puma 2.11.2-java → 2.11.3-java
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.txt +12 -1
- data/ext/puma_http11/mini_ssl.c +3 -2
- data/ext/puma_http11/org/jruby/puma/MiniSSL.java +5 -9
- data/lib/puma/client.rb +5 -1
- data/lib/puma/configuration.rb +1 -1
- data/lib/puma/const.rb +1 -1
- data/lib/puma/minissl.rb +0 -5
- data/lib/puma/puma_http11.jar +0 -0
- data/lib/puma/server.rb +1 -0
- data/test/test_puma_server_ssl.rb +4 -41
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e374ffc305668db0b5e3e15fb92fd5993291e94c
|
4
|
+
data.tar.gz: dfb56a5df12d2240fd3396e89f1f0f6573b4c508
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a097451e0ea3b31e06ec2f00b6edc399f7869debd248b6ba86ad49682d900cbf95d8588bd9d44748b23186b4e40e976f7c83294d9012bae8da658a1ce1a69e65
|
7
|
+
data.tar.gz: a7effe422700a125f982733760aa28e0110f0cecc367d015d8385a19f3dd7803416579c32251b06c0143e676a7e950dfbf765448eb9dadc6d3b7a20c4bd7cb87
|
data/History.txt
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
=== 2.11.3 / 2015-05-18
|
2
|
+
|
3
|
+
* 5 bug fixes:
|
4
|
+
* Be sure to unlink tempfiles after a request. Fixes #690
|
5
|
+
* Coerce the key to a string before checking. (thar be symbols). Fixes #684
|
6
|
+
* Fix hang on bad SSL handshake
|
7
|
+
* Remove `enable_SSLv3` support from JRuby
|
8
|
+
|
9
|
+
* 1 PR merged:
|
10
|
+
* Merge pull request #698 from looker/hang-handshake
|
11
|
+
|
1
12
|
=== 2.11.2 / 2015-04-11
|
2
13
|
|
3
14
|
* 2 minor features:
|
@@ -483,7 +494,7 @@ RailsConf 2013 edition!
|
|
483
494
|
* Close the binder in the right place. Fixes #192
|
484
495
|
* Handle early term in workers. Fixes #206
|
485
496
|
* Make sure that the default port is 80 when the request doesn't include HTTP_X_FORWARDED_PROTO.
|
486
|
-
* Prevent Errno::EBADF errors on restart when running ruby 2.0
|
497
|
+
* Prevent Errno::EBADF errors on restart when running ruby 2.0
|
487
498
|
* Record the proper @master_pid
|
488
499
|
* Respect the header HTTP_X_FORWARDED_PROTO when the host doesn't include a port number.
|
489
500
|
* Retry EAGAIN/EWOULDBLOCK during syswrite
|
data/ext/puma_http11/mini_ssl.c
CHANGED
@@ -161,7 +161,7 @@ void raise_error(SSL* ssl, int result) {
|
|
161
161
|
VALUE engine_read(VALUE self) {
|
162
162
|
ms_conn* conn;
|
163
163
|
char buf[512];
|
164
|
-
int bytes, n;
|
164
|
+
int bytes, n, error;
|
165
165
|
|
166
166
|
Data_Get_Struct(self, ms_conn, conn);
|
167
167
|
|
@@ -173,7 +173,8 @@ VALUE engine_read(VALUE self) {
|
|
173
173
|
|
174
174
|
if(SSL_want_read(conn->ssl)) return Qnil;
|
175
175
|
|
176
|
-
|
176
|
+
error = SSL_get_error(conn->ssl, bytes);
|
177
|
+
if(error == SSL_ERROR_ZERO_RETURN || error == SSL_ERROR_SSL) {
|
177
178
|
rb_eof_error();
|
178
179
|
}
|
179
180
|
|
@@ -153,13 +153,7 @@ public class MiniSSL extends RubyObject {
|
|
153
153
|
sslCtx.init(kmf.getKeyManagers(), null, null);
|
154
154
|
engine = sslCtx.createSSLEngine();
|
155
155
|
|
156
|
-
|
157
|
-
String[] protocols;
|
158
|
-
if (enableSSLv3 instanceof RubyBoolean && enableSSLv3.isTrue()) {
|
159
|
-
protocols = new String[] { "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
|
160
|
-
} else {
|
161
|
-
protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
|
162
|
-
}
|
156
|
+
String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
|
163
157
|
engine.setEnabledProtocols(protocols);
|
164
158
|
engine.setUseClientMode(false);
|
165
159
|
|
@@ -308,8 +302,10 @@ public class MiniSSL extends RubyObject {
|
|
308
302
|
log("read(): end dump of request data <<<<\n");
|
309
303
|
return str;
|
310
304
|
} catch (Exception e) {
|
311
|
-
|
312
|
-
|
305
|
+
if (DEBUG) {
|
306
|
+
e.printStackTrace();
|
307
|
+
}
|
308
|
+
throw getRuntime().newEOFError(e.getMessage());
|
313
309
|
}
|
314
310
|
}
