August 2024 - openSUSE Commits - openSUSE Mailing Lists

commit forgejo for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2024-08-01 22:06:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "forgejo" Thu Aug 1 22:06:10 2024 rev:11 rq:1191022 version:7.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2024-07-25 11:49:28.102832981 +0200 +++ /work/SRC/openSUSE:Factory/.forgejo.new.7232/forgejo.changes 2024-08-01 22:07:01.662897661 +0200 @@ -1,0 +2,36 @@ +Thu Aug 1 10:50:53 UTC 2024 - Johannes Kastl <opensuse_buildservice(a)ojkastl.de> + +- update to 7.0.6: + * Two frontend features were removed because a license + incompatibility was discovered. Read more in the companion blog + post. + - PR (backported from): Mermaid rendering: %%{init: + {"flowchart": {"defaultRenderer": "elk"}} }%% will now fail + because ELK is no longer included. + - PR (backported from): Repository citation: Removed the + ability to export citations in APA format. + * User Interface bug fixes + - PR (backported from): Replace vue-bar-graph with chart.js + - PR (backported from): Show AGit label on merged PR + - PR (backported from): Fix mobile UI for organisation creation + * Bug fixes + - PR (backported from): fix(api): issue state change is not + idempotent + - PR (backported from): Reserve the devtest username + - PR (backported from): fix(actions): no edited event triggered + when a title is changed + - PR (backported from): Load attachments for + /issues/comments/{id} + - PR (backported from): When searching for users, page the + results by default, and respect the default paging limits + - PR (backported from): the "View command line instructions" + link in pull requests and the "Copy content" button in file + editor are not accessible + - PR (backported from): Use correct SHA in GetCommitPullRequest + * Localization + - PR (backported from): Update of translations from Weblate + - PR: Update of translations from Weblate + - PR (backported from): 3 translation updates from Weblate - PR + 1, PR 2, PR 3 + +------------------------------------------------------------------- Old: ---- forgejo-src-7.0.5.tar.gz forgejo-src-7.0.5.tar.gz.asc New: ---- forgejo-src-7.0.6.tar.gz forgejo-src-7.0.6.tar.gz.asc node_modules.sums ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.wp0z06/_old 2024-08-01 22:07:03.706982008 +0200 +++ /var/tmp/diff_new_pack.wp0z06/_new 2024-08-01 22:07:03.706982008 +0200 @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 7.0.5 +Version: 7.0.6 Release: 0 Summary: Self-hostable forge License: MIT @@ -42,13 +42,14 @@ Source3: package-lock.json Source4: node_modules.spec.inc %include %{_sourcedir}/node_modules.spec.inc -Source5: %{name}.service -Source6: %{name}.sysusers -Source7: apparmor-usr.bin.%{name} +Source5: node_modules.sums +Source6: %{name}.service +Source7: %{name}.sysusers Source8: %{name}.fc Source9: %{name}.if Source10: %{name}.sh Source11: %{name}.te +Source12: apparmor-usr.bin.%{name} Source99: get-sources.sh Patch0: custom-app.ini.patch BuildRequires: golang-packaging @@ -110,7 +111,7 @@ local-npm-registry %{_sourcedir} install --also=dev %build -%sysusers_generate_pre %{SOURCE6} %{name} %{name}.conf +%sysusers_generate_pre %{SOURCE7} %{name} %{name}.conf export EXTRA_GOFLAGS="-buildmode=pie -mod=vendor" export TAGS="bindata timetzdata sqlite sqlite_unlock_notify" %make_build build @@ -125,12 +126,12 @@ install -d %{buildroot}%{_localstatedir}/log/%{name} install -D -m 0644 %{_builddir}/%{name}-src-%{version}/custom/conf/app.example.ini %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini install -D -m 0755 %{_builddir}/%{name}-src-%{version}/gitea %{buildroot}%{_bindir}/%{name} -install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.service -install -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/%{name}.conf +install -D -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/%{name}.conf %if %{with apparmor} install -d %{buildroot}%{_sysconfdir}/apparmor.d -install -Dm0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name} +install -Dm0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name} %endif %if %{with selinux} ++++++ forgejo-src-7.0.5.tar.gz -> forgejo-src-7.0.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-7.0.5.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.7232/forgejo-src-7.0.6.tar.gz differ: char 19, line 1 ++++++ node_modules.sums ++++++ ++++ 1002 lines (skipped)

1 0

commit python-fanficfare for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-fanficfare for openSUSE:Factory checked in at 2024-08-01 22:06:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-fanficfare (Old) and /work/SRC/openSUSE:Factory/.python-fanficfare.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-fanficfare" Thu Aug 1 22:06:08 2024 rev:59 rq:1191025 version:4.37.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-fanficfare/python-fanficfare.changes 2024-07-09 20:04:47.154433283 +0200 +++ /work/SRC/openSUSE:Factory/.python-fanficfare.new.7232/python-fanficfare.changes 2024-08-01 22:06:59.846822724 +0200 @@ -1,0 +2,12 @@ +Thu Aug 1 16:51:04 UTC 2024 - Matej Cepl <mcepl(a)cepl.eu> + +- update to 4.37.0: + - Fix for paginated AO3 series, closes #1091 + - Allow scribblehub.com story URLs w/o title and search calibre w/o title + - Use titlepage_entry for titlepage_wide_entry unless explicitly set. + - adapter_storiesonlinenet: Fix for chapter select getting cover image link. + - adapter_storiesonlinenet: Remove ''s Page' to '.s Page' + - Full OTW settings for www.adastrafanfic.com in defaults.ini + - Update translations + +------------------------------------------------------------------- Old: ---- FanFicFare-4.36.0.tar.gz New: ---- FanFicFare-4.37.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-fanficfare.spec ++++++ --- /var/tmp/diff_new_pack.l49ubw/_old 2024-08-01 22:07:00.302841541 +0200 +++ /var/tmp/diff_new_pack.l49ubw/_new 2024-08-01 22:07:00.306841706 +0200 @@ -20,7 +20,7 @@ %define modnamedown fanficfare %define skip_python2 1 Name: python-fanficfare -Version: 4.36.0 +Version: 4.37.0 Release: 0 Summary: Tool for making eBooks from stories on fanfiction and other web sites License: GPL-3.0-only ++++++ FanFicFare-4.36.0.tar.gz -> FanFicFare-4.37.0.tar.gz ++++++ ++++ 3229 lines of diff (skipped)

1 0

commit yt-dlp for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yt-dlp for openSUSE:Factory checked in at 2024-08-01 22:06:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yt-dlp (Old) and /work/SRC/openSUSE:Factory/.yt-dlp.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yt-dlp" Thu Aug 1 22:06:08 2024 rev:44 rq:1191016 version:2024.08.01 Changes: -------- --- /work/SRC/openSUSE:Factory/yt-dlp/yt-dlp.changes 2024-07-25 16:05:13.177970867 +0200 +++ /work/SRC/openSUSE:Factory/.yt-dlp.new.7232/yt-dlp.changes 2024-08-01 22:06:57.630731280 +0200 @@ -1,0 +2,9 @@ +Thu Aug 1 15:48:06 UTC 2024 - Jan Engelhardt <jengelh(a)inai.de> + +- Update to release 2024.08.01 + * youtube: + * Change default player clients to ios,tv + * Fix n function name extraction for player 20dfca59 + * Fix age-verification workaround + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yt-dlp.spec ++++++ --- /var/tmp/diff_new_pack.SVy3pV/_old 2024-08-01 22:06:58.954785914 +0200 +++ /var/tmp/diff_new_pack.SVy3pV/_new 2024-08-01 22:06:58.958786080 +0200 @@ -21,7 +21,7 @@ %define skip_python37 1 %{?sle15_python_module_pythons} Name: yt-dlp -Version: 2024.07.25 +Version: 2024.08.01 Release: 0 Summary: Enhanced fork of youtube-dl, a video site downloader for offline watching License: CC-BY-SA-3.0 AND SUSE-Public-Domain ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.SVy3pV/_old 2024-08-01 22:06:58.986787236 +0200 +++ /var/tmp/diff_new_pack.SVy3pV/_new 2024-08-01 22:06:58.990787401 +0200 @@ -1,5 +1,5 @@ -mtime: 1721880561 -commit: 3c69f3bf8086a6ac6cd8fd12083d592c06d28ff3ad2ad5e2e1d3cc1995057e0a +mtime: 1722527433 +commit: e9e1c5b157a1853f7734104d802559b904d6a8bf689921644024215d3b7003fb url: https://src.opensuse.org/jengelh/yt-dlp revision: master ++++++ build.specials.obscpio ++++++ diff: old/*: No such file or directory diff: new/*: No such file or directory ++++++ yt-dlp.tar.gz ++++++ ++++ 2217 lines of diff (skipped)

1 0

commit trivy for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2024-08-01 22:06:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "trivy" Thu Aug 1 22:06:07 2024 rev:68 rq:1191012 version:0.54.1 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2024-07-25 16:03:35.614033929 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.7232/trivy.changes 2024-08-01 22:06:55.186630427 +0200 @@ -1,0 +2,70 @@ +Thu Aug 01 12:24:35 UTC 2024 - dmueller(a)suse.com + +- Update to version 0.54.1: + * release: v0.54.1 [release/v0.54] (#7282) + * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) + * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) + * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) + * release: v0.54.0 [main] (#7075) + * docs: update ecosystem page reporting with plopsec.com app (#7262) + * chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136) + * feat(vex): retrieve VEX attestations from OCI registries (#7249) + * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) + * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) + * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) + * fix(java): avoid panic if deps from `pom` in `it` dir are not found (#7245) + * chore: show VEX notice for OSS maintainers in CI environments (#7246) + * feat(vuln): add `--pkg-relationships` (#7237) + * docs: show VEX cli pages + update config file page for VEX flags (#7244) + * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) + * chore(deps): bump the common group across 1 directory with 17 updates (#7230) + * feat(vex): VEX Repository support (#7206) + * fix(secret): skip regular strings contain secret patterns (#7182) + * feat: share build-in rules (#7207) + * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) + * fix(cli): error on missing config file (#7154) + * fix(secret): update length of `hugging-face-access-token` (#7216) + * feat(sbom): add vulnerability support for SPDX formats (#7213) + * ci: use free runner for all tests except `build tests` (#7215) + * chore(deps): bump the docker group across 1 directory with 2 updates (#7208) + * fix(secret): trim excessively long lines (#7192) + * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) + * fix(server): pass license categories to options (#7203) + * feat(mariner): Add support for Azure Linux (#7186) + * docs: updates config file (#7188) + * refactor(fs): remove unused field for CompositeFS (#7195) + * fix(dotnet): don't include non-runtime libraries into report for `*.deps.json` files (#7039) + * chore(deps): bump goreleaser from `v2.0.0` to `v2.1.0` (#7162) + * fix: add missing platform and type to spec (#7149) + * chore(deps): bump the aws group with 6 updates (#7166) + * feat(misconf): enabled China configuration for ACRs (#7156) + * fix: close file when failed to open gzip (#7164) + * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) + * docs(misconf): add info about limitations for terraform plan json (#7143) + * chore: add VEX for Trivy images (#7140) + * chore(deps): bump the common group across 1 directory with 7 updates (#7125) + * chore: add VEX document and generator for Trivy (#7128) + * fix(misconf): do not evaluate TF when a load error occurs (#7109) + * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) + * refactor(secret): move warning about file size after `IsBinary` check (#7123) + * chore(deps): bump the docker group with 2 updates (#7116) + * feat: add openSUSE tumbleweed detection and scanning (#6965) + * test: add missing advisory details for integration tests database (#7122) + * fix: Add dependencyManagement exclusions to the child exclusions (#6969) + * chore(deps): bump the aws group with 4 updates (#7115) + * fix: ignore nodes when listing permission is not allowed (#7107) + * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) + * refactor(secret): add warning about large files (#7085) + * feat(nodejs): add license parser to pnpm analyser (#7036) + * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) + * feat: add `log.FilePath()` function for logger (#7080) + * chore: bump golangci-lint from v1.58 to v1.59 (#7077) + * chore(deps): bump the common group across 1 directory with 23 updates (#7066) + * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) + * refactor: pass DB dir to trivy-db (#7057) + * docs: navigate to the release highlights and summary (#7072) + * chore(deps): bump the github-actions group with 2 updates (#7067) +- drop add-opensuse-tumbleweed-db.patch, + add-opensuse-tumbleweed-support.patch: merged upstream + +------------------------------------------------------------------- Old: ---- add-opensuse-tumbleweed-db.patch add-opensuse-tumbleweed-support.patch trivy-0.53.0.tar.zst New: ---- trivy-0.54.1.tar.zst BETA DEBUG BEGIN: Old: * chore(deps): bump the github-actions group with 2 updates (#7067) - drop add-opensuse-tumbleweed-db.patch, add-opensuse-tumbleweed-support.patch: merged upstream Old:- drop add-opensuse-tumbleweed-db.patch, add-opensuse-tumbleweed-support.patch: merged upstream BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.vteEgw/_old 2024-08-01 22:06:57.310718075 +0200 +++ /var/tmp/diff_new_pack.vteEgw/_new 2024-08-01 22:06:57.314718239 +0200 @@ -17,7 +17,7 @@ Name: trivy -Version: 0.53.0 +Version: 0.54.1 Release: 0 Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 @@ -25,9 +25,6 @@ URL: https://github.com/aquasecurity/trivy Source: %{name}-%{version}.tar.zst Source1: vendor.tar.zst -# From https://github.com/aquasecurity/trivy-db/pull/411.patch -Patch1: add-opensuse-tumbleweed-db.patch -Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumblew… BuildRequires: golang(API) = 1.22 BuildRequires: golang-packaging BuildRequires: zstd @@ -47,10 +44,6 @@ %prep %setup -a1 -pushd vendor/github.com/aquasecurity/trivy-db -%patch -P 1 -p1 -popd -%patch -P 2 -p1 %build export CGO_ENABLED=1 ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.vteEgw/_old 2024-08-01 22:06:57.350719725 +0200 +++ /var/tmp/diff_new_pack.vteEgw/_new 2024-08-01 22:06:57.354719890 +0200 @@ -1,5 +1,5 @@ -mtime: 1721900438 -commit: c709c9b19354ffa52c7fe7938c785c7f7f230d2932bd0885306431f73d5399fe +mtime: 1722525389 +commit: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00 url: https://src.opensuse.org/dirkmueller/trivy.git -revision: c709c9b19354ffa52c7fe7938c785c7f7f230d2932bd0885306431f73d5399fe +revision: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.vteEgw/_old 2024-08-01 22:06:57.374720716 +0200 +++ /var/tmp/diff_new_pack.vteEgw/_new 2024-08-01 22:06:57.378720881 +0200 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="revision">v0.53.0</param> + <param name="revision">v0.54.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.vteEgw/_old 2024-08-01 22:06:57.398721706 +0200 +++ /var/tmp/diff_new_pack.vteEgw/_new 2024-08-01 22:06:57.402721871 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/aquasecurity/trivy</param> - <param name="changesrevision">c55b0e6cac49c5d30abe6c0d4ccbb56932a0a45d</param></service></servicedata> + <param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff: old/*: No such file or directory diff: new/*: No such file or directory ++++++ trivy-0.53.0.tar.zst -> trivy-0.54.1.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.53.0.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.7232/trivy-0.54.1.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/trivy/vendor.tar.zst /work/SRC/openSUSE:Factory/.trivy.new.7232/vendor.tar.zst differ: char 7, line 1

