puma 6.3.0-java → 6.4.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ad102abd347c33f98c3a3a1000304ece5cbdbfe4bef67b4adbade6c91111cf0
-  data.tar.gz: 8f9d1ce702bcffeac26ee1882c94603c29130ec61a21e6158d0c0b4cf69cc228
+  metadata.gz: 725988ce035212443c9cd9c6e250dc80edb5de0d1b843a49d11158e5055699b8
+  data.tar.gz: e5f9f2eb0cf769ff5497ce68bb565f8ead8057ca1293d83a2ff10b89044e58ef
 SHA512:
-  metadata.gz: f03c8f279ba9aa8139e056b1047a16c2e7f280cfbd9f3106c578d5782b8078dfd6d4c7ed3731066b20643f66bed6bcdf7b8a1e58fec429e0757940191e173dd0
-  data.tar.gz: 28e109af79749191f8ea47247f66dcdd55ed74a53fcd3443e3e918a173e880ba8938fdea59aaa6c5abbfe8626358a2e52da50cf4df67e9fafa546bc9b3dc5db9
+  metadata.gz: f8a546a676d69611917f30f3839ca01f84f4374e40aa1167882784013b8bddfd95ce03d84aecff86017bf23c9cd7a5efa097fc4c746299da224866737388cdfe
+  data.tar.gz: 7bbf658a44f85eb817101d86e565e03def93a580b31bf4cfd739ecca6c639b070bea75cb3660fe25ab9519396fed9fd31b664b625328430784fdc05cab922f78

data/History.md

@@ -1,3 +1,26 @@
+## 6.4.0 / 2023-09-21
+
+* Features
+  * on_thread_exit hook ([#2920])
+  * on_thread_start_hook ([#3195]) 
+  * Shutdown on idle ([#3209], [#2580])
+  * New error message when control server port taken ([#3204])
+
+* Refactor
+  * Remove `Forwardable` dependency ([#3191], #3190)
+  * Update URLMap Regexp usage for Ruby v3.3 ([#3165])
+
+* Bugfixes
+  * Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. ([#3174])
+  * Fix using control server with IPv6 host ([#3181]) 
+  * control_cli.rb - add require_relative 'log_writer' ([#3187])
+  * Fix cases where fallback Rack response wasn't sent to the client ([#3094])
+  
+## 6.3.1 / 2023-08-18
+
+* Security 
+  * Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
+
 ## 6.3.0 / 2023-05-31
 
 * Features
@@ -10,7 +33,7 @@
   * Handle malformed request path ([#3155], [#3148])
   * Misc lib file fixes - trapping additional errors, CI helper ([#3129])
   * Fixup req form data file upload with "r\n" line endings ([#3137])
-  * Restore rack 1.6 compatibility Restore rack 1.6 compatibility ([#3156])
+  * Restore rack 1.6 compatibility ([#3156])
 
 * Refactor
   * const.rb - Update Puma::HTTP_STATUS_CODES ([#3162])
@@ -121,6 +144,16 @@
   * Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
   * Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])
 
+## 5.6.7 / 2023-08-18
+
+* Security 
+  * Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
+
+## 5.6.6 / 2023-06-21
+
+* Bugfix
+  * Prevent loading with rack 3 ([#3166])
+
 ## 5.6.5 / 2022-08-23
 
 * Feature
@@ -1996,6 +2029,17 @@ be added back in a future date when a java Puma::MiniSSL is added.
 * Bugfixes
   * Your bugfix goes here <Most recent on the top, like GitHub> (#Github Number)
 
