From: Abhijith PA Date: Wed, 29 Jan 2025 01:56:33 +0000 (+0530) Subject: puma (5.6.5-3+deb12u1) bookworm; urgency=medium X-Git-Tag: archive/raspbian/5.6.5-3+rpi1+deb12u1^2~9 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4b77c3e0a2cb68e04cb2a3fa71802f4494c0c17c;p=puma.git puma (5.6.5-3+deb12u1) bookworm; urgency=medium * Team upload * d/patches/ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. (Closes: #1050079) + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of chunk extensions. (Closes: #1060345) + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header. (Closes: #1082379) [dgit import unpatched puma 5.6.5-3+deb12u1] --- 4b77c3e0a2cb68e04cb2a3fa71802f4494c0c17c diff --cc debian/README.source index 0000000,0000000..620cda3 new file mode 100644 --- /dev/null +++ b/debian/README.source @@@ -1,0 -1,0 +1,14 @@@ ++puma (4.3.1-1) ++ ++ Several tests have been disabled by default: ++ ++ - test/test_puma_server_ssl.rb has been disabled because all tests fail ++ randomly. However these tests have never been performed in puma 3.x and ++ they also work randomly. So until someone can look into them and fix them, ++ we decided to not run them (see also #921931). ++ ++ - test_control_for_ssl (test/test_cli.rb) and ++ test_control_ssl (test/test_pumactl.rb) show similar issues and don't seem ++ to imply that the package fails to work. So they have been disabled too. ++ ++ -- Daniel Leidert Wed, 05 Feb 2020 23:51:51 +0100 diff --cc debian/changelog index 0000000,0000000..bcafd37 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,300 @@@ ++puma (5.6.5-3+deb12u1) bookworm; urgency=medium ++ ++ * Team upload ++ * d/patches/ ++ + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when ++ parsing chunked transfer encoding bodies and zero-length ++ Content-Length headers in a way that allowed HTTP request ++ smuggling. (Closes: #1050079) ++ ++ + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of ++ chunk extensions. (Closes: #1060345) ++ ++ + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber ++ values set by intermediate proxies (such as X-Forwarded-For) by ++ providing a underscore version of the same header. ++ (Closes: #1082379) ++ ++ -- Abhijith PA Wed, 29 Jan 2025 07:26:33 +0530 ++ ++puma (5.6.5-3) unstable; urgency=medium ++ ++ * Team upload. ++ * d/control (Vcs-Git): Fix URL. ++ ++ -- Daniel Leidert Thu, 09 Feb 2023 16:24:05 +0100 ++ ++puma (5.6.5-2) unstable; urgency=medium ++ ++ * debian/ruby-tests.rake: skip test that fails often (Closes: #1006022) ++ * debian/ruby-tests.rake: exclude tests that fail often but not always ++ ++ -- Antonio Terceiro Wed, 02 Nov 2022 09:26:37 -0300 ++ ++puma (5.6.5-1) unstable; urgency=medium ++ ++ * Update watch file for github.com pattern change ++ * New upstream version 5.6.5 ++ * Refresh patches ++ * Bump Standards-Version to 4.6.1 (no changes needed) ++ ++ -- Pirate Praveen Sun, 16 Oct 2022 22:44:46 +0530 ++ ++puma (5.6.4-1) unstable; urgency=medium ++ ++ * New upstream version 5.6.4 ++ * Refresh patches ++ * Disable some tests that fail with ++ NameError: uninitialized constant Puma::LogWriter ++ * Remove tmp/restart.txt in clean ++ ++ -- Pirate Praveen Mon, 04 Apr 2022 13:24:10 +0530 ++ ++puma (5.5.2-2) unstable; urgency=medium ++ ++ * Team upload ++ * debian/rules: force an UTF-8 locale ++ * debian/ruby-tests.rake: wrap lines ++ * debian/ruby-tests.rake: run all ssl tests on autopkgtest only ++ * debian/test/control: give ssl test a name ++ ++ -- Antonio Terceiro Tue, 02 Nov 2021 16:35:12 -0300 ++ ++puma (5.5.2-1) unstable; urgency=medium ++ ++ * Team upload ++ * New upstream version 5.5.2 ++ - Builds and tests fine again (Closes: #998295) ++ * Add build-dependency on ruby-localhost ++ * debian/rules: exclude several unnecessary files from installation ++ ++ -- Antonio Terceiro Tue, 02 Nov 2021 