1 0

commit goverlay for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package goverlay for openSUSE:Factory checked in at 2024-08-01 22:06:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/goverlay (Old) and /work/SRC/openSUSE:Factory/.goverlay.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "goverlay" Thu Aug 1 22:06:06 2024 rev:17 rq:1190998 version:1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/goverlay/goverlay.changes 2024-06-11 18:30:28.167446293 +0200 +++ /work/SRC/openSUSE:Factory/.goverlay.new.7232/goverlay.changes 2024-08-01 22:06:51.426475270 +0200 @@ -1,0 +2,25 @@ +Tue Jul 30 03:36:20 UTC 2024 - pallas wept <pallaswept(a)proton.me> + +- Update to version 1.2: + New: + * Presets (formerly known as quick layouts) are back. + * Custom user presets can now be saved and restored (requested feature). + * Added negative offset option for FPS limits, very useful for VRR screens + (requested feature). + * New FPS AVG 1% and 0.1% options. + * New winesync option. + * New compact HUD option. + * New Vulkan Present mode option. + * Added Fahrenheit temperature unit option (requested feature). + * Option to disable shortcut combinations (requested feature). + * Icons for device battery. + + Fixes: + * Fixed missing arguments for device battery. + * GPU and CPU custom colors are working again. + * Time toggle was always checked, now fixed. + * Fixed invalid string used for engine_version.- + +- Use Qt6Pas for build + +------------------------------------------------------------------- Old: ---- goverlay-1.1.1.tar.gz New: ---- goverlay-1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ goverlay.spec ++++++ --- /var/tmp/diff_new_pack.hHrFb4/_old 2024-08-01 22:06:51.962497387 +0200 +++ /var/tmp/diff_new_pack.hHrFb4/_new 2024-08-01 22:06:51.966497553 +0200 @@ -17,7 +17,7 @@ Name: goverlay -Version: 1.1.1 +Version: 1.2 Release: 0 Summary: Graphical UI to help manage overlays License: GPL-3.0-or-later @@ -28,7 +28,7 @@ BuildRequires: appstream-glib BuildRequires: desktop-file-utils BuildRequires: lazarus -BuildRequires: libQt5Pas-devel +BuildRequires: libQt6Pas-devel BuildRequires: pkgconfig BuildRequires: update-desktop-files BuildRequires: pkgconfig(gtk+-3.0) ++++++ goverlay-1.1.1.tar.gz -> goverlay-1.2.tar.gz ++++++ ++++ 43930 lines of diff (skipped)

