puma 5.3.2-java → 5.5.2-java

data/docs/signals.md

@@ -1,8 +1,8 @@
-The [unix signal](https://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](https://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
+The [unix signal](https://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](https://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process, but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
 
 ## Sending Signals
 
-If you are new to signals it can be useful to see how they can be used. When a process is created in a *nix like operating system it will have a [PID - or process identifier](https://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration we will create an infinitely running process by tailing a file:
+If you are new to signals, it can be helpful to see how they are used. When a process starts in a *nix-like operating system, it will have a [PID - or process identifier](https://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration, we will create an infinitely running process by tailing a file:
 
 ```sh
 $ echo "foo" >> my.log
@@ -10,7 +10,7 @@ $ irb
 > pid = Process.spawn 'tail -f my.log'
 ```
 
-From here we can see that the tail process is running by using the `ps` command:
+From here, we can see that the tail process is running by using the `ps` command:
 
 ```sh
 $ ps aux | grep tail
@@ -27,7 +27,7 @@ Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-deta
 Process.kill("TERM", pid)
 ```
 
-Now you will see via `ps` that there is no more `tail` process. Sometimes when referring to signals the `SIG` prefix will be used for instance `SIGTERM` is equivalent to sending `TERM` via `Process.kill`.
+Now you will see via `ps` that there is no more `tail` process. Sometimes when referring to signals, the `SIG` prefix will be used. For example, `SIGTERM` is equivalent to sending `TERM` via `Process.kill`.
 
 ## Puma Signals
 
@@ -35,13 +35,13 @@ Puma cluster responds to these signals:
 
 - `TTIN` increment the worker count by 1
 - `TTOU` decrement the worker count by 1
-- `TERM` send `TERM` to worker. Worker will attempt to finish then exit.
-- `USR2` restart workers. This also reloads puma configuration file, if there is one.
-- `USR1` restart workers in phases, a rolling restart. This will not reload configuration file.
-- `HUP ` reopen log files defined in stdout_redirect configuration parameter. If there is no stdout_redirect option provided it will behave like `INT`
-- `INT ` equivalent of sending Ctrl-C to cluster. Will attempt to finish then exit.
+- `TERM` send `TERM` to worker. The worker will attempt to finish then exit.
+- `USR2` restart workers. This also reloads the Puma configuration file, if there is one.
+- `USR1` restart workers in phases, a rolling restart. This will not reload the configuration file.
+- `HUP ` reopen log files defined in stdout_redirect configuration parameter. If there is no stdout_redirect option provided, it will behave like `INT`
+- `INT ` equivalent of sending Ctrl-C to cluster. Puma will attempt to finish then exit.
 - `CHLD`
-- `URG ` refork workers in phases from worker 0, if `fork_workers` option is enabled.
+- `URG ` refork workers in phases from worker 0 if `fork_workers` option is enabled.
 
 ## Callbacks order in case of different signals
 

data/docs/stats.md

@@ -1,4 +1,4 @@
-## accessing stats
+## Accessing stats
 
 Stats can be accessed in two ways:
 
@@ -47,18 +47,18 @@ end
 
 ## Explanation of stats
 
-`Puma.stats` returns different information and a different structure depending on if Puma is in single vs cluster mode. There is one top-level attribute that is common to both modes:
+`Puma.stats` returns different information and a different structure depending on if Puma is in single vs. cluster mode. There is one top-level attribute that is common to both modes:
 
-* started_at: when puma was started
+* started_at: when Puma was started
 
 ### single mode and individual workers in cluster mode
 
-When Puma is run in single mode, these stats are available at the top level. When Puma is run in cluster mode, these stats are available within the `worker_status` array in a hash labeled `last_status`, in an array of hashes, one hash for each worker.
+When Puma runs in single mode, these stats are available at the top level. When Puma runs in cluster mode, these stats are available within the `worker_status` array in a hash labeled `last_status`, in an array of hashes where one hash represents each worker.
 
