puma 5.0.0.beta1-java → 5.0.0.beta2-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09ef3cad103c15def59126249335a202c405d8dee7cdc57bc62552bcea8fba22'
-  data.tar.gz: ce3bb06f5c36c12af2d699654f59f59ed6696e0139f8e518c1063315b7b476ae
+  metadata.gz: 35a07b62e45c13573cba434caa78d336c981104d65448bf2cba63cc7fe87ebe5
+  data.tar.gz: d05d3e5a89a5dec3f71a133024d596975bb5fb0a8b4e2a8c0342479f061132fc
 SHA512:
-  metadata.gz: 0e8960a5b91862adc3ad60c801846c230de779c6c09e1151be1e22096721067a087e55f3b10055448feaa45950629348fab3ef836ca4aa3aebb9898797bfcd41
-  data.tar.gz: ebd533e470660608154f34a13cdbda6513ac02062a1fcaaa1525c80dd0380cbbf524c09e5a7c985e484dc30f5d30080de1045d25aec4a0f1adfe4d1d7c2e42f5
+  metadata.gz: 18498ab4e516ea2b386a8515c5ced3f2f5572e72f6281c87433f24f69b0ad94b55db2466a8f77df24b611c054353641ecce50b397b9cd698370bf81e3ba66369
+  data.tar.gz: 82efab2a81aebbd2eb50de04f906bb5f607f83121fe484f31feacd09cd481433d3f008278e8dcaf844a9b8ed3915e5985fa1a11fcf6d4f556eef24c87e9c6b3d

data/History.md

@@ -6,11 +6,12 @@
   * EXPERIMENTAL: Added `nakayoshi_fork` option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256)
   * Added pumactl `thread-backtraces` command to print thread backtraces (#2054)
   * Added incrementing `requests_count` to `Puma.stats`. (#2106)
-  * Increased maximum URI path length from 2048 to 8196 bytes (#2167)
+  * Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344)
   * `lowlevel_error_handler` is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203)
   * Faster phased restart and worker timeout (#2220)
   * Added `state_permission` to config DSL to set state file permissions (#2238)
   * Added `Puma.stats_hash`, which returns a stats in Hash instead of a JSON string (#2086, #2253)
+  * `rack.multithread` and `rack.multiprocess` now dynamically resolved by `max_thread` and `workers` respectively (#2288)
 
 * Deprecations, Removals and Breaking API Changes
   * `--control` has been removed. Use `--control-url` (#1487)
@@ -24,8 +25,12 @@
   * Daemonization has been removed without replacement. (#2170)
   * Changed #connected_port to #connected_ports (#2076)
   * Configuration: `environment` is read from `RAILS_ENV`, if `RACK_ENV` can't be found (#2022)
+  * Log binding on http:// for TCP bindings to make it clickable
 
 * Bugfixes
+  * Fix JSON loading issues on phased-restarts (#2269)
+  * Improve shutdown reliability (#2312, #2338)
+  * Close client http connections made to an ssl server with TLSv1.3 (#2116)
   * Do not set user_config to quiet by default to allow for file config (#2074)
   * Always close SSL connection in Puma::ControlCLI (#2211)
   * Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069)
@@ -44,6 +49,15 @@
   * Fix `UserFileDefaultOptions#fetch` to properly use `default` (#2233)
   * Improvements to `out_of_band` hook (#2234)
   * Prefer the rackup file specified by the CLI (#2225)
+  * Fix for spawning subprocesses with fork_worker option (#2267)
+  * Set `CONTENT_LENGTH` for chunked requests (#2287)
+  * JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)
+  * Improve shutdown reliability (#2312)
+  * Resolve issue with threadpool waiting counter decrement when thread is killed
+  * Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8.
+  * Fix recursive `prune_bundler` (#2319).
+  * Ensure that TCP_CORK is usable
+  * Fix corner case when request body is chunked (#2326)
 
 * Refactor
   * Remove unused loader argument from Plugin initializer (#2095)
@@ -54,6 +68,14 @@
   * ThreadPool concurrency refactoring (#2220)
   * JSON parse cluster worker stats instead of regex (#2124)
   * Support parallel tests in verbose progress reporting (#2223)
+  * Refactor error handling in server accept loop (#2239)
+
+## 4.3.4/4.3.5 and 3.12.5/3.12.6 / 2020-05-22
+
+Each patchlevel release contains a separate security fix. We recommend simply upgrading to 4.3.5/3.12.6.
+
+* Security
+  * Fix: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header. CVE-2020-11076 and CVE-2020-11077.
 
 ## 4.3.3 and 3.12.4 / 2020-02-28
 

data/README.md

@@ -8,7 +8,7 @@
 
 [![Code Climate](https://codeclimate.com/github/puma/puma.svg)](https://codeclimate.com/github/puma/puma)
 [![SemVer](https://api.dependabot.com/badges/compatibility_score?dependency-name=puma&package-manager=bundler&version-scheme=semver)](https://dependabot.com/compatibility-score.html?dependency-name=puma&package-manager=bundler&version-scheme=semver)
-[![StackOverflow](http://img.shields.io/badge/stackoverflow-Puma-blue.svg)]( http://stackoverflow.com/questions/tagged/puma )
+[![StackOverflow](https://img.shields.io/badge/stackoverflow-Puma-blue.svg)]( https://stackoverflow.com/questions/tagged/puma )
 
 Puma is a **simple, fast, multi-threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications**.
 
