Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cpprest for openSUSE:Factory checked in at 2023-12-07 19:11:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cpprest (Old) and /work/SRC/openSUSE:Factory/.cpprest.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cpprest" Thu Dec 7 19:11:00 2023 rev:23 rq:1131539 version:2.10.19 Changes: -------- --- /work/SRC/openSUSE:Factory/cpprest/cpprest.changes 2021-02-08 11:47:36.281727261 +0100 +++ /work/SRC/openSUSE:Factory/.cpprest.new.25432/cpprest.changes 2023-12-07 19:12:41.268310647 +0100 @@ -1,0 +2,12 @@ +Wed Dec 6 20:41:44 UTC 2023 - Antoine Belvire <antoine.belv...@opensuse.org> + +- Update to 2.10.19: + * Make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly. + The old behavior could potentially return "true" for URLs that were not, in fact, local, + and this could cause security issues if is_host_loopback was used in certain ways. + * Fix likely typo in SafeInt3.hpp, that results in error with clang 15 + * Support for oauth2 with "client_credentials" grant type. + * Add constructor from all integer types for json value. + * Export http_exception for non Windows builds using visibility macros. + +------------------------------------------------------------------- Old: ---- cpprestsdk-2.10.18.tar.gz New: ---- cpprestsdk-2.10.19.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cpprest.spec ++++++ --- /var/tmp/diff_new_pack.7qmiJN/_old 2023-12-07 19:12:41.964336325 +0100 +++ /var/tmp/diff_new_pack.7qmiJN/_new 2023-12-07 19:12:41.968336472 +0100 @@ -1,7 +1,7 @@ # # spec file for package cpprest # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define major 2 %define minor 10 Name: cpprest -Version: 2.10.18 +Version: 2.10.19 Release: 0 Summary: C++ REST library # main: MIT (license.txt) @@ -28,9 +28,9 @@ # sha1/sha1.hpp: BSD-3-Clause (ThirdPartyNotices.txt) # common/md5.hpp: Zlib (ThirdPartyNotices.txt) # utf8_validation.hpp: MIT (ThirdPartyNotices.txt) -License: MIT AND BSD-3-Clause AND Zlib +License: BSD-3-Clause AND MIT AND Zlib URL: https://github.com/Microsoft/cpprestsdk -Source: https://github.com/Microsoft/cpprestsdk/archive/%{version}/cpprestsdk-%{version}.tar.gz +Source: https://github.com/Microsoft/cpprestsdk/archive/v%{version}/cpprestsdk-%{version}.tar.gz # PATCH-FIX-UPSTREAM -- https://github.com/Microsoft/cpprestsdk/issues/576 Patch1: cpprest-2.10.9-disable-test-extract_floating_point.patch # PATCH-FIX-UPSTREAM -- https://github.com/microsoft/cpprestsdk/pull/1557 ++++++ cpprestsdk-2.10.18.tar.gz -> cpprestsdk-2.10.19.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/README.md new/cpprestsdk-2.10.19/README.md --- old/cpprestsdk-2.10.18/README.md 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/README.md 2023-12-05 05:23:31.000000000 +0100 @@ -1,3 +1,5 @@ +**cpprestsdk is in maintenance mode and we do not recommend its use in new projects. We will continue to fix critical bugs and address security issues.** + ## Welcome! The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services. @@ -59,7 +61,7 @@ Is there a feature missing that you'd like to see, or found a bug that you have a fix for? Or do you have an idea or just interest in helping out in building the library? Let us know and we'd love to work with you. For a good starting point on where we are headed and feature ideas, take a look at our [requested features and bugs](https://github.com/Microsoft/cpprestsdk/issues). -Big or small we'd like to take your [contributions](https://github.com/Microsoft/cpprestsdk/wiki/Make-a-contribution-and-report-issues) back to help improve the C++ Rest SDK for everyone. If interested contact us askcasablanca at Microsoft dot com. +Big or small we'd like to take your [contributions](https://github.com/Microsoft/cpprestsdk/wiki/Make-a-contribution-and-report-issues) back to help improve the C++ Rest SDK for everyone. ## Having Trouble? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/CMakeLists.txt new/cpprestsdk-2.10.19/Release/CMakeLists.txt --- old/cpprestsdk-2.10.18/Release/CMakeLists.txt 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/CMakeLists.txt 2023-12-05 05:23:31.000000000 +0100 @@ -11,7 +11,7 @@ set(CPPREST_VERSION_MAJOR 2) set(CPPREST_VERSION_MINOR 10) -set(CPPREST_VERSION_REVISION 18) +set(CPPREST_VERSION_REVISION 19) enable_testing() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/base_uri.h new/cpprestsdk-2.10.19/Release/include/cpprest/base_uri.