puma 5.6.4-java → 5.6.6-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00fb5299edf47cd69e241fc63a66cb98ef7180e0df430651bab94adeec19bc9f
-  data.tar.gz: 70089c146221037a050001dbeca34da0be535268994214eace5d9f1c670684b6
+  metadata.gz: 37b3eb25ab45872b2fc3ca1347609eeff3bbbc7e921dd0c1a4601cbd834ec6c8
+  data.tar.gz: 3d36489d4a28d5d915eb770a07b1fdb9ac550493084f33c1e08f4716302ff75a
 SHA512:
-  metadata.gz: da00b1d9d4d509cbe4f5da700091188b6559a61c932331cf7e4aef8f424b426846296df0804cb5b06f23033a3d5b6d8d31dcb512444ae276b0071b3e653f5f2e
-  data.tar.gz: efe8517f061dc996c83cec30110c3b8a84e6563dcba33e6416ad98799f685e0145bbd6856c7b7941cbf5682de44c73b56221022ca8231b8cbee7afe5faa78c15
+  metadata.gz: 427bcdc9d19fa36c2f8227686f6c520e392f1780cb8e5303d32f7eb379a49a94bbb3a6b3d997727447a2fa9634321b9ee636a02dc80c6f87f1c5a0bbb28bc826
+  data.tar.gz: b20bee7f70459ace5c90a1d67eac02a1dc8f6dc3ca0838386d6fdd13869b3f5690f3252c4377c0b17d4e343918f5ac7b71ee2327f8adc0d7d4192cda8483448a

data/History.md

@@ -1,3 +1,26 @@
+## 5.6.6 / 2023-06-21
+
+* Bugfix
+  * Allow Puma to be loaded with Rack 3 ([#3166])
+
+## 5.6.5 / 2022-08-23
+
+* Feature
+  * Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
+
+* Bugfixes
+  * NullIO#closed should return false ([#2883])
+  * [jruby] Fix TLS verification hang ([#2890], [#2729])
+  * extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
+  * MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
+  * Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
+  * Escape SSL cert and filenames ([#2855])
+  * Fail hard if SSL certs or keys are invalid ([#2848])
+  * Fail hard if SSL certs or keys cannot be read by user ([#2847])
+  * Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
+  * Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
+  * Fix Puma::StateFile#load incompatibility ([#2810])
+
 ## 5.6.4 / 2022-03-30
 
 * Security
@@ -1845,6 +1868,33 @@ be added back in a future date when a java Puma::MiniSSL is added.
 * Bugfixes
   * Your bugfix goes here <Most recent on the top, like GitHub> (#Github Number)
 
