puma 2.11.2-java → 2.11.3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15fb0c13c7ff16a253d52f54be4cde349a4418c5
-  data.tar.gz: 2f670fd800ed5501af6d56d5d171e17b7df80871
+  metadata.gz: e374ffc305668db0b5e3e15fb92fd5993291e94c
+  data.tar.gz: dfb56a5df12d2240fd3396e89f1f0f6573b4c508
 SHA512:
-  metadata.gz: b88621bba0fbc57e41036435b2b4f1b4b1bf836be3972ea0dde15d7986c2113a2715e5df5544019e2ead18f3cc509a99cb0b7822425451395c9c0265acf042c8
-  data.tar.gz: 6f5bb06ac5e03f9a93927b5d4e8a250e6735b5c02f3967ae1f5a173dae6f0b8e8c7ae1be19f92000025007e94446e1d02c4d26fd5b1bd2d4110178652b24643f
+  metadata.gz: a097451e0ea3b31e06ec2f00b6edc399f7869debd248b6ba86ad49682d900cbf95d8588bd9d44748b23186b4e40e976f7c83294d9012bae8da658a1ce1a69e65
+  data.tar.gz: a7effe422700a125f982733760aa28e0110f0cecc367d015d8385a19f3dd7803416579c32251b06c0143e676a7e950dfbf765448eb9dadc6d3b7a20c4bd7cb87

data/History.txt

@@ -1,3 +1,14 @@
+=== 2.11.3 / 2015-05-18
+
+* 5 bug fixes:
+  * Be sure to unlink tempfiles after a request. Fixes #690
+  * Coerce the key to a string before checking. (thar be symbols). Fixes #684
+  * Fix hang on bad SSL handshake
+  * Remove `enable_SSLv3` support from JRuby
+
+* 1 PR merged:
+  * Merge pull request #698 from looker/hang-handshake
+
 === 2.11.2 / 2015-04-11
 
 * 2 minor features:
@@ -483,7 +494,7 @@ RailsConf 2013 edition!
   * Close the binder in the right place. Fixes #192
   * Handle early term in workers. Fixes #206
   * Make sure that the default port is 80 when the request doesn't include HTTP_X_FORWARDED_PROTO.
-  * Prevent Errno::EBADF errors on restart when running ruby 2.0 
+  * Prevent Errno::EBADF errors on restart when running ruby 2.0
   * Record the proper @master_pid
   * Respect the header HTTP_X_FORWARDED_PROTO when the host doesn't include a port number.
   * Retry EAGAIN/EWOULDBLOCK during syswrite

data/ext/puma_http11/mini_ssl.c

@@ -161,7 +161,7 @@ void raise_error(SSL* ssl, int result) {
 VALUE engine_read(VALUE self) {
   ms_conn* conn;
   char buf[512];
-  int bytes, n;
+  int bytes, n, error;
 
   Data_Get_Struct(self, ms_conn, conn);
 
@@ -173,7 +173,8 @@ VALUE engine_read(VALUE self) {
 
   if(SSL_want_read(conn->ssl)) return Qnil;
 
-  if(SSL_get_error(conn->ssl, bytes) == SSL_ERROR_ZERO_RETURN) {
+  error = SSL_get_error(conn->ssl, bytes);
+  if(error == SSL_ERROR_ZERO_RETURN || error == SSL_ERROR_SSL) {
     rb_eof_error();
   }
 

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -153,13 +153,7 @@ public class MiniSSL extends RubyObject {
     sslCtx.init(kmf.getKeyManagers(), null, null);
     engine = sslCtx.createSSLEngine();
 
-    IRubyObject enableSSLv3 = miniSSLContext.callMethod(threadContext, "enable_SSLv3");
-    String[] protocols;
-    if (enableSSLv3 instanceof RubyBoolean && enableSSLv3.isTrue()) {
-      protocols = new String[] { "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
-    } else {
-      protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
-    }
+    String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
@@ -308,8 +302,10 @@ public class MiniSSL extends RubyObject {
       log("read(): end dump of request data   <<<<\n");
       return str;
     } catch (Exception e) {
-      e.printStackTrace();
-      throw new RuntimeException(e);
+      if (DEBUG) {
+        e.printStackTrace();
+      }
+      throw getRuntime().newEOFError(e.getMessage());
     }
   }
 