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/base_uri.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/base_uri.h 2023-12-05 05:23:31.000000000 +0100 @@ -296,13 +296,14 @@ /// A loopback URI is one which refers to a hostname or ip address with meaning only on the local machine. /// </summary> /// <remarks> - /// Examples include "localhost", or ip addresses in the loopback range (127.0.0.0/24). + /// Examples include "localhost", or "127.0.0.1". The only URIs for which this method returns true are "127.0.0.1", and "localhost", + /// all other URIs return false /// </remarks> /// <returns><c>true</c> if this URI references the local host, <c>false</c> otherwise.</returns> bool is_host_loopback() const { return !is_empty() && - ((host() == _XPLATSTR("localhost")) || (host().size() > 4 && host().substr(0, 4) == _XPLATSTR("127."))); + ((host() == _XPLATSTR("localhost")) || (host() == _XPLATSTR("127.0.0.1"))); } /// <summary> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/details/SafeInt3.hpp new/cpprestsdk-2.10.19/Release/include/cpprest/details/SafeInt3.hpp --- old/cpprestsdk-2.10.18/Release/include/cpprest/details/SafeInt3.hpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/details/SafeInt3.hpp 2023-12-05 05:23:31.000000000 +0100 @@ -1574,7 +1574,7 @@ } template<typename E> - static void CastThrow(bool b, T& t) SAFEINT_CPP_THROW + static void CastThrow(T t, bool& b) SAFEINT_CPP_THROW { b = !!t; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/details/cpprest_compat.h new/cpprestsdk-2.10.19/Release/include/cpprest/details/cpprest_compat.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/details/cpprest_compat.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/details/cpprest_compat.h 2023-12-05 05:23:31.000000000 +0100 @@ -71,12 +71,20 @@ #ifdef _NO_ASYNCRTIMP #define _ASYNCRTIMP +#define _ASYNCRTIMP_TYPEINFO #else // ^^^ _NO_ASYNCRTIMP ^^^ // vvv !_NO_ASYNCRTIMP vvv #ifdef _ASYNCRT_EXPORT #define _ASYNCRTIMP __declspec(dllexport) #else // ^^^ _ASYNCRT_EXPORT ^^^ // vvv !_ASYNCRT_EXPORT vvv #define _ASYNCRTIMP __declspec(dllimport) #endif // _ASYNCRT_EXPORT + +#if defined(_WIN32) +#define _ASYNCRTIMP_TYPEINFO +#else // ^^^ _WIN32 ^^^ // vvv !_WIN32 vvv +#define _ASYNCRTIMP_TYPEINFO __attribute__((visibility("default"))) +#endif // _WIN32 + #endif // _NO_ASYNCRTIMP #ifdef CASABLANCA_DEPRECATION_NO_WARNINGS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/details/http_constants.dat new/cpprestsdk-2.10.19/Release/include/cpprest/details/http_constants.dat --- old/cpprestsdk-2.10.18/Release/include/cpprest/details/http_constants.dat 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/details/http_constants.dat 2023-12-05 05:23:31.000000000 +0100 @@ -190,6 +190,7 @@ DAT(grant_type, "grant_type") DAT(redirect_uri, "redirect_uri") DAT(refresh_token, "refresh_token") +DAT(client_credentials, "client_credentials") DAT(response_type, "response_type") DAT(scope, "scope") DAT(state, "state") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/http_msg.h new/cpprestsdk-2.10.19/Release/include/cpprest/http_msg.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/http_msg.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/http_msg.h 2023-12-05 05:23:31.000000000 +0100 @@ -187,7 +187,7 @@ /// <summary> /// Represents an HTTP error. This class holds an error message and an optional error code. /// </summary> -class http_exception : public std::exception +class _ASYNCRTIMP_TYPEINFO http_exception : public std::exception { public: /// <summary> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/json.h new/cpprestsdk-2.10.19/Release/include/cpprest/json.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/json.