+[#3166]:https://github.com/puma/puma/issues/3166   "Issue by @JoeDupuis, merged 2023-06-08"
+[#2883]:https://github.com/puma/puma/pull/2883     "PR by @MSP-Greg, merged 2022-06-02"
+[#2868]:https://github.com/puma/puma/pull/2868     "PR by @MSP-Greg, merged 2022-06-02"
+[#2866]:https://github.com/puma/puma/issues/2866   "Issue by @slondr, closed 2022-06-02"
+[#2888]:https://github.com/puma/puma/pull/2888     "PR by @MSP-Greg, merged 2022-06-01"
+[#2890]:https://github.com/puma/puma/pull/2890     "PR by @kares, merged 2022-06-01"
+[#2729]:https://github.com/puma/puma/issues/2729   "Issue by @kares, closed 2022-06-01"
+[#2885]:https://github.com/puma/puma/pull/2885     "PR by @MSP-Greg, merged 2022-05-30"
+[#2839]:https://github.com/puma/puma/issues/2839   "Issue by @wlipa, closed 2022-05-30"
+[#2882]:https://github.com/puma/puma/pull/2882     "PR by @MSP-Greg, merged 2022-05-19"
+[#2864]:https://github.com/puma/puma/pull/2864     "PR by @MSP-Greg, merged 2022-04-26"
+[#2863]:https://github.com/puma/puma/issues/2863   "Issue by @eradman, closed 2022-04-26"
+[#2861]:https://github.com/puma/puma/pull/2861     "PR by @BlakeWilliams, merged 2022-04-17"
+[#2856]:https://github.com/puma/puma/issues/2856   "Issue by @nateberkopec, closed 2022-04-17"
+[#2855]:https://github.com/puma/puma/pull/2855     "PR by @stanhu, merged 2022-04-09"
+[#2848]:https://github.com/puma/puma/pull/2848     "PR by @stanhu, merged 2022-04-02"
+[#2847]:https://github.com/puma/puma/pull/2847     "PR by @stanhu, merged 2022-04-02"
+[#2838]:https://github.com/puma/puma/pull/2838     "PR by @epsilon-0, merged 2022-03-03"
+[#2817]:https://github.com/puma/puma/pull/2817     "PR by @khustochka, merged 2022-02-20"
+[#2810]:https://github.com/puma/puma/pull/2810     "PR by @kzkn, merged 2022-01-27"
+[#2899]:https://github.com/puma/puma/pull/2899     "PR by @kares, merged 2022-07-04"
+[#2891]:https://github.com/puma/puma/pull/2891     "PR by @gingerlime, merged 2022-06-02"
+[#2886]:https://github.com/puma/puma/pull/2886     "PR by @kares, merged 2022-05-30"
+[#2884]:https://github.com/puma/puma/pull/2884     "PR by @kares, merged 2022-05-30"
+[#2875]:https://github.com/puma/puma/pull/2875     "PR by @ylecuyer, merged 2022-05-19"
+[#2840]:https://github.com/puma/puma/pull/2840     "PR by @LukaszMaslej, merged 2022-04-13"
+[#2849]:https://github.com/puma/puma/pull/2849     "PR by @kares, merged 2022-04-09"
 [#2809]:https://github.com/puma/puma/pull/2809     "PR by @dentarg, merged 2022-01-26"
 [#2764]:https://github.com/puma/puma/pull/2764     "PR by @dentarg, merged 2022-01-18"
 [#2708]:https://github.com/puma/puma/issues/2708   "Issue by @erikaxel, closed 2022-01-18"
@@ -1930,7 +1980,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2519]:https://github.com/puma/puma/pull/2519     "PR by @MSP-Greg, merged 2021-01-26"
 [#2522]:https://github.com/puma/puma/pull/2522     "PR by @jcmfernandes, merged 2021-01-12"
 [#2490]:https://github.com/puma/puma/pull/2490     "PR by @Bonias, merged 2020-12-07"
-[#2486]:https://github.com/puma/puma/pull/2486     "PR by @ccverak, merged 2020-12-02"
+[#2486]:https://github.com/puma/puma/pull/2486     "PR by @karloscodes, merged 2020-12-02"
 [#2535]:https://github.com/puma/puma/pull/2535     "PR by @MSP-Greg, merged 2021-01-27"
 [#2529]:https://github.com/puma/puma/pull/2529     "PR by @MSP-Greg, merged 2021-01-24"
 [#2533]:https://github.com/puma/puma/pull/2533     "PR by @MSP-Greg, merged 2021-01-24"
@@ -1940,7 +1990,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2521]:https://github.com/puma/puma/pull/2521     "PR by @ojab, merged 2021-01-04"
 [#2531]:https://github.com/puma/puma/pull/2531     "PR by @wjordan, merged 2021-01-19"
 [#2510]:https://github.com/puma/puma/pull/2510     "PR by @micke, merged 2020-12-10"
-[#2472]:https://github.com/puma/puma/pull/2472     "PR by @ccverak, merged 2020-11-02"
+[#2472]:https://github.com/puma/puma/pull/2472     "PR by @karloscodes, merged 2020-11-02"
 [#2438]:https://github.com/puma/puma/pull/2438     "PR by @ekohl, merged 2020-10-26"
 [#2406]:https://github.com/puma/puma/pull/2406     "PR by @fdel15, merged 2020-10-19"
 [#2449]:https://github.com/puma/puma/pull/2449     "PR by @MSP-Greg, merged 2020-10-28"
@@ -2367,7 +2417,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#709]:https://github.com/puma/puma/pull/709       "PR by @lian, merged 2015-06-10"
 [#711]:https://github.com/puma/puma/pull/711       "PR by @julik, merged 2015-06-10"
 [#712]:https://github.com/puma/puma/pull/712       "PR by @chewi, merged 2015-07-14"
-[#715]:https://github.com/puma/puma/pull/715       "PR by @0RaymondJiang0, merged 2015-07-14"
+[#715]:https://github.com/puma/puma/pull/715       "PR by @raymondmars, merged 2015-07-14"
 [#725]:https://github.com/puma/puma/pull/725       "PR by @rwz, merged 2015-07-14"
 [#726]:https://github.com/puma/puma/pull/726       "PR by @jshafton, merged 2015-07-14"
 [#729]:https://github.com/puma/puma/pull/729       "PR by @allaire, merged 2015-07-14"

