Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ghc-yesod-core for openSUSE:Factory checked in at 2021-06-01 10:39:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-yesod-core (Old) and /work/SRC/openSUSE:Factory/.ghc-yesod-core.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-yesod-core" Tue Jun 1 10:39:12 2021 rev:10 rq:896223 version:1.6.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-yesod-core/ghc-yesod-core.changes 2021-04-26 16:40:36.894173174 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-yesod-core.new.1898/ghc-yesod-core.changes 2021-06-01 10:40:50.277157929 +0200 @@ -1,0 +2,17 @@ +Sat May 22 15:38:11 UTC 2021 - psim...@suse.com + +- Update yesod-core to version 1.6.20.1. + ## 1.6.20.1 + + * Throw an error in `breadcrumbs` if the trail of breadcrumbs is circular. [#1727](https://github.com/yesodweb/yesod/issues/1727) + +------------------------------------------------------------------- +Tue May 11 09:10:58 UTC 2021 - psim...@suse.com + +- Update yesod-core to version 1.6.20. + ## 1.6.20 + + * Generate CSRF tokens using a secure entropy source [#1726](https://github.com/yesodweb/yesod/pull/1726) + * Change semantics of `yreGen` and `defaultGen` + +------------------------------------------------------------------- Old: ---- yesod-core-1.6.19.0.tar.gz New: ---- yesod-core-1.6.20.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-yesod-core.spec ++++++ --- /var/tmp/diff_new_pack.QBCWly/_old 2021-06-01 10:40:50.657158576 +0200 +++ /var/tmp/diff_new_pack.QBCWly/_new 2021-06-01 10:40:50.661158583 +0200 @@ -19,7 +19,7 @@ %global pkg_name yesod-core %bcond_with tests Name: ghc-%{pkg_name} -Version: 1.6.19.0 +Version: 1.6.20.1 Release: 0 Summary: Creation of type-safe, RESTful web applications License: MIT @@ -39,6 +39,7 @@ BuildRequires: ghc-containers-devel BuildRequires: ghc-cookie-devel BuildRequires: ghc-deepseq-devel +BuildRequires: ghc-entropy-devel BuildRequires: ghc-fast-logger-devel BuildRequires: ghc-http-types-devel BuildRequires: ghc-memory-devel ++++++ yesod-core-1.6.19.0.tar.gz -> yesod-core-1.6.20.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/ChangeLog.md new/yesod-core-1.6.20.1/ChangeLog.md --- old/yesod-core-1.6.19.0/ChangeLog.md 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/ChangeLog.md 2021-05-21 17:10:17.000000000 +0200 @@ -1,5 +1,14 @@ # ChangeLog for yesod-core +## 1.6.20.1 + +* Throw an error in `breadcrumbs` if the trail of breadcrumbs is circular. [#1727](https://github.com/yesodweb/yesod/issues/1727) + +## 1.6.20 + +* Generate CSRF tokens using a secure entropy source [#1726](https://github.com/yesodweb/yesod/pull/1726) +* Change semantics of `yreGen` and `defaultGen` + ## 1.6.19.0 * Change order of priority in `languages`[#1721](https://github.com/yesodweb/yesod/pull/1721) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/src/Yesod/Core/Class/Breadcrumbs.hs new/yesod-core-1.6.20.1/src/Yesod/Core/Class/Breadcrumbs.hs --- old/yesod-core-1.6.19.0/src/Yesod/Core/Class/Breadcrumbs.hs 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/src/Yesod/Core/Class/Breadcrumbs.hs 2021-05-21 17:10:17.000000000 +0200 @@ -1,4 +1,5 @@ {-# LANGUAGE OverloadedStrings #-} +{-# LANGUAGE FlexibleContexts #-} module Yesod.Core.Class.Breadcrumbs where import Yesod.Core.Handler @@ -15,7 +16,7 @@ -- | Gets the title of the current page and the hierarchy of parent pages, -- along with their respective titles. -breadcrumbs :: YesodBreadcrumbs site => HandlerFor site (Text, [(Route site, Text)]) +breadcrumbs :: (YesodBreadcrumbs site, Show (Route site), Eq (Route site)) => HandlerFor site (Text, [(Route site, Text)]) breadcrumbs = do x <- getCurrentRoute case x of @@ -26,6 +27,8 @@ return (title, z) where go back Nothing = return back - go back (Just this) = do - (title, next) <- breadcrumb this - go ((this, title) : back) next + go back (Just this) + | this `elem` map fst back = error $ "yesod-core: infinite recursion in breadcrumbs at " ++ show this + | otherwise = do + (title, next) <- breadcrumb this + go ((this, title) : back) next diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/src/Yesod/Core/Dispatch.hs new/yesod-core-1.6.20.1/src/Yesod/Core/Dispatch.hs --- old/yesod-core-1.6.19.0/src/Yesod/Core/Dispatch.hs 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/src/Yesod/Core/Dispatch.hs 2021-05-21 17:10:17.000000000 +0200 @@ -46,6 +46,7 @@ import Data.ByteString.Lazy.Char8 () +import Data.Bits ((.