1 0

commit aws-c-auth for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-auth for openSUSE:Factory checked in at 2024-08-01 22:06:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-auth (Old) and /work/SRC/openSUSE:Factory/.aws-c-auth.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "aws-c-auth" Thu Aug 1 22:06:05 2024 rev:7 rq:1191008 version:0.7.23 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-auth/aws-c-auth.changes 2024-06-14 19:07:22.487039173 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-auth.new.7232/aws-c-auth.changes 2024-08-01 22:06:50.538438626 +0200 @@ -1,0 +2,10 @@ +Wed Jul 31 09:10:10 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com> + +- Update to version 0.7.23 + * Ecforce ECS Credentials Provider IP Rules by @waahm7 in (#238) + * clang-format 18 by @graebm in (#242) + * Update MacOS to arm64 by @waahm7 in (#243) + * Support "external_id" in config file, + for STS AssumeRole by @graebm in (#244) + +------------------------------------------------------------------- Old: ---- v0.7.22.tar.gz New: ---- v0.7.23.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-auth.spec ++++++ --- /var/tmp/diff_new_pack.IgR9PM/_old 2024-08-01 22:06:51.082461075 +0200 +++ /var/tmp/diff_new_pack.IgR9PM/_new 2024-08-01 22:06:51.086461240 +0200 @@ -20,7 +20,7 @@ %define library_pkg 1_0_0 %define library_soversion 1 Name: aws-c-auth -Version: 0.7.22 +Version: 0.7.23 Release: 0 Summary: AWS C99 library implementation of AWS client-side authentication License: Apache-2.0 ++++++ v0.7.22.tar.gz -> v0.7.23.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/.github/workflows/ci.yml new/aws-c-auth-0.7.23/.github/workflows/ci.yml --- old/aws-c-auth-0.7.22/.github/workflows/ci.yml 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/.github/workflows/ci.yml 2024-07-30 22:21:36.000000000 +0200 @@ -6,7 +6,7 @@ - 'main' env: - BUILDER_VERSION: v0.9.55 + BUILDER_VERSION: v0.9.62 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-auth @@ -20,6 +20,7 @@ linux-compat: runs-on: ubuntu-20.04 # latest strategy: + fail-fast: false matrix: image: - manylinux1-x64 @@ -40,6 +41,7 @@ linux-compiler-compat: runs-on: ubuntu-20.04 # latest strategy: + fail-fast: false matrix: compiler: - clang-3 @@ -80,6 +82,7 @@ windows-vc14: runs-on: windows-2019 # windows-2019 is last env with Visual Studio 2015 (v14.0) strategy: + fail-fast: false matrix: arch: [x86, x64] steps: @@ -107,8 +110,17 @@ run: | python .\aws-c-auth\build\deps\aws-c-common\scripts\appverifier_ctest.py --build_directory .\aws-c-auth\build\aws-c-auth - osx: - runs-on: macos-12 # latest + macos: + runs-on: macos-14 # latest + steps: + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} + + macos-x64: + runs-on: macos-14-large # latest steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/.github/workflows/clang-format.yml new/aws-c-auth-0.7.23/.github/workflows/clang-format.yml --- old/aws-c-auth-0.7.22/.github/workflows/clang-format.yml 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/.github/workflows/clang-format.yml 2024-07-30 22:21:36.000000000 +0200 @@ -5,14 +5,12 @@ jobs: clang-format: - runs-on: ubuntu-20.04 # latest + runs-on: ubuntu-24.04 # latest steps: - name: Checkout Sources - uses: actions/checkout@v1 + uses: actions/checkout@v4 - name: clang-format lint - uses: DoozyX/clang-format-lint-action(a)v0.3.1 - with: - # List of extensions to check - extensions: c,h + run: | + ./format-check.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/format-check.py new/aws-c-auth-0.7.23/format-check.py --- old/aws-c-auth-0.7.22/format-check.py 1970-01-01 01:00:00.000000000 +0100 +++ new/aws-c-auth-0.7.23/format-check.py 2024-07-30 22:21:36.000000000 +0200 @@ -0,0 +1,47 @@ +#!/usr/bin/env python3 +import argparse +import os +from pathlib import Path +import re +from subprocess import list2cmdline, run +from tempfile import NamedTemporaryFile + +CLANG_FORMAT_VERSION = '18.1.6' + +INCLUDE_REGEX = re.compile( + r'^(include|source|tests|verification)/.*\.(c|h|inl)$') +EXCLUDE_REGEX = re.compile(r'^$') + +arg_parser = argparse.ArgumentParser(description="Check with clang-format") +arg_parser.add_argument('-i', '--inplace-edit', action='store_true', + help="Edit files inplace") +args = arg_parser.parse_args() + +os.chdir(Path(__file__).parent) + +# create file containing list of all files to format +filepaths_file = NamedTemporaryFile(delete=False) +for dirpath, dirnames, filenames in os.walk('.'): + for filename in filenames: + # our regexes expect filepath to use forward slash + filepath = Path(dirpath, filename).as_posix() + if not INCLUDE_REGEX.match(filepath): + continue + if EXCLUDE_REGEX.match(filepath): + continue + + filepaths_file.write(f"{filepath}\n".encode()) +filepaths_file.close() + +# use pipx to run clang-format from PyPI +# this is a simple way to run the same clang-format version regardless of OS +cmd = ['pipx', 'run', f'clang-format=={CLANG_FORMAT_VERSION}', + f'--files={filepaths_file.name}'] +if args.inplace_edit: + cmd += ['-i'] +else: + cmd += ['--Werror', '--dry-run'] + +print(f"{Path.cwd()}$ {list2cmdline(cmd)}") +if run(cmd).returncode: + exit(1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/format-check.sh new/aws-c-auth-0.7.23/format-check.sh --- old/aws-c-auth-0.7.22/format-check.sh 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/format-check.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ -#!/bin/bash - -if [[ -z $CLANG_FORMAT ]] ; then - CLANG_FORMAT=clang-format -fi - -if NOT type $CLANG_FORMAT 2> /dev/null ; then - echo "No appropriate clang-format found." - exit 1 -fi - -FAIL=0 -SOURCE_FILES=`find source include tests -type f $ -name '*.h' -o -name '*.c' $` -for i in $SOURCE_FILES -do - $CLANG_FORMAT -output-replacements-xml $i | grep -c "<replacement " > /dev/null - if [ $? -ne 1 ] - then - echo "$i failed clang-format check." - FAIL=1 - fi -done - -exit $FAIL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/include/aws/auth/auth.h new/aws-c-auth-0.7.23/include/aws/auth/auth.h --- old/aws-c-auth-0.7.22/include/aws/auth/auth.h 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/include/aws/auth/auth.h 2024-07-30 22:21:36.000000000 +0200 @@ -52,6 +52,7 @@ AWS_AUTH_IMDS_CLIENT_SOURCE_FAILURE, AWS_AUTH_PROFILE_STS_CREDENTIALS_PROVIDER_CYCLE_FAILURE, AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_TOKEN_FILE_PATH, + AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST, AWS_AUTH_ERROR_END_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_AUTH_PACKAGE_ID) }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/include/aws/auth/credentials.h new/aws-c-auth-0.7.23/include/aws/auth/credentials.h --- old/aws-c-auth-0.7.22/include/aws/auth/credentials.h 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/include/aws/auth/credentials.h 2024-07-30 22:21:36.000000000 +0200 @@ -232,6 +232,11 @@ * AWS_CONTAINER_CREDENTIALS_RELATIVE_URI * AWS_CONTAINER_CREDENTIALS_FULL_URI * + *`AWS_CONTAINER_CREDENTIALS_FULL_URI` URL must satisfy one of the following: + * 1. The URL begins with `https`. + * 2. The resolved IP address is within the loopback CIDR (IPv4 127.0.0.0/8, IPv6 ::1/128), ECS container address + * (169.254.170.2), or EKS Pod Identity address (169.254.170.23 or fd00:ec2::23). + * * For the Authorization token, there are two ways (in order of priority): * 1. AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE (an env var which contains the absolute path to the token file. The file * will be re-read for each call to get credentials.) @@ -261,6 +266,11 @@ * Configuration options for the provider that sources credentials from ECS container metadata. * This options struct doesn't read anything from the environment and requires everything to be explicitly passed in. If * you need to read properties from the environment, use the `aws_credentials_provider_ecs_environment_options`. + * + *`host` must satisfy one of the following: + * 1. tls_context is set + * 2. The resolved IP address is within the loopback CIDR (IPv4 127.0.0.0/8, IPv6 ::1/128), ECS container address + * (169.254.170.2), or EKS Pod Identity address (169.254.170.23 or fd00:ec2::23). */ struct aws_credentials_provider_ecs_options { struct aws_credentials_provider_shutdown_options shutdown_options; @@ -500,6 +510,11 @@ struct aws_byte_cursor session_name; /* + * (Optional) Unique identifier for assuming a role in another account + */ + struct aws_byte_cursor external_id; + + /* * How long sourced credentials should remain valid for, in seconds. 900 is the minimum allowed value. */ uint16_t duration_seconds; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/include/aws/auth/private/credentials_utils.h new/aws-c-auth-0.7.23/include/aws/auth/private/credentials_utils.h --- old/aws-c-auth-0.7.22/include/aws/auth/private/credentials_utils.h 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/include/aws/auth/private/credentials_utils.h 2024-07-30 22:21:36.000000000 +0200 @@ -30,9 +30,9 @@ void *user_data; }; -typedef struct aws_http_connection_manager *(aws_http_connection_manager_new_fn)( - struct aws_allocator *allocator, - const struct aws_http_connection_manager_options *options); +typedef struct aws_http_connection_manager *( + aws_http_connection_manager_new_fn)(struct aws_allocator *allocator, + const struct aws_http_connection_manager_options *options); typedef void(aws_http_connection_manager_release_fn)(struct aws_http_connection_manager *manager); typedef void(aws_http_connection_manager_acquire_connection_fn)( struct aws_http_connection_manager *manager, @@ -41,9 +41,9 @@ typedef int(aws_http_connection_manager_release_connection_fn)( struct aws_http_connection_manager *manager, struct aws_http_connection *connection); -typedef struct aws_http_stream *(aws_http_connection_make_request_fn)( - struct aws_http_connection *client_connection, - const struct aws_http_make_request_options *options); +typedef struct aws_http_stream *( + aws_http_connection_make_request_fn)(struct aws_http_connection *client_connection, + const struct aws_http_make_request_options *options); typedef int(aws_http_stream_activate_fn)(struct aws_http_stream *stream); typedef struct aws_http_connection *(aws_http_stream_get_connection_fn)(const struct aws_http_stream *stream); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/source/auth.c new/aws-c-auth-0.7.23/source/auth.c --- old/aws-c-auth-0.7.22/source/auth.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/source/auth.c 2024-07-30 22:21:36.000000000 +0200 @@ -112,6 +112,9 @@ AWS_DEFINE_ERROR_INFO_AUTH( AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_TOKEN_FILE_PATH, "Failed to read the ECS token file specified in the AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable."), + AWS_DEFINE_ERROR_INFO_AUTH( + AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST, + "Failed to establish connection. The specified host is not allowed. It must be a loopback address, ECS/EKS container host, or use HTTPS."), }; /* clang-format on */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/source/credentials_provider_ecs.c new/aws-c-auth-0.7.23/source/credentials_provider_ecs.c --- old/aws-c-auth-0.7.22/source/credentials_provider_ecs.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/source/credentials_provider_ecs.c 2024-07-30 22:21:36.000000000 +0200 @@ -10,11 +10,14 @@ #include <aws/common/clock.h> #include <aws/common/date_time.h> #include <aws/common/environment.h> +#include <aws/common/host_utils.h> #include <aws/common/string.h> #include <aws/http/connection.h> #include <aws/http/connection_manager.h> #include <aws/http/request_response.h> #include <aws/http/status_code.h> +#include <aws/io/channel_bootstrap.h> +#include <aws/io/host_resolver.h> #include <aws/io/logging.h> #include <aws/io/socket.h> #include <aws/io/tls_channel_handler.h> @@ -45,6 +48,8 @@ struct aws_string *path_and_query; struct aws_string *auth_token_file_path; struct aws_string *auth_token; + struct aws_client_bootstrap *bootstrap; + bool is_https; }; /* @@ -459,6 +464,89 @@ s_ecs_query_task_role_credentials(ecs_user_data); } +/* + * The resolved IP address must satisfy one of the following: + * 1. within the loopback CIDR (IPv4 127.0.0.0/8, IPv6 ::1/128) + * 2. corresponds to the ECS container host 169.254.170.2 + * 3. corresponds to the EKS container host IPs (IPv4 169.254.170.23, IPv6 fd00:ec2::23) + */ +static bool s_is_valid_remote_host_ip(const struct aws_host_address *host_address) { + bool result = false; + struct aws_byte_cursor address = aws_byte_cursor_from_string(host_address->address); + if (host_address->record_type == AWS_ADDRESS_RECORD_TYPE_A) { + const struct aws_byte_cursor ipv4_loopback_address_prefix = aws_byte_cursor_from_c_str("127."); + const struct aws_byte_cursor ecs_container_host_address = aws_byte_cursor_from_c_str("169.254.170.2"); + const struct aws_byte_cursor eks_container_host_address = aws_byte_cursor_from_c_str("169.254.170.23"); + + result |= aws_byte_cursor_starts_with(&address, &ipv4_loopback_address_prefix); + result |= aws_byte_cursor_eq(&address, &ecs_container_host_address); + result |= aws_byte_cursor_eq(&address, &eks_container_host_address); + + } else if (host_address->record_type == AWS_ADDRESS_RECORD_TYPE_AAAA) { + /* Check for both the short form and long form of an IPv6 address to be safe. */ + const struct aws_byte_cursor ipv6_loopback_address = aws_byte_cursor_from_c_str("::1"); + const struct aws_byte_cursor ipv6_loopback_address_verbose = aws_byte_cursor_from_c_str("0:0:0:0:0:0:0:1"); + const struct aws_byte_cursor eks_container_host_ipv6_address = aws_byte_cursor_from_c_str("fd00:ec2::23"); + const struct aws_byte_cursor eks_container_host_ipv6_address_verbose = + aws_byte_cursor_from_c_str("fd00:ec2:0:0:0:0:0:23"); + + result |= aws_byte_cursor_eq(&address, &ipv6_loopback_address); + result |= aws_byte_cursor_eq(&address, &ipv6_loopback_address_verbose); + result |= aws_byte_cursor_eq(&address, &eks_container_host_ipv6_address); + result |= aws_byte_cursor_eq(&address, &eks_container_host_ipv6_address_verbose); + } + + return result; +} + +static void s_on_host_resolved( + struct aws_host_resolver *resolver, + const struct aws_string *host_name, + int error_code, + const struct aws_array_list *host_addresses, + void *user_data) { + (void)resolver; + (void)host_name; + + struct aws_credentials_provider_ecs_user_data *ecs_user_data = user_data; + if (error_code) { + AWS_LOGF_WARN( + AWS_LS_AUTH_CREDENTIALS_PROVIDER, + "id=%p: ECS provider failed to resolve host, error code %d(%s)", + (void *)ecs_user_data->ecs_provider, + error_code, + aws_error_str(error_code)); + ecs_user_data->error_code = error_code; + s_ecs_finalize_get_credentials_query(ecs_user_data); + return; + } + size_t host_addresses_len = aws_array_list_length(host_addresses); + if (!host_addresses_len) { + goto on_error; + } + for (size_t i = 0; i < host_addresses_len; ++i) { + struct aws_host_address *host_address_ptr = NULL; + aws_array_list_get_at_ptr(host_addresses, (void **)&host_address_ptr, i); + if (!s_is_valid_remote_host_ip(host_address_ptr)) { + goto on_error; + } + } + struct aws_credentials_provider_ecs_impl *impl = ecs_user_data->ecs_provider->impl; + impl->function_table->aws_http_connection_manager_acquire_connection( + impl->connection_manager, s_ecs_on_acquire_connection, ecs_user_data); + + return; +on_error: + AWS_LOGF_ERROR( + AWS_LS_AUTH_CREDENTIALS_PROVIDER, + "id=%p: ECS provider failed to resolve address to an allowed ip address with error %d(%s)", + (void *)ecs_user_data->ecs_provider, + AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST, + aws_error_str(AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST)); + ecs_user_data->error_code = AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST; + s_ecs_finalize_get_credentials_query(ecs_user_data); +} + static int s_credentials_provider_ecs_get_credentials_async( struct aws_credentials_provider *provider, aws_on_get_credentials_callback_fn callback, @@ -474,10 +562,19 @@ if (wrapped_user_data == NULL) { goto error; } - - impl->function_table->aws_http_connection_manager_acquire_connection( - impl->connection_manager, s_ecs_on_acquire_connection, wrapped_user_data); - + /* No need to verify the host IP address if the connection is using HTTPS or the ECS container host (relative URI) + */ + if (impl->is_https || aws_string_eq(impl->host, s_ecs_host)) { + impl->function_table->aws_http_connection_manager_acquire_connection( + impl->connection_manager, s_ecs_on_acquire_connection, wrapped_user_data); + } else if (aws_host_resolver_resolve_host( + impl->bootstrap->host_resolver, + impl->host, + s_on_host_resolved, + &impl->bootstrap->host_resolver_config, + wrapped_user_data)) { + goto error; + } return AWS_OP_SUCCESS; error: @@ -497,6 +594,7 @@ aws_string_destroy(impl->auth_token); aws_string_destroy(impl->auth_token_file_path); aws_string_destroy(impl->host); + aws_client_bootstrap_release(impl->bootstrap); /* aws_http_connection_manager_release will eventually leads to call of s_on_connection_manager_shutdown, * which will do memory release for provider and impl. So We should be freeing impl @@ -554,7 +652,7 @@ AWS_ZERO_STRUCT(*impl); aws_credentials_provider_init_base(provider, allocator, &s_aws_credentials_provider_ecs_vtable, impl); - + impl->bootstrap = aws_client_bootstrap_acquire(options->bootstrap); struct aws_tls_connection_options tls_connection_options; AWS_ZERO_STRUCT(tls_connection_options); if (options->tls_ctx) { @@ -568,6 +666,7 @@ aws_error_debug_str(aws_last_error())); goto on_error; } + impl->is_https = true; } struct aws_socket_options socket_options; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/source/credentials_provider_profile.c new/aws-c-auth-0.7.23/source/credentials_provider_profile.c --- old/aws-c-auth-0.7.22/source/credentials_provider_profile.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/source/credentials_provider_profile.c 2024-07-30 22:21:36.000000000 +0200 @@ -23,6 +23,7 @@ AWS_STRING_FROM_LITERAL(s_role_arn_name, "role_arn"); AWS_STRING_FROM_LITERAL(s_role_session_name_name, "role_session_name"); +AWS_STRING_FROM_LITERAL(s_external_id_name, "external_id"); AWS_STRING_FROM_LITERAL(s_credential_source_name, "credential_source"); AWS_STRING_FROM_LITERAL(s_source_profile_name, "source_profile"); AWS_STRING_FROM_LITERAL(s_access_key_id_profile_var, "aws_access_key_id"); @@ -235,6 +236,7 @@ struct aws_hash_table *source_profiles_table) { struct aws_credentials_provider *provider = NULL; + /* role_arn */ AWS_LOGF_INFO( AWS_LS_AUTH_CREDENTIALS_PROVIDER, "static: profile %s has role_arn property is set to %s, attempting to " @@ -247,6 +249,7 @@ const struct aws_profile_property *credential_source_property = aws_profile_get_property(profile, s_credential_source_name); + /* role_session_name */ const struct aws_profile_property *role_session_name = aws_profile_get_property(profile, s_role_session_name_name); char session_name_array[MAX_SESSION_NAME_LEN + 1]; AWS_ZERO_ARRAY(session_name_array); @@ -274,6 +277,13 @@ AWS_LOGF_DEBUG(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "static: computed session_name as %s", session_name_array); + /* external_id */ + struct aws_byte_cursor external_id = {0}; + const struct aws_profile_property *external_id_property = aws_profile_get_property(profile, s_external_id_name); + if (external_id_property) { + external_id = aws_byte_cursor_from_string(aws_profile_property_get_value(external_id_property)); + } + /* Automatically create a TLS context if necessary. We'd prefer that users pass one in, but can't force * them to because aws_credentials_provider_profile_options didn't always have a tls_ctx member. */ struct aws_tls_ctx *tls_ctx = NULL; @@ -301,6 +311,7 @@ .bootstrap = options->bootstrap, .tls_ctx = tls_ctx, .role_arn = aws_byte_cursor_from_string(aws_profile_property_get_value(role_arn_property)), + .external_id = external_id, .session_name = aws_byte_cursor_from_c_str(session_name_array), .profile_name_override = options->profile_name_override, .config_file_name_override = options->config_file_name_override, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/source/credentials_provider_sts.c new/aws-c-auth-0.7.23/source/credentials_provider_sts.c --- old/aws-c-auth-0.7.22/source/credentials_provider_sts.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/source/credentials_provider_sts.c 2024-07-30 22:21:36.000000000 +0200 @@ -57,6 +57,7 @@ struct aws_http_connection_manager *connection_manager; struct aws_string *assume_role_profile; struct aws_string *role_session_name; + struct aws_string *external_id; struct aws_string *endpoint; struct aws_string *region; uint16_t duration_seconds; @@ -157,6 +158,18 @@ return AWS_OP_ERR; } + if (provider_impl->external_id != NULL) { + working_cur = aws_byte_cursor_from_c_str("&ExternalId="); + if (aws_byte_buf_append_dynamic(body, &working_cur)) { + return AWS_OP_ERR; + } + + struct aws_byte_cursor external_id_cur = aws_byte_cursor_from_string(provider_impl->external_id); + if (aws_byte_buf_append_encoding_uri_param(body, &external_id_cur)) { + return AWS_OP_ERR; + } + } + working_cur = aws_byte_cursor_from_c_str("&DurationSeconds="); if (aws_byte_buf_append_dynamic(body, &working_cur)) { return AWS_OP_ERR; @@ -652,6 +665,7 @@ aws_string_destroy(impl->role_session_name); aws_string_destroy(impl->assume_role_profile); + aws_string_destroy(impl->external_id); aws_string_destroy(impl->endpoint); aws_string_destroy(impl->region); aws_mem_release(provider->allocator, provider); @@ -739,6 +753,18 @@ return NULL; } + if (options->role_arn.len == 0) { + AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "role_arn is necessary for querying STS"); + aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); + return NULL; + } + + if (options->session_name.len == 0) { + AWS_LOGF_ERROR(AWS_LS_AUTH_CREDENTIALS_PROVIDER, "role_session_name is necessary for querying STS"); + aws_raise_error(AWS_ERROR_INVALID_ARGUMENT); + return NULL; + } + struct aws_credentials_provider *provider = NULL; struct aws_credentials_provider_sts_impl *impl = NULL; int result = AWS_OP_ERR; @@ -780,29 +806,28 @@ impl->role_session_name = aws_string_new_from_array(allocator, options->session_name.ptr, options->session_name.len); - - if (!impl->role_session_name) { - goto on_done; - } - AWS_LOGF_DEBUG( AWS_LS_AUTH_CREDENTIALS_PROVIDER, - "(id=%p): using session_name %s", + "(id=%p): using role_session_name '%s'", (void *)provider, aws_string_c_str(impl->role_session_name)); impl->assume_role_profile = aws_string_new_from_array(allocator, options->role_arn.ptr, options->role_arn.len); - - if (!impl->assume_role_profile) { - goto on_done; - } - AWS_LOGF_DEBUG( AWS_LS_AUTH_CREDENTIALS_PROVIDER, - "(id=%p): using assume_role_arn %s", + "(id=%p): using role_arn '%s'", (void *)provider, aws_string_c_str(impl->assume_role_profile)); + if (options->external_id.len > 0) { + impl->external_id = aws_string_new_from_cursor(allocator, &options->external_id); + AWS_LOGF_DEBUG( + AWS_LS_AUTH_CREDENTIALS_PROVIDER, + "(id=%p): using external_id '%s'", + (void *)provider, + aws_string_c_str(impl->external_id)); + } + impl->duration_seconds = options->duration_seconds; if (options->system_clock_fn != NULL) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/tests/CMakeLists.txt new/aws-c-auth-0.7.23/tests/CMakeLists.txt --- old/aws-c-auth-0.7.22/tests/CMakeLists.txt 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/tests/CMakeLists.txt 2024-07-30 22:21:36.000000000 +0200 @@ -45,16 +45,17 @@ add_test_case(credentials_provider_imds_real_success) endif() -add_test_case(credentials_provider_ecs_new_destroy) -add_test_case(credentials_provider_ecs_connect_failure) -add_test_case(credentials_provider_ecs_request_failure) -add_test_case(credentials_provider_ecs_bad_document_failure) -add_test_case(credentials_provider_ecs_basic_success) -add_test_case(credentials_provider_ecs_basic_success_token_file) +add_net_test_case(credentials_provider_ecs_new_destroy) +add_net_test_case(credentials_provider_ecs_connect_failure) +add_net_test_case(credentials_provider_ecs_request_failure) +add_net_test_case(credentials_provider_ecs_bad_document_failure) +add_net_test_case(credentials_provider_ecs_bad_host_failure) +add_net_test_case(credentials_provider_ecs_basic_success) +add_net_test_case(credentials_provider_ecs_basic_success_token_file) add_net_test_case(credentials_provider_ecs_basic_success_uri_env) -add_test_case(credentials_provider_ecs_no_auth_token_success) -add_test_case(credentials_provider_ecs_success_multi_part_doc) -add_test_case(credentials_provider_ecs_real_new_destroy) +add_net_test_case(credentials_provider_ecs_no_auth_token_success) +add_net_test_case(credentials_provider_ecs_success_multi_part_doc) +add_net_test_case(credentials_provider_ecs_real_new_destroy) if(AWS_BUILDING_ON_ECS) add_test_case(credentials_provider_ecs_real_success) @@ -84,6 +85,7 @@ add_net_test_case(credentials_provider_sts_web_identity_real_new_destroy) add_net_test_case(credentials_provider_sts_direct_config_succeeds) +add_net_test_case(credentials_provider_sts_direct_config_with_external_id_succeeds) add_net_test_case(credentials_provider_sts_direct_config_with_region_succeeds) add_net_test_case(credentials_provider_sts_direct_config_with_default_region_succeeds) add_net_test_case(credentials_provider_sts_direct_config_with_region_from_config_succeeds) @@ -92,6 +94,7 @@ add_net_test_case(credentials_provider_sts_direct_config_connection_failed) add_net_test_case(credentials_provider_sts_direct_config_service_fails) add_net_test_case(credentials_provider_sts_from_profile_config_succeeds) +add_net_test_case(credentials_provider_sts_from_profile_config_with_external_id) add_net_test_case(credentials_provider_sts_from_profile_config_with_chain) add_net_test_case(credentials_provider_sts_from_profile_config_with_ecs_credentials_source) add_net_test_case(credentials_provider_sts_from_profile_config_with_chain_and_profile_creds) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/tests/credentials_provider_ecs_tests.c new/aws-c-auth-0.7.23/tests/credentials_provider_ecs_tests.c --- old/aws-c-auth-0.7.22/tests/credentials_provider_ecs_tests.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/tests/credentials_provider_ecs_tests.c 2024-07-30 22:21:36.000000000 +0200 @@ -54,6 +54,7 @@ struct aws_event_loop_group *el_group; struct aws_host_resolver *host_resolver; struct aws_client_bootstrap *bootstrap; + struct aws_tls_ctx *tls_ctx; }; static struct aws_mock_ecs_tester s_tester; @@ -259,6 +260,13 @@ }; s_tester.bootstrap = aws_client_bootstrap_new(allocator, &bootstrap_options); + struct aws_tls_ctx_options tls_options; + aws_tls_ctx_options_init_default_client(&tls_options, allocator); + struct aws_tls_ctx *tls_ctx = aws_tls_client_ctx_new(allocator, &tls_options); + ASSERT_NOT_NULL(tls_ctx); + s_tester.tls_ctx = tls_ctx; + aws_tls_ctx_options_clean_up(&tls_options); + /* ensure pre-existing environment doesn't interfere with tests */ aws_unset_environment_value(s_ecs_creds_env_relative_uri); aws_unset_environment_value(s_ecs_creds_env_full_uri); @@ -279,6 +287,7 @@ aws_client_bootstrap_release(s_tester.bootstrap); aws_host_resolver_release(s_tester.host_resolver); aws_event_loop_group_release(s_tester.el_group); + aws_tls_ctx_release(s_tester.tls_ctx); AWS_ZERO_STRUCT(s_tester); } @@ -362,6 +371,7 @@ .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), + .tls_ctx = s_tester.tls_ctx, }; struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); @@ -373,7 +383,7 @@ aws_mutex_lock(&s_tester.lock); ASSERT_TRUE(s_tester.has_received_credentials_callback == true); ASSERT_TRUE(s_tester.credentials == NULL); - ASSERT_UINT_EQUALS(80, s_tester.selected_port); + ASSERT_UINT_EQUALS(443, s_tester.selected_port); aws_mutex_unlock(&s_tester.lock); aws_credentials_provider_release(provider); @@ -407,6 +417,7 @@ .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), + .tls_ctx = s_tester.tls_ctx, }; struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); @@ -419,7 +430,7 @@ ASSERT_STR_EQUALS("/path/to/resource/?a=b&c=d", aws_string_c_str(s_tester.request_path_and_query)); ASSERT_TRUE(s_tester.has_received_credentials_callback == true); ASSERT_TRUE(s_tester.credentials == NULL); - ASSERT_UINT_EQUALS(80, s_tester.selected_port); + ASSERT_UINT_EQUALS(443, s_tester.selected_port); aws_mutex_unlock(&s_tester.lock); aws_credentials_provider_release(provider); @@ -457,7 +468,7 @@ .