data/ext/puma_http11/extconf.rb

@@ -9,9 +9,11 @@ if $mingw && RUBY_VERSION >= '2.4'
 end
 
 unless ENV["DISABLE_SSL"]
-  dir_config("openssl")
+  # don't use pkg_config('openssl') if '--with-openssl-dir' is used
+  has_openssl_dir = dir_config('openssl').any?
+  found_pkg_config = !has_openssl_dir && pkg_config('openssl')
 
-  found_ssl = if (!$mingw || RUBY_VERSION >= '2.4') && (t = pkg_config 'openssl')
+  found_ssl = if (!$mingw || RUBY_VERSION >= '2.4') && found_pkg_config
     puts 'using OpenSSL pkgconfig (openssl.pc)'
     true
   elsif %w'crypto libeay32'.find {|crypto| have_library(crypto, 'BIO_read')} &&
@@ -35,7 +37,10 @@ unless ENV["DISABLE_SSL"]
     have_func  "X509_STORE_up_ref"
     have_func "SSL_CTX_set_ecdh_auto(NULL, 0)"         , "openssl/ssl.h"
 
-    # below are yes for 3.0.0 & later, use for OpenSSL 3 detection
+    # below exists in 1.1.0 and later, but isn't documented until 3.0.0
+    have_func "SSL_CTX_set_dh_auto(NULL, 0)"           , "openssl/ssl.h"
+
+    # below is yes for 3.0.0 & later
     have_func "SSL_get1_peer_certificate"              , "openssl/ssl.h"
 
     # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0

data/ext/puma_http11/mini_ssl.c

@@ -30,6 +30,12 @@ typedef struct {
 
 VALUE eError;
 
+NORETURN(void raise_file_error(const char* caller, const char *filename));
+
+void raise_file_error(const char* caller, const char *filename) {
+  rb_raise(eError, "%s: error in file '%s': %s", caller, filename, ERR_error_string(ERR_get_error(), NULL));
+}
+
 void engine_free(void *ptr) {
   ms_conn *conn = ptr;
   ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
@@ -49,7 +55,7 @@ const rb_data_type_t engine_data_type = {
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
 };
 
-#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
+#ifndef HAVE_SSL_CTX_SET_DH_AUTO
 DH *get_dh2048(void) {
   /* `openssl dhparam -C 2048`
    * -----BEGIN DH PARAMETERS-----
@@ -92,13 +98,13 @@ DH *get_dh2048(void) {
   static unsigned char dh2048_g[] = { 0x02 };
 
   DH *dh;
-#if !(OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER))
+#if !(OPENSSL_VERSION_NUMBER < 0x10100005L)
   BIGNUM *p, *g;
 #endif
 
   dh = DH_new();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
   dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
   dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
 
@@ -211,7 +217,7 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
   int ssl_options;
   VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
     verification_flags, session_id_bytes, cert_pem, key_pem;
-#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
+#ifndef HAVE_SSL_CTX_SET_DH_AUTO
   DH *dh;
 #endif
   BIO *bio;
@@ -244,12 +250,18 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
 
   if (!NIL_P(cert)) {
     StringValue(cert);
-    SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
+
+    if (SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert)) != 1) {
+      raise_file_error("SSL_CTX_use_certificate_chain_file", RSTRING_PTR(cert));
+    }
   }
 
   if (!NIL_P(key)) {
     StringValue(key);
-    SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
+
+    if (SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM) != 1) {
+      raise_file_error("SSL_CTX_use_PrivateKey_file", RSTRING_PTR(key));
+    }
   }
 
   if (!NIL_P(cert_pem)) {
@@ -257,7 +269,9 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
     BIO_puts(bio, RSTRING_PTR(cert_pem));
     x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
 
-    SSL_CTX_use_certificate(ctx, x509);
+    if (SSL_CTX_use_certificate(ctx, x509) != 1) {
+      raise_file_error("SSL_CTX_use_certificate", RSTRING_PTR(cert_pem));
+    }
   }
 
   if (!NIL_P(key_pem)) {
@@ -265,7 +279,9 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
     BIO_puts(bio, RSTRING_PTR(key_pem));
     pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
 
