puma 3.8.2 → 3.9.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puma might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7b623ac72b5bea3525cc1c76bd48385e0eef0a17
4
- data.tar.gz: d5a2ec55bef9deb959e22faa6c077e7b323a7834
3
+ metadata.gz: b81d09730460553a429075838b26bb574a4b9610
4
+ data.tar.gz: a3336117cdff61b925b86effef73382d5e765862
5
5
  SHA512:
6
- metadata.gz: 33c903e1d88e6552d8146a9fd1a829f8c6e8f15d131ec37854d29025952186a9cafda9204b89d12682f3905973bb8c6c0606948587e34b36b62d24c16ad5572b
7
- data.tar.gz: d4137246420030c7e1deb7988c7cf15f20b8543211d6c1ef6fae240092941aeeae60c53353d81d8aa7b62064410119f4e4a80d8427b16a5d6c98d4a6fe51b495
6
+ metadata.gz: 7a9b8d7cf54f2c97932e16ff76c19be931f936b246305912f1a2b939405af0a41192d7f5ee7ee462640e629a28476c591d44e702401d7a11128a8b3669af4151
7
+ data.tar.gz: dca5d59920db309d50c341cb19ab4f24d8d3f3781488e9c78a3a240b0d6f7908ad61854eb60965ffbeda10048285375ce9432b3c6d4444db1dd0cf5ca9799eaf
data/History.md CHANGED
@@ -1,3 +1,26 @@
1
+ ## 3.9.0 / 2017-06-01
2
+
3
+ * 2 features:
4
+ * The ENV is now reset to its original values when Puma restarts via USR1/USR2 (#1260) (MRI only, no JRuby support)
5
+ * Puma will no longer accept more clients than the maximum number of threads. (#1278)
6
+
7
+ * 9 bugfixes:
8
+ * Reduce information leakage by preventing HTTP parse errors from writing environment hashes to STDERR (#1306)
9
+ * Fix SSL/WebSocket compatibility (#1274)
10
+ * HTTP headers with empty values are no longer omitted from responses. (#1261)
11
+ * Fix a Rack env key which was set to nil. (#1259)
12
+ * peercert has been implemented for JRuby (#1248)
13
+ * Fix port settings when using rails s (#1277, #1290)
14
+ * Fix compat w/LibreSSL (#1285)
15
+ * Fix restarting Puma w/symlinks and a new Gemfile (#1282)
16
+ * Replace Dir.exists? with Dir.exist? (#1294)
17
+
18
+ * 1 known issue:
19
+ * A bug in MRI 2.2+ can result in IOError: stream closed. See #1206. This issue has existed since at least Puma 3.6, and probably further back.
20
+
21
+ * 1 refactor:
22
+ * Lots of test fixups from @grosser.
23
+
1
24
  ## 3.8.2 / 2017-03-14
2
25
 
3
26
  * 1 bugfix:
@@ -88,7 +88,7 @@ DH *get_dh1024() {
88
88
  DH *dh;
89
89
  dh = DH_new();
90
90
 
91
- #if OPENSSL_VERSION_NUMBER < 0x10100005L
91
+ #if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
92
92
  dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
93
93
  dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
94
94
 
@@ -6,6 +6,7 @@ import org.jruby.RubyModule;
6
6
  import org.jruby.RubyObject;
7
7
  import org.jruby.RubyString;
8
8
  import org.jruby.anno.JRubyMethod;
9
+ import org.jruby.javasupport.JavaEmbedUtils;
9
10
  import org.jruby.runtime.Block;
10
11
  import org.jruby.runtime.ObjectAllocator;
11
12
  import org.jruby.runtime.ThreadContext;
@@ -18,6 +19,7 @@ import javax.net.ssl.SSLContext;
18
19
  import javax.net.ssl.SSLEngine;
19
20
  import javax.net.ssl.SSLEngineResult;
20
21
  import javax.net.ssl.SSLException;
22
+ import javax.net.ssl.SSLPeerUnverifiedException;
21
23
  import javax.net.ssl.SSLSession;
22
24
  import java.io.FileInputStream;
23
25
  import java.io.IOException;
@@ -27,6 +29,7 @@ import java.security.KeyStore;
27
29
  import java.security.KeyStoreException;
28
30
  import java.security.NoSuchAlgorithmException;
29
31
  import java.security.UnrecoverableKeyException;
32
+ import java.security.cert.CertificateEncodingException;
30
33
  import java.security.cert.CertificateException;
31
34
 