data/lib/puma/client.rb

@@ -39,6 +39,7 @@ module Puma
 
       @body = nil
       @buffer = nil
+      @tempfile = nil
 
       @timeout_at = nil
 
@@ -46,7 +47,8 @@ module Puma
       @hijacked = false
     end
 
-    attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked
+    attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
+                :tempfile
 
     def inspect
       "#<Puma::Client:0x#{object_id.to_s(16)} @ready=#{@ready.inspect}>"
@@ -72,6 +74,7 @@ module Puma
       @read_header = true
       @env = @proto_env.dup
       @body = nil
+      @tempfile = nil
       @parsed_bytes = 0
       @ready = false
 
@@ -129,6 +132,7 @@ module Puma
       if remain > MAX_BODY
         @body = Tempfile.new(Const::PUMA_TMP_BASE)
         @body.binmode
+        @tempfile = @body
       else
         # The body[0,0] trick is to get an empty string in the same
         # encoding as body.

data/lib/puma/configuration.rb

@@ -103,7 +103,7 @@ module Puma
       @options.merge!(rack_options)
 
       config_ru_binds = rack_options.each_with_object([]) do |(k, v), b|
-        b << v if k.start_with?('bind')
+        b << v if k.to_s[0,4] == "bind"
       end
       @options[:binds] = config_ru_binds unless config_ru_binds.empty?
 

data/lib/puma/const.rb

@@ -28,7 +28,7 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "2.11.2".freeze
+    PUMA_VERSION = VERSION = "2.11.3".freeze
     CODE_NAME = "Intrepid Squirrel".freeze
 
     FAST_TRACK_KA_TIMEOUT = 0.2

data/lib/puma/minissl.rb

@@ -95,11 +95,6 @@ module Puma
         # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
         attr_reader :keystore
         attr_accessor :keystore_pass
-        attr_accessor :enable_SSLv3
-
-        def initialize
-          @enable_SSLv3 = false
-        end
 
         def keystore=(keystore)
           raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore

data/lib/puma/server.rb

@@ -656,6 +656,7 @@ module Puma
         uncork_socket client
 
         body.close
+        req.tempfile.unlink if req.tempfile
         res_body.close if res_body.respond_to? :close
 
         after_reply.each { |o| o.call }

data/test/test_puma_server_ssl.rb

@@ -88,48 +88,11 @@ class TestPumaServerSSL < Test::Unit::TestCase
     assert_equal "https", body
   end
 
-  if defined?(JRUBY_VERSION)
-    def test_ssl_v3_support_disabled_by_default
-      @http.ssl_version='SSLv3'
-      assert_raises(OpenSSL::SSL::SSLError) do
-        @http.start do
-          Net::HTTP::Get.new '/'
-        end
-      end
-    end
-
-    def test_enabling_ssl_v3_support
-      @server.stop(true)
-      @ctx.enable_SSLv3 = true
-      @server = Puma::Server.new @app, @events
-      @server.add_ssl_listener @host, @port, @ctx
-      @server.run
-      @http.ssl_version='SSLv3'
-
-      body = nil
+  def test_ssl_v3_rejection
+    @http.ssl_version='SSLv3'
+    assert_raises(OpenSSL::SSL::SSLError) do
       @http.start do
-        req = Net::HTTP::Get.new "/", {}
-
-        @http.request(req) do |rep|
-          body = rep.body
-        end
-      end
-
-      assert_equal "https", body
-    end
-
-    def test_enabling_ssl_v3_support_requires_true
-      @server.stop(true)
-      @ctx.enable_SSLv3 = "truthy but not true"
-      @server = Puma::Server.new @app, @events
-      @server.add_ssl_listener @host, @port, @ctx
-      @server.run
-      @http.ssl_version='SSLv3'
-
-      assert_raises(OpenSSL::SSL::SSLError) do
-        @http.start do
-          Net::HTTP::Get.new '/'
-        end
+        Net::HTTP::Get.new '/'
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 2.11.2
+  version: 2.11.3
 platform: java
 authors:
 - Evan Phoenix
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-13 00:00:00.000000000 Z
+date: 2015-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement