commit ghc-http-client for openSUSE:Factory

root Sun, 24 Feb 2019 08:20:11 -0800

Hello community,

here is the log from the commit of package ghc-http-client for openSUSE:Factory 
checked in at 2019-02-24 17:18:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ghc-http-client (Old)
 and      /work/SRC/openSUSE:Factory/.ghc-http-client.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "ghc-http-client"

Sun Feb 24 17:18:40 2019 rev:30 rq:678028 version:0.6.1.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/ghc-http-client/ghc-http-client.changes  
2019-01-25 22:43:23.187226637 +0100
+++ 
/work/SRC/openSUSE:Factory/.ghc-http-client.new.28833/ghc-http-client.changes   
    2019-02-24 17:18:42.812415141 +0100
@@ -1,0 +2,8 @@
+Thu Feb 21 07:46:57 UTC 2019 - [email protected]
+
+- Update http-client to version 0.6.1.1.
+  ## 0.6.1.1
+
+  * Ensure that `Int` parsing doesn't overflow 
[#383](https://github.com/snoyberg/http-client/issues/383)
+
+-------------------------------------------------------------------

Old:
----
  http-client-0.6.1.tar.gz

New:
----
  http-client-0.6.1.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ghc-http-client.spec ++++++
--- /var/tmp/diff_new_pack.GjoMoP/_old  2019-02-24 17:18:43.296415056 +0100
+++ /var/tmp/diff_new_pack.GjoMoP/_new  2019-02-24 17:18:43.296415056 +0100
@@ -19,7 +19,7 @@
 %global pkg_name http-client
 %bcond_with tests
 Name:           ghc-%{pkg_name}
-Version:        0.6.1
+Version:        0.6.1.1
 Release:        0
 Summary:        An HTTP client engine
 License:        MIT

++++++ http-client-0.6.1.tar.gz -> http-client-0.6.1.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/ChangeLog.md 
new/http-client-0.6.1.1/ChangeLog.md
--- old/http-client-0.6.1/ChangeLog.md  2019-01-14 09:10:16.000000000 +0100
+++ new/http-client-0.6.1.1/ChangeLog.md        2019-02-20 10:37:43.000000000 
+0100
@@ -1,5 +1,9 @@
 # Changelog for http-client
 
+## 0.6.1.1
+
+* Ensure that `Int` parsing doesn't overflow 
[#383](https://github.com/snoyberg/http-client/issues/383)
+
 ## 0.6.1
 
 * Add `setUriEither` to `Network.HTTP.Client.Internal`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/Network/HTTP/Client/Request.hs 
new/http-client-0.6.1.1/Network/HTTP/Client/Request.hs
--- old/http-client-0.6.1/Network/HTTP/Client/Request.hs        2019-01-14 
09:10:16.000000000 +0100
+++ new/http-client-0.6.1.1/Network/HTTP/Client/Request.hs      2019-02-20 
10:34:27.000000000 +0100
@@ -263,7 +263,7 @@
             ':':rest -> maybe
                 (Left "Invalid port")
                 return
-                (readDec rest)
+                (readPositiveInt rest)
             -- Otherwise, use the default port
             _ -> case sec of
                     False {- HTTP -} -> return 80
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/Network/HTTP/Client/Response.hs 
new/http-client-0.6.1.1/Network/HTTP/Client/Response.hs
--- old/http-client-0.6.1/Network/HTTP/Client/Response.hs       2018-04-15 
08:19:48.000000000 +0200
+++ new/http-client-0.6.1.1/Network/HTTP/Client/Response.hs     2019-02-20 
10:34:44.000000000 +0100
@@ -87,7 +87,7 @@
 getResponse timeout' req@(Request {..}) mconn cont = do
     let conn = managedResource mconn
     StatusHeaders s version hs <- parseStatusHeaders conn timeout' cont
-    let mcl = lookup "content-length" hs >>= readDec . S8.unpack
+    let mcl = lookup "content-length" hs >>= readPositiveInt . S8.unpack
         isChunked = ("transfer-encoding", CI.mk "chunked") `elem` map (second 
CI.mk) hs
 
