iodine 0.7.57 → 0.7.59

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8efbe9762562b087f91eae2c69bf2d79e574b4119af4c7163f34b45b2d0aaa8e
-  data.tar.gz: 8ae978cabf57c0a622e97b3f8128a68a02150fca5c11ee4d00c52f179aaa20bb
+  metadata.gz: b701f0b79a433993d53684b5ce564356f1317e0a23060a0a9c7f729d8857d3bb
+  data.tar.gz: 1abd95637405ccc2990d00d771e61c25cc075e8d819da47205879e151099d546
 SHA512:
-  metadata.gz: c14ddb0e815d811fda11d87cc52631d2b63639d39ff3f1c4382b7eeee39886ad5f44a809f20b488983fdd62ed239c761293e832e22653af950154880667b2dd3
-  data.tar.gz: 644e50ef7a3d213c0d44aa73dfebebf7db5c6410b39be8714844632bab6d000e608bd25160fb76c8aea66f9afd0257d50036d4f4cd6c967c4c7976aa5d3d9893
+  metadata.gz: 4d35fb80524542d8dbaf5a9d0b8c36fbe2b8a82801d3957559573d6141bd109537ea64f4d1bee905b16b37b6b80bc998403e5da8476aaeee2c19cb009f23b9cd
+  data.tar.gz: d7ddbe875e12102ab71557391c8be4eedd9d0735d9734bfddfcbf600af0a3867ab1f0ea159f1a2ad61f823772d300732a0907e20cc1f30941e5ec211d3268068

data/CHANGELOG.md

@@ -6,6 +6,12 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 ## Changes:
 
+#### Change log v.0.7.58 (2024-04-28)
+
+**Fix**: possible fix for compilation issues on Fedora. Credit to @garytaylor for opening issue #155.
+
+**Fix**: possible fix for an OpenSSL certificate chain import issue that would cause certificate chains to be imported incorrectly. Credit to @dwolrdcojp for opening the facil.io repo PR #151.
+
 #### Change log v.0.7.57 (2023-09-04)
 
 **Fix**: Fixes possible name collision when loading gem (`.rb` vs. `.so` loading). Credit to @noraj (Alexandre ZANNI) for opening issue #148. Credit to @janbiedermann (Jan Biedermann) for discovering the root cause and offering a solution.

data/README.md

@@ -10,42 +10,42 @@
 
 Iodine is a fast concurrent web application server for real-time Ruby applications, with native support for WebSockets and Pub/Sub services - but it's also so much more.
 
-Iodine is a Ruby wrapper for many of the [facil.io](https://facil.io) C framework, leveraging the speed of C for many common web application tasks. In addition, iodine abstracts away all network concerns, so you never need to worry about the transport layer, free to concentrate on your application logic.
+Iodine is a Ruby wrapper for much of the [facil.io](https://facil.io) C framework, leveraging the speed of C for many common web application tasks. In addition, iodine abstracts away all network concerns, so you never need to worry about the transport layer, leaving you free to concentrate on your application logic.
 
 Iodine includes native support for:
 
 * HTTP, WebSockets and EventSource (SSE) Services (server);
 * WebSocket connections (server / client);
 * Pub/Sub (with optional Redis Pub/Sub scaling);
-* Fast(!) builtin Mustache template engine.
+* Fast(!) builtin Mustache templating;
 * Static file service (with automatic `gzip` support for pre-compressed assets);
-* Optimized Logging to `stderr`.
+* Optimized Logging to `stderr`;
 * Asynchronous event scheduling and timers;
 * HTTP/1.1 keep-alive and pipelining;
-* Heap Fragmentation Protection.
-* TLS 1.2 and above (Requires OpenSSL >= 1.1.0);
+* Heap Fragmentation Protection;
+* TLS 1.2 and above (Requiring OpenSSL >= 1.1.0);
 * TCP/IP server and client connectivity;
 * Unix Socket server and client connectivity;
-* Hot Restart (using the USR1 signal and without hot deployment);
+* Hot Restarts (using the USR1 signal and without hot deployment);
 * Custom protocol authoring;
-* [Sequel](https://github.com/jeremyevans/sequel) and ActiveRecord forking protection.
+* [Sequel](https://github.com/jeremyevans/sequel) and ActiveRecord forking protection;
 * and more!
 
-Since iodine wraps much of the [C facil.io framework](https://github.com/boazsegev/facil.io) to Ruby:
+Since iodine wraps much of the [C facil.io framework](https://github.com/boazsegev/facil.io) for Ruby:
 
-* Iodine can handle **thousands of concurrent connections** (tested with more then 20K connections on Linux)!
+* Iodine can handle **thousands of concurrent connections** (tested with more than 20K connections on Linux)!
 
 * Iodine is ideal for **Linux/Unix** based systems (i.e. macOS, Ubuntu, FreeBSD etc'), which are ideal for evented IO (while Windows and Solaris are better at IO *completion* events, which are very different).
 
 Iodine is a C extension for Ruby, developed and optimized for Ruby MRI 2.3 and up... it should support the whole Ruby 2.x and 3.x MRI family, but CI tests start at Ruby 2.3.
 
