Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libzypp for openSUSE:Factory checked in at 2023-06-20 16:39:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzypp (Old) and /work/SRC/openSUSE:Factory/.libzypp.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzypp" Tue Jun 20 16:39:57 2023 rev:474 rq:1093772 version:17.31.14 Changes: -------- --- /work/SRC/openSUSE:Factory/libzypp/libzypp.changes 2023-06-13 16:09:04.554731749 +0200 +++ /work/SRC/openSUSE:Factory/.libzypp.new.15902/libzypp.changes 2023-06-20 16:40:02.356361678 +0200 @@ -1,0 +2,10 @@ +Thu Jun 15 12:00:07 CEST 2023 - [email protected] + +- build: honor libproxy.pc's includedir (bsc#1212222) +- Curl: trim all custom headers (bsc#1212187) + HTTP/2 RFC 9113 forbids fields ending with a space. So we make + sure all custom headers are trimmed. This also includes headers + returned by URL-Resolver plugins. +- version 17.31.14 (22) + +------------------------------------------------------------------- Old: ---- libzypp-17.31.13.tar.bz2 New: ---- libzypp-17.31.14.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzypp.spec ++++++ --- /var/tmp/diff_new_pack.peiE4n/_old 2023-06-20 16:40:03.276367207 +0200 +++ /var/tmp/diff_new_pack.peiE4n/_new 2023-06-20 16:40:03.280367230 +0200 @@ -42,7 +42,7 @@ %bcond_with enable_preview_single_rpmtrans_as_default_for_zypper Name: libzypp -Version: 17.31.13 +Version: 17.31.14 Release: 0 License: GPL-2.0-or-later URL: https://github.com/openSUSE/libzypp ++++++ libzypp-17.31.13.tar.bz2 -> libzypp-17.31.14.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/VERSION.cmake new/libzypp-17.31.14/VERSION.cmake --- old/libzypp-17.31.13/VERSION.cmake 2023-06-12 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/VERSION.cmake 2023-06-15 12:42:04.000000000 +0200 @@ -61,8 +61,8 @@ SET(LIBZYPP_MAJOR "17") SET(LIBZYPP_COMPATMINOR "22") SET(LIBZYPP_MINOR "31") -SET(LIBZYPP_PATCH "13") +SET(LIBZYPP_PATCH "14") # -# LAST RELEASED: 17.31.13 (22) +# LAST RELEASED: 17.31.14 (22) # (The number in parenthesis is LIBZYPP_COMPATMINOR) #======= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/package/libzypp.changes new/libzypp-17.31.14/package/libzypp.changes --- old/libzypp-17.31.13/package/libzypp.changes 2023-06-12 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/package/libzypp.changes 2023-06-15 12:42:04.000000000 +0200 @@ -1,4 +1,14 @@ ------------------------------------------------------------------- +Thu Jun 15 12:00:07 CEST 2023 - [email protected] + +- build: honor libproxy.pc's includedir (bsc#1212222) +- Curl: trim all custom headers (bsc#1212187) + HTTP/2 RFC 9113 forbids fields ending with a space. So we make + sure all custom headers are trimmed. This also includes headers + returned by URL-Resolver plugins. +- version 17.31.14 (22) + +------------------------------------------------------------------- Mon Jun 12 16:37:13 CEST 2023 - [email protected] - curl: Trim user agent string (bsc#1212187) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/zypp/media/MediaCurl.cc new/libzypp-17.31.14/zypp/media/MediaCurl.cc --- old/libzypp-17.31.13/zypp/media/MediaCurl.cc 2023-06-12 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/zypp/media/MediaCurl.cc 2023-06-14 12:42:04.000000000 +0200 @@ -254,11 +254,11 @@ // agent string. // The target could be not initialized, and then this information // is guessed. - static const std::string _value( - str::trim( str::form( - "X-ZYpp-AnonymousId: %s", - Target::anonymousUniqueId( Pathname()/*guess root*/ ).c_str() ) ) - ); + // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space + static const std::string _value( str::trim( str::form( + "X-ZYpp-AnonymousId: %s", + Target::anonymousUniqueId( Pathname()/*guess root*/ ).c_str() + ))); return _value.c_str(); } @@ -268,11 +268,11 @@ // agent string. // The target could be not initialized, and then this information // is guessed. - static const std::string _value( - str::trim( str::form( - "X-ZYpp-DistributionFlavor: %s", - Target::distributionFlavor( Pathname()/*guess root*/ ).c_str() ) ) - ); + // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space + static const std::string _value( str::trim( str::form( + "X-ZYpp-DistributionFlavor: %s", + Target::distributionFlavor( Pathname()/*guess root*/ ).c_str() + ))); return _value.c_str(); } @@ -283,7 +283,7 @@ // The target could be not initialized, and then this information // is guessed. // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space - static const std::string _value( str::rtrim( str::form( + static const std::string _value( str::trim( str::form( "ZYpp " LIBZYPP_VERSION_STRING " (curl %s) %s" , curl_version_info(CURLVERSION_NOW)->version , Target::targetDistribution( Pathname()/*guess root*/ ).c_str() @@ -635,18 +635,15 @@ #if CURLVERSION_AT_LEAST(7,18,0) // bnc #306272 - SET_OPTION(CURLOPT_PROXY_TRANSFER_MODE, 1L ); + SET_OPTION(CURLOPT_PROXY_TRANSFER_MODE, 1L ); #endif - // append settings custom headers to curl - for ( const auto &header : vol_settings.headers() ) - { - // MIL << "HEADER " << *it << std::endl; - - _customHeaders = curl_slist_append(_customHeaders, header.c_str()); - if ( !