@@ -27,7 +27,7 @@ $ gem install puma
 $ puma
 ```
 
-Without arguments, puma will look for a rackup (.ru) file in 
+Without arguments, puma will look for a rackup (.ru) file in
 working directory called `config.ru`.
 
 ## Frameworks
@@ -135,7 +135,7 @@ Preloading can’t be used with phased restart, since phased restart kills and r
 If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
 textual error message (see `lowlevel_error` in [this file](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
 You can specify custom behavior for this scenario. For example, you can report the error to your third-party
-error-tracking service (in this example, [rollbar](http://rollbar.com)):
+error-tracking service (in this example, [rollbar](https://rollbar.com)):
 
 ```ruby
 lowlevel_error_handler do |e|

data/docs/architecture.md

@@ -2,7 +2,7 @@
 
 ## Overview
 
-![http://bit.ly/2iJuFky](images/puma-general-arch.png)
+![https://bit.ly/2iJuFky](images/puma-general-arch.png)
 
 Puma is a threaded web server, processing requests across a TCP or UNIX socket.
 
@@ -12,7 +12,7 @@ Clustered mode is shown/discussed here. Single mode is analogous to having a sin
 
 ## Connection pipeline
 
-![http://bit.ly/2zwzhEK](images/puma-connection-flow.png)
+![https://bit.ly/2zwzhEK](images/puma-connection-flow.png)
 
 * Upon startup, Puma listens on a TCP or UNIX socket.
   * The backlog of this socket is configured (with a default of 1024), determining how many established but unaccepted connections can exist concurrently.
@@ -29,7 +29,7 @@ Clustered mode is shown/discussed here. Single mode is analogous to having a sin
 
 ### Disabling `queue_requests`
 
-![http://bit.ly/2zxCJ1Z](images/puma-connection-flow-no-reactor.png)
+![https://bit.ly/2zxCJ1Z](images/puma-connection-flow-no-reactor.png)
 
 The `queue_requests` option is `true` by default, enabling the separate thread used to buffer requests as described above.
 

data/docs/deployment.md

@@ -20,7 +20,10 @@ Welcome back!
 Puma was originally conceived as a thread-only webserver, but grew the ability to
 also use processes in version 2.
 
-Here are some rules of thumb:
+To run puma in single mode (e.g. for a development environment) you will need to
+set the number of workers to 0, anything above will run in cluster mode.
+
+Here are some rules of thumb for cluster mode:
 
 ### MRI
 
@@ -66,7 +69,8 @@ thread to become available.
 
 * Have your upstream proxy set a header with the time it received the request:
     * nginx: `proxy_set_header X-Request-Start "${msec}";`
-    * haproxy: `http-request set-header X-Request-Start "%t";`
+    * haproxy >= 1.9: `http-request set-header X-Request-Start t=%[date()]%[date_us()]`
+    * haproxy < 1.9: `http-request set-header X-Request-Start t=%[date()]`
 * In your Rack middleware, determine the amount of time elapsed since `X-Request-Start`.
 * To improve accuracy, you will want to subtract time spent waiting for slow clients:
     * `env['puma.request_body_wait']` contains the number of milliseconds Puma spent

data/docs/signals.md

@@ -1,8 +1,8 @@
-The [unix signal](http://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](http://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
+The [unix signal](https://en.wikipedia.org/wiki/Unix_signal) is a method of sending messages between [processes](https://en.wikipedia.org/wiki/Process_(computing)). When a signal is sent, the operating system interrupts the target process's normal flow of execution. There are standard signals that are used to stop a process but there are also custom signals that can be used for other purposes. This document is an attempt to list all supported signals that Puma will respond to. In general, signals need only be sent to the master process of a cluster.
 
 ## Sending Signals
 
-If you are new to signals it can be useful to see how they can be used. When a process is created in a *nix like operating system it will have a [PID - or process identifier](http://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration we will create an infinitely running process by tailing a file:
+If you are new to signals it can be useful to see how they can be used. When a process is created in a *nix like operating system it will have a [PID - or process identifier](https://en.wikipedia.org/wiki/Process_identifier) that can be used to send signals to the process. For demonstration we will create an infinitely running process by tailing a file:
 
 ```sh
 $ echo "foo" >> my.log
@@ -17,13 +17,13 @@ $ ps aux | grep tail
 schneems        87152   0.0  0.0  2432772    492 s032  S+   12:46PM   0:00.00 tail -f my.log
 ```
 
-You can send a signal in Ruby using the [Process module](http://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
+You can send a signal in Ruby using the [Process module](https://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
 
 ```
 $ irb
 > puts pid
 => 87152
-Process.detach(pid) # http://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
+Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
 Process.kill("TERM", pid)
 ```
 

data/ext/puma_http11/http11_parser.c

@@ -14,12 +14,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }

data/ext/puma_http11/http11_parser.rl

@@ -12,12 +12,14 @@
 
 /*
  * capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
  */
 static void snake_upcase_char(char *c)
 {
     if (*c >= 'a' && *c <= 'z')
       *c &= ~0x20;
+    else if (*c == '_')
+      *c = ',';
     else if (*c == '-')
       *c = '_';
 }

data/ext/puma_http11/mini_ssl.c

@@ -301,6 +301,7 @@ void raise_error(SSL* ssl, int result) {
   char msg[512];
   const char* err_str;
   int err = errno;
+  int mask = 4095;
   int ssl_err = SSL_get_error(ssl, result);
   int verify_err = (int) SSL_get_verify_result(ssl);
 
