Hello community, here is the log from the commit of package rubygem-excon for openSUSE:Factory checked in at 2015-03-27 09:41:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-excon (Old) and /work/SRC/openSUSE:Factory/.rubygem-excon.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-excon" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-excon/rubygem-excon.changes 2015-03-05 18:17:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-excon.new/rubygem-excon.changes 2015-03-27 09:41:56.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Mar 27 05:30:26 UTC 2015 - [email protected] + +- updated to version 0.45.0 + prefer default SSL config to ENV, when available + document instrumentor deviation from rails format + better error/warning around openssl 1.0.2 bug + fix nonblocking ssl connect to not have tight loop + also remove user/pass when following redirects + +------------------------------------------------------------------- Old: ---- excon-0.44.4.gem New: ---- excon-0.45.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-excon.spec ++++++ --- /var/tmp/diff_new_pack.G2uIwB/_old 2015-03-27 09:41:56.000000000 +0100 +++ /var/tmp/diff_new_pack.G2uIwB/_new 2015-03-27 09:41:56.000000000 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-excon -Version: 0.44.4 +Version: 0.45.0 Release: 0 %define mod_name excon %define mod_full_name %{mod_name}-%{version} ++++++ excon-0.44.4.gem -> excon-0.45.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile.lock new/Gemfile.lock --- old/Gemfile.lock 2015-03-04 17:36:19.000000000 +0100 +++ new/Gemfile.lock 2015-03-26 22:28:37.000000000 +0100 @@ -1,7 +1,7 @@ PATH remote: . specs: - excon (0.44.4) + excon (0.45.0) GEM remote: http://rubygems.org/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2015-03-04 17:36:19.000000000 +0100 +++ new/README.md 2015-03-26 22:28:37.000000000 +0100 @@ -308,7 +308,7 @@ ) ``` -Excon will then instrument each request, retry, and error. The corresponding events are named excon.request, excon.retry, and excon.error respectively. +Excon will then instrument each request, retry, and error. The corresponding events are named `excon.request`, `excon.retry`, and `excon.error` respectively. ```ruby ActiveSupport::Notifications.subscribe(/excon/) do |*args| @@ -316,7 +316,7 @@ end ``` -If you prefer to label each event with something other than "excon," you may specify +If you prefer to label each event with a namespace other than "excon", you may specify an alternate name in the constructor: ```ruby @@ -327,7 +327,23 @@ ) ``` -If you don't want to add activesupport to your application, simply define a class which implements the same #instrument method like so: +Note: Excon's ActiveSupport::Notifications implementation has the following event format: `<namespace>.<event>` which is the opposite of the Rails' implementation. + +ActiveSupport provides a [subscriber](http://api.rubyonrails.org/classes/ActiveSupport/Subscriber.html) interface which lets you attach a subscriber to a namespace. Due to the incompability above, you won't be able to attach a subscriber to the "excon" namespace out of the box. + +If you want this functionality, you can use a simple adapter such as this one: + +```ruby +class ExconToRailsInstrumentor + def self.instrument(name, datum, &block) + namespace, *event = name.split(".") + rails_name = [event, namespace].flatten.join(".") + ActiveSupport::Notifications.instrument(rails_name, datum, &block) + end +end +``` + +If you don't want to add ActiveSupport to your application, simply define a class which implements the same `#instrument` method like so: ```ruby class SimpleInstrumentor @@ -344,7 +360,7 @@ The #instrument method will be called for each HTTP request, response, retry, and error. -For debugging purposes you can also use Excon::StandardInstrumentor to output all events to stderr. This can also be specified by setting the `EXCON_DEBUG` ENV var. +For debugging purposes you can also use `Excon::StandardInstrumentor` to output all events to stderr. This can also be specified by setting the `EXCON_DEBUG` ENV var. See [the documentation for ActiveSupport::Notifications](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html) for more detail on using the subscription interface. See excon's [instrumentation_test.rb](https://github.com/excon/excon/blob/master/tests/middlewares/instrumentation_tests.rb) for more examples of instrumenting excon. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/changelog.txt new/changelog.txt --- old/changelog.txt 2015-03-04 17:36:19.000000000 +0100 +++ new/changelog.txt 2015-03-26 22:28:37.000000000 +0100 @@ -1,3 +1,12 @@ +0.45.0 03/26/2015 +================= + +prefer default SSL config to ENV, when available +document instrumentor deviation from rails format +better error/warning around openssl 1.0.2 bug +fix nonblocking ssl connect to not have tight loop +also remove user/pass when following redirects + 0.44.4 03/04/2015 ================= Files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/excon.gemspec new/excon.gemspec --- old/excon.gemspec 2015-03-04 17:36:19.000000000 +0100 +++ new/excon.gemspec 2015-03-26 22:28:37.000000000 +0100 @@ -13,8 +13,8 @@ ## If your rubyforge_project name is different, then edit it and comment out ## the sub! line in the Rakefile s.name = 'excon' - s.version = '0.44.4' - s.date = '2015-03-04' + s.version = '0.45.0' + s.date = '2015-03-26' s.rubyforge_project = 'excon' ## Make sure your summary is short. The description may be as long diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/excon/constants.rb new/lib/excon/constants.rb --- old/lib/excon/constants.rb 2015-03-04 17:36:19.000000000 +0100 +++ new/lib/excon/constants.rb 2015-03-26 22:28:37.000000000 +0100 @@ -1,6 +1,6 @@ module Excon - VERSION = '0.44.4' + VERSION = '0.45.0' CR_NL = "\r\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/excon/middlewares/redirect_follower.rb new/lib/excon/middlewares/redirect_follower.rb --- old/lib/excon/middlewares/redirect_follower.rb 2015-03-04 17:36:19.000000000 +0100 +++ new/lib/excon/middlewares/redirect_follower.rb 2015-03-26 22:28:37.000000000 +0100 @@ -15,8 +15,11 @@ response = datum.delete(:response) params = datum.dup - params.delete(:stack) params.delete(:connection) + params.delete(:password) + params.delete(:stack) + params.delete(:user) + if [301, 302, 303].include?(response[:status]) params[:method] = :get params.delete(:body) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/excon/socket.rb new/lib/excon/socket.rb --- old/lib/excon/socket.rb 2015-03-04 17:36:19.000000000 +0100 +++ new/lib/excon/socket.rb 2015-03-26 22:28:37.000000000 +0100 @@ -241,6 +241,14 @@ # I wish that this API accepted a start position, then we wouldn't # have to slice data when there is a short write. written = @socket.write_nonblock(data) + rescue Errno::EFAULT + if OpenSSL::OPENSSL_LIBRARY_VERSION.split(' ')[1] == '1.0.2' + msg = "The version of OpenSSL this ruby is built against (1.0.2) has a vulnerability + which causes a fault. For more, see https://github.com/excon/excon/issues/467"; + raise SecurityError.new(msg) + else + raise error + end rescue OpenSSL::SSL::SSLError, Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitWritable => error if error.is_a?(OpenSSL::SSL::SSLError) && error.message != 'write would block' raise error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/excon/ssl_socket.rb new/lib/excon/ssl_socket.rb --- old/lib/excon/ssl_socket.rb 2015-03-04 17:36:19.000000000 +0100 +++ new/lib/excon/ssl_socket.rb 2015-03-26 22:28:37.000000000 +0100 @@ -30,10 +30,10 @@ # turn verification on ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER - if ca_file = ENV['SSL_CERT_FILE'] || @data[:ssl_ca_file] + if ca_file = @data[:ssl_ca_file] || ENV['SSL_CERT_FILE'] ssl_context.ca_file = ca_file end - if ca_path = ENV['SSL_CERT_DIR'] || @data[:ssl_ca_path] + if ca_path = @data[:ssl_ca_path] || ENV['SSL_CERT_DIR'] ssl_context.ca_path = ca_path end if cert_store = @data[:ssl_cert_store] @@ -116,20 +116,17 @@ begin if @nonblock - loop do - begin - @socket.connect_nonblock - break # connect succeeded - rescue OpenSSL::SSL::SSLError => error - # would block, rescue and retry as select is non-helpful - raise error unless error.message == 'read would block' - end + begin + @socket.connect_nonblock + rescue IO::WaitReadable + IO.select([@socket]) + retry end else @socket.connect end - rescue OpenSSL::SSL::SSLError => e - raise e + rescue OpenSSL::SSL::SSLError + raise rescue raise Excon::Errors::Timeout.new('connect timeout reached') end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2015-03-04 17:36:19.000000000 +0100 +++ new/metadata 2015-03-26 22:28:37.000000000 +0100 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: excon version: !ruby/object:Gem::Version - version: 0.44.4 + version: 0.45.0 platform: ruby authors: - dpiddy (Dan Peterson) @@ -10,7 +10,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2015-03-04 00:00:00.000000000 Z +date: 2015-03-26 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
