Miva Merchant Empresa/Mia/Script Compiler v5.17 Release Notes ------------------------------------------------------------- Bugs Fixed ---------- 8677: Builtins: crypto: crypto_rand_bytes( -1 ) causes a crash 8694: Builtins: crypto: When OpenSSL is not available, calling the same crypto function twice causes a segmentation fault 8732: Builtins: crypto: Functions that depend on RSA_up_ref double free RSA pointers on OpenSSL pre 0.9.7 6820: Builtins: math: acos() is internally mapped to cos() and returns incorrect values 6426: Compiler: Unscoped variables with -p all causes incorrect code generation and does not generate warnings in MvCAPTURE, MvREFERENCE, MvFOR and MvFOREACH 6935: Compiler: Compiler generates invalid assembly code for MvREFERENCEARRAY without NAME or VARIABLE attribute 7795: Compiler: MvFOREACH should give unique names to its anonymous variables 8592: Compiler: Global MvFOR/MvFOREACH in an MvDO target loops until timeout 8673: Compiler: Compiler crashes if you attempt to compile a directory 9212: Compiler: Compiler generates invalid assembly code for -.88 9285: Compiler: Grammatical error: Too many open parenthesis should be Too many open parentheses 8707: Configuration: 3.x: Using two equals (==) in mivavm.conf generates an unhelpful error message at runtime 9071: MivaSQL: "Not enough values" error when an INSERT with sub-select does not insert all columns 9291: MySQL Connector: Queries that execute for longer than 15 seconds result in "Lost connection to MySQL server during query" errors 4623: Virtual Machine: Expressions in MvDO parsed differently than other expressions 6406: Virtual Machine: Configuration variables cannot be passed as non-reference parameters or assigned to other variables 6797: Virtual Machine: MivaApplication::EncodeAttribute does not encode low-ASCII non-printable characters 8121: Virtual Machine: s.miva_config does not contain a log_filter variable 9041: Virtual Machine: CGI mivavm should explicitly validate that configured paths are absolute rather than relative 9186: Virtual Machine: dup instruction causes segfault when SP = 0 9213: Virtual Machine: Negative constants as parameters to a function call in a dynamic expression generate errors when any previous parameter has operators 9355: Virtual Machine: VariableHash::Scope does not properly handle short or empty variable names 9453: Virtual Machine: Buffer overflow in MivaApplication::MakeSessionID when OpenSSL is not available 9313: Virtual Machine Installation: vm-README.txt contains incorrect instructions for suexec/env.so configuration Platform Support Changes ------------------------ - FreeBSD 6.2 is no longer supported. Starting with this release, FreeBSD binaries are built on FreeBSD 8.3, and support FreeBSD 7.4-9.0. The compat6x package is no longer required on any of these platforms. - amd64 builds for FreeBSD 7.4-9.0 are now provided. API Changes ----------- - New API function mvProgram_Sleep( mvProgram program, int msecs ) delays the running application for msecs milliseconds or until the global timeout expires, whichever is shorter. New Builtin Functions --------------------- - miva_sleep( msecs ) Delays the running application for msecs milliseconds or until the global timeout expires, whichever is shorter. - miva_hex_encode( data ) - miva_hex_decode( data ) Convert "data" to or from hexidecimal notation, returning the resulting encoded or decoded data. - crypto_cipher_block_size( ciphername ) - crypto_cipher_key_length( ciphername ) - crypto_cipher_iv_length( ciphername ) These functions allow you to programatically determine the attributes of the cipher specified by "ciphername". "ciphername" is an OpenSSL cipher identifier, such as "aes-128-cbc" or "rc2-ofb". All of the preceding functions return the numeric size, in bytes, or -1 if an invalid "ciphername" is specified. - crypto_cipher_mode( ciphername ) Returns the block mode of operation of the cipher specified by "ciphername." The output is one of the following strings: stream Stream ciphers, such as RC4 ecb Electronic Code Book cbc Cipher Block Chaining cfb Cipher Feedback ofb Output Feedback unknown An invalid ciphername was specified - crypto_evp_encrypt( ciphername, key, iv, plaintext, encrypted var ) Encrypts "plaintext" using the block cipher specified by "ciphername", placing the encrypted data into "encrypted". Parameters: ciphername The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc". key The encryption key. