Hello community,
here is the log from the commit of package rubygem-em-websocket for
openSUSE:Factory checked in at 2020-10-05 19:31:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-em-websocket (Old)
and /work/SRC/openSUSE:Factory/.rubygem-em-websocket.new.4249 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-em-websocket"
Mon Oct 5 19:31:10 2020 rev:2 rq:838032 version:0.5.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-em-websocket/rubygem-em-websocket.changes
2018-02-10 18:00:15.303597338 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-em-websocket.new.4249/rubygem-em-websocket.changes
2020-10-05 19:31:14.672725776 +0200
@@ -1,0 +2,7 @@
+Fri Sep 25 13:54:21 UTC 2020 - Stephan Kulow <co...@suse.com>
+
+updated to version 0.5.2
+ see installed CHANGELOG.rdoc
+
+
+-------------------------------------------------------------------
Old:
----
em-websocket-0.5.1.gem
New:
----
em-websocket-0.5.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-em-websocket.spec ++++++
--- /var/tmp/diff_new_pack.I8rYKa/_old 2020-10-05 19:31:15.248728205 +0200
+++ /var/tmp/diff_new_pack.I8rYKa/_new 2020-10-05 19:31:15.252728221 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-em-websocket
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,8 +12,10 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+
+
#
# This file was generated with a gem2rpm.yml and not just plain gem2rpm.
# All sections marked as MANUAL, license headers, summaries and descriptions
@@ -22,19 +24,19 @@
#
Name: rubygem-em-websocket
-Version: 0.5.1
+Version: 0.5.2
Release: 0
%define mod_name em-websocket
%define mod_full_name %{mod_name}-%{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: ruby-macros >= 5
-BuildRequires: %{ruby}
BuildRequires: %{rubygem gem2rpm}
-Url: http://github.com/igrigorik/em-websocket
-Source: http://rubygems.org/gems/%{mod_full_name}.gem
+BuildRequires: %{ruby}
+BuildRequires: ruby-macros >= 5
+URL: http://github.com/igrigorik/em-websocket
+Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: EventMachine based WebSocket server
-License: X11
+License: MIT
Group: Development/Languages/Ruby
%description
@@ -46,7 +48,7 @@
%install
%gem_install \
- --doc-files="CHANGELOG.rdoc README.md" \
+ --doc-files="CHANGELOG.rdoc LICENCE README.md" \
-f
%gem_packages
++++++ em-websocket-0.5.1.gem -> em-websocket-0.5.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2014-04-23 19:15:54.000000000 +0200
+++ new/Gemfile 2020-09-24 00:06:41.000000000 +0200
@@ -5,5 +5,5 @@
gem "em-websocket-client", git:
"g...@github.com:movitto/em-websocket-client.git", branch:
"expose-websocket-api"
gem "em-spec", "~> 0.2.6"
gem "em-http-request", "~> 1.1.1"
-gem "rspec", "~> 2.12.0"
+gem "rspec", "~> 3.5.0"
gem "rake"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/LICENCE new/LICENCE
--- old/LICENCE 1970-01-01 01:00:00.000000000 +0100
+++ new/LICENCE 2020-09-24 00:06:41.000000000 +0200
@@ -0,0 +1,7 @@
+Copyright (c) 2009-2014 Ilya Grigorik, Martyn Loughran
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2014-04-23 19:15:54.000000000 +0200
+++ new/README.md 2020-09-24 00:06:41.000000000 +0200
@@ -73,7 +73,7 @@
## Secure server
-It is possible to accept secure `wss://` connections by passing `:secure =>
true` when opening the connection. Pass a `:tls_options` hash containing keys
as described in
http://eventmachine.rubyforge.org/EventMachine/Connection.html#start_tls-instance_method
+It is possible to accept secure `wss://` connections by passing `:secure =>
true` when opening the connection. Pass a `:tls_options` hash containing keys
as described in
http://www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:start_tls
**Warning**: Safari 5 does not currently support prompting on untrusted SSL
certificates therefore using a self signed certificate may leave you scratching
your head.