@@ -317,8 +318,8 @@ void raise_error(SSL* ssl, int result) {
     } else {
       err = (int) ERR_get_error();
       ERR_error_string_n(err, buf, sizeof(buf));
-      snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
-
+      int errexp = err & mask;
+      snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, errexp);
     }
   } else {
     snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
@@ -462,6 +463,13 @@ VALUE engine_peercert(VALUE self) {
   return rb_cert_buf;
 }
 
+static VALUE
+engine_ssl_vers_st(VALUE self) {
+  ms_conn* conn;
+  Data_Get_Struct(self, ms_conn, conn);
+  return rb_ary_new3(2, rb_str_new2(SSL_get_version(conn->ssl)), rb_str_new2(SSL_state_string(conn->ssl)));
+}
+
 VALUE noop(VALUE self) {
   return Qnil;
 }
@@ -533,6 +541,8 @@ void Init_mini_ssl(VALUE puma) {
   rb_define_method(eng, "init?", engine_init, 0);
 
   rb_define_method(eng, "peercert", engine_peercert, 0);
+
+  rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0);
 }
 
 #else

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -120,6 +120,8 @@ public class MiniSSL extends RubyObject {
   }
 
   private SSLEngine engine;
+  private boolean closed;
+  private boolean handshake;
   private MiniSSLBuffer inboundNetData;
   private MiniSSLBuffer outboundAppData;
   private MiniSSLBuffer outboundNetData;
@@ -157,6 +159,8 @@ public class MiniSSL extends RubyObject {
     SSLContext sslCtx = SSLContext.getInstance("TLS");
 
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+    closed = false;
+    handshake = false;
     engine = sslCtx.createSSLEngine();
 
     String[] protocols;
@@ -173,7 +177,7 @@ public class MiniSSL extends RubyObject {
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
-    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger().getLongValue();
+    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger("to_i").getLongValue();
     if ((verify_mode & 0x1) != 0) { // 'peer'
         engine.setWantClientAuth(true);
     }
@@ -240,14 +244,21 @@ public class MiniSSL extends RubyObject {
           // need to wait for more data to come in before we retry
           retryOp = false;
           break;
+        case CLOSED:
+          closed = true;
+          retryOp = false;
+          break;
         default:
-          // other cases are OK and CLOSED.  We're done here.
+          // other case is OK.  We're done here.
           retryOp = false;
       }
+      if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
+        handshake = true;
+      }
     }
 
     // after each op, run any delegated tasks if needed
-    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+    if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
       Runnable runnable;
       while ((runnable = engine.getDelegatedTask()) != null) {
         runnable.run();
@@ -271,13 +282,14 @@ public class MiniSSL extends RubyObject {
 
       HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
       boolean done = false;
+      SSLEngineResult res = null;
       while (!done) {
         switch (handshakeStatus) {
           case NEED_WRAP:
-            doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
             break;
           case NEED_UNWRAP:
-            SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
             if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
               // need more data before we can shake more hands
               done = true;
@@ -286,7 +298,9 @@ public class MiniSSL extends RubyObject {
           default:
             done = true;
         }
-        handshakeStatus = engine.getHandshakeStatus();
+        if (!done) {
+          handshakeStatus = res.getHandshakeStatus();
+        }
       }
 
       if (inboundNetData.hasRemaining()) {
@@ -360,4 +374,21 @@ public class MiniSSL extends RubyObject {
       return getRuntime().getNil();
     }
   }
+
+  @JRubyMethod(name = "init?")
+  public IRubyObject isInit(ThreadContext context) {
+    return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
+  }
+
+  @JRubyMethod
+  public IRubyObject shutdown() {
+    if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
+      if (engine.isOutboundDone()) {
+        engine.closeOutbound();
+      }
+      return getRuntime().getTrue();
+    } else {
+      return getRuntime().getFalse();
+    }
+  }
 }

data/ext/puma_http11/puma_http11.c

@@ -54,7 +54,7 @@ DEF_MAX_LENGTH(FIELD_NAME, 256);
 DEF_MAX_LENGTH(FIELD_VALUE, 80 * 1024);
 DEF_MAX_LENGTH(REQUEST_URI, 1024 * 12);
 DEF_MAX_LENGTH(FRAGMENT, 1024); /* Don't know if this length is specified somewhere or not */
-DEF_MAX_LENGTH(REQUEST_PATH, 8196);
+DEF_MAX_LENGTH(REQUEST_PATH, 8192);
 DEF_MAX_LENGTH(QUERY_STRING, (1024 * 10));
 DEF_MAX_LENGTH(HEADER, (1024 * (80 + 32)));
 

data/lib/puma.rb

@@ -20,6 +20,7 @@ module Puma
   end
 
   def self.stats
+    require 'json'
     @get_stats.stats.to_json
   end
 

data/lib/puma/app/status.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'json'
-
 module Puma
   module App
     # Check out {#call}'s source code to see what actions this web application
@@ -19,6 +17,10 @@ module Puma
           return rack_response(403, 'Invalid auth token', 'text/plain')
         end
 
