Hello community, here is the log from the commit of package rubygem-em-websocket for openSUSE:Factory checked in at 2020-10-05 19:31:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-em-websocket (Old) and /work/SRC/openSUSE:Factory/.rubygem-em-websocket.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-em-websocket" Mon Oct 5 19:31:10 2020 rev:2 rq:838032 version:0.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-em-websocket/rubygem-em-websocket.changes 2018-02-10 18:00:15.303597338 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-em-websocket.new.4249/rubygem-em-websocket.changes 2020-10-05 19:31:14.672725776 +0200 @@ -1,0 +2,7 @@ +Fri Sep 25 13:54:21 UTC 2020 - Stephan Kulow <co...@suse.com> + +updated to version 0.5.2 + see installed CHANGELOG.rdoc + + +------------------------------------------------------------------- Old: ---- em-websocket-0.5.1.gem New: ---- em-websocket-0.5.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-em-websocket.spec ++++++ --- /var/tmp/diff_new_pack.I8rYKa/_old 2020-10-05 19:31:15.248728205 +0200 +++ /var/tmp/diff_new_pack.I8rYKa/_new 2020-10-05 19:31:15.252728221 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-em-websocket # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,8 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + + # # This file was generated with a gem2rpm.yml and not just plain gem2rpm. # All sections marked as MANUAL, license headers, summaries and descriptions @@ -22,19 +24,19 @@ # Name: rubygem-em-websocket -Version: 0.5.1 +Version: 0.5.2 Release: 0 %define mod_name em-websocket %define mod_full_name %{mod_name}-%{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 -BuildRequires: %{ruby} BuildRequires: %{rubygem gem2rpm} -Url: http://github.com/igrigorik/em-websocket -Source: http://rubygems.org/gems/%{mod_full_name}.gem +BuildRequires: %{ruby} +BuildRequires: ruby-macros >= 5 +URL: http://github.com/igrigorik/em-websocket +Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml Summary: EventMachine based WebSocket server -License: X11 +License: MIT Group: Development/Languages/Ruby %description @@ -46,7 +48,7 @@ %install %gem_install \ - --doc-files="CHANGELOG.rdoc README.md" \ + --doc-files="CHANGELOG.rdoc LICENCE README.md" \ -f %gem_packages ++++++ em-websocket-0.5.1.gem -> em-websocket-0.5.2.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2014-04-23 19:15:54.000000000 +0200 +++ new/Gemfile 2020-09-24 00:06:41.000000000 +0200 @@ -5,5 +5,5 @@ gem "em-websocket-client", git: "g...@github.com:movitto/em-websocket-client.git", branch: "expose-websocket-api" gem "em-spec", "~> 0.2.6" gem "em-http-request", "~> 1.1.1" -gem "rspec", "~> 2.12.0" +gem "rspec", "~> 3.5.0" gem "rake" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/LICENCE new/LICENCE --- old/LICENCE 1970-01-01 01:00:00.000000000 +0100 +++ new/LICENCE 2020-09-24 00:06:41.000000000 +0200 @@ -0,0 +1,7 @@ +Copyright (c) 2009-2014 Ilya Grigorik, Martyn Loughran + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2014-04-23 19:15:54.000000000 +0200 +++ new/README.md 2020-09-24 00:06:41.000000000 +0200 @@ -73,7 +73,7 @@ ## Secure server -It is possible to accept secure `wss://` connections by passing `:secure => true` when opening the connection. Pass a `:tls_options` hash containing keys as described in http://eventmachine.rubyforge.org/EventMachine/Connection.html#start_tls-instance_method +It is possible to accept secure `wss://` connections by passing `:secure => true` when opening the connection. Pass a `:tls_options` hash containing keys as described in http://www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:start_tls **Warning**: Safari 5 does not currently support prompting on untrusted SSL certificates therefore using a self signed certificate may leave you scratching your head. @@ -140,7 +140,3 @@ * [Twitter AMQP WebSocket Example](http://github.com/rubenfonseca/twitter-amqp-websocket-example) * examples/multicast.rb - broadcast all ruby tweets to all subscribers * examples/echo.rb - server <> client exchange via a websocket - -# License - -The MIT License - Copyright (c) 2009-2013 Ilya Grigorik, Martyn Loughran Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/em-websocket.gemspec new/em-websocket.gemspec --- old/em-websocket.gemspec 2014-04-23 19:15:54.000000000 +0200 +++ new/em-websocket.gemspec 2020-09-24 00:06:41.000000000 +0200 @@ -11,8 +11,7 @@ s.homepage = "http://github.com/igrigorik/em-websocket" s.summary = %q{EventMachine based WebSocket server} s.description = %q{EventMachine based WebSocket server} - - s.rubyforge_project = "em-websocket" + s.license = 'MIT' s.files = `git ls-files`.split("\n") s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/em-websocket/connection.rb new/lib/em-websocket/connection.rb --- old/lib/em-websocket/connection.