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), - .port = 555, + .tls_ctx = s_tester.tls_ctx, }; struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); @@ -471,7 +482,7 @@ ASSERT_TRUE(s_tester.has_received_credentials_callback == true); ASSERT_TRUE(s_tester.credentials == NULL); - ASSERT_UINT_EQUALS(555, s_tester.selected_port); + ASSERT_UINT_EQUALS(443, s_tester.selected_port); aws_mutex_unlock(&s_tester.lock); aws_credentials_provider_release(provider); @@ -488,6 +499,49 @@ AWS_TEST_CASE(credentials_provider_ecs_bad_document_failure, s_credentials_provider_ecs_bad_document_failure); +static int s_credentials_provider_ecs_bad_host_failure(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + s_aws_ecs_tester_init(allocator); + + struct aws_credentials_provider_ecs_options options = { + .bootstrap = s_tester.bootstrap, + .function_table = &s_mock_function_table, + .shutdown_options = + { + .shutdown_callback = s_on_shutdown_complete, + .shutdown_user_data = NULL, + }, + .host = aws_byte_cursor_from_c_str("www.google.com"), + .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), + .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), + }; + + struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); + + aws_credentials_provider_get_credentials(provider, s_get_credentials_callback, NULL); + + s_aws_wait_for_credentials_result(); + + aws_mutex_lock(&s_tester.lock); + ASSERT_NULL(s_tester.credentials); + ASSERT_INT_EQUALS(AWS_AUTH_CREDENTIALS_PROVIDER_ECS_INVALID_HOST, s_tester.error_code); + aws_mutex_unlock(&s_tester.lock); + + aws_credentials_provider_release(provider); + + s_aws_wait_for_provider_shutdown_callback(); + + /* Because we mock the http connection manager, we never get a callback back from it */ + aws_mem_release(provider->allocator, provider); + + s_aws_ecs_tester_cleanup(); + + return 0; +} + +AWS_TEST_CASE(credentials_provider_ecs_bad_host_failure, s_credentials_provider_ecs_bad_host_failure); + AWS_STATIC_STRING_FROM_LITERAL( s_good_response, "{\"AccessKeyId\":\"SuccessfulAccessKey\", \n \"SecretAccessKey\":\"SuccessfulSecret\", \n " @@ -655,12 +709,13 @@ .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), + .tls_ctx = s_tester.tls_ctx, }; ASSERT_SUCCESS(s_do_ecs_success_test( allocator, &options, - "http://www.xxx123321testmocknonexsitingawsservice.com:80/path/to/resource/?…" /*expected_uri*/, + "https://www.xxx123321testmocknonexsitingawsservice.com:443/path/to/resource…" /*expected_uri*/, "test-token-1234-abcd" /*expected_token*/)); s_aws_ecs_tester_cleanup(); @@ -697,6 +752,7 @@ .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_string(auth_token), .auth_token_file_path = aws_byte_cursor_from_string(token_file_path), + .tls_ctx = s_tester.tls_ctx, }; struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); @@ -707,7 +763,7 @@ aws_mutex_lock(&s_tester.lock); ASSERT_SUCCESS(s_check_ecs_tester_request_uri_and_authorization( - "http://www.xxx123321testmocknonexsitingawsservice.com:80/path/to/resource/?…", + "https://www.xxx123321testmocknonexsitingawsservice.com:443/path/to/resource…", aws_string_c_str(auth_token))); aws_string_destroy(s_tester.request_path_and_query); @@ -726,7 +782,7 @@ aws_mutex_lock(&s_tester.lock); ASSERT_SUCCESS(s_check_ecs_tester_request_uri_and_authorization( - "http://www.xxx123321testmocknonexsitingawsservice.com:80/path/to/resource/?…", + "https://www.xxx123321testmocknonexsitingawsservice.com:443/path/to/resource…", aws_string_c_str(auth_token2))); aws_mutex_unlock(&s_tester.lock); @@ -819,14 +875,33 @@ .auth_token_file_content = "testToken", .expected_auth_token = "testToken", }, + /* IPv4 loopback address */ + { + .full_uri = "http://127.1.2.3:456/credentials", + .expected_uri = "http://127.1.2.3:456/credentials", + }, + /* IPv4 EKS container host address */ + { + .full_uri = "http://169.254.170.23:8080/credentials", + .expected_uri = "http://169.254.170.23:8080/credentials", + }, + /* IPv4 ECS container host address */ + { + .full_uri = "http://169.254.170.2:8080/credentials", + .expected_uri = "http://169.254.170.2:8080/credentials", + }, + /* IPv6 loopback address */ + { + .full_uri = "http://[::1]:8080/credentials", + .expected_uri = "http://[::1]:8080/credentials", + }, + /* IPv6 EKS host */ + { + .full_uri = "http://[fd00:ec2::23]:8080/credentials", + .expected_uri = "http://[fd00:ec2::23]:8080/credentials", + }, }; - /* Provide tls_ctx, in case FULL_URI scheme is "https://" */ - struct aws_tls_ctx_options tls_options; - aws_tls_ctx_options_init_default_client(&tls_options, allocator); - struct aws_tls_ctx *tls_ctx = aws_tls_client_ctx_new(allocator, &tls_options); - ASSERT_NOT_NULL(tls_ctx); - for (size_t case_idx = 0; case_idx < AWS_ARRAY_SIZE(test_cases); ++case_idx) { struct test_case case_i = test_cases[case_idx]; printf( @@ -852,7 +927,7 @@ .shutdown_callback = s_on_shutdown_complete, .shutdown_user_data = NULL, }, - .tls_ctx = tls_ctx, + .tls_ctx = s_tester.tls_ctx, }; ASSERT_SUCCESS(s_do_ecs_env_success_test( @@ -868,8 +943,6 @@ s_aws_ecs_tester_reset(); } - aws_tls_ctx_release(tls_ctx); - aws_tls_ctx_options_clean_up(&tls_options); s_aws_ecs_tester_cleanup(); return 0; } @@ -893,12 +966,13 @@ }, .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), + .tls_ctx = s_tester.tls_ctx, }; ASSERT_SUCCESS(s_do_ecs_success_test( allocator, &options, - "http://www.xxx123321testmocknonexsitingawsservice.com:80/path/to/resource/?…" /*expected_uri*/, + "https://www.xxx123321testmocknonexsitingawsservice.com:443/path/to/resource…" /*expected_uri*/, NULL /*expected_token*/)); s_aws_ecs_tester_cleanup(); @@ -935,6 +1009,7 @@ .host = aws_byte_cursor_from_c_str("www.xxx123321testmocknonexsitingawsservice.com"), .path_and_query = aws_byte_cursor_from_c_str("/path/to/resource/?a=b&c=d"), .auth_token = aws_byte_cursor_from_c_str("test-token-1234-abcd"), + .tls_ctx = s_tester.tls_ctx, }; struct aws_credentials_provider *provider = aws_credentials_provider_new_ecs(allocator, &options); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-auth-0.7.22/tests/credentials_provider_sts_tests.c new/aws-c-auth-0.7.23/tests/credentials_provider_sts_tests.c --- old/aws-c-auth-0.7.22/tests/credentials_provider_sts_tests.c 2024-05-15 20:46:22.000000000 +0200 +++ new/aws-c-auth-0.7.23/tests/credentials_provider_sts_tests.c 2024-07-30 22:21:36.000000000 +0200 @@ -388,6 +388,7 @@ static struct aws_byte_cursor s_role_arn_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("arn:aws:iam::67895:role/test_role"); static struct aws_byte_cursor s_session_name_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("test_session"); +static struct aws_byte_cursor s_external_id_cur = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("externalId123_+=,.@:\\/-"); static struct aws_byte_cursor s_success_creds_doc = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("<AssumeRoleResponse xmlns=\"who cares\">\n" @@ -410,6 +411,14 @@ AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("Version=2011-06-15&Action=AssumeRole&RoleArn=arn%3Aaws%3Aiam%3A%3A67895%" "3Arole%2Ftest_role&RoleSessionName=test_session&DurationSeconds=900"); +static struct aws_byte_cursor s_expected_payload_with_external_id = + AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("Version=2011-06-15" + "&Action=AssumeRole" + "&RoleArn=arn%3Aaws%3Aiam%3A%3A67895%3Arole%2Ftest_role" + "&RoleSessionName=test_session" + "&ExternalId=externalId123_%2B%3D%2C.%40%3A%5C%2F-" + "&DurationSeconds=900"); + AWS_STATIC_STRING_FROM_LITERAL(s_access_key_id_response, "accessKeyIdResp"); AWS_STATIC_STRING_FROM_LITERAL(s_secret_access_key_response, "secretKeyResp"); AWS_STATIC_STRING_FROM_LITERAL(s_session_token_response, "sessionTokenResp"); @@ -508,6 +517,61 @@ AWS_TEST_CASE(credentials_provider_sts_direct_config_succeeds, s_credentials_provider_sts_direct_config_succeeds_fn) +static int s_credentials_provider_sts_direct_config_with_external_id_succeeds_fn( + struct aws_allocator *allocator, + void *ctx) { + (void)ctx; + + s_aws_sts_tester_init(allocator); + + struct aws_credentials_provider_static_options static_options = { + .access_key_id = s_access_key_cur, + .secret_access_key = s_secret_key_cur, + .session_token = s_session_token_cur, + }; + struct aws_credentials_provider *static_provider = aws_credentials_provider_new_static(allocator, &static_options); + + struct aws_credentials_provider_sts_options options = { + .creds_provider = static_provider, + .bootstrap = s_tester.bootstrap, + .tls_ctx = s_tester.tls_ctx, + .role_arn = s_role_arn_cur, + .session_name = s_session_name_cur, + .external_id = s_external_id_cur, + .duration_seconds = 0, + .function_table = &s_mock_function_table, + .system_clock_fn = mock_aws_get_system_time, + }; + + mock_aws_set_system_time(0); + + aws_array_list_push_back(&s_tester.response_data_callbacks, &s_success_creds_doc); + s_tester.mock_response_code = 200; + + struct aws_credentials_provider *sts_provider = aws_credentials_provider_new_sts(allocator, &options); + + aws_credentials_provider_get_credentials(sts_provider, s_get_credentials_callback, NULL); + + s_aws_wait_for_credentials_result(); + + ASSERT_BIN_ARRAYS_EQUALS( + s_expected_payload_with_external_id.ptr, + s_expected_payload_with_external_id.len, + s_tester.mocked_requests[0].body.buffer, + s_tester.mocked_requests[0].body.len); + + aws_credentials_provider_release(sts_provider); + s_aws_wait_for_provider_shutdown_callback(); + aws_credentials_provider_release(static_provider); + ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE( + credentials_provider_sts_direct_config_with_external_id_succeeds, + s_credentials_provider_sts_direct_config_with_external_id_succeeds_fn) + static int s_credentials_provider_sts_direct_config_with_region_succeeds_fn( struct aws_allocator *allocator, void *ctx) { @@ -1043,31 +1107,41 @@ credentials_provider_sts_direct_config_service_fails, s_credentials_provider_sts_direct_config_service_fails_fn) -static const char *s_soure_profile_config_file = "[default]\n" - "aws_access_key_id=BLAHBLAH\n" - "aws_secret_access_key=BLAHBLAHBLAH\n" - "\n" - "[roletest]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "source_profile=default\n" - "role_session_name=test_session"; - -static const char *s_soure_profile_chain_config_file = "[default]\n" - "aws_access_key_id=BLAHBLAH\n" - "aws_secret_access_key=BLAHBLAHBLAH\n" - "\n" - "[roletest]\n" - "role_arn=arn:aws:iam::67895:role/test_role\n" - "source_profile=roletest2\n" - "role_session_name=test_session\n" - "[roletest2]\n" - "role_arn=arn:aws:iam::67896:role/test_role\n" - "source_profile=roletest3\n" - "role_session_name=test_session2\n" - "[roletest3]\n" - "role_arn=arn:aws:iam::67897:role/test_role\n" - "source_profile=default\n" - "role_session_name=test_session3\n"; +static const char *s_source_profile_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=default\n" + "role_session_name=test_session"; + +static const char *s_source_profile_external_id_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=default\n" + "role_session_name=test_session\n" + "external_id=externalId123_+=,.@:\\/-\n"; + +static const char *s_source_profile_chain_config_file = "[default]\n" + "aws_access_key_id=BLAHBLAH\n" + "aws_secret_access_key=BLAHBLAHBLAH\n" + "\n" + "[roletest]\n" + "role_arn=arn:aws:iam::67895:role/test_role\n" + "source_profile=roletest2\n" + "role_session_name=test_session\n" + "[roletest2]\n" + "role_arn=arn:aws:iam::67896:role/test_role\n" + "source_profile=roletest3\n" + "role_session_name=test_session2\n" + "[roletest3]\n" + "role_arn=arn:aws:iam::67897:role/test_role\n" + "source_profile=default\n" + "role_session_name=test_session3\n"; static int s_credentials_provider_sts_from_profile_config_with_chain_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; @@ -1078,7 +1152,7 @@ s_aws_sts_tester_init(allocator); s_tester.expected_connection_manager_shutdown_callback_count = 3; - struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_soure_profile_chain_config_file); + struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_source_profile_chain_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1676,7 +1750,7 @@ s_aws_sts_tester_init(allocator); - struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_soure_profile_config_file); + struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_source_profile_config_file); struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); @@ -1763,6 +1837,63 @@ credentials_provider_sts_from_profile_config_manual_tls_succeeds, credentials_provider_sts_from_profile_config_manual_tls_succeeds_fn) +static int s_credentials_provider_sts_from_profile_config_with_external_id_fn( + struct aws_allocator *allocator, + void *ctx) { + (void)ctx; + + aws_unset_environment_value(s_default_profile_env_variable_name); + aws_unset_environment_value(s_default_config_path_env_variable_name); + aws_unset_environment_value(s_default_credentials_path_env_variable_name); + + s_aws_sts_tester_init(allocator); + + struct aws_string *config_contents = aws_string_new_from_c_str(allocator, s_source_profile_external_id_config_file); + + struct aws_string *config_file_str = aws_create_process_unique_file_name(allocator); + struct aws_string *creds_file_str = aws_create_process_unique_file_name(allocator); + + ASSERT_SUCCESS(aws_create_profile_file(creds_file_str, config_contents)); + aws_string_destroy(config_contents); + + struct aws_credentials_provider_profile_options options = { + .config_file_name_override = aws_byte_cursor_from_string(config_file_str), + .credentials_file_name_override = aws_byte_cursor_from_string(creds_file_str), + .profile_name_override = aws_byte_cursor_from_c_str("roletest"), + .bootstrap = s_tester.bootstrap, + .tls_ctx = s_tester.tls_ctx, + .function_table = &s_mock_function_table, + }; + + aws_array_list_push_back(&s_tester.response_data_callbacks, &s_success_creds_doc); + s_tester.mock_response_code = 200; + + struct aws_credentials_provider *provider = aws_credentials_provider_new_profile(allocator, &options); + ASSERT_NOT_NULL(provider); + + aws_string_destroy(config_file_str); + aws_string_destroy(creds_file_str); + + aws_credentials_provider_get_credentials(provider, s_get_credentials_callback, NULL); + + s_aws_wait_for_credentials_result(); + + ASSERT_BIN_ARRAYS_EQUALS( + s_expected_payload_with_external_id.ptr, + s_expected_payload_with_external_id.len, + s_tester.mocked_requests[0].body.buffer, + s_tester.mocked_requests[0].body.len); + + aws_credentials_provider_release(provider); + s_aws_wait_for_provider_shutdown_callback(); + ASSERT_SUCCESS(s_aws_sts_tester_cleanup()); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE( + credentials_provider_sts_from_profile_config_with_external_id, + s_credentials_provider_sts_from_profile_config_with_external_id_fn) + static const char *s_env_source_config_file = "[default]\n" "aws_access_key_id=BLAHBLAH\n" "aws_secret_access_key=BLAHBLAHBLAH\n"