14:39:10 -0300 ++ ++puma (5.3.2-3) unstable; urgency=medium ++ ++ * Use --gem-install layout option of dh-ruby ++ ++ -- Pirate Praveen Tue, 12 Oct 2021 02:24:33 +0530 ++ ++puma (5.3.2-2) unstable; urgency=medium ++ ++ * Reupload to unstable ++ * Bump Standards-Version to 4.6.0 (no changes needed) ++ * Bump debhelper compatibility level to 13 ++ ++ -- Pirate Praveen Mon, 11 Oct 2021 03:17:23 +0530 ++ ++puma (5.3.2-1) experimental; urgency=medium ++ ++ * New upstream version 5.3.2 (Closes: #989054) (Fixes: CVE-2021-29509) ++ * Refresh patches ++ ++ -- Pirate Praveen Fri, 28 May 2021 22:34:53 +0530 ++ ++puma (4.3.8-1) unstable; urgency=medium ++ ++ * New upstream version 4.3.8 (Closes: #989054) (Fixes: CVE-2021-29509) ++ ++ -- Pirate Praveen Wed, 26 May 2021 10:24:19 +0530 ++ ++puma (5.2.2-2) experimental; urgency=medium ++ ++ * Disable test that failied on amd64 buildd ++ ++ -- Pirate Praveen Mon, 08 Mar 2021 23:03:52 +0530 ++ ++puma (5.2.2-1) experimental; urgency=medium ++ ++ * New upstream version 5.2.2 ++ * Bump Standards-Version to 4.5.1 (no changes needed) ++ * Refresh patches for new upstream release ++ * Add ruby-minitest-stub-const as build dependency ++ * Disable failing tests ++ ++ -- Pirate Praveen Sun, 07 Mar 2021 21:03:52 +0530 ++ ++puma (4.3.6-1) unstable; urgency=medium ++ ++ * Team upload. ++ * New upstream version. ++ - Fixes CVE-2020-11076 and CVE-2020-11077 (closes: #972102). ++ * d/copyright: Minor update. ++ * d/puma.lintian-overrides: Add package override. ++ * d/ruby-tests.rake: Add logic to run SSL test. ++ * d/patches/*.patch: Add missing headers and refresh. ++ * d/source/lintian-overrides: Add source override. ++ * d/tests/control: Set environment variable to run the SSL tests separately ++ (similar to the solution used in the jekyll package). ++ * d/tests/test-puma-server-ssl*: Removed. ++ ++ -- Daniel Leidert Thu, 15 Oct 2020 20:57:29 +0200 ++ ++puma (4.3.3-3) unstable; urgency=medium ++ ++ * Include patch from gitlab to improve performance ++ ++ -- Pirate Praveen Tue, 18 Aug 2020 00:15:20 +0530 ++ ++puma (4.3.3-2) unstable; urgency=medium ++ ++ [ Daniel Leidert ] ++ * debian/tests/test_puma_server_ssl, ++ debian/tests/test_puma_server_ssl.rake: Run test/test_puma_server_ssl.rb ++ in an openssl enviroment not using the Debian defaults. ++ * debian/tests/control: Add new test. ++ ++ [ Debian Janitor ] ++ * Set field Upstream-Contact in debian/copyright. ++ * Remove obsolete fields Contact, Name from debian/upstream/metadata ++ (already present in machine-readable debian/copyright). ++ ++ [ Pirate Praveen ] ++ * Remove debian-branch option from debian/gbp.conf ++ * Reupload to unstable ++ ++ -- Pirate Praveen Mon, 03 Aug 2020 15:37:16 +0530 ++ ++puma (4.3.3-1) experimental; urgency=medium ++ ++ * Team upload. ++ * New upstream release. ++ - Fixes CVE-2020-5247 (closes: #952766). ++ - Fixes CVE-2020-5249 (closes: #953122). ++ * d/control (Section): Change to web. ++ (Vcs-Git): Indicate branch name via -b debian/experimental. ++ (Homepage): Use secure URL. ++ (Depends): Use ${ruby:Depends}. ++ * d/copyright (Source): Use secure URL. ++ * d/rules: Add override to install upstream changelog. ++ * d/watch: Use package name for tarball. ++ ++ -- Daniel Leidert Thu, 05 Mar 2020 01:34:17 +0100 ++ ++puma (4.3.1-1) experimental; urgency=medium ++ ++ * Team upload. ++ * New upstream release ++ - Fixes CVE-2019-16770 Keepalive thread overload/DoS (closes: #946312). ++ * d/control (Rules-Requires-Root): Set to binary-targets. ++ (Build-Depends, Depends): Add ruby-nio4r. ++ (Build-Depends): Add curl for test/test_integration_single.rb. ++ * d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb. ++ * d/README.source: Add to explain tests which have been disabled. ++ * d/patches/0004-puma.gemspec-drop-git-usage.patch: Refresh patch. ++ * d/patches/0011-disable-minitest-extensions.patch: Add patch. ++ - Disable unavailable minitest extensions (retry and proveit). ++ * d/patches/0012-disable-cli-ssl-tests.patch: Add patch. ++ - Disable CLI SSL tests. ++ * d/patches/0013-fix-test-term-not-accepts-new-connections.patch: Add. ++ - Fix test_term_not_accepts_new_connections to be locale independent. ++ * d/patches/0002-test_integration-disable-test-that-fails-randomly.patch, ++ d/patches/0003-test_cli-disable-test-that-rails-randomly.patch, ++ d/patches/0005-test_puma_server-disable-test-that-fails-randomly.patch, ++ d/patches/0006-test-helper.rb-drop-bundler-usage.patch, ++ d/patches/0007-test-test_cli.rb-disable-test-that-fails-randomly.patch, ++ d/patches/0008-fix-ssl-tests.patch, ++ d/patches/0009-disable-tests-failing-in-single-cpu.patch, ++ d/patches/0010-fix-cluster-exit-for-ruby27.patch: Remove obsolete patches. ++ * d/patches/series: Adjust. ++ ++ -- Daniel Leidert Thu, 06 Feb 2020 11:45:11 +0100 ++ ++puma (3.12.4-1) unstable; urgency=medium ++ ++ * Team upload. ++ * New upstream release. ++ - Fixes CVE-2020-5247 (closes: #952766). ++ - Fixes CVE-2020-5249 (closes: #953122). ++ * d/control (Section): Changed to web. ++ (Homepage): Use secure URL. ++ (Depends): Add ${ruby:Depends}. ++ * d/copyright (Source): Use secure URL. ++ * d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb for the moment. ++ These tests fail due to openssl being configured to use SECLEVEL2 ++ (https://github.com/puma/puma/issues/2147). ++ * d/rules: Add override to install upstream changelog. ++ * d/watch: Rename downloaded tarball to include package name. ++ * d/patches/0008-fix-ssl-tests.patch: Remove patch. Applied upstream. ++ * d/patches/CVE-2019-16770.patch: Ditto. ++ * d/patches/*.patch: Refresh patches. ++ * d/patches/series: Adjust. ++ ++ -- Daniel Leidert Wed, 04 Mar 2020 23:09:16 +0100 ++ ++puma (3.12.0-4) unstable; urgency=medium ++ ++ * Team upload. ++ * d/control (Rules-Requires-Root): Set to binary-targets. ++ * d/patches/0011-disable-minitest-extensions.patch: Add patch. ++ - Disable unavailable minitest retry extension. ++ * d/patches/CVE-2019-16770.patch: Add patch. ++ - Backport fix for CVE-2019-16770 from upstream (closes: #946312). ++ * d/patches/series: Add patch. ++ ++ -- Daniel Leidert Thu, 06 Feb 2020 12:54:59 +0100 ++ ++puma (3.12.0-3) unstable; urgency=medium ++ ++ * Team upload. ++ * d/compat: Remove obsolete file. ++ * d/control: Add Rules-Requires-Root field. ++ (Build-Depends): Use debhelper-compat. ++ (Standards-Version): Bump to 4.5.0. ++ (Depends): Drop ruby-interpreter. ++ * d/copyright (Format): Fix insecure-copyright-format-uri and add myself. ++ * d/puma.1, d/pumactl.1: Add manual pages. ++ * d/puma.manpages: Install manual pages. ++ * d/ruby-tests.rake: Set verbose mode. ++ * d/patches/0010-fix-cluster-exit-for-ruby27.patch: Add patch. ++ - Fix hang with Ruby >= 2.6 when shutting down workers. ++ * d/patches/series: Enable new patch. ++ * d/upstream/metadata: Add metadata. ++ * d/upstream/metadata: Add metadata. ++ ++ -- Daniel Leidert Wed, 05 Feb 2020 18:20:58 +0100 ++ ++puma (3.12.0-2) unstable; urgency=medium ++ ++ * Disable tests failing in single cpu (Closes: #921931) ++ ++ -- Pirate Praveen Sun, 10 Feb 2019 18:56:47 +0530 ++ ++puma (3.12.0-1) unstable; urgency=medium ++ ++ [ Balint Reczey ] ++ * New upstream version 3.12.0 ++ * Refresh patches ++ ++ [ Pirate Praveen ] ++ * Fix OpenSSL 1.1.1 test failures with upstream patch (Closes: #900156) ++ * Bump Standards-Version to 4.3.0 (no changes needed) ++ * Add myself to uploaders ++ ++ -- Pirate Praveen Sun, 10 Feb 2019 10:56:59 +0530 ++ ++puma (3.11.3-1) unstable; urgency=medium ++ ++ * Team upload ++ * Remove myself from Uploaders: ++ * New upstream version 3.11.3 ++ * Build against libssl-dev instead of libssl1.0-dev (Closes: #859542) ++ * Refresh packaging files with `dh-make-ruby -wo .