85,10 @@ decryptOf :: BulkState -> RecordM Bytes decryptOf (BulkStateBlock decryptF) = do let minContent = (if explicitIV then bulkIVSize bulk else 0) + max (macSize + 1) blockSize + + -- check if we have enough bytes to cover the minimum for this cipher when ((econtentLen `mod` blockSize) /= 0 || econtentLen < minContent) $ sanityCheckError + {- update IV -} (iv, econtent') <- if explicitIV then get2 econtent (bulkIVSize bulk, econtentLen - bulkIVSize bulk) @@ -103,7 +106,9 @@ } decryptOf (BulkStateStream (BulkStream decryptF)) = do + -- check if we have enough bytes to cover the minimum for this cipher when (econtentLen < macSize) $ sanityCheckError + let (content', bulkStream') = decryptF econtent {- update Ctx -} let contentlen = B.length content' - macSize @@ -116,13 +121,17 @@ } decryptOf (BulkStateAEAD decryptF) = do - let authtaglen = 16 -- FIXME: fixed_iv_length + record_iv_length - nonceexplen = 8 -- FIXME: record_iv_length - econtentlen = B.length econtent - authtaglen - nonceexplen - (enonce, econtent', authTag) <- get3 econtent (nonceexplen, econtentlen, authtaglen) + let authTagLen = bulkAuthTagLen bulk + nonceExpLen = bulkExplicitIV bulk + cipherLen = econtentLen - authTagLen - nonceExpLen + + -- check if we have enough bytes to cover the minimum for this cipher + when (econtentLen < (authTagLen + nonceExpLen)) $ sanityCheckError + + (enonce, econtent', authTag) <- get3 econtent (nonceExpLen, cipherLen, authTagLen) let encodedSeq = encodeWord64 $ msSequence $ stMacState tst Header typ v _ = recordToHeader record - hdr = Header typ v $ fromIntegral econtentlen + hdr = Header typ v $ fromIntegral cipherLen ad = B.concat [ encodedSeq, encodeHeader hdr ] nonce = cstIV (stCryptState tst) `B.append` enonce (content, authTag2) = decryptF nonce econtent' ad diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Engage.hs new/tls-1.3.2/Network/TLS/Record/Engage.hs --- old/tls-1.3.1/Network/TLS/Record/Engage.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Record/Engage.hs 2015-08-24 07:44:53.000000000 +0200 @@ -36,10 +36,9 @@ onRecordFragment record $ fragmentCompress $ \bytes -> do withCompression $ compressionDeflate bytes -{- - - when Tx Encrypted is set, we pass the data through encryptContent, otherwise - - we just return the packet - -} +-- when Tx Encrypted is set, we pass the data through encryptContent, otherwise +-- we just return the compress payload directly as the ciphered one +-- encryptRecord :: Record Compressed -> RecordM (Record Ciphertext) encryptRecord record = onRecordFragment record $ fragmentCipher $ \bytes -> do st <- get @@ -100,15 +99,12 @@ cst <- getCryptState encodedSeq <- encodeWord64 <$> getMacSequence - let hdr = recordToHeader record - ad = B.concat [ encodedSeq, encodeHeader hdr ] - let salt = cstIV cst - processorNum = encodeWord32 1 -- FIXME - counter = B.drop 4 encodedSeq -- FIXME: probably OK - nonce = B.concat [salt, processorNum, counter] - let (e, AuthTag authtag) = encryptF nonce content ad + let hdr = recordToHeader record + ad = B.concat [encodedSeq, encodeHeader hdr] + nonce = B.concat [cstIV cst, encodedSeq] + (e, AuthTag authtag) = encryptF nonce content ad modify incrRecordState - return $ B.concat [processorNum, counter, e, B.convert authtag] + return $ B.concat [encodedSeq, e, B.convert authtag] getCryptState :: RecordM CryptState getCryptState = stCryptState <$> get diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record/Types.hs new/tls-1.3.2/Network/TLS/Record/Types.hs --- old/tls-1.3.1/Network/TLS/Record/Types.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Record/Types.hs 2015-08-24 07:44:53.000000000 +0200 @@ -20,6 +20,7 @@ , Record(..) -- * TLS Record fragment and constructors , Fragment + , fragmentGetBytes , fragmentPlaintext , fragmentCiphertext , Plaintext @@ -40,13 +41,12 @@ import Network.TLS.Struct import Network.TLS.Record.State import qualified Data.ByteString as B -import Data.Byteable import Control.Applicative ((<$>)) -- | Represent a TLS record. data Record a = Record !ProtocolType !Version !(Fragment a) deriving (Show,Eq) -newtype Fragment a = Fragment Bytes deriving (Show,Eq) +newtype Fragment a = Fragment { fragmentGetBytes :: Bytes } deriving (Show,Eq) data Plaintext data Compressed @@ -58,9 +58,6 @@ fragmentCiphertext :: Bytes -> Fragment Ciphertext fragmentCiphertext bytes = Fragment bytes -instance Byteable (Fragment a) where - toBytes (Fragment b) = b - onRecordFragment :: Record a -> (Fragment a -> RecordM (Fragment b)) -> RecordM (Record b) onRecordFragment (Record pt ver frag) f = Record pt ver <$> f frag diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Record.hs new/tls-1.3.2/Network/TLS/Record.hs --- old/tls-1.3.1/Network/TLS/Record.