thin 1.7.2 → 1.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 0fa3bb6c0e72bd556f753f98c9062141af5545d1
-  data.tar.gz: df537840830957ae49f4d593edd758f7b20d9345
+SHA256:
+  metadata.gz: f0681c9fc49913fca3b6478faa3ce96a449e3926e09d5986fca0b1ace57d6fc7
+  data.tar.gz: 44f1f7fd3b3e176939178745df3116286b2b32cd5c01d0d6fe19bf4637e5aac7
 SHA512:
-  metadata.gz: 71ddfce0db498c3280178154922e3d48f1ff111f3071a6ca35735e7b4bfda942f39d704143af71705ee503be9c15e8d73261b18e6df3a2f84e9f489e03839a63
-  data.tar.gz: 48461edf719c6ab27347fac85c7f65cf8dd49da2ae9c10993872b92b57140a2fb48b5dafafa5280114ee90699e3928247d70a9ad08e4b56b0e5f065920b077f4
+  metadata.gz: 6e476bb431b484071fff7240da1d17265ad07571951697ca9d023e457268911b2d3c37451236aabf6ff57b59eb9d30c51479bd3ef3f39aadbf6ce830f5c212a8
+  data.tar.gz: '094627fc3d7da6e51c64059987625c9d5c1bbeec5b4766343b41aa00a1ebb769ea89ed7cf14ba9c6805450ffc82b92d7abd1ae7b4138c37ff7054d26fe337e69'

data/CHANGELOG

@@ -1,3 +1,9 @@
+== 1.8.1 Infinite Smoothie
+ * Fix possible HTTP Response Splitting
+
+== 1.8.0 Possessed Pickle
+ * Many things
+
 == 1.7.2 Bachmanity
  * Add config support for ssl_version and ssl_cipher_list [frameworked]
 

data/ext/thin_parser/parser.h

@@ -38,11 +38,11 @@ typedef struct http_parser {
   
 } http_parser;
 
-int http_parser_init(http_parser *parser);
-int http_parser_finish(http_parser *parser);
-size_t http_parser_execute(http_parser *parser, const char *data, size_t len, size_t off);
-int http_parser_has_error(http_parser *parser);
-int http_parser_is_finished(http_parser *parser);
+int thin_http_parser_init(http_parser *parser);
+int thin_http_parser_finish(http_parser *parser);
+size_t thin_http_parser_execute(http_parser *parser, const char *data, size_t len, size_t off);
+int thin_http_parser_has_error(http_parser *parser);
+int thin_http_parser_is_finished(http_parser *parser);
 
 #define http_parser_nread(parser) (parser)->nread 
 

data/lib/rack/handler/thin.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "thin"
+require "thin/server"
+require "thin/logging"
+require "thin/backends/tcp_server"
+
+module Rack
+  module Handler
+    class Thin
+      def self.run(app, **options)
+        environment  = ENV['RACK_ENV'] || 'development'
+        default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
+
+        host = options.delete(:Host) || default_host
+        port = options.delete(:Port) || 8080
+        args = [host, port, app, options]
+
+        server = ::Thin::Server.new(*args)
+        yield server if block_given?
+
+        server.start
+      end
+
+      def self.valid_options
+        environment  = ENV['RACK_ENV'] || 'development'
+        default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
+
+        {
+          "Host=HOST" => "Hostname to listen on (default: #{default_host})",
+          "Port=PORT" => "Port to listen on (default: 8080)",
+        }
+      end
+    end
+
+    register :thin, ::Rack::Handler::Thin
+  end
+end

data/lib/thin/backends/base.rb

@@ -51,9 +51,11 @@ module Thin
         @maximum_connections            = Server::DEFAULT_MAXIMUM_CONNECTIONS
         @maximum_persistent_connections = Server::DEFAULT_MAXIMUM_PERSISTENT_CONNECTIONS
         @no_epoll                       = false
+        @running                        = false
         @ssl                            = nil
-        @threaded                       = nil
         @started_reactor                = false
+        @stopping                       = false
+        @threaded                       = nil
       end
       
       # Start the backend and connect it.

data/lib/thin/daemonizing.rb

@@ -30,11 +30,17 @@ module Thin
     def self.included(base)
       base.extend ClassMethods
     end
-    
+
     def pid
       File.exist?(pid_file) && !File.zero?(pid_file) ? open(pid_file).read.to_i : nil
     end
-    
+
+    def kill(timeout = 60)
+      if File.exist?(@pid_file)
+        self.class.kill(@pid_file, timeout)
+      end
+    end
+
     # Turns the current script into a daemon process that detaches from the console.
     def daemonize
       raise PlatformNotSupported, 'Daemonizing is not supported on Windows'     if Thin.win?
@@ -78,6 +84,10 @@ module Thin
         Process.initgroups(user, target_gid)
         Process::GID.change_privilege(target_gid)
         Process::UID.change_privilege(target_uid)
+
+        # Correct environment variables
+        ENV.store('USER', user)
+        ENV.store('HOME', File.expand_path("~#{user}"))
       end
     rescue Errno::EPERM => e
       log_info "Couldn't change user and group to #{user}:#{group}: #{e}"
@@ -116,14 +126,23 @@ module Thin
       def restart(pid_file)
         send_signal('HUP', pid_file)
       end
-      
+
+      def monotonic_time
+        Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      end
+
       # Send a +signal+ to the process which PID is stored in +pid_file+.
       def send_signal(signal, pid_file, timeout=60)
         if pid = read_pid_file(pid_file)
           Logging.log_info "Sending #{signal} signal to process #{pid} ... "
+
           Process.kill(signal, pid)
-          Timeout.timeout(timeout) do
-            sleep 0.1 while Process.running?(pid)
+
+          # This loop seems kind of racy to me...
+          started_at = monotonic_time
+          while Process.running?(pid)
+            sleep 0.1
+            raise Timeout::Error if (monotonic_time - started_at) > timeout
           end
         else
           raise PidFileNotFound, "Can't stop process, no PID found in #{pid_file}"