32
35
  import static javax.net.ssl.SSLEngineResult.Status;
@@ -333,7 +336,11 @@ public class MiniSSL extends RubyObject {
333
336
  }
334
337
 
335
338
  @JRubyMethod
336
- public IRubyObject peercert() {
337
- return getRuntime().getNil();
339
+ public IRubyObject peercert() throws CertificateEncodingException {
340
+ try {
341
+ return JavaEmbedUtils.javaToRuby(getRuntime(), engine.getSession().getPeerCertificates()[0].getEncoded());
342
+ } catch (SSLPeerUnverifiedException ex) {
343
+ return getRuntime().getNil();
344
+ }
338
345
  }
339
346
  }
@@ -95,8 +95,8 @@ module Puma
95
95
  # too taxing on performance.
96
96
  module Const
97
97
 
98
- PUMA_VERSION = VERSION = "3.8.2".freeze
99
- CODE_NAME = "Sassy Salamander".freeze
98
+ PUMA_VERSION = VERSION = "3.9.0".freeze
99
+ CODE_NAME = "Private Caller".freeze
100
100
  PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
101
101
 
102
102
  FAST_TRACK_KA_TIMEOUT = 0.2
@@ -91,8 +91,7 @@ module Puma
91
91
  # parsing exception.
92
92
  #
93
93
  def parse_error(server, env, error)
94
- @stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}"
95
- @stderr.puts "#{Time.now}: ENV: #{env.inspect}\n---\n"
94
+ @stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}\n---\n"
96
95
  end
97
96
 
98
97
  # An SSL error has occurred.
@@ -163,6 +163,8 @@ module Puma
163
163
 
164
164
  # Run the server. This blocks until the server is stopped
165
165
  def run
166
+ previous_env = (defined?(Bundler) ? Bundler.clean_env : ENV.to_h)
167
+
166
168
  @config.clamp
167
169
 
168
170
  @config.plugins.fire_starts self
@@ -178,6 +180,7 @@ module Puma
178
180
  graceful_stop
179
181
  when :restart
180
182
  log "* Restarting..."
183
+ ENV.replace(previous_env)
181
184
  @runner.before_restart
182
185
  restart!
183
186
  when :exit
@@ -36,7 +36,9 @@ module Puma
36
36
  output
37
37
  end
38
38
 
39
- def read_nonblock(size)
39
+ def read_nonblock(size, *_)
40
+ # *_ is to deal with keyword args that were added
41
+ # at some point (and being used in the wild)
40
42
  while true
41
43
  output = engine_read_all
42
44
  return output if output
@@ -77,6 +79,19 @@ module Puma
77
79
  alias_method :syswrite, :write
78
80
  alias_method :<<, :write
79
81
 
82
+ # This is a temporary fix to deal with websockets code using
83
+ # write_nonblock. The problem with implementing it properly
84
+ # is that it means we'd have to have the ability to rewind
85
+ # an engine because after we write+extract, the socket
86
+ # write_nonblock call might raise an exception and later
87
+ # code would pass the same data in, but the engine would think
88
+ # it had already written the data in. So for the time being
89
+ # (and since write blocking is quite rare), go ahead and actually
90
+ # block in write_nonblock.
91
+ def write_nonblock(data, *_)
92
+ write data
93
+ end
94
+
80
95
  def flush
81
96
  @socket.flush
82
97
  end
@@ -107,7 +107,7 @@ module Puma
107
107
  append = @options[:redirect_append]
108
108
 
109
109
  if stdout
110
- unless Dir.exists?(File.dirname(stdout))
110
+ unless Dir.exist?(File.dirname(stdout))
111
111
  raise "Cannot redirect STDOUT to #{stdout}"
112
112
  end
113
113
 