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/lib/em-websocket/connection.rb 2020-09-24 00:06:41.000000000 +0200 @@ -45,6 +45,7 @@ @secure_proxy = options[:secure_proxy] || false @tls_options = options[:tls_options] || {} @close_timeout = options[:close_timeout] + @outbound_limit = options[:outbound_limit] || 0 @handler = nil @@ -88,6 +89,16 @@ trigger_on_error(e) || raise(e) end + def send_data(data) + if @outbound_limit > 0 && + get_outbound_data_size + data.bytesize > @outbound_limit + abort(:outbound_limit_reached) + return 0 + end + + super(data) + end + def unbind debug [:unbind, :connection] @@ -99,7 +110,9 @@ end def dispatch(data) - if data.match(/\A<policy-file-request\s*\/>/) + if data.match(%r|^GET /healthcheck|) + send_healthcheck_response + elsif data.match(/\A<policy-file-request\s*\/>/) send_flash_cross_domain_file else @handshake ||= begin @@ -118,7 +131,7 @@ debug [:error, e] trigger_on_error(e) # Handshake errors require the connection to be aborted - abort + abort(:handshake_error) } handshake @@ -128,6 +141,23 @@ end end + def send_healthcheck_response + debug [:healthcheck, 'OK'] + + healthcheck_res = ["HTTP/1.1 200 OK"] + healthcheck_res << "Content-Type: text/plain" + healthcheck_res << "Content-Length: 2" + + healthcheck_res = healthcheck_res.join("\r\n") + "\r\n\r\nOK" + + send_data healthcheck_res + + # handle the healthcheck request transparently + # no need to notify the user about this connection + @onclose = nil + close_connection_after_writing + end + def send_flash_cross_domain_file file = '<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" to-ports="*"/></cross-domain-policy>' debug [:cross_domain, file] @@ -236,6 +266,11 @@ @handler ? @handler.state : :handshake end + # Returns the IP address for the remote peer + def remote_ip + get_peername[2,6].unpack('nC4')[1..4].join('.') + end + # Returns the maximum frame size which this connection is configured to # accept. This can be set globally or on a per connection basis, and # defaults to a value of 10MB if not set. @@ -256,7 +291,8 @@ # As definited in draft 06 7.2.2, some failures require that the server # abort the websocket connection rather than close cleanly - def abort + def abort(reason) + debug [:abort, reason] close_connection end @@ -266,7 +302,7 @@ @handler.close_websocket(code, body) else # The handshake hasn't completed - should be safe to terminate - abort + abort(:handshake_incomplete) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/em-websocket/handshake04.rb new/lib/em-websocket/handshake04.rb --- old/lib/em-websocket/handshake04.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/lib/em-websocket/handshake04.rb 2020-09-24 00:06:41.000000000 +0200 @@ -17,12 +17,21 @@ upgrade << "Upgrade: websocket" upgrade << "Connection: Upgrade" upgrade << "Sec-WebSocket-Accept: #{signature}" + if protocol = headers['sec-websocket-protocol'] + validate_protocol!(protocol) + upgrade << "Sec-WebSocket-Protocol: #{protocol}" + end - # TODO: Support sec-websocket-protocol + # TODO: Support sec-websocket-protocol selection # TODO: sec-websocket-extensions return upgrade.join("\r\n") + "\r\n\r\n" end + + def self.validate_protocol!(protocol) + raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty? + # TODO: Validate characters + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/em-websocket/handshake75.rb new/lib/em-websocket/handshake75.rb --- old/lib/em-websocket/handshake75.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/lib/em-websocket/handshake75.rb 2020-09-24 00:06:41.000000000 +0200 @@ -9,10 +9,20 @@ upgrade << "Upgrade: WebSocket\r\n" upgrade << "Connection: Upgrade\r\n" upgrade << "WebSocket-Origin: #{headers['origin']}\r\n" - upgrade << "WebSocket-Location: #{location}\r\n\r\n" + upgrade << "WebSocket-Location: #{location}\r\n" + if protocol = headers['sec-websocket-protocol'] + validate_protocol!(protocol) + upgrade << "Sec-WebSocket-Protocol: #{protocol}\r\n" + end + upgrade << "\r\n" return upgrade end + + def self.validate_protocol!(protocol) + raise HandshakeError, "Invalid WebSocket-Protocol: empty" if protocol.empty? + # TODO: Validate characters + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/em-websocket/message_processor_06.rb new/lib/em-websocket/message_processor_06.rb --- old/lib/em-websocket/message_processor_06.