+        if env['PATH_INFO'] =~ /\/(gc-stats|stats|thread-backtraces)$/
+          require 'json'
+        end
+
         case env['PATH_INFO']
         when /\/stop$/
           @cli.stop

data/lib/puma/binder.rb

@@ -6,6 +6,7 @@ require 'socket'
 require 'puma/const'
 require 'puma/util'
 require 'puma/minissl/context_builder'
+require 'puma/configuration'
 
 module Puma
   class Binder
@@ -13,7 +14,7 @@ module Puma
 
     RACK_VERSION = [1,6].freeze
 
-    def initialize(events)
+    def initialize(events, conf = Configuration.new)
       @events = events
       @listeners = []
       @inherited_fds = {}
@@ -23,8 +24,8 @@ module Puma
       @proto_env = {
         "rack.version".freeze => RACK_VERSION,
         "rack.errors".freeze => events.stderr,
-        "rack.multithread".freeze => true,
-        "rack.multiprocess".freeze => false,
+        "rack.multithread".freeze => conf.options[:max_threads] > 1,
+        "rack.multiprocess".freeze => conf.options[:workers] >= 1,
         "rack.run_once".freeze => false,
         "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
 
@@ -113,7 +114,7 @@ module Puma
                 i.local_address.ip_unpack.join(':')
               end
 
-              logger.log "* #{log_msg} on tcp://#{addr}"
+              logger.log "* #{log_msg} on http://#{addr}"
             end
           end
 

data/lib/puma/client.rb

@@ -308,8 +308,16 @@ module Puma
 
       te = @env[TRANSFER_ENCODING2]
 
-      if te && CHUNKED.casecmp(te) == 0
-        return setup_chunked_body(body)
+      if te
+        if te.include?(",")
+          te.split(",").each do |part|
+            if CHUNKED.casecmp(part.strip) == 0
+              return setup_chunked_body(body)
+            end
+          end
+        elsif CHUNKED.casecmp(te) == 0
+          return setup_chunked_body(body)
+        end
       end
 
       @chunked_body = false
@@ -412,7 +420,10 @@ module Puma
           raise EOFError
         end
 
-        return true if decode_chunk(chunk)
+        if decode_chunk(chunk)
+          @env[CONTENT_LENGTH] = @chunked_content_length
+          return true
+        end
       end
     end
 
@@ -424,20 +435,36 @@ module Puma
       @body = Tempfile.new(Const::PUMA_TMP_BASE)
       @body.binmode
       @tempfile = @body
+      @chunked_content_length = 0
+
+      if decode_chunk(body)
+        @env[CONTENT_LENGTH] = @chunked_content_length
+        return true
+      end
+    end
 
-      return decode_chunk(body)
+    def write_chunk(str)
+      @chunked_content_length += @body.write(str)
     end
 
     def decode_chunk(chunk)
       if @partial_part_left > 0
         if @partial_part_left <= chunk.size
           if @partial_part_left > 2
-            @body << chunk[0..(@partial_part_left-3)] # skip the \r\n
+            write_chunk(chunk[0..(@partial_part_left-3)]) # skip the \r\n
           end
           chunk = chunk[@partial_part_left..-1]
           @partial_part_left = 0
         else
-          @body << chunk if @partial_part_left > 2 # don't include the last \r\n
+          if @partial_part_left > 2
+            if @partial_part_left == chunk.size + 1
+              # Don't include the last \r
+              write_chunk(chunk[0..(@partial_part_left-3)])
+            else
+              # don't include the last \r\n
+              write_chunk(chunk)
+            end
+          end
           @partial_part_left -= chunk.size
           return false
         end
@@ -484,12 +511,12 @@ module Puma
 
           case
           when got == len
-            @body << part[0..-3] # to skip the ending \r\n
+            write_chunk(part[0..-3]) # to skip the ending \r\n
           when got <= len - 2
-            @body << part
+            write_chunk(part)
             @partial_part_left = len - part.size
           when got == len - 1 # edge where we get just \r but not \n
-            @body << part[0..-2]
+            write_chunk(part[0..-2])
             @partial_part_left = len - part.size
           end
         else

data/lib/puma/cluster.rb

@@ -5,7 +5,6 @@ require 'puma/util'
 require 'puma/plugin'
 
 require 'time'
-require 'json'
 
 module Puma
   # This class is instantiated by the `Puma::Launcher` and used
@@ -95,6 +94,7 @@ module Puma
 
       def ping!(status)
         @last_checkin = Time.now
+        require 'json'
         @last_status = JSON.parse(status, symbolize_names: true)
       end
 
@@ -248,6 +248,7 @@ module Puma
       $0 = title
 
       Signal.trap "SIGINT", "IGNORE"
+      Signal.trap "SIGCHLD", "DEFAULT"
 
       fork_worker = @options[:fork_worker] && index == 0
 
@@ -284,9 +285,11 @@ module Puma
 
       if fork_worker
         restart_server.clear
+        worker_pids = []
         Signal.trap "SIGCHLD" do
-          Process.wait(-1, Process::WNOHANG) rescue nil
-          wakeup!
+          wakeup! if worker_pids.reject! do |p|
+            Process.wait(p, Process::WNOHANG) rescue true
+          end
         end
 