         -- should we put this connection back into the connection manager?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/Network/HTTP/Client/Util.hs 
new/http-client-0.6.1.1/Network/HTTP/Client/Util.hs
--- old/http-client-0.6.1/Network/HTTP/Client/Util.hs   2018-04-09 
15:40:11.000000000 +0200
+++ new/http-client-0.6.1.1/Network/HTTP/Client/Util.hs 2019-02-20 
10:37:06.000000000 +0100
@@ -1,15 +1,15 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 module Network.HTTP.Client.Util
-    ( readDec
+    ( readPositiveInt
     ) where
 
-import qualified Data.Text as T
-import qualified Data.Text.Read
+import Text.Read (readMaybe)
+import Control.Monad (guard)
 
-readDec :: Integral i => String -> Maybe i
-readDec s =
-    case Data.Text.Read.decimal $ T.pack s of
-        Right (i, t)
-            | T.null t -> Just i
-        _ -> Nothing
+-- | Read a positive 'Int', accounting for overflow
+readPositiveInt :: String -> Maybe Int
+readPositiveInt s = do
+  i <- readMaybe s
+  guard $ i >= 0
+  Just i
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/Network/HTTP/Client.hs 
new/http-client-0.6.1.1/Network/HTTP/Client.hs
--- old/http-client-0.6.1/Network/HTTP/Client.hs        2018-07-01 
03:15:12.000000000 +0200
+++ new/http-client-0.6.1.1/Network/HTTP/Client.hs      2019-02-20 
10:21:29.000000000 +0100
@@ -40,7 +40,7 @@
 -- application which will make a large number of requests to different hosts,
 -- and will never make more than one connection to a single host, then sharing
 -- a 'Manager' will result in idle connections being kept open longer than
--- necessary. In such a situation, it makes sense to use 'withManager' around
+-- necessary. In such a situation, it makes sense to use 'newManager' before
 -- each new request, to avoid running out of file descriptors. (Note that the
 -- 'managerIdleConnectionCount' setting mitigates the risk of leaking too many
 -- file descriptors.)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/http-client-0.6.1/http-client.cabal 
new/http-client-0.6.1.1/http-client.cabal
--- old/http-client-0.6.1/http-client.cabal     2019-01-14 09:10:16.000000000 
+0100
+++ new/http-client-0.6.1.1/http-client.cabal   2019-02-20 10:37:17.000000000 
+0100
@@ -1,5 +1,5 @@
 name:                http-client
-version:             0.6.1
+version:             0.6.1.1
 synopsis:            An HTTP client engine
 description:         Hackage documentation generation is not reliable. For up 
to date documentation, please see: 
<http://www.stackage.org/package/http-client>.
 homepage:            https://github.com/snoyberg/http-client
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/http-client-0.6.1/test-nonet/Network/HTTP/ClientSpec.hs 
new/http-client-0.6.1.1/test-nonet/Network/HTTP/ClientSpec.hs
--- old/http-client-0.6.1/test-nonet/Network/HTTP/ClientSpec.hs 2018-03-04 
18:07:33.000000000 +0100
+++ new/http-client-0.6.1.1/test-nonet/Network/HTTP/ClientSpec.hs       
2019-02-20 10:24:08.000000000 +0100
@@ -254,3 +254,8 @@
         ok <- readIORef okRef
         unless ok $
           throwIO (ErrorCall "already closed")
+
+    it "does not allow port overflow #383" $ do
+      case parseRequest "https://o_O:18446744072699450606"; of
+        Left _ -> pure () :: IO ()
+        Right req -> error $ "Invalid request: " ++ show req

commit ghc-http-client for openSUSE:Factory

Reply via email to