 * backlog: requests that are waiting for an available thread to be available. if this is above 0, you need more capacity [always true?]
 * running: how many threads are running
-* pool_capacity: the number of requests that the server is capable of taking right now. For example if the number is 5 then it means there are 5 threads sitting idle ready to take a request. If one request comes in, then the value would be 4 until it finishes processing. If the minimum threads allowed is zero, this number will still have a maximum value of the maximum threads allowed.
-* max_threads: the maximum number of threads puma is configured to spool up per worker 
+* pool_capacity: the number of requests that the server is capable of taking right now. For example, if the number is 5, then it means there are 5 threads sitting idle ready to take a request. If one request comes in, then the value would be 4 until it finishes processing. If the minimum threads allowed is zero, this number will still have a maximum value of the maximum threads allowed.
+* max_threads: the maximum number of threads Puma is configured to spool per worker
 * requests_count: the number of requests this worker has served since starting
 
 
@@ -72,9 +72,9 @@ When Puma is run in single mode, these stats are available at the top level. Whe
 
 ### worker status
 
-* started_at: when the worker was started
+* started_at: when the worker started
 * pid: the process id of the worker process
-* index: each worker gets a number. if puma is configured to have 3 workers, then this will be 0, 1, or 2
+* index: each worker gets a number. if Puma is configured to have 3 workers, then this will be 0, 1, or 2
 * booted: if it's done booting [?]
 * last_checkin: Last time the worker responded to the master process' heartbeat check.
 * last_status: a hash of info about the worker's state handling requests. See the explanation for this in "single mode and individual workers in cluster mode" section above.

data/docs/systemd.md

@@ -1,19 +1,18 @@
 # systemd
 
-[systemd](https://www.freedesktop.org/wiki/Software/systemd/) is a
-commonly available init system (PID 1) on many Linux distributions. It
-offers process monitoring (including automatic restarts) and other
-useful features for running Puma in production.
+[systemd](https://www.freedesktop.org/wiki/Software/systemd/) is a commonly
+available init system (PID 1) on many Linux distributions. It offers process
+monitoring (including automatic restarts) and other useful features for running
+Puma in production.
 
 ## Service Configuration
 
-Below is a sample puma.service configuration file for systemd, which
-can be copied or symlinked to `/etc/systemd/system/puma.service`, or if
-desired, using an application or instance specific name.
+Below is a sample puma.service configuration file for systemd, which can be
+copied or symlinked to `/etc/systemd/system/puma.service`, or if desired, using
+an application or instance-specific name.
 
-Note that this uses the systemd preferred "simple" type where the
-start command remains running in the foreground (does not fork and
-exit).
+Note that this uses the systemd preferred "simple" type where the start command
+remains running in the foreground (does not fork and exit).
 
 ~~~~ ini
 [Unit]
@@ -37,8 +36,8 @@ WatchdogSec=10
 # Preferably configure a non-privileged user
 # User=
 
-# The path to the your application code root directory.
-# Also replace the "<YOUR_APP_PATH>" place holders below with this path.
+# The path to your application code root directory.
+# Also replace the "<YOUR_APP_PATH>" placeholders below with this path.
 # Example /home/username/myapp
 WorkingDirectory=<YOUR_APP_PATH>
 
@@ -64,33 +63,31 @@ Restart=always
 WantedBy=multi-user.target
 ~~~~
 
-See [systemd.exec](https://www.freedesktop.org/software/systemd/man/systemd.exec.html)
+See
+[systemd.exec](https://www.freedesktop.org/software/systemd/man/systemd.exec.html)
 for additional details.
 
 ## Socket Activation
 
-systemd and puma also support socket activation, where systemd opens
-the listening socket(s) in advance and provides them to the puma
-master process on startup. Among other advantages, this keeps
-listening sockets open across puma restarts and achieves graceful
-restarts, including when upgraded puma, and is compatible with both
-clustered mode and application preload.
-
-**Note:** Any wrapper scripts which `exec`, or other indirections in
-`ExecStart`, may result in activated socket file descriptors being closed
-before they reach the puma master process. For example, if using `bundle exec`,
-pass the `--keep-file-descriptors` flag. `bundle exec` can be avoided by using a
-`puma` executable generated by `bundle binstubs puma`. This is tracked in
-[#1499].
-
-**Note:** Socket activation doesn't currently work on JRuby. This is
-tracked in [#1367].
-
-To use socket activation, configure one or more `ListenStream` sockets
-in a companion `*.socket` unit file. Also uncomment the associated
-`Requires` directive for the socket unit in the service file (see
-above.) Here is a sample puma.socket, matching the ports used in the
-above puma.service:
+systemd and Puma also support socket activation, where systemd opens the
+listening socket(s) in advance and provides them to the Puma master process on
+startup. Among other advantages, this keeps listening sockets open across puma
+restarts and achieves graceful restarts, including when upgraded Puma, and is
+compatible with both clustered mode and application preload.
+
+**Note:** Any wrapper scripts which `exec`, or other indirections in `ExecStart`
+may result in activated socket file descriptors being closed before reaching the
+puma master process. For example, if using `bundle exec`, pass the
+`--keep-file-descriptors` flag. `bundle exec` can be avoided by using a `puma`
+executable generated by `bundle binstubs puma`. This is tracked in [#1499].
+
+**Note:** Socket activation doesn't currently work on JRuby. This is tracked in
+[#1367].
+
+Configure one or more `ListenStream` sockets in a companion `*.socket` unit file
+to use socket activation. Also, uncomment the associated `Requires` directive
+for the socket unit in the service file (see above.) Here is a sample
+puma.socket, matching the ports used in the above puma.service:
 
 ~~~~ ini
 [Unit]
@@ -113,31 +110,32 @@ Backlog=1024
 WantedBy=sockets.target
 ~~~~
 
-See [systemd.socket](https://www.freedesktop.org/software/systemd/man/systemd.socket.html)
+See
+[systemd.socket](https://www.freedesktop.org/software/systemd/man/systemd.socket.html)
 for additional configuration details.
 
-Note that the above configurations will work with Puma in either
-single process or cluster mode.
+Note that the above configurations will work with Puma in either single process
+or cluster mode.
 
 ### Sockets and symlinks
 
-When using releases folders, you should set the socket path using the
-shared folder path (ex. `/srv/projet/shared/tmp/puma.sock`), not the
-release folder path (`/srv/projet/releases/1234/tmp/puma.sock`).
+When using releases folders, you should set the socket path using the shared
+folder path (ex. `/srv/projet/shared/tmp/puma.sock`), not the release folder
+path (`/srv/projet/releases/1234/tmp/puma.sock`).
 
 Puma will detect the release path socket as different than the one provided by
-systemd and attempt to bind it again, resulting in the exception
- `There is already a server bound to:`.
+systemd and attempt to bind it again, resulting in the exception `There is
+already a server bound to:`.
 
 ### Binding
 
-By default you need to configure puma to have binds matching with all
+By default, you need to configure Puma to have binds matching with all
 ListenStream statements. Any mismatched systemd ListenStreams will be closed by
-puma.
+Puma.
 
 To automatically bind to all activated sockets, the option
 `--bind-to-activated-sockets` can be used. This matches the config DSL
-`bind_to_activated_sockets` statement. This will cause puma to create a bind
+`bind_to_activated_sockets` statement. This will cause Puma to create a bind
 automatically for any activated socket. When systemd socket activation is not
 enabled, this option does nothing.
 
@@ -146,8 +144,8 @@ binds that's not socket activated.
 
 ## Usage
 
-Without socket activation, use `systemctl` as root (e.g. via `sudo`) as
-with other system services:
+Without socket activation, use `systemctl` as root (i.e., via `sudo`) as with
+other system services:
 
 ~~~~ sh
 # After installing or making changes to puma.service
@@ -156,35 +154,35 @@ systemctl daemon-reload
 # Enable so it starts on boot
 systemctl enable puma.service
 
-# Initial start up.
+# Initial startup.
 systemctl start puma.service
 
 # Check status
 systemctl status puma.service
 
-# A normal restart. Warning: listeners sockets will be closed
+# A normal restart. Warning: listener's sockets will be closed
 # while a new puma process initializes.
 systemctl restart puma.service
 ~~~~
 