         Thread.new do
@@ -303,7 +306,7 @@ module Puma
             elsif idx == 0 # restart server
               restart_server << true << false
             else # fork worker
-              pid = spawn_worker(idx, master)
+              worker_pids << pid = spawn_worker(idx, master)
               @worker_write << "f#{pid}:#{idx}\n" rescue nil
             end
           end
@@ -330,6 +333,7 @@ module Puma
         while true
           sleep Const::WORKER_CHECK_INTERVAL
           begin
+            require 'json'
             io << "p#{Process.pid}#{server.stats.to_json}\n"
           rescue IOError
             Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue

data/lib/puma/commonlogger.rb

@@ -3,7 +3,7 @@
 module Puma
   # Rack::CommonLogger forwards every request to the given +app+, and
   # logs a line in the
-  # {Apache common log format}[http://httpd.apache.org/docs/1.3/logs.html#common]
+  # {Apache common log format}[https://httpd.apache.org/docs/1.3/logs.html#common]
   # to the +logger+.
   #
   # If +logger+ is nil, CommonLogger will fall back +rack.errors+, which is
@@ -16,7 +16,7 @@ module Puma
   # (which is called without arguments in order to make the error appear for
   # sure)
   class CommonLogger
-    # Common Log Format: http://httpd.apache.org/docs/1.3/logs.html#common
+    # Common Log Format: https://httpd.apache.org/docs/1.3/logs.html#common
     #
     #   lilith.local - - [07/Aug/2006 23:58:02 -0400] "GET / HTTP/1.1" 500 -
     #

data/lib/puma/const.rb

@@ -100,7 +100,7 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "5.0.0.beta1".freeze
+    PUMA_VERSION = VERSION = "5.0.0.beta2".freeze
     CODE_NAME = "Spoony Bard".freeze
     PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
 

data/lib/puma/dsl.rb

@@ -443,8 +443,8 @@ module Puma
     #
     # @note Cluster mode only.
     # @example
-    #   on_worker_fork do
-    #     puts 'Before worker fork...'
+    #   on_worker_boot do
+    #     puts 'Before worker boot...'
     #   end
     def on_worker_boot(&block)
       @options[:before_worker_boot] ||= []
@@ -769,7 +769,7 @@ module Puma
     # also increase time to boot and fork. See your logs for details on how much
     # time this adds to your boot process. For most apps, it will be less than one
     # second.
-    def nakayoshi_fork(enabled=false)
+    def nakayoshi_fork(enabled=true)
       @options[:nakayoshi_fork] = enabled
     end
   end

data/lib/puma/error_logger.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require 'puma/const'
+
+module Puma
+  # The implementation of a detailed error logging.
+  #
+  class ErrorLogger
+    include Const
+
+    attr_reader :ioerr
+
+    REQUEST_FORMAT = %{"%s %s%s" - (%s)}
+
+    def initialize(ioerr)
+      @ioerr = ioerr
+      @ioerr.sync = true
+
+      @debug = ENV.key? 'PUMA_DEBUG'
+    end
+
+    def self.stdio
+      new $stderr
+    end
+
+    # Print occured error details.
+    # +options+ hash with additional options:
+    # - +error+ is an exception object
+    # - +req+ the http request
+    # - +text+ (default nil) custom string to print in title
+    #   and before all remaining info.
+    #
+    def info(options={})
+      ioerr.puts title(options)
+    end
+
+    # Print occured error details only if
+    # environment variable PUMA_DEBUG is defined.
+    # +options+ hash with additional options:
+    # - +error+ is an exception object
+    # - +req+ the http request
+    # - +text+ (default nil) custom string to print in title
+    #   and before all remaining info.
+    #
+    def debug(options={})
+      return unless @debug
+
+      error = options[:error]
+      req = options[:req]
+
+      string_block = []
+      string_block << title(options)
+      string_block << request_dump(req) if req
+      string_block << error_backtrace(options) if error
+
+      ioerr.puts string_block.join("\n")
+    end
+
+    def title(options={})
+      text = options[:text]
+      req = options[:req]
+      error = options[:error]
+
+      string_block = ["#{Time.now}"]
+      string_block << " #{text}" if text
+      string_block << " (#{request_title(req)})" if request_parsed?(req)
+      string_block << ": #{error.inspect}" if error
+      string_block.join('')
+    end
+
+    def request_dump(req)
+      "Headers: #{request_headers(req)}\n" \
+      "Body: #{req.body}"
+    end
+
+    def request_title(req)
+      env = req.env
+
+      REQUEST_FORMAT % [
+        env[REQUEST_METHOD],
+        env[REQUEST_PATH] || env[PATH_INFO],
+        env[QUERY_STRING] || "",
+        env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR] || "-"
+      ]
+    end
+
+    def request_headers(req)
+      headers = req.env.select { |key, _| key.start_with?('HTTP_') }
+      headers.map { |key, value| [key[5..-1], value] }.to_h.inspect
+    end
+
+    def request_parsed?(req)
+      req && req.env[REQUEST_METHOD]
+    end
+  end
+end

data/lib/puma/events.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'puma/const'
 require "puma/null_io"
+require 'puma/error_logger'
 require 'stringio'
 
 module Puma
@@ -23,8 +23,6 @@ module Puma
       end
     end
 
-    include Const
-
     # Create an Events object that prints to +stdout+ and +stderr+.
     #
     def initialize(stdout, stderr)
@@ -36,6 +34,7 @@ module Puma
       @stderr.sync = true
 
       @debug = ENV.key? 'PUMA_DEBUG'
+      @error_logger = ErrorLogger.new(@stderr)
 
       @hooks = Hash.new { |h,k| h[k] = [] }
     end
@@ -66,7 +65,8 @@ module Puma
     # Write +str+ to +@stdout+
     #
     def log(str)
-      @stdout.puts format(str)
+      @stdout.puts format(str) if @stdout.respond_to? :puts
+    rescue Errno::EPIPE
     end
 
     def write(str)
@@ -80,7 +80,7 @@ module Puma
     # Write +str+ to +@stderr+
     #
     def error(str)
-      @stderr.puts format("ERROR: #{str}")
+      @error_logger.info(text: format("ERROR: #{str}"))
       exit 1
     end
 
