Hello community, here is the log from the commit of package ghc-http-client for openSUSE:Factory checked in at 2016-07-12 23:52:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ghc-http-client (Old) and /work/SRC/openSUSE:Factory/.ghc-http-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ghc-http-client" Changes: -------- --- /work/SRC/openSUSE:Factory/ghc-http-client/ghc-http-client.changes 2016-07-05 09:52:49.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ghc-http-client.new/ghc-http-client.changes 2016-07-12 23:52:50.000000000 +0200 @@ -1,0 +2,6 @@ +Sun Jul 10 15:42:37 UTC 2016 - [email protected] + +- update to 0.4.31 +* Added length validation for RequestBodyStream + +------------------------------------------------------------------- Old: ---- http-client-0.4.30.tar.gz New: ---- http-client-0.4.31.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghc-http-client.spec ++++++ --- /var/tmp/diff_new_pack.fd8BAZ/_old 2016-07-12 23:52:51.000000000 +0200 +++ /var/tmp/diff_new_pack.fd8BAZ/_new 2016-07-12 23:52:51.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package ghc-http-client # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %bcond_with tests Name: ghc-http-client -Version: 0.4.30 +Version: 0.4.31 Release: 0 Summary: HTTP client engine, intended as a base layer License: MIT ++++++ http-client-0.4.30.tar.gz -> http-client-0.4.31.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/http-client-0.4.30/ChangeLog.md new/http-client-0.4.31/ChangeLog.md --- old/http-client-0.4.30/ChangeLog.md 2016-06-30 11:33:51.000000000 +0200 +++ new/http-client-0.4.31/ChangeLog.md 2016-07-04 07:46:38.000000000 +0200 @@ -1,3 +1,7 @@ +## 0.4.31 + +* Added length validation for RequestBodyStream [#205](https://github.com/snoyberg/http-client/pull/205) + ## 0.4.30 * Initial implementation of [#193](https://github.com/snoyberg/http-client/issues/193) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/http-client-0.4.30/Network/HTTP/Client/Request.hs new/http-client-0.4.31/Network/HTTP/Client/Request.hs --- old/http-client-0.4.30/Network/HTTP/Client/Request.hs 2016-06-30 11:33:51.000000000 +0200 +++ new/http-client-0.4.31/Network/HTTP/Client/Request.hs 2016-07-04 07:46:38.000000000 +0200 @@ -3,6 +3,7 @@ {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE CPP #-} {-# LANGUAGE ScopedTypeVariables #-} +{-# LANGUAGE BangPatterns #-} {-# OPTIONS_GHC -fno-warn-orphans #-} @@ -32,7 +33,7 @@ ) where import Data.Int (Int64) -import Data.Maybe (fromMaybe, isJust) +import Data.Maybe (fromMaybe, isJust, isNothing) import Data.Monoid (mempty, mappend) import Data.String (IsString(..)) import Data.Char (toLower) @@ -405,7 +406,7 @@ toTriple (RequestBodyStream len stream) = do -- See https://github.com/snoyberg/http-client/issues/74 for usage -- of flush here. - let body = writeStream False stream + let body = writeStream (Just . fromIntegral $ len) stream -- Don't check for a bad send on the headers themselves. -- Ideally, we'd do the same thing for the other request body -- types, but it would also introduce a performance hit since @@ -413,28 +414,32 @@ now = flushHeaders (Just len) >> checkBadSend body return (Just len, now, body) toTriple (RequestBodyStreamChunked stream) = do - let body = writeStream True stream + let body = writeStream Nothing stream now = flushHeaders Nothing >> checkBadSend body return (Nothing, now, body) toTriple (RequestBodyIO mbody) = mbody >>= toTriple - writeStream isChunked withStream = - withStream loop + writeStream mlen withStream = + withStream (loop 0) where - loop stream = do + loop !n stream = do bs <- stream if S.null bs - then when isChunked $ connectionWrite "0\r\n\r\n" + then case mlen of + -- If stream is chunked, no length argument + Nothing -> connectionWrite "0\r\n\r\n" + -- Not chunked - validate length argument + Just len -> unless (len == n) $ throwIO $ WrongRequestBodyStreamSize (fromIntegral len) (fromIntegral n) else do connectionWrite $ - if isChunked + if (isNothing mlen) -- Chunked then S.concat [ S8.pack $ showHex (S.length bs) "\r\n" , bs , "\r\n" ] else bs - loop stream + loop (n + (S.length bs)) stream hh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/http-client-0.4.30/Network/HTTP/Client/Types.hs new/http-client-0.4.31/Network/HTTP/Client/Types.hs --- old/http-client-0.4.30/Network/HTTP/Client/Types.hs 2016-06-30 11:33:51.000000000 +0200 +++ new/http-client-0.4.31/Network/HTTP/Client/Types.hs 2016-07-04 07:46:38.000000000 +0200 @@ -119,6 +119,12 @@ | NoResponseDataReceived | TlsException SomeException | TlsNotSupported + | WrongRequestBodyStreamSize Word64 Word64 + -- ^ The request body provided did not match the expected size. + -- + -- Provides the expected and actual size. + -- + -- @since 0.4.31 | ResponseBodyTooShort Word64 Word64 -- ^ Expected size/actual size. -- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/http-client-0.4.30/http-client.cabal new/http-client-0.4.31/http-client.cabal --- old/http-client-0.4.30/http-client.cabal 2016-06-30 11:33:51.000000000 +0200 +++ new/http-client-0.4.31/http-client.cabal 2016-07-04 07:46:38.000000000 +0200 @@ -1,5 +1,5 @@ name: http-client -version: 0.4.30 +version: 0.4.31 synopsis: An HTTP client engine, intended as a base layer for more user-friendly packages. description: Hackage documentation generation is not reliable. For up to date documentation, please see: <http://www.stackage.org/package/http-client>. homepage: https://github.com/snoyberg/http-client