-With socket activation, several but not all of these commands should
-be run for both socket and service:
+With socket activation, several but not all of these commands should be run for
+both socket and service:
 
 ~~~~ sh
 # After installing or making changes to either puma.socket or
 # puma.service.
 systemctl daemon-reload
 
-# Enable both socket and service so they start on boot.  Alternatively
-# you could leave puma.service disabled and systemd will start it on
-# first use (with startup lag on first request)
+# Enable both socket and service, so they start on boot.  Alternatively
+# you could leave puma.service disabled, and systemd will start it on
+# the first use (with startup lag on the first request)
 systemctl enable puma.socket puma.service
 
-# Initial start up. The Requires directive (see above) ensures the
+# Initial startup. The Requires directive (see above) ensures the
 # socket is started before the service.
 systemctl start puma.socket puma.service
 
-# Check status of both socket and service.
+# Check the status of both socket and service.
 systemctl status puma.socket puma.service
 
 # A "hot" restart, with systemd keeping puma.socket listening and
@@ -197,8 +195,8 @@ systemctl restart puma.service
 systemctl restart puma.socket puma.service
 ~~~~
 
-Here is sample output from `systemctl status` with both service and
-socket running:
+Here is sample output from `systemctl status` with both service and socket
+running:
 
 ~~~~
 ● puma.socket - Puma HTTP Server Accept Sockets
@@ -231,14 +229,12 @@ Apr 07 08:40:19 hx puma[28320]: Use Ctrl-C to stop
 
 ### capistrano3-puma
 
-By default,
-[capistrano3-puma](https://github.com/seuros/capistrano-puma) uses
-`pumactl` for deployment restarts, outside of systemd.  To learn the
-exact commands that this tool would use for `ExecStart` and
-`ExecStop`, use the following `cap` commands in dry-run mode, and
-update from the above forking service configuration accordingly. Note
-also that the configured `User` should likely be the same as the
-capistrano3-puma `:puma_user` option.
+By default, [capistrano3-puma](https://github.com/seuros/capistrano-puma) uses
+`pumactl` for deployment restarts outside of systemd. To learn the exact
+commands that this tool would use for `ExecStart` and `ExecStop`, use the
+following `cap` commands in dry-run mode, and update from the above forking
+service configuration accordingly. Note also that the configured `User` should
+likely be the same as the capistrano3-puma `:puma_user` option.
 
 ~~~~ sh
 stage=production # or different stage, as needed
@@ -248,3 +244,4 @@ cap $stage puma:stop  --dry-run
 
 [Restart]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
 [#1367]: https://github.com/puma/puma/issues/1367
+[#1499]: https://github.com/puma/puma/issues/1499

data/ext/puma_http11/extconf.rb

@@ -11,9 +11,18 @@ end
 unless ENV["DISABLE_SSL"]
   dir_config("openssl")
 
-  if %w'crypto libeay32'.find {|crypto| have_library(crypto, 'BIO_read')} and
+  found_ssl = if pkg_config 'openssl'
+    puts 'using OpenSSL pkgconfig (openssl.pc)'
+    true
+  elsif %w'crypto libeay32'.find {|crypto| have_library(crypto, 'BIO_read')} &&
       %w'ssl ssleay32'.find {|ssl| have_library(ssl, 'SSL_CTX_new')}
+    true
+  else
+    puts '** Puma will be compiled without SSL support'
+    false
+  end
 
+  if found_ssl
     have_header "openssl/bio.h"
 
     # below is  yes for 1.0.2 & later
@@ -25,6 +34,14 @@ unless ENV["DISABLE_SSL"]
 
     have_func  "X509_STORE_up_ref"
     have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h")
+
+    # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
+    if Random.respond_to?(:bytes)
+      $defs.push("-DHAVE_RANDOM_BYTES")
+      puts "checking for Random.bytes... yes"
+    else
+      puts "checking for Random.bytes... no"
+    end
   end
 end
 