+[#2920]:https://github.com/puma/puma/pull/2920     "PR by @biinari, merged 2023-07-11"
+[#3195]:https://github.com/puma/puma/pull/3195     "PR by @binarygit, merged 2023-08-15"
+[#3209]:https://github.com/puma/puma/pull/3209     "PR by @joshuay03, merged 2023-09-04"
+[#2580]:https://github.com/puma/puma/issues/2580   "Issue by @schuetzm, closed 2023-09-04"
+[#3204]:https://github.com/puma/puma/pull/3204     "PR by @dhavalsingh, merged 2023-08-25"
+[#3191]:https://github.com/puma/puma/pull/3191     "PR by @MSP-Greg, merged 2023-08-31"
+[#3165]:https://github.com/puma/puma/pull/3165     "PR by @fallwith, merged 2023-06-06"
+[#3174]:https://github.com/puma/puma/pull/3174     "PR by @copiousfreetime, merged 2023-06-11"
+[#3181]:https://github.com/puma/puma/pull/3181     "PR by @MSP-Greg, merged 2023-06-23"
+[#3187]:https://github.com/puma/puma/pull/3187     "PR by @MSP-Greg, merged 2023-06-30"
+[#3094]:https://github.com/puma/puma/pull/3094     "PR by @Vuta, merged 2023-07-23"
 [#3106]:https://github.com/puma/puma/pull/3106     "PR by @MSP-Greg, merged 2023-05-29"
 [#3014]:https://github.com/puma/puma/issues/3014   "Issue by @kyledrake, closed 2023-05-29"
 [#3161]:https://github.com/puma/puma/pull/3161     "PR by @MSP-Greg, merged 2023-05-27"
@@ -2094,6 +2138,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2921]:https://github.com/puma/puma/issues/2921   "Issue by @MSP-Greg, closed 2022-09-15"
 [#2922]:https://github.com/puma/puma/issues/2922   "Issue by @MSP-Greg, closed 2022-09-10"
 [#2955]:https://github.com/puma/puma/pull/2955     "PR by @cafedomancer, merged 2022-09-15"
+[#3166]:https://github.com/puma/puma/pull/3166     "PR by @JoeDupuis, merged 2023-06-08"
 [#2868]:https://github.com/puma/puma/pull/2868     "PR by @MSP-Greg, merged 2022-06-02"
 [#2866]:https://github.com/puma/puma/issues/2866   "Issue by @slondr, closed 2022-06-02"
 [#2883]:https://github.com/puma/puma/pull/2883     "PR by @MSP-Greg, merged 2022-06-02"
@@ -2120,7 +2165,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2794]:https://github.com/puma/puma/pull/2794     "PR by @johnnyshields, merged 2022-01-10"
 [#2759]:https://github.com/puma/puma/pull/2759     "PR by @ob-stripe, merged 2021-12-11"
 [#2731]:https://github.com/puma/puma/pull/2731     "PR by @baelter, merged 2021-11-02"
-[#2341]:https://github.com/puma/puma/issues/2341   "Issue by @cjlarose, opened 2020-08-18"
+[#2341]:https://github.com/puma/puma/issues/2341   "Issue by @cjlarose, closed 2023-07-23"
 [#2728]:https://github.com/puma/puma/pull/2728     "PR by @dalibor, merged 2021-10-31"
 [#2733]:https://github.com/puma/puma/pull/2733     "PR by @ob-stripe, merged 2021-12-12"
 [#2807]:https://github.com/puma/puma/pull/2807     "PR by @MSP-Greg, merged 2022-01-25"

data/README.md

@@ -12,11 +12,15 @@ Puma is a **simple, fast, multi-threaded, and highly parallel HTTP 1.1 server fo
 
 ## Built For Speed & Parallelism
 
-Puma processes requests using a C-optimized Ragel extension (inherited from Mongrel) that provides fast, accurate HTTP 1.1 protocol parsing in a portable way. Puma then serves the request using a thread pool. Each request is served in a separate thread, so truly parallel Ruby implementations (JRuby, Rubinius) will use all available CPU cores.
+Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby.  It is: 
+* **Multi-threaded**. Each request is served in a separate thread. This helps you serve more requests per second with less memory use.
+* **Multi-process**. "Pre-forks" in cluster mode, using less memory per-process thanks to copy-on-write memory.
+* **Standalone**. With SSL support, zero-downtime rolling restarts and a built-in request bufferer, you can deploy Puma without any reverse proxy.
+* **Battle-tested**. Our HTTP parser is inherited from Mongrel and has over 15 years of production use. Puma is currently the most popular Ruby webserver, and is the default server for Ruby on Rails.
 
 Originally designed as a server for [Rubinius](https://github.com/rubinius/rubinius), Puma also works well with Ruby (MRI) and JRuby.
 
-On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel.
+On MRI, there is a Global VM Lock (GVL) that ensures only one thread can run Ruby code at a time. But if you're doing a lot of blocking IO (such as HTTP calls to external APIs like Twitter), Puma still improves MRI's throughput by allowing IO waiting to be done in parallel. Truly parallel Ruby implementations (TruffleRuby, JRuby) don't have this limitation.
 
 ## Quick Start
 
@@ -114,6 +118,8 @@ $ WEB_CONCURRENCY=3 puma -t 8:32
 
 Note that threads are still used in clustered mode, and the `-t` thread flag setting is per worker, so `-w 2 -t 16:16` will spawn 32 threads in total, with 16 in each worker process.
 
