[OpenSRF-GIT] OpenSRF branch rel_2_5 updated. osrf_rel_2_5_0-alpha-9-gf12ae3f

Evergreen Git git at git.evergreen-ils.org
Thu Feb 16 16:54:40 EST 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSRF".

The branch, rel_2_5 has been updated
       via  f12ae3fab235a35127e79d0a16dadf8967d2bed2 (commit)
       via  88c8970c3dea26c72bc3173b18041e29538c4d8c (commit)
       via  9df9c484031e313d3c6f1f85951d6b67b931f536 (commit)
       via  4744d1a42b709a2c7aa778565c0c32a1962e0e2c (commit)
       via  7ec6c1a4b3fc99f10bd1b3c9b07a0008672cf3f6 (commit)
       via  e58f20fd69b1fb2e94765a2bf9067ba1cbb9d2d9 (commit)
       via  8f31413ba4334ee3f695f84a810eccbe94351f77 (commit)
       via  22e2c7729b6caf265b27ff14126fe5595e87cdca (commit)
       via  b6fe0b1c9917d3d188ff8053f5fc3611ef878b3a (commit)
      from  318ec1ad8f15184be46de3ef6d564e43d0139b79 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f12ae3fab235a35127e79d0a16dadf8967d2bed2
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Thu Feb 16 15:16:34 2017 -0500

    update ChangeLog for 2.5.0-alpha2
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/ChangeLog b/ChangeLog
index f8daab3..8c8cc0f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,723 +1,135 @@
-ChangeLog
-=========
+commit 88c8970c3dea26c72bc3173b18041e29538c4d8c
+Author: Galen Charlton <gmc at equinoxinitiative.org>
+Date:   Thu Feb 16 15:16:21 2017 -0500
 
-OpenSRF 2.5.0-alpha
--------------------
-
-commit fb50a71d11bb2865722a1625bad075ca7eaf2ef3
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 16:55:23 2016 -0500
-
-    update version numbers for 2.5.0-alpha
+    update version numbers for 2.5.0-alpha2
     
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
 
 7	7	README
 1	1	src/perl/lib/OpenSRF.pm
 1	1	src/python/setup.py
 1	1	version.m4
 
-commit fbfde6f6ca1fe8fed8b86c93f315a1110fb74512
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 16:52:08 2016 -0500
+commit 9df9c484031e313d3c6f1f85951d6b67b931f536
+Author: Galen Charlton <gmc at equinoxinitiative.org>
+Date:   Thu Feb 16 15:13:17 2017 -0500
 
-    release notes for 2.5-alpha
+    update release notes for 2.5.0-alpha2
     
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
 
-136	0	doc/RELEASE_NOTES.txt
- create mode 100644 doc/RELEASE_NOTES.txt
+16	2	doc/RELEASE_NOTES.txt
 
-commit b1d19c8b9ff0bee77a3c98e793bf8efa67693a4e
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 13:34:15 2016 -0500
+commit 4744d1a42b709a2c7aa778565c0c32a1962e0e2c
+Author: Galen Charlton <gmc at equinoxinitiative.org>
+Date:   Wed Feb 15 16:58:06 2017 -0500
 
-    LP#1648188: example HAProxy configuration
+    LP#1652382: more improvements to cache key munging
     
-    Add an example configuration for using HAProxy.
+    - teach osrfCacheRemove to clean keys
+    - fix implict declaration compilation warning
+    - account for fact that iscntrl('\0') returns true
     
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
+    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>
 
-53	1	README
-25	0	examples/haproxy/osrf-ws-http-proxy
- create mode 100644 examples/haproxy/osrf-ws-http-proxy
+5	2	src/libopensrf/osrf_cache.c
 
-commit 93da6fb07c8b613011028f577b55fa8ba940f1ee
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 12:54:05 2016 -0500
+commit 7ec6c1a4b3fc99f10bd1b3c9b07a0008672cf3f6
+Author: Galen Charlton <gmc at equinoxinitiative.org>
+Date:   Wed Feb 15 14:12:34 2017 -0500
 
-    LP#1638651: add instructions for using NGINX
+    LP#1652382: handle cases where supplied key is longer than 250 bytes
     
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-58	0	README
-
-commit ededc269eacb9e69e30074bba2cff35a3148e62e
-Author: Bill Erickson <berickxx at gmail.com>
-Date:   Mon Oct 31 15:56:32 2016 -0400
-
-    LP#1638651: example Nginx websockets/http(s) proxy config
+    With this patch, if cache clients want to use a key longer
+    than the memcached text protocol limit of 250 bytes, the
+    key is normalized to 'shortened_' + md5_hex(normalized_key).
     
-    Example using Nginx to proxy all websocket, http, and https Apache
-    traffic.
-    
-    Signed-off-by: Bill Erickson <berickxx at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
+    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>
 
-56	0	examples/nginx/osrf-ws-http-proxy
- create mode 100644 examples/nginx/osrf-ws-http-proxy
-
-commit a3b2a15f27709815155eb9dbb8026343000753d5
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 11:58:35 2016 -0500
+10	1	src/libopensrf/osrf_cache.c
+4	0	src/perl/lib/OpenSRF/Utils/Cache.pm
 