` ++ * Bump debhelper compat to 11 ++ * Change Vcs-* to point to salsa.debian.org ++ * Use standard debian/ruby-tests.rake ++ * drop build-dependency on ruby-hoe ++ * Refresh patches ++ * New patches: ++ - 0006-test-helper.rb-drop-bundler-usage.patch ++ - 0007-test-test_cli.rb-disable-test-that-fails-randomly.patch ++ * Replace 0001-test_puma_server_ssl-update-for-newer-versions-of-Op.patch ++ with 0001-test_puma_server_ssl-disable-test-that-takes-too-lon.patch ++ ++ ++ -- Antonio Terceiro Wed, 28 Mar 2018 18:53:22 -0300 ++ ++puma (3.6.0-1) unstable; urgency=medium ++ ++ * Initial release (Closes: #720336) ++ ++ -- Antonio Terceiro Thu, 10 Nov 2016 16:47:06 -0200 diff --cc debian/clean index 0000000,0000000..4535125 new file mode 100644 --- /dev/null +++ b/debian/clean @@@ -1,0 -1,0 +1,1 @@@ ++tmp/restart.txt diff --cc debian/control index 0000000,0000000..84a0183 new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,30 @@@ ++Source: puma ++Section: web ++Priority: optional ++Maintainer: Debian Ruby Team ++Uploaders: Pirate Praveen ++Build-Depends: curl, ++ debhelper-compat (= 13), ++ gem2deb (>= 1.6), ++ libssl-dev, ++ rake, ++ ruby-localhost, ++ ruby-nio4r (>= 2), ++ ruby-rack (<< 3), ++ ruby-minitest-stub-const ++Standards-Version: 4.6.1 ++Vcs-Git: https://salsa.debian.org/ruby-team/puma.git ++Vcs-Browser: https://salsa.debian.org/ruby-team/puma ++Homepage: https://puma.io ++Testsuite: autopkgtest-pkg-ruby ++XS-Ruby-Versions: all ++Rules-Requires-Root: binary-targets ++ ++Package: puma ++Architecture: any ++XB-Ruby-Versions: ${ruby:Versions} ++Depends: ruby, ${misc:Depends}, ${ruby:Depends}, ${shlibs:Depends} ++Description: threaded HTTP 1.1 server for Ruby/Rack applications ++ Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for ++ Ruby/Rack applications. Puma is intended for use in both development and ++ production environments. diff --cc debian/copyright index 0000000,0000000..32ce732 new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,41 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: puma ++Upstream-Contact: https://github.com/puma/puma/issues ++Source: https://github.com/puma/puma ++ ++Files: * ++Copyright: 2005, Zed Shaw ++ 2011, Evan Phoenix ++License: BSD-3-clause ++ ++Files: debian/* ++Copyright: 2016 Antonio Terceiro ++ 2020 Daniel Leidert ++License: BSD-3-clause ++Comment: The Debian packaging is licensed under the same terms as the source. ++ ++License: BSD-3-clause ++ All rights reserved. ++ . ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are met: ++ . ++ * Redistributions of source code must retain the above copyright notice, this ++ list of conditions and the following disclaimer. ++ * Redistributions in binary form must reproduce the above copyright notice ++ this list of conditions and the following disclaimer in the documentation ++ and/or other materials provided with the distribution. ++ * Neither the name of the Evan Phoenix nor the names of its contributors ++ may be used to endorse or promote products derived from this software ++ without specific prior written permission. ++ . ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE ++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER ++ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ++ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --cc debian/gbp.conf index 0000000,0000000..51fd1ac new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,3 @@@ ++[DEFAULT] ++pristine-tar = true ++verbose = true diff --cc debian/patches/0004-puma.gemspec-drop-git-usage.patch index 0000000,0000000..d5f0d7c new file mode 100644 --- /dev/null +++ b/debian/patches/0004-puma.gemspec-drop-git-usage.patch @@@ -1,0 -1,0 +1,21 @@@ ++From: Antonio Terceiro ++Date: Wed, 5 Feb 2020 21:36:05 +0100 ++Subject: Drop git usage from gemspec ++ ++Forwarded: not-needed ++--- ++ puma.gemspec | 3 +-- ++ 1 file changed, 1 insertion(+), 2 deletions(-) ++ ++--- a/puma.gemspec +++++ b/puma.gemspec ++@@ -13,8 +13,7 @@ ++ if RbConfig::CONFIG['ruby_version'] >= '2.5' ++ s.metadata["msys2_mingw_dependencies"] = "openssl" ++ end ++- s.files = `git ls-files -- bin docs ext lib tools`.split("\n") + ++- %w[History.md LICENSE README.md] +++ s.files = Dir.glob('**/*').reject { |f| f =~ /^debian\//} ++ s.homepage = "https://puma.io" ++ ++ if s.respond_to?