+For an in-depth discussion of the tradeoffs of thread and process count settings, [see our docs](https://github.com/puma/puma/blob/9282a8efa5a0c48e39c60d22ca70051a25df9f55/docs/kubernetes.md#workers-per-pod-and-other-config-issues).
+
 In clustered mode, Puma can "preload" your application. This loads all the application code *prior* to forking. Preloading reduces total memory usage of your application via an operating system feature called [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write).
 
 If the `WEB_CONCURRENCY` environment variable is set to a value > 1 (and `--prune-bundler` has not been specified), preloading will be enabled by default. Otherwise, you can use the `--preload` flag from the command line:
@@ -211,29 +217,32 @@ Puma supports the [`localhost`] gem for self-signed certificates. This is partic
 
 Puma automatically configures SSL when the [`localhost`] gem is loaded in a `development` environment:
 
+Add the gem to your Gemfile:
 ```ruby
-# Add the gem to your Gemfile
 group(:development) do
   gem 'localhost'
 end
+```
 
-# And require it implicitly using bundler
+And require it implicitly using bundler:
+```ruby
 require "bundler"
 Bundler.require(:default, ENV["RACK_ENV"].to_sym)
+```
 
-# Alternatively, you can require the gem in config.ru:
-require './app'
+Alternatively, you can require the gem in your configuration file, either `config/puma/development.rb`, `config/puma.rb`, or set via the `-C` cli option:
+```ruby
 require 'localhost'
-run Sinatra::Application
+# configuration methods (from Puma::DSL) as needed
 ```
 
 Additionally, Puma must be listening to an SSL socket:
 
 ```shell
-$ puma -b 'ssl://localhost:9292' config.ru
+$ puma -b 'ssl://localhost:9292' -C config/use_local_host.rb
 
 # The following options allow you to reach Puma over HTTP as well:
-$ puma -b ssl://localhost:9292 -b tcp://localhost:9393 config.ru
+$ puma -b ssl://localhost:9292 -b tcp://localhost:9393 -C config/use_local_host.rb
 ```
 
 [`localhost`]: https://github.com/socketry/localhost

data/docs/kubernetes.md

@@ -64,3 +64,15 @@ There is a subtle race condition between step 2 and 3: The replication controlle
 The way Kubernetes works this way, rather than handling step 2 synchronously, is due to the CAP theorem: in a distributed system there is no way to guarantee that any message will arrive promptly. In particular, waiting for all Service controllers to report back might get stuck for an indefinite time if one of them has already been terminated or if there has been a net split. A way to work around this is to add a sleep to the pre-stop hook of the same time as the `terminationGracePeriodSeconds` time. This will allow the Puma process to keep serving new requests during the entire grace period, although it will no longer receive new requests after all Service controllers have propagated the removal of the pod from their endpoint lists. Then, after `terminationGracePeriodSeconds`, the pod receives `SIGKILL` and closes down. If your process can't handle SIGKILL properly, for example because it needs to release locks in different services, you can also sleep for a shorter period (and/or increase `terminationGracePeriodSeconds`) as long as the time slept is longer than the time that your Service controllers take to propagate the pod removal. The downside of this workaround is that all pods will take at minimum the amount of time slept to shut down and this will increase the time required for your rolling deploy.
 
 More discussions and links to relevant articles can be found in https://github.com/puma/puma/issues/2343.
+
+## Workers Per Pod, and Other Config Issues
+
+With containerization, you will have to make a decision about how "big" to make each pod. Should you run 2 pods with 50 workers each? 25 pods, each with 4 workers? 100 pods, with each Puma running in single mode? Each scenario represents the same total amount of capacity (100 Puma processes that can respond to requests), but there are tradeoffs to make.
+
+* Worker counts should be somewhere between 4 and 32 in most cases. You want more than 4 in order to minimize time spent in request queueing for a free Puma worker, but probably less than ~32 because otherwise autoscaling is working in too large of an increment or they probably won't fit very well into your nodes.
+* Unless you have a very I/O-heavy application (50%+ time spent waiting on IO), use the default thread count (5 for MRI). Using higher numbers of threads with low I/O wait (<50%) will lead to additional request queueing time (latency!) and additional memory usage.
+* More processes per pod reduces memory usage per process, because of copy-on-write memory and because the cost of the single master process is "amortized" over more child processes.
+* Don't run less than 4 processes per pod if you can. Low numbers of processes per pod will lead to high request queueing, which means you will have to run more pods.
+* If multithreaded, allocate 1 CPU per worker. If single threaded, allocate 0.75 cpus per worker. Most web applications spend about 25% of their time in I/O - but when you're running multi-threaded, your Puma process will have higher CPU usage and should be able to fully saturate a CPU core.
+* Most Puma processes will use about ~512MB-1GB per worker, and about 1GB for the master process. However, you probably shouldn't bother with setting memory limits lower than around 2GB per process, because most places you are deploying will have 2GB of RAM per CPU. A sensible memory limit for a Puma configuration of 4 child workers might be something like 8 GB (1 GB for the master, 7GB for the 4 children).
+

