Hello community,
here is the log from the commit of package ghc-http-client for openSUSE:Factory
checked in at 2018-12-06 12:16:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-http-client (Old)
and /work/SRC/openSUSE:Factory/.ghc-http-client.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-http-client"
Thu Dec 6 12:16:25 2018 rev:28 rq:650505 version:0.5.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-http-client/ghc-http-client.changes
2018-10-25 08:26:25.543799845 +0200
+++
/work/SRC/openSUSE:Factory/.ghc-http-client.new.19453/ghc-http-client.changes
2018-12-06 12:16:27.469575156 +0100
@@ -1,0 +2,12 @@
+Mon Nov 19 16:03:02 UTC 2018 - [email protected]
+
+- Update http-client to version 0.5.14.
+ # Changelog for http-client
+
+ ## 0.5.14
+
+ * Omit port for `getUri` when protocol is `http` and port is `80`, or when
+ protocol is `https` and port is `443`
+ * Sending requests with invalid headers now throws InvalidRequestHeader
exception
+
+-------------------------------------------------------------------
Old:
----
http-client-0.5.13.1.tar.gz
New:
----
http-client-0.5.14.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ghc-http-client.spec ++++++
--- /var/tmp/diff_new_pack.kKb2c8/_old 2018-12-06 12:16:28.013574572 +0100
+++ /var/tmp/diff_new_pack.kKb2c8/_new 2018-12-06 12:16:28.013574572 +0100
@@ -19,7 +19,7 @@
%global pkg_name http-client
%bcond_with tests
Name: ghc-%{pkg_name}
-Version: 0.5.13.1
+Version: 0.5.14
Release: 0
Summary: An HTTP client engine
License: MIT
++++++ http-client-0.5.13.1.tar.gz -> http-client-0.5.14.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/ChangeLog.md
new/http-client-0.5.14/ChangeLog.md
--- old/http-client-0.5.13.1/ChangeLog.md 2018-07-01 03:15:33.000000000
+0200
+++ new/http-client-0.5.14/ChangeLog.md 2018-11-19 08:40:08.000000000 +0100
@@ -1,3 +1,11 @@
+# Changelog for http-client
+
+## 0.5.14
+
+* Omit port for `getUri` when protocol is `http` and port is `80`, or when
+ protocol is `https` and port is `443`
+* Sending requests with invalid headers now throws InvalidRequestHeader
exception
+
## 0.5.13.1
* Add a workaround for a cabal bug
[haskell-infra/hackage-trustees#165](https://github.com/haskell-infra/hackage-trustees/issues/165)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/Network/HTTP/Client/Core.hs
new/http-client-0.5.14/Network/HTTP/Client/Core.hs
--- old/http-client-0.5.13.1/Network/HTTP/Client/Core.hs 2018-07-01
03:15:12.000000000 +0200
+++ new/http-client-0.5.14/Network/HTTP/Client/Core.hs 2018-11-19
06:27:06.000000000 +0100
@@ -17,6 +17,7 @@
import Network.HTTP.Types
import Network.HTTP.Client.Manager
import Network.HTTP.Client.Types
+import Network.HTTP.Client.Headers
import Network.HTTP.Client.Body
import Network.HTTP.Client.Request
import Network.HTTP.Client.Response
@@ -190,6 +191,9 @@
-- Since 0.1.0
responseOpen :: Request -> Manager -> IO (Response BodyReader)
responseOpen inputReq manager' = do
+ case validateHeaders (requestHeaders inputReq) of
+ GoodHeaders -> return ()
+ BadHeaders reason -> throwHttp $ InvalidRequestHeader reason
(manager, req0) <- getModifiedRequestManager manager' inputReq
wrapExc req0 $ mWrapException manager req0 $ do
(req, res) <- go manager (redirectCount req0) req0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/Network/HTTP/Client/Headers.hs
new/http-client-0.5.14/Network/HTTP/Client/Headers.hs
--- old/http-client-0.5.13.1/Network/HTTP/Client/Headers.hs 2018-04-09
15:40:11.000000000 +0200
+++ new/http-client-0.5.14/Network/HTTP/Client/Headers.hs 2018-11-19
06:27:06.000000000 +0100
@@ -3,6 +3,8 @@
{-# LANGUAGE ViewPatterns #-}
module Network.HTTP.Client.Headers
( parseStatusHeaders
+ , validateHeaders
+ , HeadersValidationResult (..)