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_key_length. iv An initialization vector, if required by the cipher. Must be exactly the number of bytes required by the cipher, as returned by crypto_cipher_iv_length. plaintext The text to be encrypted encrypted [output] Receives the cipher text Return value: 1 on success, 0 on failure - crypto_evp_decrypt( ciphername, key, iv, encrypted, plaintext var ) Decrypts "plaintext" using the block cipher specified by "ciphername", placing the decrypted data into "plaintext". Parameters: ciphername The OpenSSL identifier of the cipher, such as "bf-cbc" or "des-ede3-cbc". key The key used for encryption. iv The initialization vector used for encryption. returned by crypto_cipher_iv_length. encrypted The ciphertext to be decrypted plaintext [output] Receives the plaintext Return value: 1 on success, 0 on failure - crypto_digest_block_size( digestname ) - crypto_digest_size( digestname ) These functions allow you to programatically determine the attributes of the digest algorithm specified by "digestname". "digestname" is an OpenSSL digest identifier, such as "sha256" or "md5". Each of the preceding functions return the numeric size, in bytes, or -1 if an invalid "digestname" is specified. - crypto_evp_digest( digestname, buffer var, digest var ) Calculates the digest of "buffer" using digest algorithm "digestname", placing the calculated digest in "digest". The digest output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired. Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified. - crypto_evp_hmac( digestname, key, buffer var, digest var ) Calculates the HMAC of "buffer" using digest algorithm "digestname" and key "key", placing the HMAC in "digest". The HMAC output is always in raw binary format, use miva_hex_encode() or crypto_base64_encode() if other output formats are desired. Returns 1 on success or 0 if an invalid or unsupported "digestname" is specified. - crypto_xor( buffer var, dest var ) Efficiently performs a byte-by-byte XOR of buffer and dest, storing the resulting data in "dest". If "buffer" is longer than "dest", any extra bytes are ignored. - crypto_pbkdf1( digestname, password, salt, iterations, dklen, dk var ) Derives a key of "dklen" bytes using PBKDF1 from PKCS #5. Parameters: digestname The digest algorithm to use. Must be one of "md2", "md5" or "sha1". password The password from which a key is to be derived. salt Exactly 8 bytes of random data that are used as a salt. iterations The number of iterations to perform. dklen The desired output length of the derived key. May not be longer than the output digest size of the specified digest algorithm. dk [output] Receives the derived key. The output is in raw binary. Returns 1 on success or 0 on error. - crypto_pbkdf2( digestname, password, salt, iterations, dklen, dk var ) Derives a key of "dklen" bytes using PBKDF2 from PKCS #5. Parameters: digestname The digest algorithm to use. May be any of the digests supported by the installed OpenSSL version. password The password from which a key is to be derived. salt Random data of any length that is used to salt the derivation. RFC 2898 recommends a minimum salt length of 8 bytes. iterations The number of iterations to perform. RFC 2898 recommends at least 1000 iterations. dklen The desired output length of the derived key. May be any positive value. dk [output] Receives the derived key. The output is in raw binary. Returns 1 on success or 0 on error. - rsa_generate_keypair_mem_cipher( pubkey var, privkey var, bits, e, passphrase, ciphername ) - rsa_save_privatekey_mem_cipher( privkey var, rsa var, passphrase, ciphername ) These functions behave identically to their legacy counterparts rsa_generate_keypair_mem and rsa_save_privatekey_mem_cipher, except that they allow the caller to specify the cipher used to encrypt the private key (the legacy functions always use des-ede3-cbc). "ciphername" is an OpenSSL cipher identifier that specifies the cipher to be used. Note that OpenSSL only permits a subset of its supported ciphers to be used for RSA key encryption. For example, only CBC mode ciphers are permitted. New Features ------------ - On UNIX, the 3.x compatible configuration library now reports verbose syntax errors with line numbers when a parsing error occurs in either the configuration or authorization files. - Debug logging filter values may now be preceded by "!" to indicate a logging exclusion. If only exclusion filters are present, then all lines not matching the exclusion are logged. For example, "!example.mv:100-200" would log all lines except those between line number 100 and 200 of example.mv. If used in combination with one or more traditional include filters, then exclusions only apply where they overlap with one of the inclusions. - Increment (++) and decrement (--) operators are now supported inside MivaScript expressions. Both pre and post increment/decrement are allowed. Example: Note: When used within a dynamic expression (MvDO EXPR, MvFILTER EXPRESSION, etc..), the generated MivaScript file will be incompatible with Empresa versions prior to 5.17. When compilation includes a compatibility flag, for example "-C 5.16", a compiler warning will be generated when an increment or decrement operator is detected inside a dynamic expression.