Forum OpenACS Development: ANNOUNCE: NaviServer 4.99.12 available
======================================= NaviServer 4.99.12, released 2016-08-21 ======================================= 195 files changed, 20265 insertions(+), 13421 deletions(-) New Features: * OpenSSL support integrated with NaviServer core - ns_http can handle now http and https urls - Added backward_compatibility stub for ns_ssl - Added configure switch --with-openssl?=path? * Improved crypto support (through OpenSSL) New commands: - ns_hmac - ns_md (generalization of ns_md5 and ns_sha1, but supports by default 14 different digest algorithms) - ns_hotp (one-time passwords as defined in RFC 4226) - ns_totp (time-based one-time passwords as defined in RFC 6238) StartTLS support (contributed by Constantin Șerban-Rădoi) - "ns_sendmail" is now able to connect to servers via StartTLS (requires the Tcl "tls" package, since ns_sendmail is implemented in Tcl) - Client and server support for StartTLS in the nssmtpd module. * New Command "ns_rlimit" to get/set various resource limits from the operating system. A typical use case for this command is to query or set e.g. the core size via the NaviServer startup file or to change it at runtime in a syntax independent from the naming and conventions in the various startup scripts (e.g. upstart, systemd, ...). This is e.g. useful when a core dump should be created from the running state (e.g. in combination with the "ns_crash" command). * Improvements for "ns_connchan": - Supports now client functionality via ns_connchan open ... (works for http:// and https:// URLs) - New subcommand "ns_connchan exists /channel/" - Added runtime switchable debug severity "Debug(connchan)" Bug Fixes: * Fix ns_set management of headers (which was broken since the introduction of the leftover management when requests are pipelined in 4.99.11). The problem was that the "static" ns_set for headers is was freed to early in the pipelined case. * Fix for a serious bug in cookie management which could lead to false positives in ns_getcookie: - Previous versions of NaviServer searched the "Cookie" and "Set-Cookie" header files for a string "NAME=" and returned the value provided after this string, when found. - However, the "Cookie" and "Set-Cookie" header fields have contents in a different a different syntax (see https://tools.ietf.org/html/rfc6265 section 4.1.1 vs. 4.2.1), such as e.g. Cookie: cookie1="value1"; cookie2="value2"; style=null; ... Set-Cookie: cookie1="new- value"; Expires=Fri, 01-Jan-2035 01:00:00 GMT; Path=/; HttpOnly - Therefore, searching in the "Cookie" header field e.g. for a cookie named "tyle" lead to a success as well as a search in "Set-Cookies" for e.g. a cookie named "Expires". * Improved handling of erroneous requests (some where treated as HTTP/0.9 requests before, leading to strange behavior/error messages). * Fix potential memory leak for "ns_mutex eval" * Long standing bug when exiting "make test" should be fixed by now. The problem was that the the Tcl exit handler was kicking in when the end-of file was reached, interfering with the NaviServer shutdown steps. * Improved portability for *BSD systems and recent Windows build environments (e.g. Visual Studio 2015) Documentation improvements: * New man pages for ns_hmac, hs_md, ns_hotp, ns_totp * Various man pages updated/improved * Improved sample config files C API Changes: * Introduction of Ns_ReturnCode: use an enumeration type instead of preprocessor based constants + int. The change revealed several places, where NS_OK/NS_ERROR and TCL_OK/TCL_ERROR were intermixed. * New functions - Ns_GetBinaryString() to obtain from a Tcl_Obj the binary representation if available, otherwise the string representation. - Ns_SetRecreate() which is a combination of a create and a move operation, but avoiding malloc operations on all keys/values. - Ns_DStringAppendTime() to ease uniform printing of Ns_Time structs into DStrings - Ns_SubcmdObjv(): New infrastructure support for commands with subcommands: instead of long switch statements with nested structures with often many returns, one can now register Tcl_ObjCmdProcs for subcommands in an Ns_SubCmdSpec structure. - New argv checkers Ns_ObjvUShort() and ObjvQueue() Configuration Changes: - added configure switch --with-openssl?=path? Code Changes: * Improved naming of Mutexes: much more mutexes are named now. * Code cleanup: - Modernized argv parsing by using Ns_ParseObjv() for many functions. - Introduced enumeration types Ns_ReturnCode and NsWriterStreamState - New macro INTCHAR to pass "char" values to library - Use "unsigned short" consistently for port numbers functions requiring "int" to avoid code smells - Use boolean types on more occasions - Use more often typedef-ed function definitions - Reduced number of multiple returns per function - Removed all calls to deprecated Tcl API Function Tcl_AppendElement() - Reduced calls to Tcl_AppendResult() and use explicit Tcl_Objs instead for results - Generation of error messages made more consistent - Removed useless calls to Ns_DStringFree() after Tcl_DStringResult() - Replaced deprecated atoll() by strtoll() - Reduced variable scopes - Added more const declarations - Don't use boolean values as arguments of comparison operators - Many large functions split into smaller units * Made testing more robust when IPv6 is available, but turned off in the kernel * NaviServer driver: - Added (clientInitProc, protocol and default port) to info record - Bumped driver version to 4 * Ignore less soft error conditions, but report in the error.log
Should the statement "Fix ns_set management of headers (which was broken since the introduction of the leftover management when requests are pipelined in 4.99.11). The problem was that the "static" ns_set for headers is was freed to early in the pipelined case." be read as "Users of NaviServer 4.99.11 should update asap to 4.99.12", or is the bug mainly affecting niche cases?
But other sites might have different requirements and well maintained sites should strive for the newest release.
all the best from greece.