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/json.h 2023-12-05 05:23:31.000000000 +0100 @@ -100,25 +100,37 @@ /// Constructor creating a JSON number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> - _ASYNCRTIMP value(int32_t value); + _ASYNCRTIMP value(int value); /// <summary> /// Constructor creating a JSON number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> - _ASYNCRTIMP value(uint32_t value); + _ASYNCRTIMP value(unsigned value); /// <summary> /// Constructor creating a JSON number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> - _ASYNCRTIMP value(int64_t value); + _ASYNCRTIMP value(long value); /// <summary> /// Constructor creating a JSON number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> - _ASYNCRTIMP value(uint64_t value); + _ASYNCRTIMP value(unsigned long value); + + /// <summary> + /// Constructor creating a JSON number value + /// </summary> + /// <param name="value">The C++ value to create a JSON value from</param> + _ASYNCRTIMP value(long long value); + + /// <summary> + /// Constructor creating a JSON number value + /// </summary> + /// <param name="value">The C++ value to create a JSON value from</param> + _ASYNCRTIMP value(unsigned long long value); /// <summary> /// Constructor creating a JSON number value @@ -222,28 +234,42 @@ /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> /// <returns>A JSON number value</returns> - static _ASYNCRTIMP value __cdecl number(int32_t value); + static _ASYNCRTIMP value __cdecl number(int value); + + /// <summary> + /// Creates a number value + /// </summary> + /// <param name="value">The C++ value to create a JSON value from</param> + /// <returns>A JSON number value</returns> + static _ASYNCRTIMP value __cdecl number(unsigned value); + + /// <summary> + /// Creates a number value + /// </summary> + /// <param name="value">The C++ value to create a JSON value from</param> + /// <returns>A JSON number value</returns> + static _ASYNCRTIMP value __cdecl number(long value); /// <summary> /// Creates a number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> /// <returns>A JSON number value</returns> - static _ASYNCRTIMP value __cdecl number(uint32_t value); + static _ASYNCRTIMP value __cdecl number(unsigned long value); /// <summary> /// Creates a number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> /// <returns>A JSON number value</returns> - static _ASYNCRTIMP value __cdecl number(int64_t value); + static _ASYNCRTIMP value __cdecl number(long long value); /// <summary> /// Creates a number value /// </summary> /// <param name="value">The C++ value to create a JSON value from</param> /// <returns>A JSON number value</returns> - static _ASYNCRTIMP value __cdecl number(uint64_t value); + static _ASYNCRTIMP value __cdecl number(unsigned long long value); /// <summary> /// Creates a Boolean value @@ -1218,10 +1244,12 @@ // convert to unsigned int64). This helps handling number objects e.g. comparing two numbers. number(double value) : m_value(value), m_type(double_type) {} - number(int32_t value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {} - number(uint32_t value) : m_intval(value), m_type(unsigned_type) {} - number(int64_t value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {} - number(uint64_t value) : m_uintval(value), m_type(unsigned_type) {} + number(int value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {} + number(unsigned value) : m_intval(value), m_type(unsigned_type) {} + number(long value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {} + number(unsigned long value) : m_uintval(value), m_type(unsigned_type) {} + number(long long value) : m_intval(value), m_type(value < 0 ? signed_type : unsigned_type) {} + number(unsigned long long value) : m_uintval(value), m_type(unsigned_type) {} public: /// <summary> @@ -1438,10 +1466,12 @@ { public: _Number(double value) : m_number(value) {} - _Number(int32_t value) : m_number(value) {} - _Number(uint32_t value) : m_number(value) {} - _Number(int64_t value) : m_number(value) {} - _Number(uint64_t value) : m_number(value) {} + _Number(int value) : m_number(value) {} + _Number(unsigned value) : m_number(value) {} + _Number(long value) : m_number(value) {} + _Number(unsigned long value) : m_number(value) {} + _Number(long long value) : m_number(value) {} + _Number(unsigned long long value) : m_number(value) {} virtual std::unique_ptr<_Value> _copy_value() { return utility::details::make_unique<_Number>(*this); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/oauth2.h new/cpprestsdk-2.10.19/Release/include/cpprest/oauth2.