-**Note**: iodine does **not** support streaming when using Rack. It's recommended to avoid blocking the server when using `body.each` since the `each` loop will block the iodine's thread until it's finished and iodine won't send any data before the loop is done.
+**Note**: iodine does **not** support streaming when using Rack. It's recommended to avoid blocking the server when using `body.each` since the `each` loop will block  iodine's thread until it's finished and iodine won't send any data before the loop is done.
 
 ## Iodine - a fast & powerful HTTP + WebSockets server with native Pub/Sub
 
 Iodine includes a light and fast HTTP and Websocket server written in C that was written according to the [Rack interface specifications](http://www.rubydoc.info/github/rack/rack/master/file/SPEC) and the [Websocket draft extension](./SPEC-Websocket-Draft.md).
 
-With `Iodine.listen service: :http` it's possible to run multiple HTTP applications (please remember not to set more than a single application on a single TCP/IP port). 
+With `Iodine.listen service: :http` it's possible to run multiple HTTP applications (but please remember not to set more than a single application on a single TCP/IP port).
 
 Iodine also supports native process cluster Pub/Sub and a native RedisEngine to easily scale iodine's Pub/Sub horizontally.
 
@@ -278,11 +278,11 @@ module WebsocketChat
   extend self
 end
 APP = Proc.new do |env|
-  if env['rack.upgrade?'.freeze] == :websocket 
-    env['rack.upgrade'.freeze] = WebsocketChat 
+  if env['rack.upgrade?'.freeze] == :websocket
+    env['rack.upgrade'.freeze] = WebsocketChat
     [0,{}, []] # It's possible to set cookies for the response.
   elsif env['rack.upgrade?'.freeze] == :sse
-    puts "SSE connections can only receive data from the server, the can't write." 
+    puts "SSE connections can only receive data from the server, the can't write."
     env['rack.upgrade'.freeze] = WebsocketChat
     [0,{}, []] # It's possible to set cookies for the response.
   else
@@ -556,7 +556,7 @@ Iodine is written in C and allows some compile-time customizations, such as:
 * `FIO_MAX_SOCK_CAPACITY` - limits iodine's maximum client capacity. Defaults to 131,072 clients.
 
 * `FIO_USE_RISKY_HASH` - replaces SipHash with RiskyHash for iodine's internal hash maps.
- 
+
     Since iodine hash maps have internal protection against collisions and hash flooding attacks, it's possible for iodine to leverage RiskyHash, which is faster than SipHash.
 
     By default, SipHash will be used. This is a community related choice, since the community seems to believe a hash function should protect the hash map rather than it being enough for a hash map implementation to be attack resistance.
@@ -611,7 +611,7 @@ end
 
 In pure Ruby (without using C extensions or Java), it's possible to do the same by using `select`... and although `select` has some issues, it could work well for lighter loads.
 
-The server events are fairly fast and fragmented (longer code is fragmented across multiple events), so one thread is enough to run the server including it's static file service and everything... 
+The server events are fairly fast and fragmented (longer code is fragmented across multiple events), so one thread is enough to run the server including it's static file service and everything...
 
 ...but single threaded mode should probably be avoided.
 
@@ -642,7 +642,7 @@ If you have the development headers but still can't compile the iodine extension
 
 ## Mr. Sandman, write me a server
 
-Iodine allows custom TCP/IP server authoring, for those cases where we need raw TCP/IP (UDP isn't supported just yet). 
+Iodine allows custom TCP/IP server authoring, for those cases where we need raw TCP/IP (UDP isn't supported just yet).
 
 Here's a short and sweet echo server - No HTTP, just use `telnet`:
 

data/SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+Please report any security issues you discover on GitHub using the [`Security and quality`](https://github.com/boazsegev/iodine/security) reporting form.
+
+Please remember that this is an open source project that I work on in my free time. Take it as is, I don't promise anything.
+
+## Supported Versions
+
+I support what I have time to support, with my main focus being:
+
+| Version | Support      |
+| ------- | ------------------ |
+| 0.8.x   | :green_circle:     |
+| 0.7.x   | :orange_circle:    |
+| < 0.7.0 | :red_circle:       |
+
+
+
+### [facil.io](https://facil.io) Security Issues
+
+
+| Version | facil.io link      |
+| ------- | ------------------ |
+| 0.8.x   | https://github.com/facil-io/cstl/security |
+| 0.7.x   | https://github.com/boazsegev/facil.io/security |
+| < 0.7.0   | :red_circle:                |
+
+## Reporting a Vulnerability
+
+Please report any security issues you discover on GitHub using the [`Security and quality`](https://github.com/boazsegev/iodine/security) reporting form or privately using email.
+
+Usually I implement a security patch for the version reported before porting to the current developer version. Please note that it's usually possible to port the patch manually if you don't want to upgrade an older version.