@@ -117,7 +117,7 @@ module Puma
117
117
  end
118
118
 
119
119
  if stderr
120
- unless Dir.exists?(File.dirname(stderr))
120
+ unless Dir.exist?(File.dirname(stderr))
121
121
  raise "Cannot redirect STDERR to #{stderr}"
122
122
  end
123
123
 
@@ -363,7 +363,7 @@ module Puma
363
363
  end
364
364
 
365
365
  pool << client
366
- pool.wait_until_not_full unless queue_requests
366
+ pool.wait_until_not_full
367
367
  end
368
368
  rescue SystemCallError
369
369
  # nothing
@@ -522,7 +522,9 @@ module Puma
522
522
 
523
523
  raise "No REQUEST PATH" unless env[REQUEST_PATH]
524
524
 
525
- env[QUERY_STRING] = uri.query
525
+ # A nil env value will cause a LintError (and fatal errors elsewhere),
526
+ # so only set the env value if there actually is a value.
527
+ env[QUERY_STRING] = uri.query if uri.query
526
528
  end
527
529
 
528
530
  env[PATH_INFO] = env[REQUEST_PATH]
@@ -687,7 +689,7 @@ module Puma
687
689
  next
688
690
  end
689
691
 
690
- if vs.respond_to?(:to_s)
692
+ if vs.respond_to?(:to_s) && !vs.to_s.empty?
691
693
  vs.to_s.split(NEWLINE).each do |v|
692
694
  lines.append k, colon, v, line_ending
693
695
  end
@@ -155,7 +155,15 @@ module Puma
155
155
 
156
156
  def wait_until_not_full
157
157
  @mutex.synchronize do
158
- until @todo.size - @waiting < @max - @spawned or @shutdown
158
+ while true
159
+ return if @shutdown
160
+ return if @waiting > 0
161
+
162
+ # If we can still spin up new threads and there
163
+ # is work queued, then accept more work until we would
164
+ # spin up the max number of threads.
165
+ return if @todo.size < @max - @spawned
166
+
159
167
  @not_full.wait @mutex
160
168
  end
161
169
  end
@@ -42,7 +42,12 @@ module Rack
42
42
  user_config.threads min, max
43
43
  end
44
44
 
45
- self.set_host_port_to_config(options[:Host], options[:Port], user_config)
45
+ if options[:Host] || options[:Port]
46
+ host = options[:Host] || default_options[:Host]
47
+ port = options[:Port] || default_options[:Port]
48
+ self.set_host_port_to_config(host, port, user_config)
49
+ end
50
+
46
51
  self.set_host_port_to_config(default_options[:Host], default_options[:Port], default_config)
47
52
 
48
53
  user_config.app app
metadata CHANGED
@@ -1,29 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puma
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.2
4
+ version: 3.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Evan Phoenix
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-14 00:00:00.000000000 Z
11
+ date: 2017-06-01 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: rdoc
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '4.0'
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '4.0'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: rack
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -58,20 +44,34 @@ dependencies:
58
44
  - - "~>"
59
45
  - !ruby/object:Gem::Version
60
46
  version: '0.8'
47
+ - !ruby/object:Gem::Dependency
48
+ name: rdoc
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '4.0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '4.0'
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: hoe
63
63
  requirement: !ruby/object:Gem::Requirement
64
64
  requirements:
65
65
  - - "~>"
66
66
  - !ruby/object:Gem::Version
67
- version: '3.14'
67
+ version: '3.15'
68
68
  type: :development
69
69
  prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
71
71
  requirements:
72
72
  - - "~>"
73
73
  - !ruby/object:Gem::Version
74
- version: '3.14'
74
+ version: '3.15'
75
75
  description: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server
76
76
  for Ruby/Rack applications. Puma is intended for use in both development and production
77
77
  environments. In order to get the best throughput, it is highly recommended that
@@ -197,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
197
197
  version: '0'
198
198
  requirements: []
199
199
  rubyforge_project:
200
- rubygems_version: 2.5.1
200
+ rubygems_version: 2.5.2
201
201
  signing_key:
202
202
  specification_version: 4
203
203
  summary: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for