Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libhtp for openSUSE:Factory checked
in at 2023-07-27 16:53:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libhtp (Old)
and /work/SRC/openSUSE:Factory/.libhtp.new.32662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp"
Thu Jul 27 16:53:24 2023 rev:16 rq:1101052 version:0.5.45
Changes:
--------
--- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2023-06-30
19:59:08.413739106 +0200
+++ /work/SRC/openSUSE:Factory/.libhtp.new.32662/libhtp.changes 2023-07-27
16:53:30.194727792 +0200
@@ -1,0 +2,7 @@
+Thu Jul 27 08:56:06 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
+
+- Update to version 0.5.45
+ * log: resist allocation failure
+ * support HTTP Bearer authentication
+
+-------------------------------------------------------------------
Old:
----
libhtp-0.5.44.tar.gz
New:
----
libhtp-0.5.45.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libhtp.spec ++++++
--- /var/tmp/diff_new_pack.i6z106/_old 2023-07-27 16:53:30.766731024 +0200
+++ /var/tmp/diff_new_pack.i6z106/_new 2023-07-27 16:53:30.770731046 +0200
@@ -19,7 +19,7 @@
%define sover 2
%define lname %{name}%{sover}
Name: libhtp
-Version: 0.5.44
+Version: 0.5.45
Release: 0
Summary: HTTP normalizer and parser
License: BSD-3-Clause
++++++ libhtp-0.5.44.tar.gz -> libhtp-0.5.45.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/ChangeLog new/libhtp-0.5.45/ChangeLog
--- old/libhtp-0.5.44/ChangeLog 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/ChangeLog 2023-07-11 14:35:37.000000000 +0200
@@ -1,3 +1,10 @@
+0.5.45 (11 July 2023)
+---------------------
+
+- log: resist allocation failure
+
+- support HTTP Bearer authentication
+
0.5.44 (13 June 2023)
---------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/VERSION new/libhtp-0.5.45/VERSION
--- old/libhtp-0.5.44/VERSION 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/VERSION 2023-07-11 14:35:37.000000000 +0200
@@ -1,2 +1,2 @@
# This file is intended to be sourced by sh
-PKG_VERSION=0.5.44
+PKG_VERSION=0.5.45
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/htp/htp_core.h
new/libhtp-0.5.45/htp/htp_core.h
--- old/libhtp-0.5.44/htp/htp_core.h 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/htp/htp_core.h 2023-07-11 14:35:37.000000000 +0200
@@ -136,6 +136,9 @@
/** HTTP Digest authentication used. */
HTP_AUTH_DIGEST = 3,
+ /** HTTP Digest authentication used. */
+ HTP_AUTH_BEARER = 4,
+
/** Unrecognized authentication method. */
HTP_AUTH_UNRECOGNIZED = 9
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/htp/htp_parsers.c
new/libhtp-0.5.45/htp/htp_parsers.c
--- old/libhtp-0.5.44/htp/htp_parsers.c 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/htp/htp_parsers.c 2023-07-11 14:35:37.000000000 +0200
@@ -162,6 +162,24 @@
}
/**
+ * Parses Bearer Authorization request header.
+ *
+ * @param[in] connp
+ * @param[in] auth_header
+ */
+int htp_parse_authorization_bearer(htp_connp_t *connp, htp_header_t
*auth_header) {
+ unsigned char *data = bstr_ptr(auth_header->value);
+ size_t len = bstr_len(auth_header->value);
+ size_t pos = 6;
+
+ // Ignore whitespace
+ while ((pos < len) && (isspace((int) data[pos]))) pos++;
+ if (pos == len) return HTP_DECLINED;
+
+ // There is nothing much else to check with Bearer auth so we just return
+ return HTP_OK;
+}
+/**
* Parses Authorization request header.
*
* @param[in] connp
@@ -183,6 +201,10 @@
// Digest authentication
connp->in_tx->request_auth_type = HTP_AUTH_DIGEST;
return htp_parse_authorization_digest(connp, auth_header);
+ } else if (bstr_begins_with_c_nocase(auth_header->value, "bearer")) {
+ // OAuth Bearer authentication
+ connp->in_tx->request_auth_type = HTP_AUTH_BEARER;
+ return htp_parse_authorization_bearer(connp, auth_header);
} else {
// Unrecognized authentication method
connp->in_tx->request_auth_type = HTP_AUTH_UNRECOGNIZED;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/htp/htp_private.h
new/libhtp-0.5.45/htp/htp_private.h
--- old/libhtp-0.5.44/htp/htp_private.h 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/htp/htp_private.h 2023-07-11 14:35:37.000000000 +0200
@@ -186,6 +186,7 @@
int htp_parse_status(bstr *status);
int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t
*auth_header);
int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t
*auth_header);
+int htp_parse_authorization_bearer(htp_connp_t *connp, htp_header_t
*auth_header);
void htp_print_log(FILE *stream, htp_log_t *log);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/htp/htp_util.c
new/libhtp-0.5.45/htp/htp_util.c
--- old/libhtp-0.5.44/htp/htp_util.c 2023-06-13 15:14:36.000000000 +0200
+++ new/libhtp-0.5.45/htp/htp_util.c 2023-07-11 14:35:37.000000000 +0200
@@ -445,7 +445,11 @@
log->code = code;
log->msg = strdup(buf);
- htp_list_add(connp->conn->messages, log);
+ if (htp_list_add(connp->conn->messages, log) != HTP_OK) {
+ free((void *) log->msg);
+ free(log);
+ return;
+ }
if (level == HTP_LOG_ERROR) {
connp->last_error = log;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/test/files/100-auth-bearer.t
new/libhtp-0.5.45/test/files/100-auth-bearer.t
--- old/libhtp-0.5.44/test/files/100-auth-bearer.t 1970-01-01
01:00:00.000000000 +0100
+++ new/libhtp-0.5.45/test/files/100-auth-bearer.t 2023-07-11
14:35:37.000000000 +0200
@@ -0,0 +1,5 @@
+>>>
+GET / HTTP/1.1
+Host: www.example.com
+Authorization: Bearer mF_9.B5f-4.1JqM
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.44/test/test_main.cpp
new/libhtp-0.5.45/test/test_main.cpp
--- old/libhtp-0.5.44/test/test_main.cpp 2023-06-13 15:14:36.000000000
+0200
+++ new/libhtp-0.5.45/test/test_main.cpp 2023-07-11 14:35:37.000000000
+0200
@@ -1009,6 +1009,22 @@
ASSERT_TRUE(tx->request_auth_password == NULL);
}
+TEST_F(ConnectionParsing, AuthBearer) {
+ int rc = test_run(home, "100-auth-bearer.t", cfg, &connp);
+ ASSERT_GE(rc, 0);
+
+ htp_tx_t *tx = (htp_tx_t *) htp_list_get(connp->conn->transactions, 0);
+ ASSERT_TRUE(tx != NULL);
+
+ ASSERT_EQ(HTP_REQUEST_COMPLETE, tx->request_progress);
+
+ ASSERT_EQ(HTP_AUTH_BEARER, tx->request_auth_type);
+
+ ASSERT_TRUE(tx->request_auth_username == NULL);
+
+ ASSERT_TRUE(tx->request_auth_password == NULL);
+}
+
TEST_F(ConnectionParsing, Unknown_MethodOnly) {
int rc = test_run(home, "42-unknown-method_only.t", cfg, &connp);
ASSERT_GE(rc, 0);