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/oauth2.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/oauth2.h 2023-12-05 05:23:31.000000000 +0100 @@ -285,6 +285,21 @@ } /// <summary> + /// Fetches an access token from the token endpoint using client credentials grant type. + /// The task creates an HTTP request to the token_endpoint() using + /// client authentication as the authorization grant. + /// See: http://tools.ietf.org/html/rfc6749#section-4.4 + /// </summary> + /// <returns>Task that fetches token(s) using client credentials.</returns> + pplx::task<void> token_from_client_credentials() + { + uri_builder ub; + ub.append_query( + details::oauth2_strings::grant_type, details::oauth2_strings::client_credentials, false); + return _request_token(ub); + } + + /// <summary> /// Returns enabled state of the configuration. /// The oauth2_handler will perform OAuth 2.0 authentication only if /// this method returns true. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/producerconsumerstream.h new/cpprestsdk-2.10.19/Release/include/cpprest/producerconsumerstream.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/producerconsumerstream.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/producerconsumerstream.h 2023-12-05 05:23:31.000000000 +0100 @@ -584,7 +584,7 @@ // If front block is not empty - we are done if (m_blocks.front()->rd_chars_left() > 0) break; - // The block has no more data to be read. Relase the block + // The block has no more data to be read. Release the block m_blocks.pop_front(); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/include/cpprest/version.h new/cpprestsdk-2.10.19/Release/include/cpprest/version.h --- old/cpprestsdk-2.10.18/Release/include/cpprest/version.h 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/include/cpprest/version.h 2023-12-05 05:23:31.000000000 +0100 @@ -5,6 +5,6 @@ */ #define CPPREST_VERSION_MINOR 10 #define CPPREST_VERSION_MAJOR 2 -#define CPPREST_VERSION_REVISION 18 +#define CPPREST_VERSION_REVISION 19 #define CPPREST_VERSION (CPPREST_VERSION_MAJOR * 100000 + CPPREST_VERSION_MINOR * 100 + CPPREST_VERSION_REVISION) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/src/json/json.cpp new/cpprestsdk-2.10.19/Release/src/json/json.cpp --- old/cpprestsdk-2.10.18/Release/src/json/json.cpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/src/json/json.cpp 2023-12-05 05:23:31.000000000 +0100 @@ -38,7 +38,7 @@ { } -web::json::value::value(int32_t value) +web::json::value::value(int value) : m_value(utility::details::make_unique<web::json::details::_Number>(value)) #ifdef ENABLE_JSON_VALUE_VISUALIZER , m_kind(value::Number) @@ -46,7 +46,7 @@ { } -web::json::value::value(uint32_t value) +web::json::value::value(unsigned value) : m_value(utility::details::make_unique<web::json::details::_Number>(value)) #ifdef ENABLE_JSON_VALUE_VISUALIZER , m_kind(value::Number) @@ -54,7 +54,8 @@ { } -web::json::value::value(int64_t value) + +web::json::value::value(long value) : m_value(utility::details::make_unique<web::json::details::_Number>(value)) #ifdef ENABLE_JSON_VALUE_VISUALIZER , m_kind(value::Number) @@ -62,7 +63,23 @@ { } -web::json::value::value(uint64_t value) +web::json::value::value(unsigned long value) + : m_value(utility::details::make_unique<web::json::details::_Number>(value)) +#ifdef ENABLE_JSON_VALUE_VISUALIZER + , m_kind(value::Number) +#endif +{ +} + +web::json::value::value(long long value) + : m_value(utility::details::make_unique<web::json::details::_Number>(value)) +#ifdef ENABLE_JSON_VALUE_VISUALIZER + , m_kind(value::Number) +#endif +{ +} + +web::json::value::value(unsigned long long value) : m_value(utility::details::make_unique<web::json::details::_Number>(value)) #ifdef ENABLE_JSON_VALUE_VISUALIZER , m_kind(value::Number) @@ -162,13 +179,17 @@ web::json::value web::json::value::number(double value) { return web::json::value(value); } -web::json::value web::json::value::number(int32_t value) { return web::json::value(value); } +web::json::value web::json::value::number(int value) { return web::json::value(value); } + +web::json::value web::json::value::number(unsigned value) { return web::json::value(value); } + +web::json::value web::json::value::number(long value) { return