data/lib/thin/headers.rb

@@ -1,9 +1,14 @@
 module Thin
+  # Raised when an header is not valid
+  # and the server can not process it.
+  class InvalidHeader < StandardError; end
+
   # Store HTTP header name-value pairs direcly to a string
   # and allow duplicated entries on some names.
   class Headers
     HEADER_FORMAT      = "%s: %s\r\n".freeze
     ALLOWED_DUPLICATES = %w(set-cookie set-cookie2 warning www-authenticate).freeze
+    CR_OR_LF           = /[\r\n]/.freeze
     
     def initialize
       @sent = {}
@@ -22,6 +27,8 @@ module Thin
                   value.httpdate
                 when NilClass
                   return
+                when CR_OR_LF
+                  raise InvalidHeader, "Header contains CR or LF"
                 else
                   value.to_s
                 end

data/lib/thin/logging.rb

@@ -13,7 +13,7 @@ module Thin
     # Taken from ActiveSupport
     class SimpleFormatter < Logger::Formatter
       def call(severity, timestamp, progname, msg)
-        "#{String === msg ? msg : msg.inspect}\n"
+        "#{timestamp} #{String === msg ? msg : msg.inspect}\n"
       end
     end
 

data/lib/thin/request.rb

@@ -75,7 +75,9 @@ module Thin
     # Raises an +InvalidRequest+ if invalid.
     # Returns +true+ if the parsing is complete.
     def parse(data)
-      if @parser.finished?  # Header finished, can only be some more body
+      if data.size > 0 && finished? # headers and body already fully satisfied. more data is erroneous.
+        raise InvalidRequest, 'Content longer than specified'
+      elsif @parser.finished?  # Header finished, can only be some more body
         @body << data
       else                  # Parse more header using the super parser
         @data << data

data/lib/thin/statuses.rb

@@ -33,12 +33,16 @@ module Thin
     413  => 'Request Entity Too Large', 
     414  => 'Request-URI Too Large', 
     415  => 'Unsupported Media Type',
-    422  => 'Unprocessable Entity',   
-    500  => 'Internal Server Error', 
+    422  => 'Unprocessable Entity',
+    428  => 'Precondition Required',
+    429  => 'Too Many Requests',
+    431  => 'Request Header Fields Too Large',
+    500  => 'Internal Server Error',
     501  => 'Not Implemented', 
     502  => 'Bad Gateway', 
     503  => 'Service Unavailable', 
     504  => 'Gateway Time-out', 
-    505  => 'HTTP Version not supported'
+    505  => 'HTTP Version not supported',
+    511  => 'Network Authentication Required'
   }
-end
+end

data/lib/thin/version.rb

@@ -1,22 +1,22 @@
-module Thin  
+module Thin
   # Raised when a feature is not supported on the
   # current platform.
   class PlatformNotSupported < RuntimeError; end
   
   module VERSION #:nodoc:
     MAJOR    = 1
-    MINOR    = 7
-    TINY     = 2
+    MINOR    = 8
+    TINY     = 1
     
     STRING   = [MAJOR, MINOR, TINY].join('.')
     
-    CODENAME = "Bachmanity".freeze
+    CODENAME = "Infinite Smoothie".freeze
     
     RACK     = [1, 0].freeze # Rack protocol version
   end
   
   NAME    = 'thin'.freeze
-  SERVER  = "#{NAME} #{VERSION::STRING} codename #{VERSION::CODENAME}".freeze  
+  SERVER  = "#{NAME} #{VERSION::STRING} codename #{VERSION::CODENAME}".freeze
   
   def self.win?
     RUBY_PLATFORM =~ /mswin|mingw/

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: thin
 version: !ruby/object:Gem::Version
-  version: 1.7.2
+  version: 1.8.1
 platform: ruby
 authors:
 - Marc-Andre Cournoyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-08 00:00:00.000000000 Z
+date: 2021-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -70,7 +70,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.9
-description: A thin and fast web server
+description: 
 email: macournoyer@gmail.com
 executables:
 - thin
@@ -104,6 +104,7 @@ files:
 - ext/thin_parser/thin.c
 - lib/rack/adapter/loader.rb
 - lib/rack/adapter/rails.rb
+- lib/rack/handler/thin.rb
 - lib/thin.rb
 - lib/thin/backends/base.rb
 - lib/thin/backends/swiftiply_client.rb
@@ -126,10 +127,10 @@ files:
 - lib/thin/stats.rb
 - lib/thin/statuses.rb
 - lib/thin/version.rb
-homepage: http://code.macournoyer.com/thin/
+homepage: https://github.com/macournoyer/thin
 licenses:
-- GPLv2+
-- Ruby 1.8
+- GPL-2.0+
+- Ruby
 metadata:
   source_code_uri: https://github.com/macournoyer/thin
   changelog_uri: https://github.com/macournoyer/thin/blob/master/CHANGELOG
@@ -148,8 +149,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: thin
-rubygems_version: 2.5.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A thin and fast web server