@@ -88,43 +88,45 @@ module Puma
       formatter.call(str)
     end
 
+    # An HTTP connection error has occurred.
+    # +error+ a connection exception, +req+ the request,
+    # and +text+ additional info
+    #
+    def connection_error(error, req, text="HTTP connection error")
+      @error_logger.info(error: error, req: req, text: text)
+    end
+
     # An HTTP parse error has occurred.
-    # +server+ is the Server object, +env+ the request, and +error+ a
-    # parsing exception.
+    # +error+ a parsing exception,
+    # and +req+ the request.
     #
-    def parse_error(server, env, error)
-      @stderr.puts "#{Time.now}: HTTP parse error, malformed request " \
-        "(#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}#{env[REQUEST_PATH]}): " \
-        "#{error.inspect}" \
-        "\n---\n"
+    def parse_error(error, req)
+      @error_logger.info(error: error, req: req, text: 'HTTP parse error, malformed request')
     end
 
     # An SSL error has occurred.
-    # +server+ is the Server object, +peeraddr+ peer address, +peercert+
-    # any peer certificate (if present), and +error+ an exception object.
+    # +error+ an exception object, +peeraddr+ peer address,
+    # and +peercert+ any peer certificate (if present).
     #
-    def ssl_error(server, peeraddr, peercert, error)
+    def ssl_error(error, peeraddr, peercert)
       subject = peercert ? peercert.subject : nil
-      @stderr.puts "#{Time.now}: SSL error, peer: #{peeraddr}, peer cert: #{subject}, #{error.inspect}"
+      @error_logger.info(error: error, text: "SSL error, peer: #{peeraddr}, peer cert: #{subject}")
     end
 
     # An unknown error has occurred.
-    # +server+ is the Server object, +error+ an exception object,
-    # +kind+ some additional info, and +env+ the request.
+    # +error+ an exception object, +req+ the request,
+    # and +text+ additional info
     #
-    def unknown_error(server, error, kind="Unknown", env=nil)
-      if error.respond_to? :render
-        error.render "#{Time.now}: #{kind} error", @stderr
-      else
-        if env
-          string_block = [ "#{Time.now}: #{kind} error handling request { #{env['REQUEST_METHOD']} #{env['PATH_INFO']} }" ]
-          string_block << error.inspect
-        else
-          string_block = [ "#{Time.now}: #{kind} error: #{error.inspect}" ]
-        end
-        string_block << error.backtrace
-        @stderr.puts string_block.join("\n")
-      end
+    def unknown_error(error, req=nil, text="Unknown error")
+      @error_logger.info(error: error, req: req, text: text)
+    end
+
+    # Log occurred error debug dump.
+    # +error+ an exception object, +req+ the request,
+    # and +text+ additional info
+    #
+    def debug_error(error, req=nil, text="")
+      @error_logger.debug(error: error, req: req, text: text)
     end
 
     def on_booted(&block)

data/lib/puma/launcher.rb

@@ -47,7 +47,7 @@ module Puma
       @original_argv = @argv.dup
       @config        = conf
 
-      @binder        = Binder.new(@events)
+      @binder        = Binder.new(@events, conf)
       @binder.create_inherited_fds(ENV).each { |k| ENV.delete k }
       @binder.create_activated_fds(ENV).each { |k| ENV.delete k }
 
@@ -111,6 +111,7 @@ module Puma
       sf.pid = Process.pid
       sf.control_url = @options[:control_url]
       sf.control_auth_token = @options[:control_auth_token]
+      sf.running_from = File.expand_path('.')
 
       sf.save path, permission
     end
@@ -172,12 +173,13 @@ module Puma
       case @status
       when :halt
         log "* Stopping immediately!"
+        @runner.stop_control
       when :run, :stop
         graceful_stop
       when :restart
         log "* Restarting..."
         ENV.replace(previous_env)
-        @runner.before_restart
+        @runner.stop_control
         restart!
       when :exit
         # nothing
@@ -286,6 +288,7 @@ module Puma
     end
 
     def prune_bundler
+      return if ENV['PUMA_BUNDLER_PRUNED']
       return unless defined?(Bundler)
       require_rubygems_min_version!(Gem::Version.new("2.2"), "prune_bundler")
       unless puma_wild_location

data/lib/puma/minissl.rb

@@ -5,8 +5,18 @@ begin
 rescue LoadError
 end
 
+# need for Puma::MiniSSL::OPENSSL constants used in `HAS_TLS1_3`
+require 'puma/puma_http11'
+
 module Puma
   module MiniSSL
+
+    # define constant at runtime, as it's easy to determine at built time,
+    # but Puma could (it shouldn't) be loaded with an older OpenSSL version
+    HAS_TLS1_3 = !IS_JRUBY &&
+      (OPENSSL_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) != -1 &&
+      (OPENSSL_LIBRARY_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) !=-1
+
     class Socket
       def initialize(socket, engine)
         @socket = socket
@@ -22,6 +32,24 @@ module Puma
         @socket.closed?
       end
 