-    LP#1382038: clarify one step of installing websockets support
-    
-    Specify directory to be in before copying the Apache websockets
-    configuration file.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-4	1	README
-
-commit a1fe6e1c1ccb7b3efab386a7f34c0555d07bd7e7
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Wed Dec 7 11:53:49 2016 -0500
-
-    LP#1382038: adjustments to download instructions
-    
-    - Use "OSRFVERSION" in the master branch rather than
-      a specific version number; this is meant to be changed
-      during the release process.
-    - Update references to the OpenSRF downloads index
-      page.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-4	4	README
-
-commit cd06277c3972437e676f51744749009c0d7eeb60
-Author: Remington Steed <rjs7 at calvin.edu>
-Date:   Mon Nov 21 10:58:33 2016 -0500
-
-    LP#1382038: Add instructions for implied download/unpack step
-    
-    Occasionally, new users have complained that the installation
-    instructions making too many assumptions about what a user knows. This
-    commit explicitly instructs users in downloading the source tarball,
-    unpacking it, and changing the working directory so they will be ready
-    for the next instructions.
-    
-    Signed-off-by: Remington Steed <rjs7 at calvin.edu>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-24	0	README
-
-commit 5aa8a398e01e2642fd4b08c93fe9c719039dbedf
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Thu Nov 3 18:08:54 2016 -0400
-
-    LP#1612771: fix chunking for atomic C methods
-    
-    This patch also refactors the code that actually does the
-    splitting and sending of chunked responses into a new
-    public function, osrfSendChunkedResult().
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    Signed-off-by: Mike Rylander <miker at esilibrary.com>
-
-4	0	include/opensrf/osrf_app_session.h
-96	10	src/libopensrf/osrf_app_session.c
-2	58	src/libopensrf/osrf_application.c
-
-commit 168b4cafe766ec976e075ec2ea496c00a27dc7d0
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 17:22:48 2016 -0400
-
-    LP#1631522: add release notes for ->dispatch
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-12	0	doc/Dispatch-Mode-for-Subrequests.txt
- create mode 100644 doc/Dispatch-Mode-for-Subrequests.txt
-
-commit 31a0bfea9911f24f563d70bfdea6ba7759071842
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 17:20:49 2016 -0400
-
-    LP#1631522: dev doc now describes ->dispatch
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-5	1	doc/Application-HOWTO.txt
-
-commit 1431100b4737a61b1a294bbf66f9a5867dec358b
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 17:03:03 2016 -0400
-
-    LP#1631522: include example of ->dispatch in example app
-    
-    This patch also makes the Perl opensrf.math demo app work
-    correctly, as it hadn't been constructing opensrf.dbmath
-    method names correctly.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-4	5	src/perl/lib/OpenSRF/Application/Demo/Math.pm
-
-commit 9d106aef9ab0a8d5af75977ffb4cc5f8f3fe5c79
+commit e58f20fd69b1fb2e94765a2bf9067ba1cbb9d2d9
 Author: Mike Rylander <mrylander at gmail.com>
-Date:   Thu Aug 25 17:42:31 2016 -0400
+Date:   Mon Jan 30 12:54:10 2017 -0500
 
-    LP#1631522: Dispatch mode for method_lookup subrequests
-    
-    There is a pattern in the wild of using OpenSRF's method_lookup() facility
-    to decide between one of several local methods when delegating to pre-existing
-    logic.  Often times, we want to simply hand control over to another method,
-    but the output of a subrequest's run() is an array of results.  The caller has
-    to know if, and how, to restructure the result for the client.
-    
-    Instead, we can now call dispatch() instead of run() and have OpenSRF session
-    control completely passed to the delegate code.  This way, the delegate code
-    need not know anything about its caller, and vice versa.
-    
-    Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-28	3	src/perl/lib/OpenSRF/AppSession.pm
-8	1	src/perl/lib/OpenSRF/Application.pm
-
-commit dbf9ec150dfa6a5b87028aa890a80b529dfe5683
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 16:30:26 2016 -0400
-
-    LP#1612771: add release notes
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-19	0	doc/Bundling-and-Chunking.txt
- create mode 100644 doc/Bundling-and-Chunking.txt
-
-commit 76a5fd0055b2af25f0783825c951021a32a5f17d
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 16:22:10 2016 -0400
-
-    LP#1612771: fix error in POD
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-1	1	src/perl/lib/OpenSRF/DomainObject/oilsResponse.pm
-
-commit 4f73f38bae3892fa4f6b3980c5724af521a31fde
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 16:03:50 2016 -0400
-
-    LP#1612771: update protocol documentation
-    
-    Now that we have PARTIAL and NOCONTENT statuses, let's
-    mention them in the documentation for the benefit of
-    folks writing future clients.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-9	1	doc/OpenSRF-Messaging-Protocol.html
-
-commit d79c7eee6ce44bd3b38bd712d487cb31752c3a31
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Tue Nov 1 15:46:13 2016 -0400
-
-    LP#1612771: don't adjust max_stanza_size during installation
-    
-    As the typical max_stanza_size for ejabberd installations
-    is larger than what OpenSRF now needs, this patch adjusts
-    the installation instructions to remove the step to change
-    max_stanza_size.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-10	13	README
-
-commit fd1ce3521553d6ddbc42762090be8ecdbc0b39f2
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Sun Feb 23 15:55:52 2014 -0500
-
-    LP#1612771: Add chunking support to JS implementation
-    
-    Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Bill Erickson <berick at esilibrary.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-3	0	include/opensrf/osrf_message.h
-57	6	src/javascript/opensrf.js
-
-commit 75a9906d5a5e90c60c8e0614e0c71796c511ec18
-Author: Bill Erickson <berick at esilibrary.com>
-Date:   Fri Feb 28 12:44:11 2014 -0500
-
-    LP#1612771: implement C max_chunk_size server support
-    
-    Signed-off-by: Bill Erickson <berick at esilibrary.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-94	23	src/libopensrf/osrf_application.c
-7	1	src/libopensrf/osrf_message.c
-
-commit 18be4a4cf242a274cf5a3143c2063d75331ec7c0
-Author: Bill Erickson <berick at esilibrary.com>
-Date:   Thu Feb 27 15:18:15 2014 -0500
-
-    LP#1612771: set Perl / C max_chunk_size default sizes
-    
-    default max bundle size == 25K
-    default max chunk size  == 50K
-    
-    Note with Ejabberd using 65536 as the default max stanza size, these
-    new OpenSRF defaults mean that all messages will fit the default
-    message size constraints -- i.e. no more need to raise the
-    max_stanza_size.
-    
-    Signed-off-by: Bill Erickson <berick at esilibrary.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-6	1	include/opensrf/osrf_app_session.h
-0	5	src/libopensrf/osrf_application.c
-2	2	src/perl/lib/OpenSRF/Application.pm
-
-commit b3b6b4211472e4897581a93d9615d8544f29779f
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Sun Feb 23 16:35:17 2014 -0500
-
-    LP#1612771: C support for receiving chunked responses
-    
-    * client parsing
-    * consistent w/ Perl, we now have "bundling" and "chunking"
-    
-    Signed-off-by: Bill Erickson <berick at esilibrary.com>
-
-1	0	include/opensrf/osrf_app_session.h
-3	2	include/opensrf/osrf_application.h
-56	0	src/libopensrf/osrf_app_session.c
-9	8	src/libopensrf/osrf_application.c
-
-commit 56e65d1e6fb4ee72b28b4e008b9461d5bac55b8d
-Author: Bill Erickson <berick at esilibrary.com>
-Date:   Mon Feb 24 15:14:19 2014 -0500
-
-    LP#1612771: Perl max_chunk_size additions
-    
-    * Added missing max_chunk_size method to AppSession
-    * Copy API max_chunk_size value into the handler AppRequest
-    * Fix error where no-chunking resulted in empty responses
-    
-    Signed-off-by: Bill Erickson <berick at esilibrary.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-25	14	src/perl/lib/OpenSRF/AppSession.pm
-2	1	src/perl/lib/OpenSRF/Application.pm
-12	4	src/perl/lib/OpenSRF/DomainObject/oilsResponse.pm
-
-commit 01f95834835bed94df93a7fdad59e38486e6485a
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Sun Feb 23 14:51:13 2014 -0500
-
-    LP#1612771: bundling and chunking
-    
-    This patch is first in a series of patches that provides the following
-    features:
-    
-    * OpenSRF message bundling -- Pack multiple OpenSRF messages together
-    in a single XMPP envelope, as long as we believe more messages will be
-    sent in the future and we are below some threshold of combined message size.
-    The default for that threshold is 25Kb.
-    
-     * OpenSRF message chunking -- Break up large OpenSRF messages across
-    multiple XMPP envelopes. This is implemented with a new OpenSRF message type.
-    C, Perl, and Javascript libraries are taught how to reconstruct chunked
-    messages. The default chunking threshold is 50Kb, just a bit below the default
-    ejabberd max stanza size of 64Kb.
-    
-    This patch in particular renames "chunking" to "bundling", then
-    implements message splitting ("chunking") in Perl using two new
-    oilsResult subclasses
+    LP#1652382: Make use of the clean key just created
     
     Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-80	43	src/perl/lib/OpenSRF/AppSession.pm
-13	6	src/perl/lib/OpenSRF/Application.pm
-83	1	src/perl/lib/OpenSRF/DomainObject/oilsResponse.pm
-
-commit 784233808062dbc599b649ce9858759ab0a8dff3
-Author: Ben Shum <ben at evergreener.net>
-Date:   Tue Jul 5 12:53:13 2016 -0400
-
-    LP#1603708: Remove support for Ubuntu 12.04 Precise
-    
-    With support for Ubuntu 16.04 Xenial in place, remove the oldest LTS, which is
-    Ubuntu 12.04 Precise.
-    
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Kathy Lussier <klussier at masslnc.org>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
+    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>
 
-2	3	README
-3	13	src/extras/Makefile.install
+1	1	src/libopensrf/osrf_cache.c
 
-commit 15f8c538af5469545fabab9e21252f49555ae131
-Author: Ben Shum <ben at evergreener.net>
-Date:   Tue Jul 5 12:50:34 2016 -0400
-
-    Docs: Change 14.04 to Trusty in README
-    
-    For consistency, change references from numbered "Ubuntu 14.04" to "Ubuntu Trusty"
-    
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-3	3	README
-
-commit e3f9b6a3adb8391e83221909575554ab1ec8c74c
-Author: Ben Shum <ben at evergreener.net>
-Date:   Tue Jul 5 12:44:17 2016 -0400
-
-    Docs: Add Xenial references in the websocket setup instructions
-    
-    We were missing Xenial references for the websocket setup instructions.
-    
-    They are the same as Trusty, so group together for now.
-    
-    Also, change references to "Ubuntu 16.04" to read "Ubuntu Xenial" too.
-    
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-5	5	README
-
-commit 34038f2e3dd9a2ad6842f3593938955143213b11
-Author: Bill Erickson <berickxx at gmail.com>
-Date:   Fri Jul 10 10:52:20 2015 -0400
-
-    LP#1473479 Syslog configuration adoption
-    
-    When an OpenSRF client is run with syslog enabled and with the
-    OSRF_ADOPT_SYSLOG environment variable set to a true value, no attempt
-    is made to modify the syslog configuration, including no calls to
-    openlog()/closelog() and no modification of the syslog facility when
-    calling syslog().
-    
-    Signed-off-by: Bill Erickson <berickxx at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-9	3	src/perl/lib/OpenSRF/Utils/Logger.pm
-
-commit b6557d6a781fe7f7e16d0c5df5707ce5f8f49d48
+commit 8f31413ba4334ee3f695f84a810eccbe94351f77
 Author: Mike Rylander <mrylander at gmail.com>
-Date:   Fri Oct 7 12:19:52 2016 -0400
+Date:   Fri Jan 27 15:25:05 2017 -0500
 
-    LP#1631520: configure install location of Perl modules
+    LP#1652382: normalization of memcache keys in C code
     
-    Add --with-perlbase configure option to specify
-    an alternative location for installing the Perl modules. This
-    can be useful for setups that want to run the Perl modules
-    from a shared filesystem or environments that need to run
-    multiple versions of OpenSRF simultaneously.
-    
-    Users of --with-perlbase are responsible for ensuring that
-    PERL5LIB is set appropriately.
-    
-    To test
-    -------
-    [1] Use --with-perlbase during the configure step, e.g.,
-    
-        ./configure --perl-base /tmp/perl
-    
-    [2] Run make; make check; sudo make install
-    [3] Verify that the Perl modules are installed under
-        /tmp/perl.
-    [4] Make a change to a Perl source file, then
-        go to src/perl, then run sudo ./Build install. Verify
-        that it remembers the --with-perlbase directory
-        and installs the updated module there.
-    
-    Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-1	0	Makefile.am
-6	0	configure.ac
-1	1	src/perl/Makefile.am
-
-commit 1c8a7dcb24d4ea3a8aa7dc718d2e1f0b12430cb1
-Author: Ben Shum <ben at evergreener.net>
-Date:   Tue May 24 01:24:09 2016 -0400
-
-    LP#1585041: Move debian_sys_config target for Debian distributions
-    
-    Similar to how things were reordered for Ubuntu, let's move debian_sys_config
-    for Debian distributions.
-    
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-4	4	src/extras/Makefile.install
-
-commit f3ac7f14ec675e99784b9a5037be66f8c90c22f2
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Tue Feb 23 11:22:34 2016 -0500
-
-    LP#1485371: Release notes for TZ handling in OpenSRF
+    Memcache does not allow spaces in keys, so here we will actively strip them
+    from any key we get from a caller.  Some callers are not very proactive about
+    sending clean keys, and this patch prevents issues that can poison C-based
+    OpenSRF service backends.
     
     Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Kathy Lussier <klussier at masslnc.org>
+    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
+    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>
 
-44	0	doc/TZ-handling.txt
- create mode 100644 doc/TZ-handling.txt
+20	2	src/libopensrf/osrf_cache.c
 
-commit 91a8f051220ba1b29e76068a58cbb400ae521834
+commit 22e2c7729b6caf265b27ff14126fe5595e87cdca
 Author: Mike Rylander <mrylander at gmail.com>
-Date:   Mon Aug 3 13:27:56 2015 -0400
+Date:   Tue Jan 10 15:30:18 2017 -0500
 
-    LP#1485371: Use client-supplied TZ
+    LP#1655449: Bundling/chunking limits for SubRquests
     
-    Currently, there is no protocol-level mechanism for passing the client's
-    desired timezone to the server. In much the same way we pass the locale,
-    we can let the server know what timezone it should use when interpreting
-    time stamps.
-    
-    To do this we:
-    
-     * Teach perl server code to live in the client TZ, if supplied
-     * Teach perl client code to send the current $ENV{TZ}
-     * Teach javascript library to include client TZ in
-       gateway/translator/websocket communication
-     * Teach C code to pull the incoming TZ and apply it to outgoing messages
-     * Teach srfsh to pull TZ from the environment and pass it with requests
+    We need to teach subrequests to inherit parent request bundling/chunking
+    parameters so they don't cause overruns in dispatch mode.
     
     Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-5	0	include/opensrf/osrf_app_session.h
-7	0	include/opensrf/osrf_message.h
-21	0	src/javascript/opensrf.js
-32	0	src/libopensrf/osrf_app_session.c
-33	0	src/libopensrf/osrf_message.c
-5	0	src/libopensrf/osrf_stack.c
-25	1	src/perl/lib/OpenSRF/DomainObject/oilsMessage.pm
-4	0	src/srfsh/srfsh.c
-
-commit e7fe347408b52295f2f820f9527ccf00952b71e8
-Author: Jason Stephenson <jason at sigio.com>
-Date:   Wed May 4 13:05:31 2016 -0400
-
-    LP#1551090: Update README for Ubuntu 16.04 (Xenial Xerus).
-    
-    Add installation steps for Ubuntu 16.04.
-    
     Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
 
-31	5	README
+5	1	src/perl/lib/OpenSRF/AppSession.pm
+17	3	src/perl/lib/OpenSRF/Application.pm
 
-commit 032a964795df73053d09dca37e62e3e276ce343e
-Author: Jason Stephenson <jason at sigio.com>
-Date:   Tue Apr 19 16:56:15 2016 -0400
-
-    LP#1551090: Enable mod_perl2 on Ubuntu 16.04 (Xenial Xerus).
-    
-    Ubuntu Xenial Xerus does not automatically enable mod_perl2 for
-    Apache2 when the package is installed, so we enable it via the
-    Makefile.install.
-    
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-
-5	1	src/extras/Makefile.install
-
-commit 1fca796c47c9e9c06e65b91085c13ad2cbe52954
-Author: Chris Sharp <csharp at georgialibraries.org>
-Date:   Thu Feb 18 20:12:40 2016 -0500
-
-    LP#1551090: Adding apache2-dev dependency to xenial and fixing whitespace
-    
-    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    
-    Conflicts:
-    	src/extras/Makefile.install
-
-5	4	src/extras/Makefile.install
-
-commit e91074cf23eeca5da7e9c00977448dcc19b779cc
-Author: Chris Sharp <csharp at georgialibraries.org>
-Date:   Thu Feb 18 18:10:34 2016 -0500
-
-    LP#1551090: Since we move apache to the "install_extra_debs*" targets,
-    
-    we need to move debian_sys_config further down to compensate.
-    
-    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-
-4	4	src/extras/Makefile.install
-
-commit 46dfeaf7245f81c1a8c9833b8cac87a997b23433
-Author: Chris Sharp <csharp at georgialibraries.org>
-Date:   Wed Feb 17 19:35:02 2016 -0500
-
-    LP#1551090: Adding necessary connectivity for xenial deb installation.
-    
-    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-
-4	1	src/extras/Makefile.install
-
-commit 334b6644ac319403f2095cff6f3cef992a9148ae
-Author: Chris Sharp <csharp at georgialibraries.org>
-Date:   Wed Feb 17 19:26:01 2016 -0500
-
-    LP#1551090: Adding apache2 package to Makefile.install deb list.
-    
-    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-
-1	0	src/extras/Makefile.install
-
-commit c59b54a7c4f1d1561d23393f6122669d50f41166
-Author: Chris Sharp <csharp at georgialibraries.org>
-Date:   Wed Feb 17 15:28:05 2016 -0500
-
-    LP#1551090: Updating Makefile to accommodate ubuntu-xenial target.
-    
-    Removing some redundancy in the extra debs lists.
-    
-    Signed-off-by: Chris Sharp <csharp at georgialibraries.org>
-    Signed-off-by: Jason Stephenson <jason at sigio.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-    
-    Conflicts:
-    	src/extras/Makefile.install
-
-17	16	src/extras/Makefile.install
-
-commit c9174e7372b0c14091035617f0689f3719f7506b
-Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Fri Mar 18 10:59:11 2016 -0400
-
-    LP#1559121: remove Debian Squeeze support
-    
-    Now that Debian Squeeze's LTS (long-term support) period
-    has ended, Evergreen no longer offers community support
-    for that distribution. This patch removes references
-    to Squeeze from the installation scripts and documentation.
-    
-    To test:
-    
-    [1] Verify that Debian Squeeze is no longer referenced in
-        the installation documentation.
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-    Signed-off-by: Ben Shum <ben at evergreener.net>
-
-0	1	README
-1	14	src/extras/Makefile.install
-
-commit b6cf3eb912fa501a23f4a3f5664f1a12228e731b
+commit b6fe0b1c9917d3d188ff8053f5fc3611ef878b3a
 Author: Galen Charlton <gmc at esilibrary.com>
-Date:   Thu Feb 4 13:09:48 2016 -0500
-
-    LP#1350457: add test case for perl2JSONObject change
-    
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-4	1	src/perl/t/09-Utils-JSON.t
-
-commit e1581d4248a6fd42f6ebee233387777f63e25022
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Wed Jul 30 13:29:46 2014 -0400
-
-    LP#1350457: Pass caller's session to subrequests called via method_lookup
-    
-    In the process of looking up a method for an internal subrequest, we lose
-    session info. This is a problem when the subrequest makes a remote request,
-    because then the subrequest can't look up the proper locale, among other
-    things. The forthcoming branch passes the caller's session to the subrequest.
-    
-    This patch also teaches OpenSRF object registration how to strip certain
-    object members -- in particular, the session -- so that introspection
-    continues to work.
-    
-    Signed-off-by: Mike Rylander <mrylander at gmail.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+Date:   Thu Dec 22 15:53:12 2016 +0500
 
-9	4	src/perl/lib/OpenSRF/Application.pm
-8	1	src/perl/lib/OpenSRF/Utils/JSON.pm
-
-commit 69cbe8000a5123aab33fcb2441c1e136506964a0
-Author: Jason Etheridge <jason at esilibrary.com>
-Date:   Tue Jul 14 14:54:27 2015 -0400
-
-    LP#1474507: fix interval_to_seconds for weeks and seconds
+    LP#1652122: fix infinite recursion in opensrf.system.method.all
     
-    This patch fixes an issue where OpenSRF::Utils::interval_to_seconds()
-    was not recognizing intervals expressed as seconds or weeks.
-    
-    Signed-off-by: Jason Etheridge <jason at esilibrary.com>
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-2	2	src/perl/lib/OpenSRF/Utils.pm
-
-commit 7a714ae480f238211b37fcdb248aecea93ece234
-Author: Jason Etheridge <jason at esilibrary.com>
-Date:   Tue Jul 14 15:10:15 2015 -0400
-
-    LP#1474507: tests for interval_to_seconds
+    Under certain circumstances, calling opensrf.system.method.all on a
+    Perl service can result in an infinite recursion when attempting to
+    serialize an OpenSRF::Application object to JSON.  In particular,
+    this was observed to happen when doing an introspection of
+    the opensrf.settings service.
     