@@ -140,7 +140,3 @@
* [Twitter AMQP WebSocket
Example](http://github.com/rubenfonseca/twitter-amqp-websocket-example)
* examples/multicast.rb - broadcast all ruby tweets to all subscribers
* examples/echo.rb - server <> client exchange via a websocket
-
-# License
-
-The MIT License - Copyright (c) 2009-2013 Ilya Grigorik, Martyn Loughran
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/em-websocket.gemspec new/em-websocket.gemspec
--- old/em-websocket.gemspec 2014-04-23 19:15:54.000000000 +0200
+++ new/em-websocket.gemspec 2020-09-24 00:06:41.000000000 +0200
@@ -11,8 +11,7 @@
s.homepage = "http://github.com/igrigorik/em-websocket";
s.summary = %q{EventMachine based WebSocket server}
s.description = %q{EventMachine based WebSocket server}
-
- s.rubyforge_project = "em-websocket"
+ s.license = 'MIT'
s.files = `git ls-files`.split("\n")
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/em-websocket/connection.rb
new/lib/em-websocket/connection.rb
--- old/lib/em-websocket/connection.rb 2014-04-23 19:15:54.000000000 +0200
+++ new/lib/em-websocket/connection.rb 2020-09-24 00:06:41.000000000 +0200
@@ -45,6 +45,7 @@
@secure_proxy = options[:secure_proxy] || false
@tls_options = options[:tls_options] || {}
@close_timeout = options[:close_timeout]
+ @outbound_limit = options[:outbound_limit] || 0
@handler = nil
@@ -88,6 +89,16 @@
trigger_on_error(e) || raise(e)
end
+ def send_data(data)
+ if @outbound_limit > 0 &&
+ get_outbound_data_size + data.bytesize > @outbound_limit
+ abort(:outbound_limit_reached)
+ return 0
+ end
+
+ super(data)
+ end
+
def unbind
debug [:unbind, :connection]
@@ -99,7 +110,9 @@
end
def dispatch(data)
- if data.match(/\A<policy-file-request\s*\/>/)
+ if data.match(%r|^GET /healthcheck|)
+ send_healthcheck_response
+ elsif data.match(/\A<policy-file-request\s*\/>/)
send_flash_cross_domain_file
else
@handshake ||= begin
@@ -118,7 +131,7 @@
debug [:error, e]
trigger_on_error(e)
# Handshake errors require the connection to be aborted
- abort
+ abort(:handshake_error)
}
handshake
@@ -128,6 +141,23 @@
end
end
+ def send_healthcheck_response
+ debug [:healthcheck, 'OK']
+
+ healthcheck_res = ["HTTP/1.1 200 OK"]
+ healthcheck_res << "Content-Type: text/plain"
+ healthcheck_res << "Content-Length: 2"
+
+ healthcheck_res = healthcheck_res.join("\r\n") + "\r\n\r\nOK"
+
+ send_data healthcheck_res
+
+ # handle the healthcheck request transparently
+ # no need to notify the user about this connection
+ @onclose = nil
+ close_connection_after_writing
+ end
+
def send_flash_cross_domain_file
file = '<?xml version="1.0"?><cross-domain-policy><allow-access-from
domain="*" to-ports="*"/></cross-domain-policy>'
debug [:cross_domain, file]
@@ -236,6 +266,11 @@
@handler ? @handler.state : :handshake
end
+ # Returns the IP address for the remote peer
+ def remote_ip
+ get_peername[2,6].unpack('nC4')[1..4].join('.')