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Record.hs 2015-08-24 07:44:53.000000000 +0200 @@ -15,6 +15,7 @@ ( Record(..) -- * Fragment manipulation types , Fragment + , fragmentGetBytes , fragmentPlaintext , fragmentCiphertext , recordToRaw diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Struct.hs new/tls-1.3.2/Network/TLS/Struct.hs --- old/tls-1.3.1/Network/TLS/Struct.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Struct.hs 2015-08-24 07:44:53.000000000 +0200 @@ -174,8 +174,8 @@ data Header = Header ProtocolType Version Word16 deriving (Show,Eq) -newtype ServerRandom = ServerRandom Bytes deriving (Show, Eq) -newtype ClientRandom = ClientRandom Bytes deriving (Show, Eq) +newtype ServerRandom = ServerRandom { unServerRandom :: Bytes } deriving (Show, Eq) +newtype ClientRandom = ClientRandom { unClientRandom :: Bytes } deriving (Show, Eq) newtype Session = Session (Maybe SessionID) deriving (Show, Eq) type FinishedData = Bytes @@ -218,6 +218,7 @@ | ProtocolVersion | InsufficientSecurity | InternalError + | InappropriateFallback -- RFC7507 | UserCanceled | NoRenegotiation | UnsupportedExtension @@ -447,6 +448,7 @@ valOfType ProtocolVersion = 70 valOfType InsufficientSecurity = 71 valOfType InternalError = 80 + valOfType InappropriateFallback = 86 valOfType UserCanceled = 90 valOfType NoRenegotiation = 100 valOfType UnsupportedExtension = 110 @@ -476,6 +478,7 @@ valToType 70 = Just ProtocolVersion valToType 71 = Just InsufficientSecurity valToType 80 = Just InternalError + valToType 86 = Just InappropriateFallback valToType 90 = Just UserCanceled valToType 100 = Just NoRenegotiation valToType 110 = Just UnsupportedExtension diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS/Types.hs new/tls-1.3.2/Network/TLS/Types.hs --- old/tls-1.3.1/Network/TLS/Types.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS/Types.hs 2015-08-24 07:44:53.000000000 +0200 @@ -22,7 +22,7 @@ -- | Versions known to TLS -- -- SSL2 is just defined, but this version is and will not be supported. -data Version = SSL2 | SSL3 | TLS10 | TLS11 | TLS12 deriving (Show, Eq, Ord) +data Version = SSL2 | SSL3 | TLS10 | TLS11 | TLS12 deriving (Show, Eq, Ord, Bounded) -- | A session ID type SessionID = ByteString diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Network/TLS.hs new/tls-1.3.2/Network/TLS.hs --- old/tls-1.3.1/Network/TLS.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Network/TLS.hs 2015-08-24 07:44:53.000000000 +0200 @@ -58,6 +58,8 @@ -- * Information gathering , Information(..) + , unClientRandom + , unServerRandom , contextGetInformation -- * Credentials @@ -115,7 +117,8 @@ import Network.TLS.Struct ( TLSError(..), TLSException(..) , HashAndSignatureAlgorithm, HashAlgorithm(..), SignatureAlgorithm(..) , Header(..), ProtocolType(..), CertificateType(..) - , AlertDescription(..)) + , AlertDescription(..) + , ClientRandom(..), ServerRandom(..)) import Network.TLS.Crypto (KxError(..)) import Network.TLS.Cipher import Network.TLS.Hooks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/Tests/Tests.hs new/tls-1.3.2/Tests/Tests.hs --- old/tls-1.3.1/Tests/Tests.hs 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/Tests/Tests.hs 2015-08-24 07:44:53.000000000 +0200 @@ -100,8 +100,13 @@ prop_handshake_renegociation :: PropertyM IO () prop_handshake_renegociation = do - params <- pick arbitraryPairParams - runTLSPipe params tlsServer tlsClient + (cparams, sparams) <- pick arbitraryPairParams + let sparams' = sparams { + serverSupported = (serverSupported sparams) { + supportedClientInitiatedRenegotiation = True + } + } + runTLSPipe (cparams, sparams') tlsServer tlsClient where tlsServer ctx queue = do handshake ctx d <- recvDataNonNull ctx diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tls-1.3.1/tls.cabal new/tls-1.3.2/tls.cabal --- old/tls-1.3.1/tls.cabal 2015-06-20 09:31:09.000000000 +0200 +++ new/tls-1.3.2/tls.cabal 2015-08-24 07:44:53.000000000 +0200 @@ -1,5 +1,5 @@ Name: tls -Version: 1.3.1 +Version: 1.3.2 Description: Native Haskell TLS and SSL protocol implementation for server and client. . @@ -37,7 +37,6 @@ , transformers , cereal >= 0.4 , bytestring - , byteable , network , data-default-class -- crypto related

1 0