-    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-
-16	0	src/perl/t/09-Utils-interval_to_seconds.t
- create mode 100644 src/perl/t/09-Utils-interval_to_seconds.t
-
-commit 55807240854d0d532a5f70f1f483ed8086eb9d95
-Author: Mike Rylander <mrylander at gmail.com>
-Date:   Thu Sep 10 16:56:13 2015 -0400
-
-    LP#1494486: Limit damage caused by dropped drone XMPP sockets
+    This patch avoids the infinite recursion (and consequent memory
+    leak) by ensuring that the 'session' key is slated for exclusion
+    from serialization from OpenSRF::Application objects during
+    bootstrapping.
     
-    It is apparently possible for drones to get into a state where their XMPP
-    socket is closed but they don't notice. This is bad because the drone can
-    continue to receive requests from its listener but can no longer respond
-    to them. To limit the pain this can cause, we should kill the drone as soon
-    as we notice this condition.
+    Note that the problem does not affect all Perl services; if a
+    Perl service declares at least one streaming method, the auto-registration
+    of the .atomic method will result in 'session'-stripping.
     
-    To avoid overhead, this commit notices when the socket returns an error (or
-    raises a signal, in Perl) upon write, and exits immediately.  One message
-    will be lost, but the drone will no longer be a black hole that does nothing
-    but absorb requests it can never fill.
+    This patch fixes a regression introduced in bug 1350457.
     
     To test
     -------
-    [1] Start an OpenSRF stack and look for a drone process.
-    [2] Use lsof to identify which socket that drone is using
-        to talk to XMPP.
-    [3] Use gdb to attach to the process and close the socket, e.g.,
+    [1] Run 'introspect opensrf.settings' via srfsh; observe
+        that it never returns and that the opensrf.settings drone
+        will grow in memory sized until killed.
+    [2] Apply the patch, then repeat step 1. This time, the
+        request should succeed.
     
-        $ gdb -p $PID
-        (gdb) p close(11) # or whatever the socket number was
-        (gdb) c
-    
-    [4] Use srfsh to make requests of that service. Eventually, one
-        of them will hit the drone.
-    [5] Sans patch, the request will get handled by the drone, but
-        the results will never get sent, and the drone will remain
-        available to handle other requests.
-    [6] With the patch, the drone will exit when it discovers that it
-        can no longer write to the XMPP socket.
-    
-    Signed-off-by: Mike Rylander <mrylander at gmail.com>
     Signed-off-by: Galen Charlton <gmc at esilibrary.com>
+    Signed-off-by: Mike Rylander <mrylander at gmail.com>
 
-4	2	src/libopensrf/osrf_app_session.c
-5	0	src/perl/lib/OpenSRF/Transport/SlimJabber/XMPPReader.pm
+1	1	src/perl/lib/OpenSRF/System.pm

commit 88c8970c3dea26c72bc3173b18041e29538c4d8c
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Thu Feb 16 15:16:21 2017 -0500

    update version numbers for 2.5.0-alpha2
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/README b/README
index d573e9b..6bca63a 100644
--- a/README
+++ b/README
@@ -29,7 +29,7 @@ Issue the following commands as the *user* Linux account.
 +
 [source, bash]
 ------------------------------------------------------------------------------
-wget https://evergreen-ils.org/downloads/opensrf-2.5.0-alpha.tar.gz
+wget https://evergreen-ils.org/downloads/opensrf-2.5.0-alpha2.tar.gz
 ------------------------------------------------------------------------------
 +
 [NOTE]
@@ -40,8 +40,8 @@ http://git.evergreen-ils.org/?p=OpenSRF.git
 +
 [source, bash]
 ------------------------------------------------------------------------------
-tar -xvf opensrf-2.5.0-alpha.tar.gz
-cd opensrf-2.5.0-alpha/
+tar -xvf opensrf-2.5.0-alpha2.tar.gz
+cd opensrf-2.5.0-alpha2/
 ------------------------------------------------------------------------------
 
 Installing prerequisites
@@ -464,14 +464,14 @@ a2dismod websocket
 .(Debian)
 [source, bash]
 ---------------------------------------------------------------------------
-cd /path/to/opensrf-2.5.0-alpha
+cd /path/to/opensrf-2.5.0-alpha2
 cp examples/apache2/websockets/apache2.conf /etc/apache2-websockets/
 ---------------------------------------------------------------------------
 +
 .(Ubuntu Trusty / Xenial)
 [source, bash]
 ---------------------------------------------------------------------------
-cd /path/to/opensrf-2.5.0-alpha
+cd /path/to/opensrf-2.5.0-alpha2
 cp examples/apache_24/websockets/apache2.conf /etc/apache2-websockets/
 ---------------------------------------------------------------------------
 +
@@ -543,7 +543,7 @@ apt-get install nginx
 +
 [source, bash]
 ---------------------------------------------------------------------------
-cd /path/to/opensrf-2.5.0-alpha
+cd /path/to/opensrf-2.5.0-alpha2
 cp examples/nginx/osrf-ws-http-proxy /etc/nginx/sites-available/
 ln -s /etc/nginx/sites-available/osrf-ws-http-proxy /etc/nginx/sites-enabled/osrf-ws-http-proxy
 ---------------------------------------------------------------------------
@@ -597,7 +597,7 @@ apt-get install haproxy
 +
 [source, bash]
 ---------------------------------------------------------------------------
-cd /path/to/opensrf-2.5.0-alpha
+cd /path/to/opensrf-2.5.0-alpha2
 cat examples/haproxy/osrf-ws-http-proxy >> /etc/haproxy/haproxy.cfg
 ---------------------------------------------------------------------------
 +
diff --git a/src/perl/lib/OpenSRF.pm b/src/perl/lib/OpenSRF.pm
index c2b3556..801f243 100644
--- a/src/perl/lib/OpenSRF.pm
+++ b/src/perl/lib/OpenSRF.pm
@@ -16,7 +16,7 @@ Version 2.1.2
 