+ end
+
# Returns the maximum frame size which this connection is configured to
# accept. This can be set globally or on a per connection basis, and
# defaults to a value of 10MB if not set.
@@ -256,7 +291,8 @@
# As definited in draft 06 7.2.2, some failures require that the server
# abort the websocket connection rather than close cleanly
- def abort
+ def abort(reason)
+ debug [:abort, reason]
close_connection
end
@@ -266,7 +302,7 @@
@handler.close_websocket(code, body)
else
# The handshake hasn't completed - should be safe to terminate
- abort
+ abort(:handshake_incomplete)
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/em-websocket/handshake04.rb
new/lib/em-websocket/handshake04.rb
--- old/lib/em-websocket/handshake04.rb 2014-04-23 19:15:54.000000000 +0200
+++ new/lib/em-websocket/handshake04.rb 2020-09-24 00:06:41.000000000 +0200
@@ -17,12 +17,21 @@
upgrade << "Upgrade: websocket"
upgrade << "Connection: Upgrade"
upgrade << "Sec-WebSocket-Accept: #{signature}"
+ if protocol = headers['sec-websocket-protocol']
+ validate_protocol!(protocol)
+ upgrade << "Sec-WebSocket-Protocol: #{protocol}"
+ end
- # TODO: Support sec-websocket-protocol
+ # TODO: Support sec-websocket-protocol selection
# TODO: sec-websocket-extensions
return upgrade.join("\r\n") + "\r\n\r\n"
end
+
+ def self.validate_protocol!(protocol)
+ raise HandshakeError, "Invalid WebSocket-Protocol: empty" if
protocol.empty?
+ # TODO: Validate characters
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/em-websocket/handshake75.rb
new/lib/em-websocket/handshake75.rb
--- old/lib/em-websocket/handshake75.rb 2014-04-23 19:15:54.000000000 +0200
+++ new/lib/em-websocket/handshake75.rb 2020-09-24 00:06:41.000000000 +0200
@@ -9,10 +9,20 @@
upgrade << "Upgrade: WebSocket\r\n"
upgrade << "Connection: Upgrade\r\n"
upgrade << "WebSocket-Origin: #{headers['origin']}\r\n"
- upgrade << "WebSocket-Location: #{location}\r\n\r\n"
+ upgrade << "WebSocket-Location: #{location}\r\n"
+ if protocol = headers['sec-websocket-protocol']
+ validate_protocol!(protocol)
+ upgrade << "Sec-WebSocket-Protocol: #{protocol}\r\n"
+ end
+ upgrade << "\r\n"
return upgrade
end
+
+ def self.validate_protocol!(protocol)
+ raise HandshakeError, "Invalid WebSocket-Protocol: empty" if
protocol.empty?
+ # TODO: Validate characters
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/em-websocket/message_processor_06.rb
new/lib/em-websocket/message_processor_06.rb
--- old/lib/em-websocket/message_processor_06.rb 2014-04-23
19:15:54.000000000 +0200
+++ new/lib/em-websocket/message_processor_06.rb 2020-09-24
00:06:41.000000000 +0200
@@ -37,8 +37,22 @@
@connection.close_connection_after_writing
end
when :ping
- # Pong back the same data
- send_frame(:pong, application_data)
+ # There are a couple of protections here against malicious/broken
WebSocket abusing ping frames.
+ #
+ # 1. Delay 200ms before replying. This reduces the number of pings
from WebSocket clients behaving as
+ # `for (;;) { send_ping(conn); rcv_pong(conn); }`. The spec says
we "SHOULD respond with Pong frame as soon
+ # as is practical".
+ # 2. Reply at most every 200ms. This reduces the number of pong
frames sent to WebSocket clients behaving as
+ # `for (;;) { send_ping(conn); }`. The spec says "If an endpoint
receives a Ping frame and has not yet sent
+ # Pong frame(s) in response to previous Ping frame(s), the
endpoint MAY elect to send a Pong frame for only
+ # the most recently processed Ping frame."