_customHeaders ) - ZYPP_THROW(MediaCurlInitException(_url)); + // Append settings custom headers to curl. + // TransferSettings assert strings are trimmed (HTTP/2 RFC 9113) + for ( const auto &header : vol_settings.headers() ) { + _customHeaders = curl_slist_append(_customHeaders, header.c_str()); + if ( !_customHeaders ) + ZYPP_THROW(MediaCurlInitException(_url)); } - SET_OPTION(CURLOPT_HTTPHEADER, _customHeaders); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/zypp-curl/CMakeLists.txt new/libzypp-17.31.14/zypp-curl/CMakeLists.txt --- old/libzypp-17.31.13/zypp-curl/CMakeLists.txt 2023-03-13 16:50:22.000000000 +0100 +++ new/libzypp-17.31.14/zypp-curl/CMakeLists.txt 2023-06-15 11:42:03.000000000 +0200 @@ -173,3 +173,6 @@ TARGET_LINK_LIBRARIES( zypp-curl ${CURL_LIBRARIES} ) TARGET_LINK_LIBRARIES( zypp-curl ${LIBPROXY_LIBRARIES} ) TARGET_LINK_LIBRARIES( zypp-curl ${LIBXML2_LIBRARIES} ) +IF ( LIBPROXY_FOUND ) + target_include_directories(zypp-curl PUBLIC ${LIBPROXY_INCLUDE_DIRS}) +ENDIF( LIBPROXY_FOUND ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/zypp-curl/ng/network/request.cc new/libzypp-17.31.14/zypp-curl/ng/network/request.cc --- old/libzypp-17.31.13/zypp-curl/ng/network/request.cc 2023-04-14 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/zypp-curl/ng/network/request.cc 2023-06-14 12:42:04.000000000 +0200 @@ -371,7 +371,8 @@ setCurlOption(CURLOPT_PROXY_TRANSFER_MODE, 1L ); #endif - // append settings custom headers to curl + // Append settings custom headers to curl. + // TransferSettings assert strings are trimmed (HTTP/2 RFC 9113) for ( const auto &header : locSet.headers() ) { if ( !z_func()->addRequestHeader( header.c_str() ) ) ZYPP_THROW(zypp::media::MediaCurlInitException(_url)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/zypp-curl/transfersettings.cc new/libzypp-17.31.14/zypp-curl/transfersettings.cc --- old/libzypp-17.31.13/zypp-curl/transfersettings.cc 2023-06-12 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/zypp-curl/transfersettings.cc 2023-06-14 12:42:04.000000000 +0200 @@ -65,6 +65,17 @@ { return new Impl( *this ); } public: + void safeAddHeader( std::string val_r ) { + // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space. + // Trim and discard empty header. + val_r = str::trim( std::move(val_r) ); + if ( not val_r.empty() ) + _headers.push_back( std::move(val_r) ); + else + WAR << "Discard empty header" << endl; + } + + public: std::vector<std::string> _headers; std::string _useragent; std::string _username; @@ -103,10 +114,9 @@ void TransferSettings::addHeader( const std::string & val_r ) - { if ( ! val_r.empty() ) _impl->_headers.push_back(val_r); } - + { _impl->safeAddHeader( val_r ); } void TransferSettings::addHeader( std::string && val_r ) - { if ( ! val_r.empty() ) _impl->_headers.push_back(std::move(val_r)); } + { _impl->safeAddHeader( std::move(val_r) ); } const TransferSettings::Headers &TransferSettings::headers() const { @@ -115,10 +125,10 @@ } void TransferSettings::setUserAgentString( const std::string &val_r ) - { _impl->_useragent = str::rtrim( val_r ); } // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space + { _impl->_useragent = str::trim( val_r ); } // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space void TransferSettings::setUserAgentString( std::string && val_r ) - { _impl->_useragent = str::rtrim( std::move(val_r) ); } // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space + { _impl->_useragent = str::trim( std::move(val_r) ); } // bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a space const std::string &TransferSettings::userAgentString() const { return _impl->_useragent; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.31.13/zypp-curl/transfersettings.h new/libzypp-17.31.14/zypp-curl/transfersettings.h --- old/libzypp-17.31.13/zypp-curl/transfersettings.h 2023-06-12 16:42:04.000000000 +0200 +++ new/libzypp-17.31.14/zypp-curl/transfersettings.h 2023-06-14 12:42:04.000000000 +0200 @@ -23,9 +23,13 @@ namespace media { - /** - * Holds transfer setting - */ + /////////////////////////////////////////////////////////////////// + /// \brief Holds transfer setting + /// + /// \note bsc#1212187: HTTP/2 RFC 9113 forbids fields ending with a + /// space. The class asserts \ref headers and \ref userAgentString + /// return trimmed strings. Strings are trimmed when set. Empty + // strings are discarded. class TransferSettings { public: @@ -37,18 +41,18 @@ /** reset the settings to the defaults */ void reset(); - /** add a header, on the form "Foo: Bar" */ + /** add a header, on the form "Foo: Bar" (trims)*/ void addHeader( std::string && val_r ); void addHeader( const std::string & val_r ); - /** returns a list of all added headers */ + /** returns a list of all added headers (trimmed) */ const Headers &headers() const; - /** sets the user agent ie: "Mozilla v3" */ + /** sets the user agent ie: "Mozilla v3" (trims) */ void setUserAgentString( std::string && val_r ); void setUserAgentString( const std::string &val_r ); - /** user agent string */ + /** user agent string (trimmed)*/ const std::string &userAgentString() const;