|.), finiteBitSize, shiftL) import Data.Text (Text) import qualified Data.ByteString as S import qualified Data.ByteString.Lazy as BL @@ -59,7 +60,7 @@ import Yesod.Core.Internal.Run import Text.Read (readMaybe) import System.Environment (getEnvironment) -import qualified System.Random as Random +import System.Entropy (getEntropy) import Control.AutoUpdate (mkAutoUpdate, defaultUpdateSettings, updateAction, updateFreq) import Yesod.Core.Internal.Util (getCurrentMaxExpiresRFC1123) @@ -92,8 +93,19 @@ , yreGetMaxExpires = getMaxExpires } +-- | Generate a random number uniformly distributed in the full range +-- of 'Int'. +-- +-- Note: Before 1.6.20, this generates pseudo-random number in an +-- unspecified range. The range size may not be a power of 2. Since +-- 1.6.20, this uses a secure entropy source and generates in the full +-- range of 'Int'. defaultGen :: IO Int -defaultGen = Random.getStdRandom Random.next +defaultGen = bsToInt <$> getEntropy bytes + where + bits = finiteBitSize (undefined :: Int) + bytes = div (bits + 7) 8 + bsToInt = S.foldl' (\v i -> shiftL v 8 .|. fromIntegral i) 0 -- | Pure low level function to construct WAI application. Usefull -- when you need not standard way to run your app, or want to embed it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/src/Yesod/Core/Types.hs new/yesod-core-1.6.20.1/src/Yesod/Core/Types.hs --- old/yesod-core-1.6.19.0/src/Yesod/Core/Types.hs 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/src/Yesod/Core/Types.hs 2021-05-21 17:10:17.000000000 +0200 @@ -196,7 +196,13 @@ , yreSite :: !site , yreSessionBackend :: !(Maybe SessionBackend) , yreGen :: !(IO Int) - -- ^ Generate a random number + -- ^ Generate a random number uniformly distributed in the full + -- range of 'Int'. + -- + -- Note: Before 1.6.20, the default value generates pseudo-random + -- number in an unspecified range. The range size may not be a power + -- of 2. Since 1.6.20, the default value uses a secure entropy source + -- and generates in the full range of 'Int'. , yreGetMaxExpires :: !(IO Text) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/test/YesodCoreTest/Breadcrumb.hs new/yesod-core-1.6.20.1/test/YesodCoreTest/Breadcrumb.hs --- old/yesod-core-1.6.19.0/test/YesodCoreTest/Breadcrumb.hs 1970-01-01 01:00:00.000000000 +0100 +++ new/yesod-core-1.6.20.1/test/YesodCoreTest/Breadcrumb.hs 2021-05-21 17:10:17.000000000 +0200 @@ -0,0 +1,58 @@ +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE OverloadedStrings #-} +{-# LANGUAGE QuasiQuotes #-} +{-# LANGUAGE Rank2Types #-} +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TypeFamilies #-} + +module YesodCoreTest.Breadcrumb + ( breadcrumbTest, + ) +where + +import qualified Data.ByteString.Lazy.Char8 as L8 +import Data.Text (Text) +import Data.Typeable (Typeable) +import Network.Wai +import Network.Wai.Test +import Test.Hspec +import UnliftIO.IORef +import Yesod.Core + +data A = A + +mkYesod + "A" + [parseRoutes| +/ RootR GET +/loop LoopR GET +|] + +instance Yesod A + +instance YesodBreadcrumbs A where + breadcrumb r = case r of + RootR -> pure ("Root", Nothing) + LoopR -> pure ("Loop", Just LoopR) -- Purposefully a loop + +getRootR :: Handler Text +getRootR = fst <$> breadcrumbs + +getLoopR :: Handler Text +getLoopR = fst <$> breadcrumbs + +breadcrumbTest :: Spec +breadcrumbTest = + describe "Test.Breadcrumb" $ do + it "can fetch the root which contains breadcrumbs" $ + runner $ do + res <- request defaultRequest + assertStatus 200 res + it "gets a 500 for a route with a looping breadcrumb" $ + runner $ do + res <- request defaultRequest {pathInfo = ["loop"]} + assertStatus 500 res + +runner :: Session () -> IO () +runner f = toWaiApp A >>= runSession f diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/test/YesodCoreTest.hs new/yesod-core-1.6.20.1/test/YesodCoreTest.hs --- old/yesod-core-1.6.19.0/test/YesodCoreTest.hs 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/test/YesodCoreTest.hs 2021-05-21 17:10:17.000000000 +0200 @@ -12,6 +12,7 @@ import YesodCoreTest.ErrorHandling import YesodCoreTest.Cache import YesodCoreTest.ParameterizedSite +import YesodCoreTest.Breadcrumb import qualified YesodCoreTest.WaiSubsite as WaiSubsite import qualified YesodCoreTest.Redirect as Redirect import qualified YesodCoreTest.JsLoader as JsLoader @@ -61,3 +62,4 @@ Ssl.sslOnlySpec Ssl.sameSiteSpec Csrf.csrfSpec + breadcrumbTest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yesod-core-1.6.19.0/yesod-core.cabal new/yesod-core-1.6.20.1/yesod-core.cabal --- old/yesod-core-1.6.19.0/yesod-core.cabal 2021-04-09 05:05:15.000000000 +0200 +++ new/yesod-core-1.6.20.1/yesod-core.cabal 2021-05-21 17:10:17.000000000 +0200 @@ -1,5 +1,5 @@ name: yesod-core -version: 1.6.19.0 +version: 1.6.20.1 license: MIT license-file: LICENSE author: Michael Snoyman <mich...@snoyman.com> @@ -39,6 +39,7 @@ , containers >= 0.2 , cookie >= 0.4.3 && < 0.5 , deepseq >= 1.3 + , entropy , fast-logger >= 2.2 , http-types >= 0.7 , memory