 =cut
 
-our $VERSION = "2.50_1";
+our $VERSION = "2.50_2";
 
 =head1 METHODS
 
diff --git a/src/python/setup.py b/src/python/setup.py
index 18909a8..836d174 100644
--- a/src/python/setup.py
+++ b/src/python/setup.py
@@ -3,7 +3,7 @@
 from setuptools import setup
 
 setup(name='OpenSRF',
-    version='2.5.0-alpha',
+    version='2.5.0-alpha2',
     install_requires=[
         'dnspython', # required by pyxmpp
     	'python-memcached',
diff --git a/version.m4 b/version.m4
index 944d7f0..5767869 100644
--- a/version.m4
+++ b/version.m4
@@ -1 +1 @@
-m4_define([VERSION_NUMBER],[2.5.0-alpha]) 
+m4_define([VERSION_NUMBER],[2.5.0-alpha2]) 

commit 9df9c484031e313d3c6f1f85951d6b67b931f536
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Thu Feb 16 15:13:17 2017 -0500

    update release notes for 2.5.0-alpha2
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>

diff --git a/doc/RELEASE_NOTES.txt b/doc/RELEASE_NOTES.txt
index 3c42366..e3fa202 100644
--- a/doc/RELEASE_NOTES.txt
+++ b/doc/RELEASE_NOTES.txt
@@ -1,5 +1,5 @@
-Release notes for OpenSRF 2.5.0-alpha
-=====================================
+Release notes for OpenSRF 2.5.0-alpha2
+======================================
 
 Supported platforms
 -------------------
@@ -9,6 +9,18 @@ The following Linux distributions are supported:
   * Fedora 17, 18
   * Ubuntu 14.04 (Trusty Tahr) and 16.04 LTS (Xenial Xerus)
 
+Changes in 2.5.0-alpha2
+-----------------------
+OpenSRF 2.5.0-alpha2 is a security release; testers of OpenSRF 2.5.x
+are strongly urged to upgrade as soon as possible.
+
+The second alpha release of OpenSRF 2.5 includes the following changes:
+
+* LP#1652382: improve normalization of memcache keys to avoid potential
+denial of service and privilege escalation attacks.
+* LP#1652122: fix an infinite recursion bug in opensrf.system.method.all.
+* LP#1655449: propagate bundling/chunking limits to subrequests.
+
 New features in 2.5.0-alpha
 ---------------------------
 
@@ -132,5 +144,7 @@ We would like to thank the following people who contributed to OpenSRF 2.5:
   * Galen Charlton 
   * Jason Etheridge 
   * Jason Stephenson 
+  * Jeff Davis
+  * Kathy Lussier
   * Mike Rylander 
   * Remington Steed 

commit 4744d1a42b709a2c7aa778565c0c32a1962e0e2c
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Wed Feb 15 16:58:06 2017 -0500

    LP#1652382: more improvements to cache key munging
    
    - teach osrfCacheRemove to clean keys
    - fix implict declaration compilation warning
    - account for fact that iscntrl('\0') returns true
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>

diff --git a/src/libopensrf/osrf_cache.c b/src/libopensrf/osrf_cache.c
index dd489e1..2f829cc 100644
--- a/src/libopensrf/osrf_cache.c
+++ b/src/libopensrf/osrf_cache.c
@@ -14,6 +14,7 @@ GNU General Public License for more details.
 */
 
 #include <opensrf/osrf_cache.h>
+#include <ctype.h>
 
 #define MAX_KEY_LEN 250
 
@@ -59,7 +60,7 @@ char* _clean_key( const char* key ) {
     char* clean_key = (char*)strdup(key);
     char* d = clean_key;
     char* s = clean_key;
-    do while(isspace(*s) || iscntrl(*s)) s++; while(*d++ = *s++);
+    do while(isspace(*s) || ((*s != '\0') && iscntrl(*s))) s++; while(*d++ = *s++);
     if (strlen(clean_key) > MAX_KEY_LEN) {
         char *hashed = md5sum(clean_key);
         clean_key[0] = '\0';
@@ -138,7 +139,9 @@ int osrfCacheRemove( const char* key, ... ) {
 	memcached_return rc;
 	if( key ) {
 		VA_LIST_TO_STRING(key);
-		rc = memcached_delete(_osrfCache, VA_BUF, strlen(VA_BUF), 0 );
+		char* clean_key = _clean_key( VA_BUF );
+		rc = memcached_delete(_osrfCache, clean_key, strlen(clean_key), 0 );
+		free(clean_key);
 		if (rc != MEMCACHED_SUCCESS && rc != MEMCACHED_BUFFERED) {
 			osrfLogDebug(OSRF_LOG_MARK, "Failed to delete key [%s] - %s",
 				VA_BUF, memcached_strerror(_osrfCache, rc));

commit 7ec6c1a4b3fc99f10bd1b3c9b07a0008672cf3f6
Author: Galen Charlton <gmc at equinoxinitiative.org>
Date:   Wed Feb 15 14:12:34 2017 -0500

    LP#1652382: handle cases where supplied key is longer than 250 bytes
    
    With this patch, if cache clients want to use a key longer
    than the memcached text protocol limit of 250 bytes, the
    key is normalized to 'shortened_' + md5_hex(normalized_key).
    
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>

diff --git a/src/libopensrf/osrf_cache.c b/src/libopensrf/osrf_cache.c
index 4fccfd0..dd489e1 100644
--- a/src/libopensrf/osrf_cache.c
+++ b/src/libopensrf/osrf_cache.c
@@ -15,6 +15,8 @@ GNU General Public License for more details.
 