(:metadata=) diff --cc debian/patches/0011-disable-minitest-extensions.patch index 0000000,0000000..6548af7 new file mode 100644 --- /dev/null +++ b/debian/patches/0011-disable-minitest-extensions.patch @@@ -1,0 -1,0 +1,39 @@@ ++From: Daniel Leidert ++Date: Wed, 5 Feb 2020 22:20:42 +0100 ++Subject: Disable unavailable minitest extensions ++ ++Forwarded: not-needed ++--- ++ test/helper.rb | 8 ++++---- ++ 1 file changed, 4 insertions(+), 4 deletions(-) ++ ++--- a/test/helper.rb +++++ b/test/helper.rb ++@@ -14,7 +14,6 @@ ++ require_relative "minitest/verbose" ++ require "minitest/autorun" ++ require "minitest/pride" ++-require "minitest/proveit" ++ require "minitest/stub_const" ++ require "net/http" ++ require_relative "helpers/apps" ++@@ -102,10 +101,6 @@ ++ end ++ ++ Minitest::Test.prepend TimeoutEveryTestCase ++-if ENV['CI'] ++- require 'minitest/retry' ++- Minitest::Retry.use! ++-end ++ ++ module TestSkips ++ ++@@ -178,7 +173,7 @@ ++ REPO_NAME = ENV['GITHUB_REPOSITORY'] ? ENV['GITHUB_REPOSITORY'][/[^\/]+\z/] : 'puma' ++ ++ def self.run(reporter, options = {}) # :nodoc: ++- prove_it! +++ #prove_it! ++ super ++ end ++ diff --cc debian/patches/0012-disable-cli-ssl-tests.patch index 0000000,0000000..1be1cd9 new file mode 100644 --- /dev/null +++ b/debian/patches/0012-disable-cli-ssl-tests.patch @@@ -1,0 -1,0 +1,21 @@@ ++From: Daniel Leidert ++Date: Wed, 5 Feb 2020 23:18:37 +0100 ++Subject: Disable cli ssl tests ++ ++Forwarded: not-needed ++--- ++ test/test_cli.rb | 2 +- ++ test/test_pumactl.rb | 2 +- ++ 2 files changed, 2 insertions(+), 2 deletions(-) ++ ++--- a/test/test_pumactl.rb +++++ b/test/test_pumactl.rb ++@@ -223,7 +223,7 @@ ++ refute_includes log, 'send_request' ++ end ++ ++- def test_control_ssl +++ def __test_control_ssl ++ skip_unless :ssl ++ ++ host = "127.0.0.1" diff --cc debian/patches/0013-fix-test-term-not-accepts-new-connections.patch index 0000000,0000000..9dae6b6 new file mode 100644 --- /dev/null +++ b/debian/patches/0013-fix-test-term-not-accepts-new-connections.patch @@@ -1,0 -1,0 +1,20 @@@ ++From: Daniel Leidert ++Date: Thu, 6 Feb 2020 11:24:24 +0100 ++Subject: Fix test to read output locale independent ++ ++The test fails if run in a non-English environment. ++--- ++ test/test_integration_single.rb | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++--- a/test/test_integration_single.rb +++++ b/test/test_integration_single.rb ++@@ -76,7 +76,7 @@ ++ true while @server.gets !~ /Gracefully stopping/ # wait for server to begin graceful shutdown ++ ++ # Invoke a request which must be rejected ++- _stdin, _stdout, rejected_curl_stderr, rejected_curl_wait_thread = Open3.popen3("curl #{HOST}:#{@tcp_port}") +++ _stdin, _stdout, rejected_curl_stderr, rejected_curl_wait_thread = Open3.popen3({ "LC_ALL" => "C" }, "curl http://#{HOST}:#{@tcp_port}") ++ ++ assert nil != Process.getpgid(@server.pid) # ensure server is still running ++ assert nil != Process.getpgid(curl_wait_thread[:pid]) # ensure first curl invocation still in progress diff --cc debian/patches/0014-disable-test-failing-on-amd64.patch index 0000000,0000000..196e878 new file mode 100644 --- /dev/null +++ b/debian/patches/0014-disable-test-failing-on-amd64.patch @@@ -1,0 -1,0 +1,14 @@@ ++This test failed on amd64 buildd ++https://buildd.debian.org/status/fetch.php?pkg=puma&arch=amd64&ver=5.2.2-1&stamp=1615133735&raw=0 ++ ++--- a/test/test_puma_server.rb +++++ b/test/test_puma_server.rb ++@@ -1294,7 +1294,7 @@ ++ end ++ end ++ ++- def test_command_ignored_before_run +++ def __test_command_ignored_before_run ++ @server.stop # ignored ++ @server.run ++ @server.halt diff --cc debian/patches/CVE-2023-40175.patch index 0000000,0000000..be9cff8 new file mode 100644 --- /dev/null +++ b/debian/patches/CVE-2023-40175.patch @@@ -1,0 -1,0 +1,143 @@@ ++From 7405a219801dcebc0ad6e0aa108d4319ca23f662 Mon Sep 17 00:00:00 2001 ++From: Nate Berkopec ++Date: Fri, 18 Aug 2023 09:47:23 +0900 ++Subject: [PATCH] Merge pull request from GHSA-68xg-gqqm-vgj8 ++ ++* Reject empty string for Content-Length ++ ++* Ignore trailers in last chunk ++ ++* test_puma_server.rb - use heredoc, test_cl_and_te_smuggle ++ ++* client.rb - stye/RubyCop ++ ++* test_puma_server.rb - indented heredoc rubocop disable ++ ++* Dentarg comments ++ ++* Remove unused variable ++ ++--------- ++ ++Co-authored-by: MSP-Greg ++--- ++ lib/puma/client.rb | 23 ++++++++++++++-------- ++ test/test_puma_server.rb | 42 +++++++++++++++++++++++++++++++++++++++- ++ 2 files changed, 56 insertions(+), 9 deletions(-) ++ ++diff --git a/lib/puma/client.rb b/lib/puma/client.rb ++index e966f995e8..9c11912caa 100644 ++--- a/lib/puma/client.rb +++++ b/lib/puma/client.rb ++@@ -45,7 +45,8 @@ class Client ++ ++ # chunked body validation ++ CHUNK_SIZE_INVALID = /[^\h]/.freeze ++- CHUNK_VALID_ENDING = "\r\n".freeze +++ CHUNK_VALID_ENDING = Const::LINE_END +++ CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize ++ ++ # Content-Length header value validation ++ CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze ++@@ -347,8 +348,8 @@ def setup_body ++ cl = @env[CONTENT_LENGTH] ++ ++ if cl ++- # cannot contain characters that are not \d ++- if cl =~ CONTENT_LENGTH_VALUE_INVALID +++ # cannot contain characters that are not \d, or be empty +++ if cl =~ CONTENT_LENGTH_VALUE_INVALID || cl.empty? ++ raise HttpParserError, "Invalid Content-Length: #{cl.inspect}" ++ end ++ else ++@@ -509,7 +510,7 @@ def decode_chunk(chunk) ++ ++ while !io.eof? ++ line = io.gets ++- if line.end_with?("\r\n") +++ if line.end_with?(CHUNK_VALID_ENDING) ++ # Puma doesn't process chunk extensions, but should parse if they're ++ # present, which is the reason for the semicolon regex ++ chunk_hex = line.strip[/\A[^;]+/] ++@@ -521,13 +522,19 @@ def decode_chunk(chunk) ++ @in_last_chunk = true ++ @body.rewind ++ rest = io.read ++- last_crlf_size = "\r\n".bytesize ++- if rest.bytesize < last_crlf_size +++ if rest.bytesize < CHUNK_VALID_ENDING_SIZE ++ @buffer = nil ++- @partial_part_left = last_crlf_size - rest.bytesize +++ @partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize ++ return false ++ else ++- @buffer = rest[last_crlf_size..-1] +++ # if the next character is a CRLF, set buffer to everything after that CRLF +++ start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING) +++ CHUNK_VALID_ENDING_SIZE +++ else # we have started a trailer section, which we do not support. skip it! +++ rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2 +++ end +++ +++ @buffer = rest[start_of_rest..-1] ++ @buffer = nil if @buffer.empty? ++ set_ready ++ return true ++diff --git a/test/test_puma_server.rb b/test/test_puma_server.rb ++index 298e44b439..2bfaf98848 100644 ++--- a/test/test_puma_server.rb +++++ b/test/test_puma_server.rb ++@@ -627,7 +627,7 @@ def test_large_chunked_request ++ [200, {}, [""]] ++ } ++ ++- header = "GET / HTTP/1.1\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n" +++ header = "GET / HTTP/1.1\r\nConnection: close\r\nContent-Length: 200\r\nTransfer-Encoding: chunked\r\n\r\n" ++ ++ chunk_header_size = 6 # 4fb8\r\n ++ # Current implementation reads one chunk of CHUNK_SIZE, then