+      # returns a two element array
+      # first is protocol version (SSL_get_version)
+      # second is 'handshake' state (SSL_state_string)
+      #
+      # used for dropping tcp connections to ssl
+      # see OpenSSL ssl/ssl_stat.c SSL_state_string for info
+      #
+      def ssl_version_state
+        IS_JRUBY ? [nil, nil] : @engine.ssl_vers_st
+      end
+
+      # used to check the handshake status, in particular when a TCP connection
+      # is made with TLSv1.3 as an available protocol
+      def bad_tlsv1_3?
+        HAS_TLS1_3 && @engine.ssl_vers_st == ['TLSv1.3', 'SSLERR']
+      end
+      private :bad_tlsv1_3?
+
       def readpartial(size)
         while true
           output = @engine.read
@@ -41,6 +69,7 @@ module Puma
 
       def engine_read_all
         output = @engine.read
+        raise SSLError.exception "HTTP connection?" if bad_tlsv1_3?
         while output and additional_output = @engine.read
           output << additional_output
         end
@@ -167,7 +196,10 @@ module Puma
       end
     end
 
-    if defined?(JRUBY_VERSION)
+    if IS_JRUBY
+      OPENSSL_NO_SSL3 = false
+      OPENSSL_NO_TLS1 = false
+
       class SSLError < StandardError
         # Define this for jruby even though it isn't used.
       end
@@ -184,7 +216,7 @@ module Puma
         @no_tlsv1_1 = false
       end
 
-      if defined?(JRUBY_VERSION)
+      if IS_JRUBY
         # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
         attr_reader :keystore
         attr_accessor :keystore_pass

data/lib/puma/reactor.rb

@@ -252,7 +252,7 @@ module Puma
                 c.close
                 clear_monitor mon
 
-                @events.ssl_error @server, addr, cert, e
+                @events.ssl_error e, addr, cert
 
               # The client doesn't know HTTP well
               rescue HttpParserError => e
@@ -263,7 +263,7 @@ module Puma
 
                 clear_monitor mon
 
-                @events.parse_error @server, c.env, e
+                @events.parse_error e, c
               rescue StandardError => e
                 @server.lowlevel_error(e, c.env)
 

data/lib/puma/runner.rb

@@ -30,7 +30,7 @@ module Puma
       @events.log str
     end
 
-    def before_restart
+    def stop_control
       @control.stop(true) if @control
     end
 

data/lib/puma/server.rb

@@ -98,10 +98,22 @@ module Puma
       @binder = bind
     end
 
+    class << self
+      # :nodoc:
+      def tcp_cork_supported?
+        RbConfig::CONFIG['host_os'] =~ /linux/ &&
+          Socket.const_defined?(:IPPROTO_TCP) &&
+          Socket.const_defined?(:TCP_CORK) &&
+          Socket.const_defined?(:SOL_TCP) &&
+          Socket.const_defined?(:TCP_INFO)
+      end
+      private :tcp_cork_supported?
+    end
+
     # On Linux, use TCP_CORK to better control how the TCP stack
     # packetizes our stream. This improves both latency and throughput.
     #
-    if RUBY_PLATFORM =~ /linux/
+    if tcp_cork_supported?
       UNPACK_TCP_STATE_FROM_TCP_INFO = "C".freeze
 
       # 6 == Socket::IPPROTO_TCP
@@ -109,7 +121,7 @@ module Puma
       # 1/0 == turn on/off
       def cork_socket(socket)
         begin
-          socket.setsockopt(6, 3, 1) if socket.kind_of? TCPSocket
+          socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_CORK, 1) if socket.kind_of? TCPSocket
         rescue IOError, SystemCallError
           Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
         end
@@ -117,7 +129,7 @@ module Puma
 
       def uncork_socket(socket)
         begin
-          socket.setsockopt(6, 3, 0) if socket.kind_of? TCPSocket
+          socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_CORK, 0) if socket.kind_of? TCPSocket
         rescue IOError, SystemCallError
           Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
         end
@@ -207,14 +219,16 @@ module Puma
 
           client.close
 
-          @events.ssl_error self, addr, cert, e
+          @events.ssl_error e, addr, cert
         rescue HttpParserError => e
           client.write_error(400)
           client.close
 
-          @events.parse_error self, client.env, e
-        rescue ConnectionError, EOFError
+          @events.parse_error e, client
+        rescue ConnectionError, EOFError => e
           client.close
+
+          @events.connection_error e, client
         else
           if process_now
             process_client client, buffer
@@ -281,35 +295,26 @@ module Puma
               if sock == check
                 break if handle_check
               else
-                begin
-                  pool.wait_until_not_full
-                  pool.wait_for_less_busy_worker(
-                    @options[:wait_for_less_busy_worker].to_f)
-
-                  if io = sock.accept_nonblock
-                    client = Client.new io, @binder.env(sock)
-                    if remote_addr_value
-                      client.peerip = remote_addr_value
-                    elsif remote_addr_header
-                      client.remote_addr_header = remote_addr_header
-                    end
-
-                    pool << client
-                  end
-                rescue SystemCallError
-                  # nothing
-                rescue Errno::ECONNABORTED
-                  # client closed the socket even before accept
-                  begin
-                    io.close
-                  rescue
-                    Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
-                  end
+                pool.wait_until_not_full
+                pool.wait_for_less_busy_worker(
+                  @options[:wait_for_less_busy_worker].to_f)
+
+                io = begin
+                  sock.accept_nonblock
+                rescue IO::WaitReadable
+                  next
+                end
+                client = Client.new io, @binder.env(sock)
+                if remote_addr_value
+                  client.peerip = remote_addr_value
+                elsif remote_addr_header
+                  client.remote_addr_header = remote_addr_header
                 end
+                pool << client
               end
             end
           rescue Object => e
-            @events.unknown_error self, e, "Listen loop"
+            @events.unknown_error e, nil, "Listen loop"
           end
         end
 