 #include <opensrf/osrf_cache.h>
 
+#define MAX_KEY_LEN 250
+
 static struct memcached_st* _osrfCache = NULL;
 static time_t _osrfCacheMaxSeconds = -1;
 static char* _clean_key( const char* );
@@ -57,7 +59,14 @@ char* _clean_key( const char* key ) {
     char* clean_key = (char*)strdup(key);
     char* d = clean_key;
     char* s = clean_key;
-    do while(isspace(*s)) s++; while(*d++ = *s++);
+    do while(isspace(*s) || iscntrl(*s)) s++; while(*d++ = *s++);
+    if (strlen(clean_key) > MAX_KEY_LEN) {
+        char *hashed = md5sum(clean_key);
+        clean_key[0] = '\0';
+        strncat(clean_key, "shortened_", 11);
+        strncat(clean_key, hashed, MAX_KEY_LEN);
+        free(hashed);
+    }
     return clean_key;
 }
 
diff --git a/src/perl/lib/OpenSRF/Utils/Cache.pm b/src/perl/lib/OpenSRF/Utils/Cache.pm
index ba9f1a1..36721d9 100644
--- a/src/perl/lib/OpenSRF/Utils/Cache.pm
+++ b/src/perl/lib/OpenSRF/Utils/Cache.pm
@@ -2,6 +2,7 @@ package OpenSRF::Utils::Cache;
 use strict; use warnings;
 use base qw/OpenSRF/;
 use Cache::Memcached;
+use Digest::MD5 qw(md5_hex);
 use OpenSRF::Utils::Logger qw/:level/;
 use OpenSRF::Utils::Config;
 use OpenSRF::Utils::SettingsClient;
@@ -281,6 +282,9 @@ sub _clean_cache_key {
     my $key = shift;
 
     $key =~ s{(\p{Cntrl}|\s)}{}g;
+    if (length($key) > 250) { # max length of memcahed key
+        $key = 'shortened_' . md5_hex($key);
+    }
 
     return $key;
 }

commit e58f20fd69b1fb2e94765a2bf9067ba1cbb9d2d9
Author: Mike Rylander <mrylander at gmail.com>
Date:   Mon Jan 30 12:54:10 2017 -0500

    LP#1652382: Make use of the clean key just created
    
    Signed-off-by: Mike Rylander <mrylander at gmail.com>
    Signed-off-by: Kathy Lussier <klussier at masslnc.org>
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>

diff --git a/src/libopensrf/osrf_cache.c b/src/libopensrf/osrf_cache.c
index 7574b95..4fccfd0 100644
--- a/src/libopensrf/osrf_cache.c
+++ b/src/libopensrf/osrf_cache.c
@@ -111,7 +111,7 @@ char* osrfCacheGetString( const char* key, ... ) {
 	if( key ) {
 		VA_LIST_TO_STRING(key);
 		char* clean_key = _clean_key( VA_BUF );
-		char* data = (char*) memcached_get(_osrfCache, VA_BUF, strlen(VA_BUF), &val_len, &flags, &rc);
+		char* data = (char*) memcached_get(_osrfCache, clean_key, strlen(clean_key), &val_len, &flags, &rc);
 		free(clean_key);
 		if (rc != MEMCACHED_SUCCESS) {
 			osrfLogDebug(OSRF_LOG_MARK, "Failed to get key [%s] - %s",

commit 8f31413ba4334ee3f695f84a810eccbe94351f77
Author: Mike Rylander <mrylander at gmail.com>
Date:   Fri Jan 27 15:25:05 2017 -0500

    LP#1652382: normalization of memcache keys in C code
    
    Memcache does not allow spaces in keys, so here we will actively strip them
    from any key we get from a caller.  Some callers are not very proactive about
    sending clean keys, and this patch prevents issues that can poison C-based
    OpenSRF service backends.
    
    Signed-off-by: Mike Rylander <mrylander at gmail.com>
    Signed-off-by: Kathy Lussier <klussier at masslnc.org>
    Signed-off-by: Galen Charlton <gmc at equinoxinitiative.org>
    Signed-off-by: Jeff Davis <jdavis at sitka.bclibraries.ca>

diff --git a/src/libopensrf/osrf_cache.c b/src/libopensrf/osrf_cache.c
index fc4d488..7574b95 100644
--- a/src/libopensrf/osrf_cache.c
+++ b/src/libopensrf/osrf_cache.c
@@ -17,6 +17,7 @@ GNU General Public License for more details.
 
 static struct memcached_st* _osrfCache = NULL;
 static time_t _osrfCacheMaxSeconds = -1;
+static char* _clean_key( const char* );
 
 int osrfCacheInit( const char* serverStrings[], int size, time_t maxCacheSeconds ) {
 	memcached_server_st *server_pool;
@@ -52,17 +53,30 @@ int osrfCachePutObject( const char* key, const jsonObject* obj, time_t seconds )
 	return 0;
 }
 
+char* _clean_key( const char* key ) {
+    char* clean_key = (char*)strdup(key);
+    char* d = clean_key;
+    char* s = clean_key;
+    do while(isspace(*s)) s++; while(*d++ = *s++);
+    return clean_key;
+}
+
 int osrfCachePutString( const char* key, const char* value, time_t seconds ) {
 	memcached_return rc;
 	if( !(key && value) ) return -1;
 	seconds = (seconds <= 0 || seconds > _osrfCacheMaxSeconds) ? _osrfCacheMaxSeconds : seconds;
 	osrfLogInternal( OSRF_LOG_MARK, "osrfCachePutString(): Putting string (key=%s): %s", key, value);
+
+	char* clean_key = _clean_key( key );
+
 	/* add or overwrite existing key:value pair */
-	rc = memcached_set(_osrfCache, key, strlen(key), value, strlen(value), seconds, 0);
+	rc = memcached_set(_osrfCache, clean_key, strlen(clean_key), value, strlen(value), seconds, 0);
 	if (rc != MEMCACHED_SUCCESS) {
 		osrfLogError(OSRF_LOG_MARK, "Failed to cache key:value [%s]:[%s] - %s",
 			key, value, memcached_strerror(_osrfCache, rc));
 	}
+
+	free(clean_key);
 	return 0;
 }
 
@@ -73,7 +87,9 @@ jsonObject* osrfCacheGetObject( const char* key, ... ) {
 	jsonObject* obj = NULL;
 	if( key ) {
 		VA_LIST_TO_STRING(key);
-		const char* data = (const char*) memcached_get(_osrfCache, VA_BUF, strlen(VA_BUF), &val_len, &flags, &rc);
+		char* clean_key = _clean_key( VA_BUF );
+		const char* data = (const char*) memcached_get(_osrfCache, clean_key, strlen(clean_key), &val_len, &flags, &rc);
+		free(clean_key);
 		if (rc != MEMCACHED_SUCCESS) {
 			osrfLogDebug(OSRF_LOG_MARK, "Failed to get key [%s] - %s",
 				VA_BUF, memcached_strerror(_osrfCache, rc));
@@ -94,7 +110,9 @@ char* osrfCacheGetString( const char* key, ... ) {
 	memcached_return rc;
 	if( key ) {
 		VA_LIST_TO_STRING(key);
+		char* clean_key = _clean_key( VA_BUF );
 		char* data = (char*) memcached_get(_osrfCache, VA_BUF, strlen(VA_BUF), &val_len, &flags, &rc);
+		free(clean_key);
 		if (rc != MEMCACHED_SUCCESS) {
 			osrfLogDebug(OSRF_LOG_MARK, "Failed to get key [%s] - %s",
 				VA_BUF, memcached_strerror(_osrfCache, rc));

commit 22e2c7729b6caf265b27ff14126fe5595e87cdca
Author: Mike Rylander <mrylander at gmail.com>
Date:   Tue Jan 10 15:30:18 2017 -0500

    LP#1655449: Bundling/chunking limits for SubRquests
    
    We need to teach subrequests to inherit parent request bundling/chunking
    parameters so they don't cause overruns in dispatch mode.
    