data/ext/puma_http11/mini_ssl.c

@@ -36,6 +36,12 @@ void raise_file_error(const char* caller, const char *filename) {
   rb_raise(eError, "%s: error in file '%s': %s", caller, filename, ERR_error_string(ERR_get_error(), NULL));
 }
 
+NORETURN(void raise_param_error(const char* caller, const char *param));
+
+void raise_param_error(const char* caller, const char *param) {
+  rb_raise(eError, "%s: error with parameter '%s': %s", caller, param, ERR_error_string(ERR_get_error(), NULL));
+}
+
 void engine_free(void *ptr) {
   ms_conn *conn = ptr;
   ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
@@ -226,7 +232,7 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
   VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
     verification_flags, session_id_bytes, cert_pem, key_pem, key_password_command, key_password;
   BIO *bio;
-  X509 *x509;
+  X509 *x509 = NULL;
   EVP_PKEY *pkey;
   pem_password_cb *password_cb = NULL;
   const char *password = NULL;
@@ -298,16 +304,65 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
   }
 
   if (!NIL_P(cert_pem)) {
+    X509 *ca = NULL;
+    unsigned long err;
+
     bio = BIO_new(BIO_s_mem());
     BIO_puts(bio, RSTRING_PTR(cert_pem));
+
+    /**
+     * Much of this pulled as a simplified version of the `use_certificate_chain_file` method
+     * from openssl's `ssl_rsa.c` file.
+     */
+
+    /* first read the cert as the first item in the pem file */
     x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+    if (NULL == x509) {
+      BIO_free_all(bio);
+      raise_param_error("PEM_read_bio_X509", "cert_pem");
+    }
 
-    if (SSL_CTX_use_certificate(ctx, x509) != 1) {
-      BIO_free(bio);
-      raise_file_error("SSL_CTX_use_certificate", RSTRING_PTR(cert_pem));
+    /* Add the cert to the context */
+    /* 1 is success - otherwise check the error codes */
+    if (1 != SSL_CTX_use_certificate(ctx, x509)) {
+      BIO_free_all(bio);
+      raise_param_error("SSL_CTX_use_certificate", "cert_pem");
+    }
+
+    X509_free(x509); /* no longer need our reference */
+
+    /* Now lets load up the rest of the certificate chain */
+    /* 1 is success 0 is error */
+    if (0 == SSL_CTX_clear_chain_certs(ctx)) {
+      BIO_free_all(bio);
+      raise_param_error("SSL_CTX_clear_chain_certs","cert_pem");
+    }
+
+    while (1) {
+      ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+
+      if (NULL == ca) {
+        break;
+      }
+
+      if (0 == SSL_CTX_add0_chain_cert(ctx, ca)) {
+        BIO_free_all(bio);
+        raise_param_error("SSL_CTX_add0_chain_cert","cert_pem");
+      }
+      /* don't free ca - its now owned by the context */
+    }
+
+    /* ca is NULL - so its either the end of the file or an error */
+    err = ERR_peek_last_error();
+
+    /* If its the end of the file - then we are done, in any case free the bio */
+    BIO_free_all(bio);
+
+    if ((ERR_GET_LIB(err) == ERR_LIB_PEM) && (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
+      ERR_clear_error();
+    } else {
+      raise_param_error("PEM_read_bio_X509","cert_pem");
     }
-    X509_free(x509);
-    BIO_free(bio);
   }
 
   if (!NIL_P(key_pem)) {

data/lib/puma/binder.rb

@@ -330,7 +330,7 @@ module Puma
         return
       end
 
-      host = host[1..-2] if host and host[0..0] == '['
+      host = host[1..-2] if host&.start_with? '['
       tcp_server = TCPServer.new(host, port)
 
       if optimize_for_latency
@@ -364,7 +364,7 @@ module Puma
         return
       end
 