1 0

commit aws-c-io for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-io for openSUSE:Factory checked in at 2024-08-01 22:06:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-io (Old) and /work/SRC/openSUSE:Factory/.aws-c-io.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "aws-c-io" Thu Aug 1 22:06:04 2024 rev:11 rq:1191001 version:0.14.15 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-io/aws-c-io.changes 2024-07-31 13:31:29.429216045 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-io.new.7232/aws-c-io.changes 2024-08-01 22:06:49.334388943 +0200 @@ -1,0 +2,12 @@ +Wed Jul 31 09:05:34 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com> + +- Update to version 0.14.15 + * Fix undefined type enum aws_tls_handler_state in source/windows/ + secure_channel_tls_handler.c when building on Windows + by @brechtsanders in (#663) +- from version 0.14.14 + * Update MacOS CI by @waahm7 in (#658) + * Remove uv headers from CMakeLists.txt by @sbSteveK in (#660) + * TLS deliver buffer data during shutdown by @TingDaoK in (#650) + +------------------------------------------------------------------- Old: ---- v0.14.13.tar.gz New: ---- v0.14.15.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-io.spec ++++++ --- /var/tmp/diff_new_pack.LX75Kz/_old 2024-08-01 22:06:50.334430208 +0200 +++ /var/tmp/diff_new_pack.LX75Kz/_new 2024-08-01 22:06:50.334430208 +0200 @@ -20,7 +20,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-io -Version: 0.14.13 +Version: 0.14.15 Release: 0 Summary: I/O and TLS package AWS SDK for C License: Apache-2.0 ++++++ v0.14.13.tar.gz -> v0.14.15.tar.gz ++++++ ++++ 1712 lines of diff (skipped)