-    SSL_CTX_use_PrivateKey(ctx, pkey);
+    if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) {
+      raise_file_error("SSL_CTX_use_PrivateKey", RSTRING_PTR(key_pem));
+    }
   }
 
   verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);
@@ -278,7 +294,9 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
 
   if (!NIL_P(ca)) {
     StringValue(ca);
-    SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
+    if (SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL) != 1) {
+      raise_file_error("SSL_CTX_load_verify_locations", RSTRING_PTR(ca));
+    }
   }
 
   ssl_options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION;
@@ -355,7 +373,7 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
 
   // printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
 
-#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
+#ifdef HAVE_SSL_CTX_SET_DH_AUTO
   // https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_dh_auto.html
   SSL_CTX_set_dh_auto(ctx, 1);
 #else

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -279,14 +279,6 @@ public class MiniSSL extends RubyObject {
       }
     }
 
-    // after each op, run any delegated tasks if needed
-    if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
-      Runnable runnable;
-      while ((runnable = engine.getDelegatedTask()) != null) {
-        runnable.run();
-      }
-    }
-
     return res;
   }
 
@@ -304,11 +296,12 @@ public class MiniSSL extends RubyObject {
 
       HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
       boolean done = false;
-      SSLEngineResult res = null;
       while (!done) {
+        SSLEngineResult res;
         switch (handshakeStatus) {
           case NEED_WRAP:
             res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            handshakeStatus = res.getHandshakeStatus();
             break;
           case NEED_UNWRAP:
             res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
@@ -316,13 +309,18 @@ public class MiniSSL extends RubyObject {
               // need more data before we can shake more hands
               done = true;
             }
+            handshakeStatus = res.getHandshakeStatus();
+            break;
+          case NEED_TASK:
+            Runnable runnable;
+            while ((runnable = engine.getDelegatedTask()) != null) {
+              runnable.run();
+            }
+            handshakeStatus = engine.getHandshakeStatus();
             break;
           default:
             done = true;
         }
-        if (!done) {
-          handshakeStatus = res.getHandshakeStatus();
-        }
       }
 
       if (inboundNetData.hasRemaining()) {

data/lib/puma/app/status.rb

@@ -39,6 +39,9 @@ module Puma
           when 'phased-restart'
             @launcher.phased_restart ? 200 : 404
 
+          when 'refork'
+            @launcher.refork ? 200 : 404
+
           when 'reload-worker-directory'
             @launcher.send(:reload_worker_directory) ? 200 : 404
 

data/lib/puma/binder.rb

@@ -189,7 +189,7 @@ module Puma
           end
 
           if fd = @inherited_fds.delete(str)
-            @unix_paths << path unless abstract
+            @unix_paths << path unless abstract || File.exist?(path)
             io = inherit_unix_listener path, fd
             logger.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :unix, path ]) ||

data/lib/puma/const.rb

@@ -100,7 +100,7 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "5.6.4".freeze
+    PUMA_VERSION = VERSION = "5.6.6".freeze
     CODE_NAME = "Birdie's Version".freeze
 
     PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze

data/lib/puma/control_cli.rb

@@ -17,26 +17,30 @@ module Puma
     CMD_PATH_SIG_MAP = {
       'gc'       => nil,
       'gc-stats' => nil,
-      'halt'     => 'SIGQUIT',
-      'phased-restart' => 'SIGUSR1',
-      'refork'   => 'SIGURG',
+      'halt'              => 'SIGQUIT',
+      'info'              => 'SIGINFO',
+      'phased-restart'    => 'SIGUSR1',
+      'refork'            => 'SIGURG',
       'reload-worker-directory' => nil,
-      'restart'  => 'SIGUSR2',
+      'reopen-log'        => 'SIGHUP',
+      'restart'           => 'SIGUSR2',
       'start'    => nil,
       'stats'    => nil,
       'status'   => '',
-      'stop'     => 'SIGTERM',
-      'thread-backtraces' => nil
+      'stop'              => 'SIGTERM',
+      'thread-backtraces' => nil,
+      'worker-count-down' => 'SIGTTOU',
+      'worker-count-up'   => 'SIGTTIN'
     }.freeze
 
     # @deprecated 6.0.0
     COMMANDS = CMD_PATH_SIG_MAP.keys.freeze
 
     # commands that cannot be used in a request
-    NO_REQ_COMMANDS = %w{refork}.freeze
+    NO_REQ_COMMANDS = %w[info reopen-log worker-count-down worker-count-up].freeze
 