-      host = host[1..-2] if host[0..0] == '['
+      host = host[1..-2] if host&.start_with? '['
       s = TCPServer.new(host, port)
       if optimize_for_latency
         s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)

data/lib/puma/cli.rb

@@ -144,6 +144,10 @@ module Puma
             $LOAD_PATH.unshift(*arg.split(':'))
           end
 
+          o.on "--idle-timeout SECONDS", "Number of seconds until the next request before automatic shutdown" do |arg|
+            user_config.idle_timeout arg
+          end
+
           o.on "-p", "--port PORT", "Define the TCP port to bind to",
             "Use -b for more advanced options" do |arg|
             user_config.bind "tcp://#{Configuration::DEFAULTS[:tcp_host]}:#{arg}"

data/lib/puma/client.rb

@@ -11,7 +11,6 @@ end
 require_relative 'detect'
 require_relative 'io_buffer'
 require 'tempfile'
-require 'forwardable'
 
 if Puma::IS_JRUBY
   # We have to work around some OpenSSL buffer/io-readiness bugs
@@ -49,7 +48,8 @@ module Puma
 
     # chunked body validation
     CHUNK_SIZE_INVALID = /[^\h]/.freeze
-    CHUNK_VALID_ENDING = "\r\n".freeze
+    CHUNK_VALID_ENDING = Const::LINE_END
+    CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize
 
     # Content-Length header value validation
     CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
@@ -61,7 +61,6 @@ module Puma
     EmptyBody = NullIO.new
 
     include Puma::Const
-    extend Forwardable
 
     def initialize(io, env=nil)
       @io = io
@@ -110,7 +109,10 @@ module Puma
 
     attr_accessor :remote_addr_header, :listener
 
-    def_delegators :@io, :closed?
+    # Remove in Puma 7?
+    def closed?
+      @to_io.closed?
+    end
 
     # Test to see if io meets a bare minimum of functioning, @to_io needs to be
     # used for MiniSSL::Socket
@@ -382,8 +384,8 @@ module Puma
       cl = @env[CONTENT_LENGTH]
 
       if cl
-        # cannot contain characters that are not \d
-        if CONTENT_LENGTH_VALUE_INVALID.match? cl
+        # cannot contain characters that are not \d, or be empty
+        if CONTENT_LENGTH_VALUE_INVALID.match?(cl) || cl.empty?
           raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
         end
       else
@@ -544,7 +546,7 @@ module Puma
 
       while !io.eof?
         line = io.gets
-        if line.end_with?("\r\n")
+        if line.end_with?(CHUNK_VALID_ENDING)
           # Puma doesn't process chunk extensions, but should parse if they're
           # present, which is the reason for the semicolon regex
           chunk_hex = line.strip[/\A[^;]+/]
@@ -556,13 +558,19 @@ module Puma
             @in_last_chunk = true
             @body.rewind
             rest = io.read
-            last_crlf_size = "\r\n".bytesize
-            if rest.bytesize < last_crlf_size
+            if rest.bytesize < CHUNK_VALID_ENDING_SIZE
               @buffer = nil
-              @partial_part_left = last_crlf_size - rest.bytesize
+              @partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize
               return false
             else
-              @buffer = rest[last_crlf_size..-1]
+              # if the next character is a CRLF, set buffer to everything after that CRLF
+              start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING)
+                CHUNK_VALID_ENDING_SIZE
+              else # we have started a trailer section, which we do not support. skip it!
+                rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2
+              end
+
+              @buffer = rest[start_of_rest..-1]
               @buffer = nil if @buffer.empty?
               set_ready
               return true

data/lib/puma/configuration.rb

@@ -133,8 +133,10 @@ module Puma
       debug: false,
       early_hints: nil,
       environment: 'development'.freeze,
-      # Number of seconds to wait until we get the first data for the request
+      # Number of seconds to wait until we get the first data for the request.
       first_data_timeout: 30,
+      # Number of seconds to wait until the next request before shutting down.
+      idle_timeout: nil,
       io_selector_backend: :auto,
       log_requests: false,
       logger: STDOUT,

data/lib/puma/const.rb

@@ -100,8 +100,8 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "6.3.0"
-    CODE_NAME = "Mugi No Toki Itaru"
+    PUMA_VERSION = VERSION = "6.4.0"
+    CODE_NAME = "The Eagle of Durango"
 
     PUMA_SERVER_STRING = ["puma", PUMA_VERSION, CODE_NAME].join(" ").freeze
 

data/lib/puma/control_cli.rb

@@ -1,10 +1,8 @@
 # frozen_string_literal: true
 
 require 'optparse'
-require_relative 'state_file'
 require_relative 'const'
 require_relative 'detect'
-require_relative 'configuration'
 require 'uri'
 require 'socket'
 