) where
import Control.Applicative as A ((<$>), (<*>))
@@ -10,6 +12,9 @@
import qualified Data.ByteString as S
import qualified Data.ByteString.Char8 as S8
import qualified Data.CaseInsensitive as CI
+import Data.Char (ord)
+import Data.Maybe (mapMaybe)
+import Data.Monoid
import Network.HTTP.Client.Connection
import Network.HTTP.Client.Types
import System.Timeout (timeout)
@@ -94,3 +99,17 @@
return (CI.mk $! strip key, strip $! S.drop 1 bs2)
strip = S.dropWhile (== charSpace) . fst . S.spanEnd (== charSpace)
+
+data HeadersValidationResult
+ = GoodHeaders
+ | BadHeaders S.ByteString -- contains a message with the reason
+
+validateHeaders :: RequestHeaders -> HeadersValidationResult
+validateHeaders headers =
+ case mapMaybe validateHeader headers of
+ [] -> GoodHeaders
+ reasons -> BadHeaders (S8.unlines reasons)
+ where
+ validateHeader (k, v)
+ | S8.elem '\n' v = Just ("Header " <> CI.original k <> " has newlines")
+ | True = Nothing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/Network/HTTP/Client/Request.hs
new/http-client-0.5.14/Network/HTTP/Client/Request.hs
--- old/http-client-0.5.13.1/Network/HTTP/Client/Request.hs 2018-07-01
03:15:12.000000000 +0200
+++ new/http-client-0.5.14/Network/HTTP/Client/Request.hs 2018-11-19
06:27:06.000000000 +0100
@@ -192,7 +192,7 @@
, uriAuthority = Just URIAuth
{ uriUserInfo = ""
, uriRegName = S8.unpack $ host req
- , uriPort = ':' : show (port req)
+ , uriPort = port'
}
, uriPath = S8.unpack $ path req
, uriQuery =
@@ -201,6 +201,11 @@
_ -> S8.unpack $ queryString req
, uriFragment = ""
}
+ where
+ port'
+ | secure req && (port req) == 443 = ""
+ | not (secure req) && (port req) == 80 = ""
+ | otherwise = ':' : show (port req)
applyAnyUriBasedAuth :: URI -> Request -> Request
applyAnyUriBasedAuth uri req =
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/Network/HTTP/Client/Types.hs
new/http-client-0.5.14/Network/HTTP/Client/Types.hs
--- old/http-client-0.5.13.1/Network/HTTP/Client/Types.hs 2018-07-01
03:15:12.000000000 +0200
+++ new/http-client-0.5.14/Network/HTTP/Client/Types.hs 2018-11-19
06:27:06.000000000 +0100
@@ -168,6 +168,10 @@
-- ^ The given response header line could not be parsed
--
-- @since 0.5.0
+ | InvalidRequestHeader S.ByteString
+ -- ^ The given request header is not compliant (e.g. has
newlines)
+ --
+ -- @since 0.5.14
| InternalException SomeException
-- ^ An exception was raised by an underlying library when
-- performing the request. Most often, this is caused by a
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/http-client-0.5.13.1/http-client.cabal
new/http-client-0.5.14/http-client.cabal
--- old/http-client-0.5.13.1/http-client.cabal 2018-07-01 03:15:46.000000000
+0200
+++ new/http-client-0.5.14/http-client.cabal 2018-11-19 06:27:06.000000000
+0100
@@ -1,5 +1,5 @@
name: http-client
-version: 0.5.13.1
+version: 0.5.14
synopsis: An HTTP client engine
description: Hackage documentation generation is not reliable. For up
to date documentation, please see:
<http://www.stackage.org/package/http-client>.
homepage: https://github.com/snoyberg/http-client
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/http-client-0.5.13.1/test-nonet/Network/HTTP/Client/RequestSpec.hs
new/http-client-0.5.14/test-nonet/Network/HTTP/Client/RequestSpec.hs
--- old/http-client-0.5.13.1/test-nonet/Network/HTTP/Client/RequestSpec.hs
2018-03-26 12:24:22.000000000 +0200
+++ new/http-client-0.5.14/test-nonet/Network/HTTP/Client/RequestSpec.hs
2018-11-19 06:27:06.000000000 +0100
@@ -54,6 +54,25 @@
field `shouldSatisfy` isJust
field `shouldBe` Just "Basic dXNlcjpwYXNz"
+ describe "getUri" $ do
+ context "when protocol is http and port is 80" $ do
+ it "omits port" $ do
+ let url = "http://example.com/";
+ request <- parseRequest url
+ show (getUri request) `shouldBe` url
+
+ context "when protocol is https and port is 443" $ do
+ it "omits port" $ do
+ let url = "https://example.com/";
+ request <- parseRequest url
+ show (getUri request) `shouldBe` url
+
+ context "when protocol is https and port is 80" $ do
+ it "does not omit port" $ do
+ let url = "https://example.com:80/";
+ request <- parseRequest url
+ show (getUri request) `shouldBe` url
+
describe "Show Request" $
it "redacts authorization header content" $ do
let request = defaultRequest { requestHeaders = [("Authorization",
"secret")] }
