Archive for July, 2004

AOLserver 4.0.7 released

Monday, July 19th, 2004

AOLserver 4.0.7 Released
========================================

On behalf of the AOLserver Team, I have the honor of announcing the
latest point release of AOLserver: 4.0.7.

This version is primarily a bug fix release following version 4.0.6.
A summary of changes is provided at the end of this document.

NOTE: This release corrects a serious flaw in 4.0.6 where a
non-compliant HTTP/1.1 request can crash the server, resulting in
a Denial of Service. Everyone is urged to skip the 4.0.6 release
and either remain on 4.0.5 or upgrade to 4.0.7 immediately.

WHAT IS AOLSERVER?

AOLserver is America Online’s Open-Source web server. AOLserver is
the backbone of the largest and busiest production environments in
the world. AOLserver is a multithreaded, Tcl-enabled web server
used for large scale, dynamic web sites.

Visit the project’s website:

http://aolserver.com/

HOW CAN I GET AOLSERVER?

Download the source code from SourceForge:

http://aolserver.com/downloads/aolserver-4.0.7-src.tar.gz

I FOUND A BUG! WHAT DO I DO?

File it in the Bug Tracker at SourceForge:

http://sourceforge.net/tracker/?group_id=3152&atid=103152

IS THERE A MAILING LIST? WHERE’S THE USER COMMUNITY?

Yes! There’s an announcements-only and a general discussion mailing
list. Instructions on how to subscribe are here:

http://aolserver.com/lists.php

There is also a wiki-web set up for AOLserver:

http://aolserver.com/wiki/

CHANGES SINCE LAST RELEASE?

Fix bug where internal redirect for 401 omitted including the HTTP
auth. “WWW-Authenticate:” header. Fixes bug #674033.

Ns_GetAddrByHost() reports errors via Ns_Log(), so calls to it
should be done after Ns_Log has been initialized, otherwise very
unhelpful error messages are produced. In particular, this happens
when the server is started and the hostname as returned by
gethostname() cannot be resolved, because the network interface is
down AND no entry exists in /etc/hosts. Closes SF Bug #868362.

Setting request->method to static storage, which later gets
ns_free()’d in Ns_FreeRequest(), causes the server to crash.

AOLserver 4.0.6 released

Friday, July 16th, 2004

On behalf of the AOLserver Team, I have the honor of announcing the
latest point release of AOLserver: 4.0.6.

This version is primarily a bug fix release following version 4.0.5.
A summary of changes is provided at the end of this document.

WHAT IS AOLSERVER?

AOLserver is America Online’s Open-Source web server. AOLserver is
the backbone of the largest and busiest production environments in
the world. AOLserver is a multithreaded, Tcl-enabled web server
used for large scale, dynamic web sites.

Visit the project’s website:

http://aolserver.com/

HOW CAN I GET AOLSERVER?

Download the source code from SourceForge:

http://aolserver.com/downloads/aolserver-4.0.6-src.tar.gz

I FOUND A BUG! WHAT DO I DO?

File it in the Bug Tracker at SourceForge:

http://sourceforge.net/tracker/?group_id=3152&atid=103152

IS THERE A MAILING LIST? WHERE’S THE USER COMMUNITY?

Yes! There’s an announcements-only and a general discussion mailing
list. Instructions on how to subscribe are here:

http://aolserver.com/lists.php

There is also a wiki-web set up for AOLserver:

http://aolserver.com/wiki/

CHANGES SINCE LAST RELEASE?

Keepalive is enabled for response codes other than just 200 OK.

Change to make HTTP request “Host:” header mandatory for HTTP/1.1
connections by returning 400 Bad Request response. Closes SF Bug
#787728.

Changed virtual server code to use the “hostname” param from the
“ns/module/nssock” section to map the default virtual server based
on the value (hostname) from the “ns/module/nssock/servers” section,
when the “Host:” header is either not specified (HTTP/1.0) or is not
found in the virtual server table. Closes SF Bug #812036.

conn->headers can be NULL causing segfault. Closes SF Bug #990439.

Define ENOTSUP on OpenBSD 3.5. Closes SF Bug #985076.

Ns_GetMimeType() was returning defaultType instead of noextType if
the path contained a directory with a “.” but the filename component
had no extension. Closes SF Bug #739049.

Enable ADP/Tcl code to override Last-Modified: header from
ns_respond when -headers AND -file are specified. Closes bug
#879076.

Lots of refactoring of ns_respond code to remove duplication.

ns_eval of script containing comments (i.e., lines starting with
“#”) cause an error because $args is a list, which gets evaluated
differently than a plain string script. Closes SF Bug #833940.

Ensure that supplementary groups from /etc/group are set if -u
username is specified, or dropped if a uid is specified so that the
nsd doesn’t run with root’s supplementary groups. Closes SF Bug
#425401.

Trivial: eliminate one compiler warning.

Make the Tcl_Panic() message from Ns_TlsGet() and Ns_TlsSet()
include the full function name to aid in debugging.

Ensure synchronous signals are handled correctly under LinuxThreads.
Possible fix for SF Bug #982955.

Fix build on alpha arch, removing extra INT64 typedef. Closes bug
#896962.

ns_log can now log to a custom logger as well.

Unnecessary test for data != NULL actually caused part of bug
#971016 when fastpath.cache=false and fastpath.mmap=true and the
file requested is zero bytes, mmap() returns 0 which gets passed
along as data == NULL, causing ReturnCharData() to not flush the
queued headers. Removing the if is safe as Ns_WriteConn will simply
flush any queued data.

If nsend == 0, we would never call Ns_WriteConn to flush the queued
headers. This could happen when we’re sending zero bytes of data as
a response. This fixes bug #971016 in the case where
fastpath.cache=false and fastpath.mmap=false and a zero byte file is
requested.

One-liner fix for sending Content-Length header for content of zero
bytes. Closes SF Bug #971016.