@@ -126,6 +124,9 @@ module Puma
         end
 
         if @config_file
+          require_relative 'configuration'
+          require_relative 'log_writer'
+
           config = Puma::Configuration.new({ config_files: [@config_file] }, {})
           config.load
           @state              ||= config.options[:state]
@@ -149,6 +150,8 @@ module Puma
           raise "State file not found: #{@state}"
         end
 
+        require_relative 'state_file'
+
         sf = Puma::StateFile.new
         sf.load @state
 
@@ -164,22 +167,26 @@ module Puma
     def send_request
       uri = URI.parse @control_url
 
+      host = uri.host
+
       # create server object by scheme
       server =
         case uri.scheme
         when 'ssl'
           require 'openssl'
+          host = host[1..-2] if host&.start_with? '['
           OpenSSL::SSL::SSLSocket.new(
-            TCPSocket.new(uri.host, uri.port),
+            TCPSocket.new(host, uri.port),
             OpenSSL::SSL::SSLContext.new)
             .tap { |ssl| ssl.sync_close = true }  # default is false
             .tap(&:connect)
         when 'tcp'
-          TCPSocket.new uri.host, uri.port
+          host = host[1..-2] if host&.start_with? '['
+          TCPSocket.new host, uri.port
         when 'unix'
           # check for abstract UNIXSocket
           UNIXSocket.new(@control_url.start_with?('unix://@') ?
-            "\0#{uri.host}#{uri.path}" : "#{uri.host}#{uri.path}")
+            "\0#{host}#{uri.path}" : "#{host}#{uri.path}")
         else
           raise "Invalid scheme: #{uri.scheme}"
         end

data/lib/puma/dsl.rb

@@ -315,16 +315,22 @@ module Puma
       bind URI::Generic.build(scheme: 'tcp', host: host, port: Integer(port)).to_s
     end
 
+    # Define how long the tcp socket stays open, if no data has been received.
+    # @see Puma::Server.new
+    def first_data_timeout(seconds)
+      @options[:first_data_timeout] = Integer(seconds)
+    end
+
     # Define how long persistent connections can be idle before Puma closes them.
     # @see Puma::Server.new
     def persistent_timeout(seconds)
       @options[:persistent_timeout] = Integer(seconds)
     end
 
-    # Define how long the tcp socket stays open, if no data has been received.
+    # If a new request is not received within this number of seconds, begin shutting down.
     # @see Puma::Server.new
-    def first_data_timeout(seconds)
-      @options[:first_data_timeout] = Integer(seconds)
+    def idle_timeout(seconds)
+      @options[:idle_timeout] = Integer(seconds)
     end
 
     # Work around leaky apps that leave garbage in Thread locals
@@ -510,6 +516,12 @@ module Puma
     # `true`, which sets reuse 'on' with default values, or a hash, with `:size`
     # and/or `:timeout` keys, each with integer values.
     #
+    # The `cert:` options hash parameter can be the path to a certificate
+    # file including all intermediate certificates in PEM format.
+    #
+    # The `cert_pem:` options hash parameter can be String containing the
+    # cerificate and all intermediate certificates in PEM format.
+    #
     # @example
     #   ssl_bind '127.0.0.1', '9292', {
     #     cert: path_to_cert,
@@ -717,6 +729,40 @@ module Puma
       process_hook :before_refork, key, block, 'on_refork'
     end
 
+    # Code to run immediately before a thread starts. The worker does not
+    # start new threads until this code finishes.
+    #
+    # This hook is useful for doing something when a thread
+    # starts.
+    #
+    # This can be called multiple times to add several hooks.
+    #
+    # @example
+    #   on_thread_start do
+    #     puts 'On thread start...'
+    #   end
+    def on_thread_start(&block)
+      @options[:before_thread_start] ||= []
+      @options[:before_thread_start] << block
+    end
+
+    # Code to run immediately before a thread exits. The worker does not
+    # accept new requests until this code finishes.
+    #
+    # This hook is useful for cleaning up thread local resources when a thread
+    # is trimmed.
+    #
+    # This can be called multiple times to add several hooks.
+    #
+    # @example
+    #   on_thread_exit do
+    #     puts 'On thread exit...'
+    #   end
+    def on_thread_exit(&block)
+      @options[:before_thread_exit] ||= []
+      @options[:before_thread_exit] << block
+    end
+
     # Code to run out-of-band when the worker is idle.
     # These hooks run immediately after a request has finished
     # processing and there are no busy threads on the worker.
@@ -848,7 +894,8 @@ module Puma
     # not a request timeout, it is to protect against a hung or dead process.
     # Setting this value will not protect against slow requests.
     #
-    # The minimum value is 6 seconds, the default value is 60 seconds.
+    # This value must be greater than worker_check_interval.
+    # The default value is 60 seconds.
     #
     # @note Cluster mode only.
     # @example