|
315
311
|
|
data/lib/puma/client.rb
CHANGED
@@ -39,6 +39,7 @@ module Puma
|
|
39
39
|
|
40
40
|
@body = nil
|
41
41
|
@buffer = nil
|
42
|
+
@tempfile = nil
|
42
43
|
|
43
44
|
@timeout_at = nil
|
44
45
|
|
@@ -46,7 +47,8 @@ module Puma
|
|
46
47
|
@hijacked = false
|
47
48
|
end
|
48
49
|
|
49
|
-
attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked
|
50
|
+
attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
|
51
|
+
:tempfile
|
50
52
|
|
51
53
|
def inspect
|
52
54
|
"#<Puma::Client:0x#{object_id.to_s(16)} @ready=#{@ready.inspect}>"
|
@@ -72,6 +74,7 @@ module Puma
|
|
72
74
|
@read_header = true
|
73
75
|
@env = @proto_env.dup
|
74
76
|
@body = nil
|
77
|
+
@tempfile = nil
|
75
78
|
@parsed_bytes = 0
|
76
79
|
@ready = false
|
77
80
|
|
@@ -129,6 +132,7 @@ module Puma
|
|
129
132
|
if remain > MAX_BODY
|
130
133
|
@body = Tempfile.new(Const::PUMA_TMP_BASE)
|
131
134
|
@body.binmode
|
135
|
+
@tempfile = @body
|
132
136
|
else
|
133
137
|
# The body[0,0] trick is to get an empty string in the same
|
134
138
|
# encoding as body.
|
data/lib/puma/configuration.rb
CHANGED
@@ -103,7 +103,7 @@ module Puma
|
|
103
103
|
@options.merge!(rack_options)
|
104
104
|
|
105
105
|
config_ru_binds = rack_options.each_with_object([]) do |(k, v), b|
|
106
|
-
b << v if k.
|
106
|
+
b << v if k.to_s[0,4] == "bind"
|
107
107
|
end
|
108
108
|
@options[:binds] = config_ru_binds unless config_ru_binds.empty?
|
109
109
|
|
data/lib/puma/const.rb
CHANGED
data/lib/puma/minissl.rb
CHANGED
@@ -95,11 +95,6 @@ module Puma
|
|
95
95
|
# jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
|
96
96
|
attr_reader :keystore
|
97
97
|
attr_accessor :keystore_pass
|
98
|
-
attr_accessor :enable_SSLv3
|
99
|
-
|
100
|
-
def initialize
|
101
|
-
@enable_SSLv3 = false
|
102
|
-
end
|
103
98
|
|
104
99
|
def keystore=(keystore)
|
105
100
|
raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
|
data/lib/puma/puma_http11.jar
CHANGED
Binary file
|
data/lib/puma/server.rb
CHANGED
@@ -88,48 +88,11 @@ class TestPumaServerSSL < Test::Unit::TestCase
|
|
88
88
|
assert_equal "https", body
|
89
89
|
end
|
90
90
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
assert_raises(OpenSSL::SSL::SSLError) do
|
95
|
-
@http.start do
|
96
|
-
Net::HTTP::Get.new '/'
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def test_enabling_ssl_v3_support
|
102
|
-
@server.stop(true)
|
103
|
-
@ctx.enable_SSLv3 = true
|
104
|
-
@server = Puma::Server.new @app, @events
|
105
|
-
@server.add_ssl_listener @host, @port, @ctx
|
106
|
-
@server.run
|
107
|
-
@http.ssl_version='SSLv3'
|
108
|
-
|
109
|
-
body = nil
|
91
|
+
def test_ssl_v3_rejection
|
92
|
+
@http.ssl_version='SSLv3'
|
93
|
+
assert_raises(OpenSSL::SSL::SSLError) do
|
110
94
|
@http.start do
|
111
|
-
|
112
|
-
|
113
|
-
@http.request(req) do |rep|
|
114
|
-
body = rep.body
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
assert_equal "https", body
|
119
|
-
end
|
120
|
-
|
121
|
-
def test_enabling_ssl_v3_support_requires_true
|
122
|
-
@server.stop(true)
|
123
|
-
@ctx.enable_SSLv3 = "truthy but not true"
|
124
|
-
@server = Puma::Server.new @app, @events
|
125
|
-
@server.add_ssl_listener @host, @port, @ctx
|
126
|
-
@server.run
|
127
|
-
@http.ssl_version='SSLv3'
|
128
|
-
|
129
|
-
assert_raises(OpenSSL::SSL::SSLError) do
|
130
|
-
@http.start do
|
131
|
-
Net::HTTP::Get.new '/'
|
132
|
-
end
|
95
|
+
Net::HTTP::Get.new '/'
|
133
96
|
end
|
134
97
|
end
|
135
98
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puma
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.11.
|
4
|
+
version: 2.11.3
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Evan Phoenix
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-05-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|