web::json::value(value); } -web::json::value web::json::value::number(uint32_t value) { return web::json::value(value); } +web::json::value web::json::value::number(unsigned long value) { return web::json::value(value); } -web::json::value web::json::value::number(int64_t value) { return web::json::value(value); } +web::json::value web::json::value::number(long long value) { return web::json::value(value); } -web::json::value web::json::value::number(uint64_t value) { return web::json::value(value); } +web::json::value web::json::value::number(unsigned long long value) { return web::json::value(value); } web::json::value web::json::value::boolean(bool value) { return web::json::value(value); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/tests/functional/http/client/oauth2_tests.cpp new/cpprestsdk-2.10.19/Release/tests/functional/http/client/oauth2_tests.cpp --- old/cpprestsdk-2.10.18/Release/tests/functional/http/client/oauth2_tests.cpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/tests/functional/http/client/oauth2_tests.cpp 2023-12-05 05:23:31.000000000 +0100 @@ -291,6 +291,74 @@ VERIFY_ARE_EQUAL(U("done"), m_oauth2_config.token().access_token()); } + TEST_FIXTURE(oauth2_test_setup, oauth2_token_from_client_credentials) + { + VERIFY_IS_FALSE(m_oauth2_config.is_enabled()); + + m_oauth2_config.set_user_agent(U("test_user_agent")); + + // Fetch using HTTP Basic authentication. + { + m_scoped.server()->next_request().then([](test_request* request) { + VERIFY_ARE_EQUAL(request->m_method, methods::POST); + + VERIFY_IS_TRUE(is_application_x_www_form_urlencoded(request)); + + VERIFY_ARE_EQUAL( + U("Basic MTIzQUJDOjQ1NkRFRg=="), + request->m_headers[header_names::authorization]); + + VERIFY_ARE_EQUAL( + to_body_data(U("grant_type=client_credentials")), + request->m_body); + + VERIFY_ARE_EQUAL( + U("test_user_agent"), + get_request_user_agent(request)); + + std::map<utility::string_t, utility::string_t> headers; + headers[header_names::content_type] = mime_types::application_json; + request->reply( + status_codes::OK, U(""), headers, "{\"access_token\":\"xyzzy123\",\"token_type\":\"bearer\"}"); + }); + + m_oauth2_config.token_from_client_credentials().wait(); + VERIFY_ARE_EQUAL(U("xyzzy123"), m_oauth2_config.token().access_token()); + VERIFY_IS_TRUE(m_oauth2_config.is_enabled()); + } + + // Fetch using client key & secret in request body (x-www-form-urlencoded). + { + m_scoped.server()->next_request().then([](test_request* request) { + VERIFY_IS_TRUE(is_application_x_www_form_urlencoded(request)); + + VERIFY_ARE_EQUAL(U(""), request->m_headers[header_names::authorization]); + + VERIFY_ARE_EQUAL( + to_body_data(U("grant_type=client_credentials&client_id=123ABC&client_secret=456DEF")), + request->m_body); + + VERIFY_ARE_EQUAL(U("test_user_agent"), get_request_user_agent(request)); + + std::map<utility::string_t, utility::string_t> headers; + headers[header_names::content_type] = mime_types::application_json; + request->reply( + status_codes::OK, U(""), headers, "{\"access_token\":\"xyzzy123\",\"token_type\":\"bearer\"}"); + }); + + m_oauth2_config.set_token(oauth2_token()); // Clear token. + VERIFY_IS_FALSE(m_oauth2_config.is_enabled()); + + m_oauth2_config.set_http_basic_auth(false); + m_oauth2_config.token_from_client_credentials().wait(); + + VERIFY_ARE_EQUAL( + U("xyzzy123"), + m_oauth2_config.token().access_token()); + VERIFY_IS_TRUE(m_oauth2_config.is_enabled()); + } + } + TEST_FIXTURE(oauth2_test_setup, oauth2_bearer_token) { m_oauth2_config.set_token(oauth2_token(U("12345678"))); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/tests/functional/json/construction_tests.cpp new/cpprestsdk-2.10.19/Release/tests/functional/json/construction_tests.cpp --- old/cpprestsdk-2.10.18/Release/tests/functional/json/construction_tests.cpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/tests/functional/json/construction_tests.cpp 2023-12-05 05:23:31.000000000 +0100 @@ -50,6 +50,61 @@ VERIFY_ARE_EQUAL(U("null"), arr[1].serialize()); } + TEST(int_assignment_op) + { + json::value v; + v = static_cast<int>(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + + v = static_cast<unsigned>(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + + v = static_cast<long>(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + + v = static_cast<unsigned long>(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + + v = static_cast<long long >(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + + v = static_cast<unsigned long long>(1); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + TEST(int_ctor) + { + { + json::value v(static_cast<int>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + { + json::value v(static_cast<unsigned>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + { + json::value v(static_cast<long>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + { + json::value v(static_cast<unsigned long>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + { + json::value v(static_cast<long long>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + + { + json::value v(static_cast<unsigned long long>(1)); + VERIFY_ARE_EQUAL(U("1"), v.serialize()); + } + } + TEST(copy_ctor_array) { json::value arr = json::value::array(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/tests/functional/uri/constructor_tests.cpp new/cpprestsdk-2.10.19/Release/tests/functional/uri/constructor_tests.cpp --- old/cpprestsdk-2.10.18/Release/tests/functional/uri/constructor_tests.cpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/tests/functional/uri/constructor_tests.cpp 2023-12-05 05:23:31.000000000 +0100 @@ -24,6 +24,11 @@ { SUITE(constructor_tests) { + TEST(not_really_a_loopback_uri) + { + uri u(uri::encode_uri(U("https://127.evil.com";))); + VERIFY_IS_FALSE(u.is_host_loopback()); + } TEST(parsing_constructor_char) { uri u(uri::encode_uri(U("net.tcp://steve:@testname.com:81/bleh%?qstring#goo"))); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/Release/tests/functional/uri/diagnostic_tests.cpp new/cpprestsdk-2.10.19/Release/tests/functional/uri/diagnostic_tests.cpp --- old/cpprestsdk-2.10.18/Release/tests/functional/uri/diagnostic_tests.cpp 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/Release/tests/functional/uri/diagnostic_tests.cpp 2023-12-05 05:23:31.000000000 +0100 @@ -82,7 +82,7 @@ VERIFY_IS_FALSE(uri(U("http://bleh/?qstring";)).is_host_loopback()); VERIFY_IS_FALSE(uri(U("http://+*/?qstring";)).is_host_loopback()); VERIFY_IS_TRUE(uri(U("http://127.0.0.1/";)).is_host_loopback()); - VERIFY_IS_TRUE(uri(U("http://127.155.0.1/";)).is_host_loopback()); + VERIFY_IS_FALSE(uri(U("http://127.155.0.1/";)).is_host_loopback()); VERIFY_IS_FALSE(uri(U("http://128.0.0.1/";)).is_host_loopback()); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/SECURITY.md new/cpprestsdk-2.10.19/SECURITY.md --- old/cpprestsdk-2.10.18/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/SECURITY.md 2023-12-05 05:23:31.000000000 +0100 @@ -0,0 +1,41 @@ +<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK --> + +## Security + +Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). + +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). + +If you prefer to submit without logging in, send email to [sec...@microsoft.com](mailto:sec...@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. + +## Preferred Languages + +We prefer all communications to be in English. + +## Policy + +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). + +<!-- END MICROSOFT SECURITY.MD BLOCK --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cpprestsdk-2.10.18/changelog.md new/cpprestsdk-2.10.19/changelog.md --- old/cpprestsdk-2.10.18/changelog.md 2021-02-02 05:03:00.000000000 +0100 +++ new/cpprestsdk-2.10.19/changelog.md 2023-12-05 05:23:31.000000000 +0100 @@ -1,3 +1,12 @@ +cpprestsdk (2.10.19) +* PR#1982 make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly. + The old behavior could potentially return "true" for URLs that were not, in fact, local, + and this could cause security issues if is_host_loopback was used in certain ways. +* PR#1711 Fix likely typo in SafeInt3.hpp, that results in error with clang 15 +* PR#1496 Support for oauth2 with "client_credentials" grant type. +* PR#1429 Add constructor from all integer types for json value. +* PR#1577 export http_exception for non Windows builds using visibility macros. + cpprestsdk (2.10.18) * PR#1571 Add ability to parse and emit the NT Epoch 1601-01-01T00:00:00Z * PR#1571 Update vcpkg submodule