data/lib/puma/rack/urlmap.rb

@@ -34,7 +34,7 @@ module Puma::Rack
         end
 
         location = location.chomp('/')
-        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", nil, 'n')
+        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", Regexp::NOENCODING)
 
         [host, location, match, app]
       }.sort_by do |(host, location, _, _)|

data/lib/puma/runner.rb

@@ -75,7 +75,11 @@ module Puma
       control = Puma::Server.new app, nil,
         { min_threads: 0, max_threads: 1, queue_requests: false, log_writer: @log_writer }
 
-      control.binder.parse [str], nil, 'Starting control server'
+      begin
+        control.binder.parse [str], nil, 'Starting control server'
+      rescue Errno::EADDRINUSE, Errno::EACCES => e
+        raise e, "Error: Control server address '#{str}' is already in use. Original error: #{e.message}"
+      end
 
       control.run thread_name: 'ctl'
       @control = control

data/lib/puma/server.rb

@@ -15,7 +15,6 @@ require_relative 'request'
 
 require 'socket'
 require 'io/wait' unless Puma::HAS_NATIVE_IO_WAIT
-require 'forwardable'
 
 module Puma
 
@@ -32,7 +31,6 @@ module Puma
   class Server
     include Puma::Const
     include Request
-    extend Forwardable
 
     attr_reader :thread
     attr_reader :log_writer
@@ -48,9 +46,6 @@ module Puma
     attr_accessor :app
     attr_accessor :binder
 
-    def_delegators :@binder, :add_tcp_listener, :add_ssl_listener,
-      :add_unix_listener, :connected_ports
-
     THREAD_LOCAL_KEY = :puma_server
 
     # Create a server for the rack app +app+.
@@ -86,15 +81,16 @@ module Puma
         UserFileDefaultOptions.new(options, Configuration::DEFAULTS)
       end
 
-      @log_writer          = @options.fetch :log_writer, LogWriter.stdio
-      @early_hints         = @options[:early_hints]
-      @first_data_timeout  = @options[:first_data_timeout]
-      @min_threads         = @options[:min_threads]
-      @max_threads         = @options[:max_threads]
-      @persistent_timeout  = @options[:persistent_timeout]
-      @queue_requests      = @options[:queue_requests]
-      @max_fast_inline     = @options[:max_fast_inline]
-      @io_selector_backend = @options[:io_selector_backend]
+      @log_writer                = @options.fetch :log_writer, LogWriter.stdio
+      @early_hints               = @options[:early_hints]
+      @first_data_timeout        = @options[:first_data_timeout]
+      @persistent_timeout        = @options[:persistent_timeout]
+      @idle_timeout              = @options[:idle_timeout]
+      @min_threads               = @options[:min_threads]
+      @max_threads               = @options[:max_threads]
+      @queue_requests            = @options[:queue_requests]
+      @max_fast_inline           = @options[:max_fast_inline]
+      @io_selector_backend       = @options[:io_selector_backend]
       @http_content_length_limit = @options[:http_content_length_limit]
 
       # make this a hash, since we prefer `key?` over `include?`
@@ -330,8 +326,12 @@ module Puma
 
         while @status == :run || (drain && shutting_down?)
           begin
-            ios = IO.select sockets, nil, nil, (shutting_down? ? 0 : nil)
-            break unless ios
+            ios = IO.select sockets, nil, nil, (shutting_down? ? 0 : @idle_timeout)
+            unless ios
+              @status = :stop unless shutting_down?
+              break
+            end
+
             ios.first.each do |sock|
               if sock == check
                 break if handle_check
@@ -476,7 +476,7 @@ module Puma
         end
         true
       rescue StandardError => e
-        client_error(e, client)
+        client_error(e, client, requests)
         # The ensure tries to close +client+ down
         requests > 0
       ensure
@@ -504,22 +504,22 @@ module Puma
     # :nocov:
 