data/ext/iodine/fio.c

@@ -3385,7 +3385,7 @@ read_error:
 static int fio_sock_sendfile_from_fd(int fd, fio_packet_s *packet) {
   ssize_t sent;
   sent =
-      sendfile64(fd, packet->data.fd, (off_t *)&packet->offset, packet->length);
+      sendfile(fd, packet->data.fd, (off_t *)&packet->offset, packet->length);
   if (sent < 0)
     return -1;
   packet->length -= sent;

data/ext/iodine/fio.h

@@ -109,7 +109,7 @@ Version and helper macros
 
 #define FIO_VERSION_MAJOR 0
 #define FIO_VERSION_MINOR 7
-#define FIO_VERSION_PATCH 4
+#define FIO_VERSION_PATCH 7
 #define FIO_VERSION_BETA 0
 
 /* Automatically convert version data to a string constant - ignore these two */
@@ -221,6 +221,7 @@ Version and helper macros
 #include <unistd.h>
 #ifdef __MINGW32__
 #include <winsock2.h>
+
 #include <winsock.h>
 #include <ws2tcpip.h>
 #endif
@@ -251,10 +252,10 @@ Version and helper macros
 #endif
 
 #ifdef __MINGW32__
-#define	__S_IFMT	              0170000
-#define __S_IFLNK               0120000
-#define	__S_ISTYPE(mode, mask)	(((mode) & __S_IFMT) == (mask))
-#define S_ISLNK(mode)	          __S_ISTYPE((mode), __S_IFLNK)
+#define __S_IFMT 0170000
+#define __S_IFLNK 0120000
+#define __S_ISTYPE(mode, mask) (((mode)&__S_IFMT) == (mask))
+#define S_ISLNK(mode) __S_ISTYPE((mode), __S_IFLNK)
 
 #define SIGKILL 9
 #define SIGTERM 15
@@ -4743,14 +4744,11 @@ static FIO_ARY_TYPE const FIO_NAME(s___const_invalid_object);
 /* minimizes allocation "dead space" by alligning allocated length to 16bytes */
 #undef FIO_ARY_SIZE2WORDS
 #define FIO_ARY_SIZE2WORDS(size)                                               \
-  ((sizeof(FIO_ARY_TYPE) & 1)                                                  \
-       ? (((size) & (~15)) + 16)                                               \
-       : (sizeof(FIO_ARY_TYPE) & 2)                                            \
-             ? (((size) & (~7)) + 8)                                           \
-             : (sizeof(FIO_ARY_TYPE) & 4)                                      \
-                   ? (((size) & (~3)) + 4)                                     \
-                   : (sizeof(FIO_ARY_TYPE) & 8) ? (((size) & (~1)) + 2)        \
-                                                : (size))
+  ((sizeof(FIO_ARY_TYPE) & 1)   ? (((size) & (~15)) + 16)                      \
+   : (sizeof(FIO_ARY_TYPE) & 2) ? (((size) & (~7)) + 8)                        \
+   : (sizeof(FIO_ARY_TYPE) & 4) ? (((size) & (~3)) + 4)                        \
+   : (sizeof(FIO_ARY_TYPE) & 8) ? (((size) & (~1)) + 2)                        \
+                                : (size))
 
 /* *****************************************************************************
 Array API
@@ -6048,7 +6046,7 @@ FIO_NAME(_insert_or_overwrite_)(FIO_NAME(s) * set, FIO_SET_HASH_TYPE hash_value,
   pos->hash = hash_value;
   pos->pos->hash = hash_value;
   FIO_SET_COPY(pos->pos->obj, obj);
-  
+
   return pos->pos->obj;
 }
 

data/ext/iodine/fio_json_parser.h

@@ -393,7 +393,7 @@ fio_json_parse(json_parser_s *parser, const char *buffer, size_t length) {
         goto error;
       break;
     case ']':
-      if ((parser->dict & 1))
+      if ((parser->dict & 1) || !parser->depth)
         goto error;
       --parser->depth;
       ++pos;
@@ -453,12 +453,12 @@ fio_json_parse(json_parser_s *parser, const char *buffer, size_t length) {
       long long i = fio_atol((char **)&tmp);
       if (tmp > limit)
         goto stop;
-      if (!tmp || JSON_NUMERAL[*tmp]) {
+      if (!tmp || tmp == pos || JSON_NUMERAL[*tmp]) {
         tmp = pos;
         double f = fio_atof((char **)&tmp);
         if (tmp > limit)
           goto stop;
-        if (!tmp || JSON_NUMERAL[*tmp])
+        if (!tmp || tmp == pos || JSON_NUMERAL[*tmp])
           goto error;
         fio_json_on_float(parser, f);
         pos = tmp;
@@ -481,8 +481,9 @@ fio_json_parse(json_parser_s *parser, const char *buffer, size_t length) {
       if (pos[1] == '*') {
         if (pos + 4 > limit)
           goto stop;
-        uint8_t *tmp = pos + 3; /* avoid this: /*/
+        uint8_t *tmp = pos + 2; /* avoid this: /*/
         do {
+          ++tmp;
           tmp = memchr(tmp, '/', (uintptr_t)(limit - tmp));
         } while (tmp && tmp[-1] != '*');
         if (!tmp)