    Signed-off-by: Mike Rylander <mrylander at gmail.com>
    Signed-off-by: Jason Stephenson <jason at sigio.com>

diff --git a/src/perl/lib/OpenSRF/AppSession.pm b/src/perl/lib/OpenSRF/AppSession.pm
index 158513b..36d56b0 100644
--- a/src/perl/lib/OpenSRF/AppSession.pm
+++ b/src/perl/lib/OpenSRF/AppSession.pm
@@ -1164,7 +1164,11 @@ sub new {
         threadTrace     => 0,  # needed for respond in RD mode
         max_chunk_count => 0,  # needed for respond in RD mode
         max_chunk_size  => 0,  # needed for respond in RD mode
-        current_chunk   => [], # needed for respond_complete in RD mode
+        max_bundle_size	=> 0,
+        current_bundle  => [], # needed for respond_complete in RD mode
+        current_bundle_count=> 0,
+        current_bundle_size	=> 0,
+        max_bundle_count	=> 0,
         @_
     }, $class);
     if ($self->session) {
diff --git a/src/perl/lib/OpenSRF/Application.pm b/src/perl/lib/OpenSRF/Application.pm
index 5d01cb5..5995f1c 100644
--- a/src/perl/lib/OpenSRF/Application.pm
+++ b/src/perl/lib/OpenSRF/Application.pm
@@ -572,14 +572,24 @@ sub method_lookup {
 		$meth = $self->method_lookup($method,$proto,1);
 	}
 
-	$meth->session($self->session) if $meth && ref($self); # Pass the caller's session
+	if ($meth && ref($self)) {
+		$meth->session($self->session); # Pass the caller's session
+		$meth->max_chunk_size($self->max_chunk_size);
+		$meth->max_bundle_size($self->max_bundle_size);
+	}
+
 	return $meth;
 }
 
 sub dispatch {
 	my $self = shift;
 	$log->debug("Creating a dispatching SubRequest object", DEBUG);
-    my $req = OpenSRF::AppSubrequest->new( session => $self->session, respond_directly => 1 );
+    my $req = OpenSRF::AppSubrequest->new(
+        session => $self->session,
+        max_chunk_size  => $self->max_chunk_size,
+        max_bundle_size  => $self->max_bundle_size,
+        respond_directly => 1
+    );
     return $self->run($req, at _);
 }
 
@@ -593,7 +603,11 @@ sub run {
 	if ( !UNIVERSAL::isa($req, 'OpenSRF::AppRequest') ) {
 		$log->debug("Creating a SubRequest object", DEBUG);
 		unshift @params, $req;
-		$req = OpenSRF::AppSubrequest->new( session => $self->session );
+		$req = OpenSRF::AppSubrequest->new(
+			session => $self->session,
+			max_chunk_size  => $self->max_chunk_size,
+			max_bundle_size  => $self->max_bundle_size
+		);
 	} else {
 		$log->debug("This is a top level request", DEBUG);
 	}

commit b6fe0b1c9917d3d188ff8053f5fc3611ef878b3a
Author: Galen Charlton <gmc at esilibrary.com>
Date:   Thu Dec 22 15:53:12 2016 +0500

    LP#1652122: fix infinite recursion in opensrf.system.method.all
    
    Under certain circumstances, calling opensrf.system.method.all on a
    Perl service can result in an infinite recursion when attempting to
    serialize an OpenSRF::Application object to JSON.  In particular,
    this was observed to happen when doing an introspection of
    the opensrf.settings service.
    
    This patch avoids the infinite recursion (and consequent memory
    leak) by ensuring that the 'session' key is slated for exclusion
    from serialization from OpenSRF::Application objects during
    bootstrapping.
    
    Note that the problem does not affect all Perl services; if a
    Perl service declares at least one streaming method, the auto-registration
    of the .atomic method will result in 'session'-stripping.
    
    This patch fixes a regression introduced in bug 1350457.
    
    To test
    -------
    [1] Run 'introspect opensrf.settings' via srfsh; observe
        that it never returns and that the opensrf.settings drone
        will grow in memory sized until killed.
    [2] Apply the patch, then repeat step 1. This time, the
        request should succeed.
    
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>
    Signed-off-by: Mike Rylander <mrylander at gmail.com>

diff --git a/src/perl/lib/OpenSRF/System.pm b/src/perl/lib/OpenSRF/System.pm
index 39aeaf9..c9534dc 100644
--- a/src/perl/lib/OpenSRF/System.pm
+++ b/src/perl/lib/OpenSRF/System.pm
@@ -31,7 +31,7 @@ sub load_bootstrap_config {
         unless $bootstrap_config_file;
 
     OpenSRF::Utils::Config->load(config_file => $bootstrap_config_file);
-    OpenSRF::Utils::JSON->register_class_hint(name => "OpenSRF::Application", hint => "method", type => "hash");
+    OpenSRF::Utils::JSON->register_class_hint(name => "OpenSRF::Application", hint => "method", type => "hash", strip => ['session']);
     OpenSRF::Transport->message_envelope("OpenSRF::Transport::SlimJabber::MessageWrapper");
     OpenSRF::Transport::PeerHandle->set_peer_client("OpenSRF::Transport::SlimJabber::PeerConnection");
     OpenSRF::Application->server_class('client');

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                           |  748 ++++-------------------------------
 README                              |   14 +-
 doc/RELEASE_NOTES.txt               |   18 +-
 src/libopensrf/osrf_cache.c         |   38 ++-
 src/perl/lib/OpenSRF.pm             |    2 +-
 src/perl/lib/OpenSRF/AppSession.pm  |    6 +-
 src/perl/lib/OpenSRF/Application.pm |   20 +-
 src/perl/lib/OpenSRF/System.pm      |    2 +-
 src/perl/lib/OpenSRF/Utils/Cache.pm |    4 +
 src/python/setup.py                 |    2 +-
 version.m4                          |    2 +-
 11 files changed, 167 insertions(+), 689 deletions(-)


hooks/post-receive
-- 
OpenSRF


More information about the opensrf-commits mailing list