data/ext/puma_http11/http11_parser.c

@@ -428,7 +428,13 @@ case 18:
 	switch( (*p) ) {
 		case 13: goto tr26;
 		case 32: goto tr27;
+		case 127: goto st0;
 	}
+	if ( (*p) > 8 ) {
+		if ( 10 <= (*p) && (*p) <= 31 )
+			goto st0;
+	} else if ( (*p) >= 0 )
+		goto st0;
 	goto tr25;
 tr25:
 #line 46 "ext/puma_http11/http11_parser.rl"
@@ -438,9 +444,16 @@ st19:
 	if ( ++p == pe )
 		goto _test_eof19;
 case 19:
-#line 442 "ext/puma_http11/http11_parser.c"
-	if ( (*p) == 13 )
-		goto tr29;
+#line 448 "ext/puma_http11/http11_parser.c"
+	switch( (*p) ) {
+		case 13: goto tr29;
+		case 127: goto st0;
+	}
+	if ( (*p) > 8 ) {
+		if ( 10 <= (*p) && (*p) <= 31 )
+			goto st0;
+	} else if ( (*p) >= 0 )
+		goto st0;
 	goto st19;
 tr9:
 #line 53 "ext/puma_http11/http11_parser.rl"
@@ -484,7 +497,7 @@ st20:
 	if ( ++p == pe )
 		goto _test_eof20;
 case 20:
-#line 488 "ext/puma_http11/http11_parser.c"
+#line 501 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr31;
 		case 60: goto st0;
@@ -505,7 +518,7 @@ st21:
 	if ( ++p == pe )
 		goto _test_eof21;
 case 21:
-#line 509 "ext/puma_http11/http11_parser.c"
+#line 522 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr33;
 		case 60: goto st0;
@@ -526,7 +539,7 @@ st22:
 	if ( ++p == pe )
 		goto _test_eof22;
 case 22:
-#line 530 "ext/puma_http11/http11_parser.c"
+#line 543 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 43: goto st22;
 		case 58: goto st23;
@@ -551,7 +564,7 @@ st23:
 	if ( ++p == pe )
 		goto _test_eof23;
 case 23:
-#line 555 "ext/puma_http11/http11_parser.c"
+#line 568 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr8;
 		case 34: goto st0;
@@ -571,7 +584,7 @@ st24:
 	if ( ++p == pe )
 		goto _test_eof24;
 case 24:
-#line 575 "ext/puma_http11/http11_parser.c"
+#line 588 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr37;
 		case 34: goto st0;
@@ -594,7 +607,7 @@ st25:
 	if ( ++p == pe )
 		goto _test_eof25;
 case 25:
-#line 598 "ext/puma_http11/http11_parser.c"
+#line 611 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr41;
 		case 34: goto st0;
@@ -614,7 +627,7 @@ st26:
 	if ( ++p == pe )
 		goto _test_eof26;
 case 26:
-#line 618 "ext/puma_http11/http11_parser.c"
+#line 631 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr44;
 		case 34: goto st0;

data/ext/puma_http11/http11_parser_common.rl

@@ -43,7 +43,7 @@
 
   field_name = ( token -- ":" )+ >start_field $snake_upcase_field %write_field;
 
-  field_value = any* >start_value %write_value;
+  field_value = ( (any -- CTL) | "\t" )* >start_value %write_value;
 
   message_header = field_name ":" " "* field_value :> CRLF;
 

data/ext/puma_http11/mini_ssl.c

@@ -208,7 +208,7 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
 #endif
   int ssl_options;
   VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
-    verification_flags;
+    verification_flags, session_id_bytes;
   DH *dh;
 
 #if OPENSSL_VERSION_NUMBER < 0x10002000L
@@ -309,6 +309,21 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
   } else {
     SSL_CTX_set_verify(ctx, NUM2INT(verify_mode), engine_verify_callback);
   }
+
+  // Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
+  session_id_bytes = rb_funcall(
+#ifdef HAVE_RANDOM_BYTES
+    rb_cRandom,
+#else
+    rb_const_get(rb_cRandom, rb_intern_const("DEFAULT")),
+#endif
+    rb_intern_const("bytes"),
+    1, ULL2NUM(SSL_MAX_SSL_SESSION_ID_LENGTH));
+
+  SSL_CTX_set_session_id_context(ctx,
+                                 (unsigned char *) RSTRING_PTR(session_id_bytes),
+                                 SSL_MAX_SSL_SESSION_ID_LENGTH);
+
   // printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
   rb_obj_freeze(self);
   return self;