     # @version 5.0.0
-    PRINTABLE_COMMANDS = %w{gc-stats stats thread-backtraces}.freeze
+    PRINTABLE_COMMANDS = %w[gc-stats stats thread-backtraces].freeze
 
     def initialize(argv, stdout=STDOUT, stderr=STDERR)
       @state = nil
@@ -185,8 +189,6 @@ module Puma
 
       if @command == 'status'
         message 'Puma is started'
-      elsif NO_REQ_COMMANDS.include? @command
-        raise "Invalid request command: #{@command}"
       else
         url = "/#{@command}"
 
@@ -242,7 +244,11 @@ module Puma
           @stdout.flush unless @stdout.sync
           return
         elsif sig.start_with? 'SIG'
-          Process.kill sig, @pid
+          if Signal.list.key? sig.sub(/\ASIG/, '')
+            Process.kill sig, @pid
+          else
+            raise "Signal '#{sig}' not available'"
+          end
         elsif @command == 'status'
           begin
             Process.kill 0, @pid
@@ -268,7 +274,7 @@ module Puma
       return start if @command == 'start'
       prepare_configuration
 
-      if Puma.windows? || @control_url
+      if Puma.windows? || @control_url && !NO_REQ_COMMANDS.include?(@command)
         send_request
       else
         send_signal

data/lib/puma/dsl.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'puma/const'
+require 'puma/util'
 
 module Puma
   # The methods that are available for use inside the configuration file.
@@ -46,7 +47,7 @@ module Puma
         else ''
         end
 
-      ca_additions = "&ca=#{opts[:ca]}" if ['peer', 'force_peer'].include?(verify)
+      ca_additions = "&ca=#{Puma::Util.escape(opts[:ca])}" if ['peer', 'force_peer'].include?(verify)
 
       backlog_str = opts[:backlog] ? "&backlog=#{Integer(opts[:backlog])}" : ''
 
@@ -65,7 +66,10 @@ module Puma
         v_flags = (ary = opts[:verification_flags]) ?
           "&verification_flags=#{Array(ary).join ','}" : nil
 
-        "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}" \
+        cert_flags = (cert = opts[:cert]) ? "cert=#{Puma::Util.escape(opts[:cert])}" : nil
+        key_flags = (cert = opts[:key]) ? "&key=#{Puma::Util.escape(opts[:key])}" : nil
+
+        "ssl://#{host}:#{port}?#{cert_flags}#{key_flags}" \
           "#{ssl_cipher_filter}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}"
       end
     end

data/lib/puma/launcher.rb

@@ -159,6 +159,17 @@ module Puma
       true
     end
 
+    # Begin a refork if supported
+    def refork
+      if clustered? && @runner.respond_to?(:fork_worker!) && @options[:fork_worker]
+        @runner.fork_worker!
+        true
+      else
+        log "* refork called but not available."
+        false
+      end
+    end
+
     # Run the server. This blocks until the server is stopped
     def run
       previous_env =

data/lib/puma/minissl.rb

@@ -214,6 +214,11 @@ module Puma
         @cert_pem = nil
       end
 
+      def check_file(file, desc)
+        raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file
+        raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file
+      end
+
       if IS_JRUBY
         # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
         attr_reader :keystore
@@ -221,7 +226,7 @@ module Puma
         attr_accessor :ssl_cipher_list
 
         def keystore=(keystore)
-          raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
+          check_file keystore, 'Keystore'
           @keystore = keystore
         end
 
@@ -240,17 +245,17 @@ module Puma
         attr_accessor :verification_flags
 
         def key=(key)
-          raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
+          check_file key, 'Key'
           @key = key
         end
 
         def cert=(cert)
-          raise ArgumentError, "No such cert file '#{cert}'" unless File.exist? cert
+          check_file cert, 'Cert'
           @cert = cert
         end
 
         def ca=(ca)
-          raise ArgumentError, "No such ca file '#{ca}'" unless File.exist? ca
+          check_file ca, 'ca'
           @ca = ca
         end
 

data/lib/puma/null_io.rb

@@ -52,5 +52,10 @@ module Puma
     def flush
       self
     end
+
+    # This is used as singleton class, so can't have state.
+    def closed?
+      false
+    end
   end
 end

data/lib/puma/request.rb

@@ -178,7 +178,11 @@ module Puma
           res_body.close if res_body.respond_to? :close
         end
 