     # Handle various error types thrown by Client I/O operations.
-    def client_error(e, client)
+    def client_error(e, client, requests = 1)
       # Swallow, do not log
       return if [ConnectionError, EOFError].include?(e.class)
 
-      lowlevel_error(e, client.env)
       case e
       when MiniSSL::SSLError
+        lowlevel_error(e, client.env)
         @log_writer.ssl_error e, client.io
       when HttpParserError
-        client.write_error(400)
+        response_to_error(client, requests, e, 400)
         @log_writer.parse_error e, client
       when HttpParserError501
-        client.write_error(501)
+        response_to_error(client, requests, e, 501)
         @log_writer.parse_error e, client
       else
-        client.write_error(500)
+        response_to_error(client, requests, e, 500)
         @log_writer.unknown_error e, nil, "Read"
       end
     end
@@ -541,10 +541,17 @@ module Puma
         backtrace = e.backtrace.nil? ? '<no backtrace available>' : e.backtrace.join("\n")
         [status, {}, ["Puma caught this error: #{e.message} (#{e.class})\n#{backtrace}"]]
       else
-        [status, {}, ["An unhandled lowlevel error occurred. The application logs may have details.\n"]]
+        [status, {}, [""]]
       end
     end
 
+    def response_to_error(client, requests, err, status_code)
+      status, headers, res_body = lowlevel_error(err, client.env, status_code)
+      prepare_response(status, headers, res_body, requests, client)
+      client.write_error(status_code)
+    end
+    private :response_to_error
+
     # Wait for all outstanding requests to finish.
     #
     def graceful_shutdown
@@ -623,5 +630,27 @@ module Puma
     def stats
       STAT_METHODS.map {|name| [name, send(name) || 0]}.to_h
     end
+
+    # below are 'delegations' to binder
+    # remove in Puma 7?
+
+
+    def add_tcp_listener(host, port, optimize_for_latency = true, backlog = 1024)
+      @binder.add_tcp_listener host, port, optimize_for_latency, backlog
+    end
+
+    def add_ssl_listener(host, port, ctx, optimize_for_latency = true,
+                         backlog = 1024)
+      @binder.add_ssl_listener host, port, ctx, optimize_for_latency, backlog
+    end
+
+    def add_unix_listener(path, umask = nil, mode = nil, backlog = 1024)
+      @binder.add_unix_listener path, umask, mode, backlog
+    end
+
+    # @!attribute [r] connected_ports
+    def connected_ports
+      @binder.connected_ports
+    end
   end
 end

data/lib/puma/thread_pool.rb

@@ -51,6 +51,8 @@ module Puma
       @block = block
       @out_of_band = options[:out_of_band]
       @clean_thread_locals = options[:clean_thread_locals]
+      @before_thread_start = options[:before_thread_start]
+      @before_thread_exit = options[:before_thread_exit]
       @reaping_time = options[:reaping_time]
       @auto_trim_time = options[:auto_trim_time]
 
@@ -107,6 +109,7 @@ module Puma
     def spawn_thread
       @spawned += 1
 
+      trigger_before_thread_start_hooks
       th = Thread.new(@spawned) do |spawned|
         Puma.set_thread_name '%s tp %03i' % [@name, spawned]
         todo  = @todo
@@ -125,6 +128,7 @@ module Puma
                 @spawned -= 1
                 @workers.delete th
                 not_full.signal
+                trigger_before_thread_exit_hooks
                 Thread.exit
               end
 
@@ -162,6 +166,36 @@ module Puma
 
     private :spawn_thread
 
+    def trigger_before_thread_start_hooks
+      return unless @before_thread_start&.any?
+
+      @before_thread_start.each do |b|
+        begin
+          b.call
+        rescue Exception => e
+          STDERR.puts "WARNING before_thread_start hook failed with exception (#{e.class}) #{e.message}"
+        end
+      end
+      nil
+    end
+
+    private :trigger_before_thread_start_hooks
+
+    def trigger_before_thread_exit_hooks
+      return unless @before_thread_exit&.any?
+
+      @before_thread_exit.each do |b|
+        begin
+          b.call
+        rescue Exception => e
+          STDERR.puts "WARNING before_thread_exit hook failed with exception (#{e.class}) #{e.message}"
+        end
+      end
+      nil
+    end
+
+    private :trigger_before_thread_exit_hooks
+
     # @version 5.0.0
     def trigger_out_of_band_hook
       return false unless @out_of_band&.any?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 6.3.0
+  version: 6.4.0
 platform: java
 authors:
 - Evan Phoenix
@@ -17,8 +17,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
   name: nio4r
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for