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/lib/em-websocket/message_processor_06.rb 2020-09-24 00:06:41.000000000 +0200 @@ -37,8 +37,22 @@ @connection.close_connection_after_writing end when :ping - # Pong back the same data - send_frame(:pong, application_data) + # There are a couple of protections here against malicious/broken WebSocket abusing ping frames. + # + # 1. Delay 200ms before replying. This reduces the number of pings from WebSocket clients behaving as + # `for (;;) { send_ping(conn); rcv_pong(conn); }`. The spec says we "SHOULD respond with Pong frame as soon + # as is practical". + # 2. Reply at most every 200ms. This reduces the number of pong frames sent to WebSocket clients behaving as + # `for (;;) { send_ping(conn); }`. The spec says "If an endpoint receives a Ping frame and has not yet sent + # Pong frame(s) in response to previous Ping frame(s), the endpoint MAY elect to send a Pong frame for only + # the most recently processed Ping frame." + @most_recent_pong_application_data = application_data + if @pong_timer == nil then + @pong_timer = EventMachine.add_timer(0.2) do + @pong_timer = nil + send_frame(:pong, @most_recent_pong_application_data) + end + end @connection.trigger_on_ping(application_data) when :pong @connection.trigger_on_pong(application_data) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/em-websocket/version.rb new/lib/em-websocket/version.rb --- old/lib/em-websocket/version.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/lib/em-websocket/version.rb 2020-09-24 00:06:41.000000000 +0200 @@ -1,5 +1,5 @@ module EventMachine module Websocket - VERSION = "0.5.1" + VERSION = "0.5.2" end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2014-04-23 19:15:54.000000000 +0200 +++ new/metadata 2020-09-24 00:06:41.000000000 +0200 @@ -1,15 +1,15 @@ --- !ruby/object:Gem::Specification name: em-websocket version: !ruby/object:Gem::Version - version: 0.5.1 + version: 0.5.2 platform: ruby authors: - Ilya Grigorik - Martyn Loughran -autorequire: +autorequire: bindir: bin cert_chain: [] -date: 2014-04-23 00:00:00.000000000 Z +date: 2020-09-23 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: eventmachine @@ -50,6 +50,7 @@ - ".gitignore" - CHANGELOG.rdoc - Gemfile +- LICENCE - README.md - Rakefile - em-websocket.gemspec @@ -101,9 +102,10 @@ - spec/unit/handshake_spec.rb - spec/unit/masking_spec.rb homepage: http://github.com/igrigorik/em-websocket -licenses: [] +licenses: +- MIT metadata: {} -post_install_message: +post_install_message: rdoc_options: [] require_paths: - lib @@ -118,9 +120,8 @@ - !ruby/object:Gem::Version version: '0' requirements: [] -rubyforge_project: em-websocket -rubygems_version: 2.2.2 -signing_key: +rubygems_version: 3.0.3 +signing_key: specification_version: 4 summary: EventMachine based WebSocket server test_files: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration/common_spec.rb new/spec/integration/common_spec.rb --- old/spec/integration/common_spec.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/spec/integration/common_spec.rb 2020-09-24 00:06:41.000000000 +0200 @@ -108,4 +108,31 @@ end } end + + context "outbound limit set" do + it "should close the connection if the limit is reached" do + em { + start_server(:outbound_limit => 150) do |ws| + # Increase the message size by one on each loop + ws.onmessage{|msg| ws.send(msg + "x") } + ws.onclose{|status| + status[:code].should == 1006 # Unclean + status[:was_clean].should be false + } + end + + EM.add_timer(0.1) do + ws = EventMachine::WebSocketClient.connect('ws://127.0.0.1:12345/') + ws.callback { ws.send_msg "hello" } + ws.disconnect { done } # Server closed the connection + ws.stream { |msg| + # minus frame size ? (getting 146 max here) + msg.data.size.should <= 150 + # Return back the message + ws.send_msg(msg.data) + } + end + } + end + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration/draft06_spec.rb new/spec/integration/draft06_spec.rb --- old/spec/integration/draft06_spec.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/spec/integration/draft06_spec.rb 2020-09-24 00:06:41.000000000 +0200 @@ -26,6 +26,7 @@ "Upgrade" => "websocket", "Connection" => "Upgrade", "Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=", + "Sec-WebSocket-Protocol" => "sample", } } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration/draft13_spec.rb new/spec/integration/draft13_spec.rb --- old/spec/integration/draft13_spec.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/spec/integration/draft13_spec.rb 2020-09-24 00:06:41.000000000 +0200 @@ -28,6 +28,7 @@ "Upgrade" => "websocket", "Connection" => "Upgrade", "Sec-WebSocket-Accept" => "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=", + "Sec-WebSocket-Protocol" => "sample", } } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration/shared_examples.rb new/spec/integration/shared_examples.rb --- old/spec/integration/shared_examples.rb 2014-04-23 19:15:54.000000000 +0200 +++ new/spec/integration/shared_examples.rb 2020-09-24 00:06:41.000000000 +0200 @@ -29,6 +29,19 @@ } end + it "should expose the remote IP address" do + em { + start_server { |ws| + ws.onopen { + ws.remote_ip.should == "127.0.0.1" + done + } + } + + start_client + } + end + it "should send messages successfully" do em { start_server { |ws|