+ @most_recent_pong_application_data = application_data
+ if @pong_timer == nil then
+ @pong_timer = EventMachine.add_timer(0.2) do
+ @pong_timer = nil
+ send_frame(:pong, @most_recent_pong_application_data)
+ end
+ end
@connection.trigger_on_ping(application_data)
when :pong
@connection.trigger_on_pong(application_data)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/em-websocket/version.rb
new/lib/em-websocket/version.rb
--- old/lib/em-websocket/version.rb 2014-04-23 19:15:54.000000000 +0200
+++ new/lib/em-websocket/version.rb 2020-09-24 00:06:41.000000000 +0200
@@ -1,5 +1,5 @@
module EventMachine
module Websocket
- VERSION = "0.5.1"
+ VERSION = "0.5.2"
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2014-04-23 19:15:54.000000000 +0200
+++ new/metadata 2020-09-24 00:06:41.000000000 +0200
@@ -1,15 +1,15 @@
--- !ruby/object:Gem::Specification
name: em-websocket
version: !ruby/object:Gem::Version
- version: 0.5.1
+ version: 0.5.2
platform: ruby
authors:
- Ilya Grigorik
- Martyn Loughran
-autorequire:
+autorequire:
bindir: bin
cert_chain: []
-date: 2014-04-23 00:00:00.000000000 Z
+date: 2020-09-23 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: eventmachine
@@ -50,6 +50,7 @@
- ".gitignore"
- CHANGELOG.rdoc
- Gemfile
+- LICENCE
- README.md
- Rakefile
- em-websocket.gemspec
@@ -101,9 +102,10 @@
- spec/unit/handshake_spec.rb
- spec/unit/masking_spec.rb
homepage: http://github.com/igrigorik/em-websocket
-licenses: []
+licenses:
+- MIT
metadata: {}
-post_install_message:
+post_install_message:
rdoc_options: []
require_paths:
- lib
@@ -118,9 +120,8 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubyforge_project: em-websocket
-rubygems_version: 2.2.2
-signing_key:
+rubygems_version: 3.0.3
+signing_key:
specification_version: 4
summary: EventMachine based WebSocket server
test_files:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/integration/common_spec.rb
new/spec/integration/common_spec.rb
--- old/spec/integration/common_spec.rb 2014-04-23 19:15:54.000000000 +0200
+++ new/spec/integration/common_spec.rb 2020-09-24 00:06:41.000000000 +0200
@@ -108,4 +108,31 @@
end
}
end
+
+ context "outbound limit set" do
+ it "should close the connection if the limit is reached" do
+ em {
+ start_server(:outbound_limit => 150) do |ws|
+ # Increase the message size by one on each loop
+ ws.onmessage{|msg| ws.send(msg + "x") }
+ ws.onclose{|status|
+ status[:code].should == 1006 # Unclean
+ status[:was_clean].should be false
+ }
+ end
+
+ EM.add_timer(0.1) do
+ ws = EventMachine::WebSocketClient.connect('ws://127.0.0.1:12345/')
+ ws.callback { ws.send_msg "hello" }
+ ws.disconnect { done } # Server closed the connection
+ ws.stream { |msg|
+ # minus frame size ? (getting 146 max here)
+ msg.data.size.should <= 150
+ # Return back the message
+ ws.send_msg(msg.data)
+ }
+ end
+ }
+ end
+ end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/integration/draft06_spec.rb
new/spec/integration/draft06_spec.rb
--- old/spec/integration/draft06_spec.rb 2014-04-23 19:15:54.000000000
+0200
+++ new/spec/integration/draft06_spec.rb 2020-09-24 00:06:41.000000000
+0200
@@ -26,6 +26,7 @@
"Upgrade" => "websocket",
"Connection" => "Upgrade",
"Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=",
+ "Sec-WebSocket-Protocol" => "sample",
}
}
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/integration/draft13_spec.rb
new/spec/integration/draft13_spec.rb
--- old/spec/integration/draft13_spec.rb 2014-04-23 19:15:54.000000000
+0200
+++ new/spec/integration/draft13_spec.rb 2020-09-24 00:06:41.000000000
+0200
@@ -28,6 +28,7 @@
"Upgrade" => "websocket",
"Connection" => "Upgrade",
"Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=",
+ "Sec-WebSocket-Protocol" => "sample",
}
}
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/integration/shared_examples.rb
new/spec/integration/shared_examples.rb
--- old/spec/integration/shared_examples.rb 2014-04-23 19:15:54.000000000
+0200
+++ new/spec/integration/shared_examples.rb 2020-09-24 00:06:41.000000000
+0200
@@ -29,6 +29,19 @@
}
end
+ it "should expose the remote IP address" do
+ em {
+ start_server { |ws|
+ ws.onopen {
+ ws.remote_ip.should == "127.0.0.1"
+ done
+ }
+ }
+
+ start_client
+ }
+ end
+
it "should send messages successfully" do
em {
start_server { |ws|