-        after_reply.each { |o| o.call }
+        begin
+          after_reply.each { |o| o.call }
+        rescue StandardError => e
+          @log_writer.debug_error e
+        end
       end
 
       res_info[:keep_alive]

data/lib/puma/server.rb

@@ -39,6 +39,7 @@ module Puma
     attr_reader :events
     attr_reader :min_threads, :max_threads  # for #stats
     attr_reader :requests_count             # @version 5.0.0
+    attr_reader :log_writer                 # to help with backports
 
     # @todo the following may be deprecated in the future
     attr_reader :auto_trim_time, :early_hints, :first_data_timeout,
@@ -73,6 +74,7 @@ module Puma
     def initialize(app, events=Events.stdio, options={})
       @app = app
       @events = events
+      @log_writer = events
 
       @check, @notify = nil
       @status = :stop

data/lib/puma/state_file.rb

@@ -50,6 +50,7 @@ module Puma
         v = v.strip
         @options[k] =
           case v
+          when ''              then nil
           when /\A\d+\z/       then v.to_i
           when /\A\d+\.\d+\z/  then v.to_f
           else                      v.gsub(/\A"|"\z/, '')

data/lib/puma/util.rb

@@ -17,18 +17,27 @@ module Puma
       Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
     end
 
-    # Unescapes a URI escaped string with +encoding+. +encoding+ will be the
-    # target encoding of the string returned, and it defaults to UTF-8
+    # Escapes and unescapes a URI escaped string with
+    # +encoding+. +encoding+ will be the target encoding of the string
+    # returned, and it defaults to UTF-8
     if defined?(::Encoding)
+      def escape(s, encoding = Encoding::UTF_8)
+        URI.encode_www_form_component(s, encoding)
+      end
+
       def unescape(s, encoding = Encoding::UTF_8)
         URI.decode_www_form_component(s, encoding)
       end
     else
+      def escape(s, encoding = nil)
+        URI.encode_www_form_component(s, encoding)
+      end
+
       def unescape(s, encoding = nil)
         URI.decode_www_form_component(s, encoding)
       end
     end
-    module_function :unescape
+    module_function :unescape, :escape
 
     # @version 5.0.0
     def nakayoshi_gc(events)

data/lib/puma.rb

@@ -10,9 +10,11 @@ require 'stringio'
 
 require 'thread'
 
+# extension files should not be loaded with `require_relative`
 require 'puma/puma_http11'
-require 'puma/detect'
-require 'puma/json_serialization'
+require_relative 'puma/detect'
+require_relative 'puma/json_serialization'
+require_relative 'rack/version_restriction'
 
 module Puma
   autoload :Const, 'puma/const'
@@ -23,7 +25,7 @@ module Puma
   # not in minissl.rb
   HAS_SSL = const_defined?(:MiniSSL, false) && MiniSSL.const_defined?(:Engine, false)
 
-  HAS_UNIX_SOCKET = Object.const_defined? :UNIXSocket
+  HAS_UNIX_SOCKET = Object.const_defined?(:UNIXSocket) && !IS_WINDOWS
 
   if HAS_SSL
     require 'puma/minissl'

data/lib/rack/version_restriction.rb

@@ -0,0 +1,15 @@
+begin
+  begin
+    # rack/version exists in Rack 2.2.0 and later, compatible with Ruby 2.3 and later
+    # we prefer to not load Rack
+    require 'rack/version'
+  rescue LoadError
+    require 'rack'
+  end
+
+  # Rack.release is needed for Rack v1, Rack::RELEASE was added in v2
+  if Gem::Version.new(Rack.release) >= Gem::Version.new("3.0.0")
+    raise StandardError.new "Puma 5 is not compatible with Rack 3, please upgrade to Puma 6 or higher."
+  end
+rescue LoadError
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 5.6.4
+  version: 5.6.6
 platform: java
 authors:
 - Evan Phoenix
@@ -17,8 +17,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
   name: nio4r
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -115,6 +115,7 @@ files:
 - lib/puma/thread_pool.rb
 - lib/puma/util.rb
 - lib/rack/handler/puma.rb
+- lib/rack/version_restriction.rb
 - tools/Dockerfile
 - tools/trickletest.rb
 homepage: https://puma.io
@@ -140,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.29
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for