1 0

commit aws-c-http for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-http for openSUSE:Factory checked in at 2024-08-01 22:06:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-http (Old) and /work/SRC/openSUSE:Factory/.aws-c-http.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "aws-c-http" Thu Aug 1 22:06:04 2024 rev:5 rq:1191000 version:0.8.5 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-http/aws-c-http.changes 2024-07-22 17:16:10.776906302 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-http.new.7232/aws-c-http.changes 2024-08-01 22:06:48.498354445 +0200 @@ -1,0 +2,9 @@ +Wed Jul 31 09:20:59 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com> + +- Update to version 0.8.5 + * Update MacOS to arm64 by @waahm7 in (#476) + * Update stale issue bot permissions by @jmklix in (#478) + * Adapt change from "TLS deliver buffer data during shutdown" + by @TingDaoK in (#474) + +------------------------------------------------------------------- Old: ---- v0.8.4.tar.gz New: ---- v0.8.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-http.spec ++++++ --- /var/tmp/diff_new_pack.c3XH1Z/_old 2024-08-01 22:06:49.114379864 +0200 +++ /var/tmp/diff_new_pack.c3XH1Z/_new 2024-08-01 22:06:49.118380029 +0200 @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 1_0_0 Name: aws-c-http -Version: 0.8.4 +Version: 0.8.5 Release: 0 Summary: C99 implementation of the HTTP/1.1 and HTTP/2 specifications License: Apache-2.0 ++++++ v0.8.4.tar.gz -> v0.8.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/.github/workflows/ci.yml new/aws-c-http-0.8.5/.github/workflows/ci.yml --- old/aws-c-http-0.8.4/.github/workflows/ci.yml 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/.github/workflows/ci.yml 2024-07-29 22:12:51.000000000 +0200 @@ -6,7 +6,7 @@ - 'main' env: - BUILDER_VERSION: v0.9.55 + BUILDER_VERSION: v0.9.62 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-c-http @@ -140,8 +140,8 @@ run: | python .\aws-c-http\build\deps\aws-c-common\scripts\appverifier_ctest.py --build_directory .\aws-c-http\build\aws-c-http - osx: - runs-on: macos-12 # latest + macos: + runs-on: macos-14 # latest steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | @@ -149,6 +149,14 @@ chmod a+x builder ./builder build -p ${{ env.PACKAGE_NAME }} + macos-x64: + runs-on: macos-14-large # latest + steps: + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} localhost-test-linux: runs-on: ubuntu-20.04 # latest @@ -160,13 +168,15 @@ python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" python3 builder.pyz build -p aws-c-http --cmake-extra=-DENABLE_LOCALHOST_INTEGRATION_TESTS=ON --config Debug - localhost-test-mac: - runs-on: macos-13 # latest + localhost-test-macos: + runs-on: macos-14 # latest steps: - name: Checkout uses: actions/checkout@v3 - name: Build and test run: | + python3 -m venv .venv + source .venv/bin/activate python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" python3 builder.pyz build -p aws-c-http --cmake-extra=-DENABLE_LOCALHOST_INTEGRATION_TESTS=ON --config Debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/.github/workflows/stale_issue.yml new/aws-c-http-0.8.5/.github/workflows/stale_issue.yml --- old/aws-c-http-0.8.4/.github/workflows/stale_issue.yml 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/.github/workflows/stale_issue.yml 2024-07-29 22:12:51.000000000 +0200 @@ -9,6 +9,9 @@ cleanup: runs-on: ubuntu-latest name: Stale issue job + permissions: + issues: write + pull-requests: write steps: - uses: aws-actions/stale-issue-cleanup@v3 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/include/aws/http/private/h1_connection.h new/aws-c-http-0.8.5/include/aws/http/private/h1_connection.h --- old/aws-c-http-0.8.4/include/aws/http/private/h1_connection.h 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/include/aws/http/private/h1_connection.h 2024-07-29 22:12:51.000000000 +0200 @@ -128,12 +128,16 @@ /* If non-zero, reason to immediately reject new streams. (ex: closing) */ int new_stream_error_code; + /* If true, user has called connection_close() or stream_cancel(), + * but the cross_thread_work_task hasn't processed it yet */ + bool shutdown_requested; + int shutdown_requested_error_code; + /* See `cross_thread_work_task` */ bool is_cross_thread_work_task_scheduled : 1; /* For checking status from outside the event-loop thread. */ bool is_open : 1; - } synced_data; }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/source/h1_connection.c new/aws-c-http-0.8.5/source/h1_connection.c --- old/aws-c-http-0.8.4/source/h1_connection.c 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/source/h1_connection.c 2024-07-29 22:12:51.000000000 +0200 @@ -130,7 +130,6 @@ * - Channel is shutting down in the read direction. * - Channel is shutting down in the write direction. * - An error occurs. - * - User wishes to close the connection (this is the only case where the function may run off-thread). */ static void s_stop( struct aws_h1_connection *connection, @@ -139,15 +138,14 @@ bool schedule_shutdown, int error_code) { + AWS_ASSERT(aws_channel_thread_is_callers_thread(connection->base.channel_slot->channel)); AWS_ASSERT(stop_reading || stop_writing || schedule_shutdown); /* You are required to stop at least 1 thing */ if (stop_reading) { - AWS_ASSERT(aws_channel_thread_is_callers_thread(connection->base.channel_slot->channel)); connection->thread_data.is_reading_stopped = true; } if (stop_writing) { - AWS_ASSERT(aws_channel_thread_is_callers_thread(connection->base.channel_slot->channel)); connection->thread_data.is_writing_stopped = true; } { /* BEGIN CRITICAL SECTION */ @@ -169,6 +167,11 @@ aws_error_name(error_code)); aws_channel_shutdown(connection->base.channel_slot->channel, error_code); + if (stop_reading) { + /* Increase the window size after shutdown starts, to prevent deadlock when data still pending in the TLS + * handler. */ + aws_channel_slot_increment_read_window(connection->base.channel_slot, SIZE_MAX); + } } } @@ -190,13 +193,44 @@ } /** + * Helper to shutdown the connection from non-channel thread. (User wishes to close the connection) + **/ +static void s_shutdown_from_off_thread(struct aws_h1_connection *connection, int error_code) { + bool should_schedule_task = false; + { /* BEGIN CRITICAL SECTION */ + aws_h1_connection_lock_synced_data(connection); + if (!connection->synced_data.is_cross_thread_work_task_scheduled) { + connection->synced_data.is_cross_thread_work_task_scheduled = true; + should_schedule_task = true; + } + if (!connection->synced_data.shutdown_requested) { + connection->synced_data.shutdown_requested = true; + connection->synced_data.shutdown_requested_error_code = error_code; + } + /* Connection has shutdown, new streams should not be allowed. */ + connection->synced_data.is_open = false; + connection->synced_data.new_stream_error_code = AWS_ERROR_HTTP_CONNECTION_CLOSED; + aws_h1_connection_unlock_synced_data(connection); + } /* END CRITICAL SECTION */ + + if (should_schedule_task) { + AWS_LOGF_TRACE( + AWS_LS_HTTP_CONNECTION, "id=%p: Scheduling connection cross-thread work task.", (void *)&connection->base); + aws_channel_schedule_task_now(connection->base.channel_slot->channel, &connection->cross_thread_work_task); + } else { + AWS_LOGF_TRACE( + AWS_LS_HTTP_CONNECTION, + "id=%p: Connection cross-thread work task was already scheduled", + (void *)&connection->base); + } +} + +/** * Public function for closing connection. */ static void s_connection_close(struct aws_http_connection *connection_base) { struct aws_h1_connection *connection = AWS_CONTAINER_OF(connection_base, struct aws_h1_connection, base); - - /* Don't stop reading/writing immediately, let that happen naturally during the channel shutdown process. */ - s_stop(connection, false /*stop_reading*/, false /*stop_writing*/, true /*schedule_shutdown*/, AWS_ERROR_SUCCESS); + s_shutdown_from_off_thread(connection, AWS_ERROR_SUCCESS); } static void s_connection_stop_new_request(struct aws_http_connection *connection_base) { @@ -412,8 +446,7 @@ (void *)stream, error_code, aws_error_name(error_code)); - - s_stop(connection, false /*stop_reading*/, false /*stop_writing*/, true /*schedule_shutdown*/, error_code); + s_shutdown_from_off_thread(connection, error_code); } struct aws_http_stream *s_make_request( @@ -495,10 +528,17 @@ bool has_new_client_streams = !aws_linked_list_empty(&connection->synced_data.new_client_stream_list); aws_linked_list_move_all_back( &connection->thread_data.stream_list, &connection->synced_data.new_client_stream_list); + bool shutdown_requested = connection->synced_data.shutdown_requested; + int shutdown_error = connection->synced_data.shutdown_requested_error_code; + connection->synced_data.shutdown_requested = false; + connection->synced_data.shutdown_requested_error_code = 0; aws_h1_connection_unlock_synced_data(connection); /* END CRITICAL SECTION */ + if (shutdown_requested) { + s_stop(connection, true /*stop_reading*/, true /*stop_writing*/, true /*schedule_shutdown*/, shutdown_error); + } /* Kick off outgoing-stream task if necessary */ if (has_new_client_streams) { aws_h1_connection_try_write_outgoing_stream(connection); @@ -785,13 +825,8 @@ (void *)connection_base, response_first_byte_timeout_ms); - /* Don't stop reading/writing immediately, let that happen naturally during the channel shutdown process. */ - s_stop( - connection, - false /*stop_reading*/, - false /*stop_writing*/, - true /*schedule_shutdown*/, - AWS_ERROR_HTTP_RESPONSE_FIRST_BYTE_TIMEOUT); + /* Shutdown the connection. */ + s_shutdown_due_to_error(connection, AWS_ERROR_HTTP_RESPONSE_FIRST_BYTE_TIMEOUT); } static void s_set_outgoing_message_done(struct aws_h1_stream *stream) { @@ -1804,6 +1839,12 @@ AWS_LOGF_TRACE( AWS_LS_HTTP_CONNECTION, "id=%p: Incoming message of size %zu.", (void *)&connection->base, message_size); + if (connection->thread_data.is_reading_stopped) { + /* Read has stopped, ignore the data, shutdown the channel incase it has not started yet. */ + aws_mem_release(message->allocator, message); /* Release the message as we return success. */ + s_shutdown_due_to_error(connection, AWS_ERROR_HTTP_CONNECTION_CLOSED); + return AWS_OP_SUCCESS; + } /* Shrink connection window by amount of data received. See comments at variable's * declaration site on why we use this instead of the official `aws_channel_slot.window_size`. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/source/websocket.c new/aws-c-http-0.8.5/source/websocket.c --- old/aws-c-http-0.8.4/source/websocket.c 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/source/websocket.c 2024-07-29 22:12:51.000000000 +0200 @@ -989,8 +989,13 @@ s_unlock_synced_data(websocket); /* END CRITICAL SECTION */ + websocket->thread_data.is_reading_stopped = true; + websocket->thread_data.is_writing_stopped = true; aws_channel_shutdown(websocket->channel_slot->channel, error_code); + /* Increase the window size after shutdown starts, to prevent deadlock when data still pending in the upstream + * handler. */ + aws_channel_slot_increment_read_window(websocket->channel_slot, SIZE_MAX); } /* Tell the channel to shut down. It is safe to call this multiple times. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/tests/CMakeLists.txt new/aws-c-http-0.8.5/tests/CMakeLists.txt --- old/aws-c-http-0.8.4/tests/CMakeLists.txt 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/tests/CMakeLists.txt 2024-07-29 22:12:51.000000000 +0200 @@ -159,6 +159,7 @@ add_net_test_case(tls_download_medium_file_h1) add_net_test_case(tls_download_medium_file_h2) +add_net_test_case(test_tls_download_shutdown_with_window_size_0) add_test_case(websocket_decoder_sanity_check) add_test_case(websocket_decoder_simplest_frame) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/tests/test_connection.c new/aws-c-http-0.8.5/tests/test_connection.c --- old/aws-c-http-0.8.4/tests/test_connection.c 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/tests/test_connection.c 2024-07-29 22:12:51.000000000 +0200 @@ -508,9 +508,6 @@ static int s_test_connection_setup_shutdown_tls(struct aws_allocator *allocator, void *ctx) { (void)ctx; -#ifdef __APPLE__ /* Something is wrong with APPLE */ - return AWS_OP_SUCCESS; -#endif struct tester_options options = { .alloc = allocator, .tls = true, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-http-0.8.4/tests/test_tls.c new/aws-c-http-0.8.5/tests/test_tls.c --- old/aws-c-http-0.8.4/tests/test_tls.c 2024-07-13 00:27:26.000000000 +0200 +++ new/aws-c-http-0.8.5/tests/test_tls.c 2024-07-29 22:12:51.000000000 +0200 @@ -58,8 +58,8 @@ test->client_connection_is_shutdown = true; test->wait_result = error_code; - AWS_FATAL_ASSERT(aws_mutex_unlock(&test->wait_lock) == AWS_OP_SUCCESS); aws_condition_variable_notify_one(&test->wait_cvar); + AWS_FATAL_ASSERT(aws_mutex_unlock(&test->wait_lock) == AWS_OP_SUCCESS); } static int s_test_wait(struct test_ctx *test, bool (*pred)(void *user_data)) { @@ -108,6 +108,48 @@ return test->wait_result || test->stream_complete; } +static int s_test_ctx_init(struct aws_allocator *allocator, struct test_ctx *test, bool h2_required) { + + AWS_ZERO_STRUCT(*test); + test->alloc = allocator; + + aws_mutex_init(&test->wait_lock); + aws_condition_variable_init(&test->wait_cvar); + + test->event_loop_group = aws_event_loop_group_new_default(test->alloc, 1, NULL); + + struct aws_host_resolver_default_options resolver_options = { + .el_group = test->event_loop_group, + .max_entries = 1, + }; + + test->host_resolver = aws_host_resolver_new_default(test->alloc, &resolver_options); + + struct aws_client_bootstrap_options bootstrap_options = { + .event_loop_group = test->event_loop_group, + .host_resolver = test->host_resolver, + }; + ASSERT_NOT_NULL(test->client_bootstrap = aws_client_bootstrap_new(test->alloc, &bootstrap_options)); + struct aws_tls_ctx_options tls_ctx_options; + aws_tls_ctx_options_init_default_client(&tls_ctx_options, allocator); + char *apln = h2_required ? "h2" : "http/1.1"; + aws_tls_ctx_options_set_alpn_list(&tls_ctx_options, apln); + ASSERT_NOT_NULL(test->tls_ctx = aws_tls_client_ctx_new(allocator, &tls_ctx_options)); + + aws_tls_ctx_options_clean_up(&tls_ctx_options); + return AWS_OP_SUCCESS; +} + +static void s_test_ctx_clean_up(struct test_ctx *test) { + aws_client_bootstrap_release(test->client_bootstrap); + aws_host_resolver_release(test->host_resolver); + aws_event_loop_group_release(test->event_loop_group); + aws_tls_ctx_release(test->tls_ctx); + + aws_mutex_clean_up(&test->wait_lock); + aws_condition_variable_clean_up(&test->wait_cvar); +} + static int s_test_tls_download_medium_file_general( struct aws_allocator *allocator, struct aws_byte_cursor url, @@ -125,31 +167,8 @@ }; struct test_ctx test; - AWS_ZERO_STRUCT(test); - test.alloc = allocator; - - aws_mutex_init(&test.wait_lock); - aws_condition_variable_init(&test.wait_cvar); - - test.event_loop_group = aws_event_loop_group_new_default(test.alloc, 1, NULL); - - struct aws_host_resolver_default_options resolver_options = { - .el_group = test.event_loop_group, - .max_entries = 1, - }; + ASSERT_SUCCESS(s_test_ctx_init(allocator, &test, h2_required)); - test.host_resolver = aws_host_resolver_new_default(test.alloc, &resolver_options); - - struct aws_client_bootstrap_options bootstrap_options = { - .event_loop_group = test.event_loop_group, - .host_resolver = test.host_resolver, - }; - ASSERT_NOT_NULL(test.client_bootstrap = aws_client_bootstrap_new(test.alloc, &bootstrap_options)); - struct aws_tls_ctx_options tls_ctx_options; - aws_tls_ctx_options_init_default_client(&tls_ctx_options, allocator); - char *apln = h2_required ? "h2" : "http/1.1"; - aws_tls_ctx_options_set_alpn_list(&tls_ctx_options, apln); - ASSERT_NOT_NULL(test.tls_ctx = aws_tls_client_ctx_new(allocator, &tls_ctx_options)); struct aws_tls_connection_options tls_connection_options; aws_tls_connection_options_init_from_ctx(&tls_connection_options, test.tls_ctx); aws_tls_connection_options_set_server_name( @@ -208,21 +227,11 @@ aws_http_connection_release(test.client_connection); ASSERT_SUCCESS(s_test_wait(&test, s_test_connection_shutdown_pred)); - - aws_client_bootstrap_release(test.client_bootstrap); - aws_host_resolver_release(test.host_resolver); - aws_event_loop_group_release(test.event_loop_group); - - aws_tls_ctx_options_clean_up(&tls_ctx_options); aws_tls_connection_options_clean_up(&tls_connection_options); - aws_tls_ctx_release(test.tls_ctx); - + s_test_ctx_clean_up(&test); aws_uri_clean_up(&uri); aws_http_library_clean_up(); - aws_mutex_clean_up(&test.wait_lock); - aws_condition_variable_clean_up(&test.wait_cvar); - return AWS_OP_SUCCESS; } @@ -243,3 +252,93 @@ return AWS_OP_SUCCESS; } AWS_TEST_CASE(tls_download_medium_file_h2, s_tls_download_medium_file_h2); + +static int s_test_tls_download_shutdown_with_window_size_0(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_http_library_init(allocator); + struct aws_byte_cursor uri_str = + aws_byte_cursor_from_c_str("https://aws-crt-test-stuff.s3.amazonaws.com/http_test_doc.txt"); + struct aws_uri uri; + AWS_ZERO_STRUCT(uri); + aws_uri_init_parse(&uri, allocator, &uri_str); + + size_t window_size = 20 * 1024; + + struct aws_socket_options socket_options = { + .type = AWS_SOCKET_STREAM, + .domain = AWS_SOCKET_IPV4, + .connect_timeout_ms = + (uint32_t)aws_timestamp_convert(TEST_TIMEOUT_SEC, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_MILLIS, NULL), + }; + + struct test_ctx test; + ASSERT_SUCCESS(s_test_ctx_init(allocator, &test, false)); + struct aws_tls_connection_options tls_connection_options; + aws_tls_connection_options_init_from_ctx(&tls_connection_options, test.tls_ctx); + aws_tls_connection_options_set_server_name( + &tls_connection_options, allocator, (struct aws_byte_cursor *)aws_uri_host_name(&uri)); + struct aws_http_client_connection_options http_options = AWS_HTTP_CLIENT_CONNECTION_OPTIONS_INIT; + http_options.allocator = test.alloc; + http_options.bootstrap = test.client_bootstrap; + http_options.host_name = *aws_uri_host_name(&uri); + http_options.port = 443; + http_options.on_setup = s_on_connection_setup; + http_options.on_shutdown = s_on_connection_shutdown; + http_options.socket_options = &socket_options; + http_options.tls_options = &tls_connection_options; + http_options.user_data = &test; + http_options.manual_window_management = true; + http_options.initial_window_size = window_size; + + ASSERT_SUCCESS(aws_http_client_connect(&http_options)); + ASSERT_SUCCESS(s_test_wait(&test, s_test_connection_setup_pred)); + ASSERT_INT_EQUALS(0, test.wait_result); + ASSERT_NOT_NULL(test.client_connection); + ASSERT_INT_EQUALS(aws_http_connection_get_version(test.client_connection), AWS_HTTP_VERSION_1_1); + + struct aws_http_message *request = aws_http_message_new_request(allocator); + ASSERT_NOT_NULL(request); + ASSERT_SUCCESS(aws_http_message_set_request_method(request, aws_http_method_get)); + ASSERT_SUCCESS(aws_http_message_set_request_path(request, *aws_uri_path_and_query(&uri))); + + struct aws_http_header header_host = { + .name = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("Host"), + .value = *aws_uri_host_name(&uri), + }; + ASSERT_SUCCESS(aws_http_message_add_header(request, header_host)); + + struct aws_http_make_request_options req_options = { + .self_size = sizeof(req_options), + .request = request, + .on_response_body = s_on_stream_body, + .on_complete = s_on_stream_complete, + .user_data = &test, + }; + + ASSERT_NOT_NULL(test.stream = aws_http_connection_make_request(test.client_connection, &req_options)); + aws_http_stream_activate(test.stream); + + /* wait for the request to hit the window limitation. */ + aws_thread_current_sleep(aws_timestamp_convert(2, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL)); + aws_http_connection_close(test.client_connection); + + aws_http_stream_release(test.stream); + test.stream = NULL; + + aws_http_connection_release(test.client_connection); + ASSERT_SUCCESS(s_test_wait(&test, s_stream_wait_pred)); + /* Reset the wait error. */ + test.wait_result = 0; + ASSERT_SUCCESS(s_test_wait(&test, s_test_connection_shutdown_pred)); + ASSERT_INT_EQUALS(window_size, test.body_size); + + aws_http_message_destroy(request); + aws_tls_connection_options_clean_up(&tls_connection_options); + s_test_ctx_clean_up(&test); + aws_uri_clean_up(&uri); + aws_http_library_clean_up(); + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(test_tls_download_shutdown_with_window_size_0, s_test_tls_download_shutdown_with_window_size_0);