@@ -322,10 +327,14 @@ module Puma
         end
         graceful_shutdown if @status == :stop || @status == :restart
       rescue Exception => e
-        STDERR.puts "Exception handling servers: #{e.message} (#{e.class})"
-        STDERR.puts e.backtrace
+        @events.unknown_error e, nil, "Exception handling servers"
       ensure
-        @check.close unless @check.closed? # Ruby 2.2 issue
+        begin
+          @check.close unless @check.closed?
+        rescue Errno::EBADF, RuntimeError
+          # RuntimeError is Ruby 2.2 issue, can't modify frozen IOError
+          # Errno::EBADF is infrequently raised
+        end
         @notify.close
         @notify = nil
         @check = nil
@@ -415,7 +424,7 @@ module Puma
 
         close_socket = true
 
-        @events.ssl_error self, addr, cert, e
+        @events.ssl_error e, addr, cert
 
       # The client doesn't know HTTP well
       rescue HttpParserError => e
@@ -423,7 +432,7 @@ module Puma
 
         client.write_error(400)
 
-        @events.parse_error self, client.env, e
+        @events.parse_error e, client
 
       # Server error
       rescue StandardError => e
@@ -431,8 +440,7 @@ module Puma
 
         client.write_error(500)
 
-        @events.unknown_error self, e, "Read"
-
+        @events.unknown_error e, nil, "Read"
       ensure
         buffer.reset
 
@@ -442,7 +450,7 @@ module Puma
           Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
           # Already closed
         rescue StandardError => e
-          @events.unknown_error self, e, "Client"
+          @events.unknown_error e, nil, "Client"
         end
       end
     end
@@ -478,7 +486,7 @@ module Puma
 
       env[PATH_INFO] = env[REQUEST_PATH]
 
-      # From http://www.ietf.org/rfc/rfc3875 :
+      # From https://www.ietf.org/rfc/rfc3875 :
       # "Script authors should be aware that the REMOTE_ADDR and
       # REMOTE_HOST meta-variables (see sections 4.1.8 and 4.1.9)
       # may not identify the ultimate source of the request.
@@ -567,12 +575,44 @@ module Puma
             end
 
             fast_write client, "\r\n".freeze
-          rescue ConnectionError
+          rescue ConnectionError => e
+            @events.debug_error e
             # noop, if we lost the socket we just won't send the early hints
           end
         }
       end
 
+      # Fixup any headers with , in the name to have _ now. We emit
+      # headers with , in them during the parse phase to avoid ambiguity
+      # with the - to _ conversion for critical headers. But here for
+      # compatibility, we'll convert them back. This code is written to
+      # avoid allocation in the common case (ie there are no headers
+      # with , in their names), that's why it has the extra conditionals.
+
+      to_delete = nil
+      to_add = nil
+
+      env.each do |k,v|
+        if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[k.tr(",", "_")] = v
+        end
+      end
+
+      if to_delete
+        to_delete.each { |k| env.delete(k) }
+        env.merge! to_add
+      end
+
       # A rack extension. If the app writes #call'ables to this
       # array, we will invoke them when the request is done.
       #
@@ -594,12 +634,12 @@ module Puma
             return :async
           end
         rescue ThreadPool::ForceShutdown => e
-          @events.unknown_error self, e, "Rack app", env
+          @events.unknown_error e, req, "Rack app"
           @events.log "Detected force shutdown of a thread"
 
           status, headers, res_body = lowlevel_error(e, env, 503)
         rescue Exception => e
-          @events.unknown_error self, e, "Rack app", env
+          @events.unknown_error e, req, "Rack app"
 
           status, headers, res_body = lowlevel_error(e, env, 500)
         end
@@ -889,7 +929,7 @@ module Puma
       @check, @notify = Puma::Util.pipe unless @notify
       begin
         @notify << message
-      rescue IOError
+      rescue IOError, NoMethodError, Errno::EPIPE
          # The server, in another thread, is shutting down
         Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
       rescue RuntimeError => e

data/lib/puma/state_file.rb

@@ -19,7 +19,7 @@ module Puma
       @options = YAML.load File.read(path)
     end
 
-    FIELDS = %w!control_url control_auth_token pid!
+    FIELDS = %w!control_url control_auth_token pid running_from!
 
     FIELDS.each do |f|
       define_method f do

data/lib/puma/thread_pool.rb

@@ -122,8 +122,11 @@ module Puma
                 @out_of_band_pending = false
               end
               not_full.signal
-              not_empty.wait mutex
-              @waiting -= 1
+              begin
+                not_empty.wait mutex
+              ensure
+                @waiting -= 1
+              end
             end
 
             work = todo.shift

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 5.0.0.beta1
+  version: 5.0.0.beta2
 platform: java
 authors:
 - Evan Phoenix
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-12 00:00:00.000000000 Z
+date: 2020-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +86,7 @@ files:
 - lib/puma/control_cli.rb
 - lib/puma/detect.rb
 - lib/puma/dsl.rb
+- lib/puma/error_logger.rb
 - lib/puma/events.rb
 - lib/puma/io_buffer.rb
 - lib/puma/jruby_restart.rb
@@ -109,13 +110,13 @@ files:
 - lib/rack/handler/puma.rb
 - tools/Dockerfile
 - tools/trickletest.rb
-homepage: http://puma.io
+homepage: https://puma.io
 licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/puma/puma/issues
   changelog_uri: https://github.com/puma/puma/blob/master/History.md
-  homepage_uri: http://puma.io
+  homepage_uri: https://puma.io
   source_code_uri: https://github.com/puma/puma
 post_install_message:
 rdoc_options: []