1 0

commit oras for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package oras for openSUSE:Factory checked in at 2024-08-01 22:06:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/oras (Old) and /work/SRC/openSUSE:Factory/.oras.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "oras" Thu Aug 1 22:06:03 2024 rev:2 rq:1191004 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/oras/oras.changes 2023-12-04 23:01:52.168413610 +0100 +++ /work/SRC/openSUSE:Factory/.oras.new.7232/oras.changes 2024-08-01 22:06:47.666320112 +0200 @@ -1,0 +2,18 @@ +Thu Jul 11 10:58:16 UTC 2024 - opensuse_buildservice(a)ojkastl.de + +- add completion subpackages +- Update to version 1.2.0: + * bump: tag and release ORAS CLI v1.2.0 + * fix: remove call to deprecated print (#1392) + * doc: verify local files (#1386) + * chore: Remove deprecated PrintStatus method (#1389) + * build(deps): bump github.com/onsi/ginkgo/v2 from 2.18.0 to + 2.19.0 in /test/e2e (#1390) + * build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to + 2.18.0 in /test/e2e (#1388) + * refactor: Get rid of deprecated PrintStatus method (#1378) + * build(deps): bump actions/checkout from 3 to 4 (#1385) + * fix: oras cp documentation (#1384) + * fix: remove non-classic snap plugins (#1383) + +------------------------------------------------------------------- Old: ---- oras-1.1.0.tar.gz vendor.tar.zst New: ---- _servicedata oras-1.2.0.obscpio oras.obsinfo vendor.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ oras.spec ++++++ --- /var/tmp/diff_new_pack.Kl8MNu/_old 2024-08-01 22:06:48.346348172 +0200 +++ /var/tmp/diff_new_pack.Kl8MNu/_new 2024-08-01 22:06:48.346348172 +0200 @@ -1,7 +1,7 @@ # -# spec file for package trivy +# spec file for package oras # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,40 +16,102 @@ # -%global git_commit 7079c468a06fb5815c99395eb4aaf46dd459d3fa +%define __arch_install_post export NO_BRP_STRIP_DEBUG=true + Name: oras -Version: 1.1.0 +Version: 1.2.0 Release: 0 -Summary: OCI registry client - managing content like artifacts, images, packages +Summary: OCI registry client - manage content like artifacts, images, packages License: Apache-2.0 -Group: System/Management URL: https://github.com/oras-project/oras -Source: https://github.com/oras-project/oras/archive/refs/tags/v%{version}.tar.gz#/… -Source1: vendor.tar.zst -BuildRequires: golang(API) = 1.21 -BuildRequires: golang-packaging -BuildRequires: zstd +Source: %{name}-%{version}.tar.gz +Source1: vendor.tar.gz +BuildRequires: go >= 1.22 %description -OCI registry client to manage registries which store container images and other artifacts -for easy access. -Distributing OCI artifacts means pushing them to these registries so others can -pull them for use. ORAS helps with those tasks +ORAS is the de facto tool for working with OCI Artifacts. It treats media types +as a critical piece of the puzzle. Container images are never assumed to be the +artifact in question. ORAS provides CLI and client libraries to distribute +artifacts across OCI-compliant registries. + +%package -n %{name}-bash-completion +Summary: Bash Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Requires: bash-completion +Supplements: (%{name} and bash-completion) +BuildArch: noarch + +%description -n %{name}-bash-completion +Bash command line completion support for %{name}. + +%package -n %{name}-fish-completion +Summary: Fish Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and fish) +BuildArch: noarch + +%description -n %{name}-fish-completion +Fish command line completion support for %{name}. + +%package -n %{name}-zsh-completion +Summary: Zsh Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and zsh) +BuildArch: noarch + +%description -n %{name}-zsh-completion +zsh command line completion support for %{name}. %prep -%autosetup -p1 -a1 +%autosetup -p 1 -a 1 %build -CGO_ENABLED=0 go build -o oras -mod=vendor -buildmode=pie -trimpath \ - -ldflags "-w -X oras.land/oras/internal/version.BuildMetadata=%{version} \ - -X oras.land/internal/version.GitTreeState=clean \ - -X oras.land/internal.version.GitCommit=%{git_commit}" cmd/oras/main.go +COMMIT_HASH="$(sed -n 's/commit: $.*$/\1/p' %_sourcedir/%{name}.obsinfo)" + +go build \ + -mod=vendor \ + -buildmode=pie \ + -ldflags=" \ + -X oras.land/oras/internal/version.BuildMetadata= \ + -X oras.land/oras/internal/version.gitCommit=v${COMMIT_HASH} \ + -X oras.land/oras/internal/version.GitTreeState=clean" \ + -o bin/%{name} oras.land/oras/cmd/oras %install -install -D -m 755 oras %{buildroot}/%{_bindir}/%{name} +# Install the binary. +install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name} + +# create the bash completion file +mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/ +%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name} + +# create the fish completion file +mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/ +%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +# create the zsh completion file +mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/ +%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name} %files -%license LICENSE %doc README.md +%license LICENSE %{_bindir}/%{name} +%files -n %{name}-bash-completion +%dir %{_datarootdir}/bash-completion/completions/ +%{_datarootdir}/bash-completion/completions/%{name} + +%files -n %{name}-fish-completion +%dir %{_datarootdir}/fish +%dir %{_datarootdir}/fish/vendor_completions.d +%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +%files -n %{name}-zsh-completion +%defattr(-,root,root) +%dir %{_datarootdir}/zsh_completion.d/ +%{_datarootdir}/zsh_completion.d/_%{name} + ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Kl8MNu/_old 2024-08-01 22:06:48.378349492 +0200 +++ /var/tmp/diff_new_pack.Kl8MNu/_new 2024-08-01 22:06:48.382349658 +0200 @@ -1,6 +1,23 @@ <services> + <service name="obs_scm" mode="manual"> + <param name="url">https://github.com/oras-project/oras</param> + <param name="scm">git</param> + <param name="exclude">.git</param> + <param name="revision">v1.2.0</param> + <param name="versionformat">@PARENT_TAG@</param> + <param name="changesgenerate">enable</param> + <param name="versionrewrite-pattern">v(.*)</param> + </service> + <service name="set_version" mode="manual"> + </service> <service name="go_modules" mode="manual"> - <param name="compression">zst</param> + </service> +  + <service name="tar" mode="buildtime"> + </service> + <service name="recompress" mode="buildtime"> + <param name="file">*.tar</param> + <param name="compression">gz</param> </service> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/oras-project/oras</param> <param name="changesrevision">dcef719e208a9b226b15bc6512ad729a7dd93270</param></service></servicedata> (No newline at EOF) ++++++ oras.obsinfo ++++++ name: oras version: 1.2.0 mtime: 1716881623 commit: dcef719e208a9b226b15bc6512ad729a7dd93270

1 0

commit kubetui for openSUSE:Factory
by Source-Sync 01 Aug '24

01 Aug '24

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubetui for openSUSE:Factory checked in at 2024-08-01 22:06:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubetui (Old) and /work/SRC/openSUSE:Factory/.kubetui.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "kubetui" Thu Aug 1 22:06:00 2024 rev:4 rq:1191003 version:1.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kubetui/kubetui.changes 2024-06-03 17:43:25.906964196 +0200 +++ /work/SRC/openSUSE:Factory/.kubetui.new.7232/kubetui.changes 2024-08-01 22:06:46.314264322 +0200 @@ -1,0 +2,57 @@ +Wed Jul 24 14:05:30 UTC 2024 - ekr59uv25(a)gmail.com + +- Update to version 1.5.3: + * fix(deps): update rust crate kube to 0.93.0 + * chore(deps): update rust crate mockall to 0.13.0 + * chore(deps): lock file maintenance + * fix(deps): update rust crate thiserror to v1.0.63 + * chore(deps): update rust crate tokio to v1.38.1 + * fix(deps): update rust crate bytes to v1.6.1 + * fix(deps): update rust crate thiserror to v1.0.62 + * fix(deps): update rust crate clap to v4.5.9 + * fix(deps): update rust crate async-trait to v0.1.81 + * docs: Add keybinding for toggling split layout direction + * feat(ui): Add support for toggling split layout direction + * fix(deps): update rust crate serde to v1.0.204 + * fix(deps): update rust crate serde_json to v1.0.120 + * fix(kube/log): prevent removal of leading spaces in container logs + * fix(deps): update rust crate serde_json to v1.0.119 + * chore(render): add error logging in window action + * refactor(kube/store): clippy needless borrow + * refactor(kube/secret): replaced with the `?` operator + * chore(ui): suppress warnings for unused code in widget.rs + * chore(apis): allow dead code in kube apis module + * refactor(related_resources): simplify related resource structs + * refactor(v1_table): replace ToString with Display for Value + * fix(deps): update rust crate clap to v4.5.8 + * fix(deps): update rust crate log to v0.4.22 + * chore(deps): lock file maintenance + * fix(ui): Simplify generate_spans_line generation and tests + * fix(ui): Update crossterm usage to ratatui's crossterm + * fix(deps): update rust crate ratatui to 0.27.0 + * fix(deps): update rust crate serde_json to v1.0.118 + * fix(deps): update rust crate strum to v0.26.3 + * fix(deps): update rust crate kube to v0.92.1 + * chore(deps): lock file maintenance + * chore(deps): update actions/checkout digest to 692973e + * fix(deps): update rust crate kube to 0.92.0 + * fix(deps): update rust crate clap to v4.5.7 + * fix(deps): update all dependencies + * chore(deps): lock file maintenance + * fix(deps): update rust crate clap to v4.5.6 + * fix(deps): update rust crate clap to v4.5.5 + * fix(deps): update rust crate unicode-width to v0.1.13 + * test(network): fix kube network description tests + * chore(deps): update rust crate rstest to 0.21.0 + * chore(deps): update rust crate tokio to v1.38.0 + * chore(deps): update rust crate rstest to 0.20.0 + * fix(deps): update rust crate serde to v1.0.203 + * chore(deps): lock file maintenance + * fix(deps): update rust crate ratatui to v0.26.3 + * chore(deps): update actions/checkout digest to a5ac7e5 + * docs: add Chocolatey installation note + * fix(deps): update rust crate anyhow to v1.0.86 + * fix(deps): update rust crate anyhow to v1.0.85 + * fix(deps): update rust crate thiserror to v1.0.61 + +------------------------------------------------------------------- Old: ---- kubetui-1.5.2.tar.zst New: ---- kubetui-1.5.3.tar.zst ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubetui.spec ++++++ --- /var/tmp/diff_new_pack.wcYwHd/_old 2024-08-01 22:06:47.438310704 +0200 +++ /var/tmp/diff_new_pack.wcYwHd/_new 2024-08-01 22:06:47.442310869 +0200 @@ -17,7 +17,7 @@ Name: kubetui -Version: 1.5.2 +Version: 1.5.3 Release: 0 Summary: A terminal UI for Kubernetes License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.wcYwHd/_old 2024-08-01 22:06:47.478312354 +0200 +++ /var/tmp/diff_new_pack.wcYwHd/_new 2024-08-01 22:06:47.478312354 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/sarub0b0/kubetui.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="scm">git</param> - <param name="revision">v1.5.2</param> + <param name="revision">v1.5.3</param> <param name="match-tag">*</param> <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param> <param name="versionrewrite-replacement">\1</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.wcYwHd/_old 2024-08-01 22:06:47.506313510 +0200 +++ /var/tmp/diff_new_pack.wcYwHd/_new 2024-08-01 22:06:47.510313675 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/sarub0b0/kubetui.git</param> - <param name="changesrevision">e86fa0f76598b9c75b05a6848a83f60e7e6b02e7</param></service></servicedata> + <param name="changesrevision">671689f949d6e8b47372a104d1ebe3e49a51298d</param></service></servicedata> (No newline at EOF) ++++++ kubetui-1.5.2.tar.zst -> kubetui-1.5.3.tar.zst ++++++ /work/SRC/openSUSE:Factory/kubetui/kubetui-1.5.2.tar.zst /work/SRC/openSUSE:Factory/.kubetui.new.7232/kubetui-1.5.3.tar.zst differ: char 7, line 1 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/kubetui/vendor.tar.zst /work/SRC/openSUSE:Factory/.kubetui.new.7232/vendor.tar.zst differ: char 7, line 1

1 0