more chunks of size 4096. ++@@ -1365,4 +1365,44 @@ def test_rack_url_scheme_user ++ data = send_http_and_read "GET / HTTP/1.0\r\n\r\n" ++ assert_equal "user", data.split("\r\n").last ++ end +++ +++ def test_cl_empty_string +++ server_run do |env| +++ [200, {}, [""]] +++ end +++ +++ empty_cl_request = "GET / HTTP/1.1\r\nHost: localhost\r\nContent-Length:\r\n\r\nGET / HTTP/1.1\r\nHost: localhost\r\n\r\n" +++ +++ data = send_http_and_read empty_cl_request +++ assert_operator data, :start_with?, 'HTTP/1.1 400 Bad Request' +++ end +++ +++ def test_crlf_trailer_smuggle +++ server_run do |env| +++ [200, {}, [""]] +++ end +++ +++ smuggled_payload = "GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\nHost: whatever\r\n\r\n0\r\nX:POST / HTTP/1.1\r\nHost: whatever\r\n\r\nGET / HTTP/1.1\r\nHost: whatever\r\n\r\n" +++ +++ data = send_http_and_read smuggled_payload +++ assert_equal 2, data.scan("HTTP/1.1 200 OK").size +++ end +++ +++ # test to check if content-length is ignored when 'transfer-encoding: chunked' +++ # is used. See also test_large_chunked_request +++ def test_cl_and_te_smuggle +++ body = nil +++ server_run { |env| +++ body = env['rack.input'].read +++ [200, {}, [""]] +++ } +++ +++ req = "POST /search HTTP/1.1\r\nHost: vulnerable-website.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n7b\r\nGET /404 HTTP/1.1\r\nHost: vulnerable-website.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 144\r\n\r\nx=\r\n0\r\n\r\n" +++ +++ data = send_http_and_read req +++ +++ assert_includes body, "GET /404 HTTP/1.1\r\n" +++ assert_includes body, "Content-Length: 144\r\n" +++ assert_equal 1, data.scan("HTTP/1.1 200 OK").size +++ end ++ end diff --cc debian/patches/CVE-2024-21647.patch index 0000000,0000000..47e523e new file mode 100644 --- /dev/null +++ b/debian/patches/CVE-2024-21647.patch @@@ -1,0 -1,0 +1,93 @@@ ++From bbb880ffb6debbfdea535b4b3eb2204d49ae151d Mon Sep 17 00:00:00 2001 ++From: Nate Berkopec ++Date: Mon, 8 Jan 2024 14:48:43 +0900 ++Subject: [PATCH] Merge pull request from GHSA-c2f4-cvqm-65w2 ++ ++Co-authored-by: MSP-Greg ++Co-authored-by: Patrik Ragnarsson ++Co-authored-by: Evan Phoenix ++--- ++ lib/puma/client.rb | 27 +++++++++++++++++++++++++++ ++ test/test_puma_server.rb | 14 ++++++++++++++ ++ 2 files changed, 41 insertions(+) ++ ++--- a/lib/puma/client.rb +++++ b/lib/puma/client.rb ++@@ -48,6 +48,14 @@ module Puma ++ CHUNK_VALID_ENDING = Const::LINE_END ++ CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize ++ +++ # The maximum number of bytes we'll buffer looking for a valid +++ # chunk header. +++ MAX_CHUNK_HEADER_SIZE = 4096 +++ +++ # The maximum amount of excess data the client sends +++ # using chunk size extensions before we abort the connection. +++ MAX_CHUNK_EXCESS = 16 * 1024 +++ ++ # Content-Length header value validation ++ CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze ++ ++@@ -460,6 +468,7 @@ module Puma ++ @chunked_body = true ++ @partial_part_left = 0 ++ @prev_chunk = "" +++ @excess_cr = 0 ++ ++ @body = Tempfile.new(Const::PUMA_TMP_BASE) ++ @body.unlink ++@@ -541,6 +550,20 @@ module Puma ++ end ++ end ++ +++ # Track the excess as a function of the size of the +++ # header vs the size of the actual data. Excess can +++ # go negative (and is expected to) when the body is +++ # significant. +++ # The additional of chunk_hex.size and 2 compensates +++ # for a client sending 1 byte in a chunked body over +++ # a long period of time, making sure that that client +++ # isn't accidentally eventually punished. +++ @excess_cr += (line.size - len - chunk_hex.size - 2) +++ +++ if @excess_cr >= MAX_CHUNK_EXCESS +++ raise HttpParserError, "Maximum chunk excess detected" +++ end +++ ++ len += 2 ++ ++ part = io.read(len) ++@@ -568,6 +591,10 @@ module Puma ++ @partial_part_left = len - part.size ++ end ++ else +++ if @prev_chunk.size + chunk.size >= MAX_CHUNK_HEADER_SIZE +++ raise HttpParserError, "maximum size of chunk header exceeded" +++ end +++ ++ @prev_chunk = line ++ return false ++ end ++--- a/test/test_puma_server.rb +++++ b/test/test_puma_server.rb ++@@ -648,6 +648,20 @@ EOF ++ end ++ end ++ +++ def test_large_chunked_request_header +++ server_run(environment: :production) { |env| +++ [200, {}, [""]] +++ } +++ +++ max_chunk_header_size = Puma::Client::MAX_CHUNK_HEADER_SIZE +++ header = "GET / HTTP/1.1\r\nConnection: close\r\nContent-Length: 200\r\nTransfer-Encoding: chunked\r\n\r\n" +++ socket = send_http "#{header}1;t#{'x' * (max_chunk_header_size + 2)}" +++ +++ data = socket.read +++ +++ assert_match "HTTP/1.1 400 Bad Request\r\n\r\n", data +++ end +++ ++ def test_chunked_request_pause_before_value ++ body = nil ++ content_length = nil diff --cc debian/patches/CVE-2024-45614.patch index 0000000,0000000..b15eb82 new file mode 100644 --- /dev/null +++ b/debian/patches/CVE-2024-45614.patch @@@ -1,0 -1,0 +1,195 @@@ ++From cac3fd18cf29ed43719ff5d52d9cfec215f0a043 Mon Sep 17 00:00:00 2001 ++From: Evan Phoenix ++Date: Wed, 18 Sep 2024 21:56:07 -0700 ++Subject: [PATCH] Merge commit from fork ++ ++* Prevent underscores from clobbering hyphen headers ++ ++* Special case encoding headers to prevent app confusion ++ ++* Handle _ as , in jruby as well ++ ++* Silence RuboCop offense ++ ++--------- ++ ++Co-authored-by: Patrik Ragnarsson ++--- ++ ext/puma_http11/org/jruby/puma/Http11.java | 2 + ++ lib/puma/const.rb | 8 +++ ++ lib/puma/request.rb | 19 ++++++-- ++ test/test_normalize.rb | 57 ++++++++++++++++++++++ ++ test/test_request_invalid.rb | 28 +++++++++++ ++ 5 files changed, 111 insertions(+), 3 deletions(-) ++ create mode 100644 test/test_normalize.rb ++ ++--- a/ext/puma_http11/org/jruby/puma/Http11.java +++++ b/ext/puma_http11/org/jruby/puma/Http11.java ++@@ -99,6 +99,8 @@ public class Http11 extends RubyObject { ++ int bite = b.get(i) & 0xFF; ++ if(bite == '-') { ++ b.set(i, (byte)'_'); +++ } else if(bite == '_') { +++ b.set(i, (byte)','); ++ } else { ++ b.set(i, (byte)Character.toUpperCase(bite)); ++ } ++--- a/lib/puma/const.rb +++++ b/lib/puma/const.rb ++@@ -244,6 +244,14 @@ module Puma ++ # header values can contain HTAB? ++ ILLEGAL_HEADER_VALUE_REGEX = /[\x00-\x08\x0A-\x1F]/.freeze ++ +++ # The keys of headers that should not be convert to underscore +++ # normalized versions. These headers are ignored at the request reading layer, +++ # but if we normalize them after reading, it's just confusing for the application. +++ UNMASKABLE_HEADERS = { +++ "HTTP_TRANSFER,ENCODING" => true, +++ "HTTP_CONTENT,LENGTH" => true, +++ } +++ ++ # Banned keys of response header ++ BANNED_HEADER_KEY = /\A(rack\.|status\z)/.freeze ++ ++--- a/lib/puma/request.rb +++++ b/lib/puma/request.rb ++@@ -318,6 +318,11 @@ module Puma ++ # compatibility, we'll convert them back. This code is written to ++ # avoid allocation in the common case (ie there are no headers ++ # with `,` in their names), that's why it has the extra conditionals. +++ # +++ # @note If a normalized version of a `,` header already exists, we ignore +++ # the `,` version. This prevents clobbering headers managed by proxies +++ # but not by clients (Like X-Forwarded-For). +++ # ++ # @param env [Hash] see Puma::Client#env, from request, modifies in place ++ # @version 5.0.3 ++ # ++@@ -326,23 +331,30 @@ module Puma ++ to_add = nil ++ ++ env.each do |k,v| ++- if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING" +++ if k.start_with?("HTTP_") and k.include?(",") and !UNMASKABLE_HEADERS.key?(k) ++ if to_delete ++ to_delete << k ++ else ++ to_delete = [k] ++ end ++ +++ new_k = k.tr(",", "_") +++ if env.key?(new_k) +++ next +++ end +++ ++ unless to_add ++ to_add = {} ++ end ++ ++- to_add[k.tr(",", "_")] = v +++ to_add[new_k] = v ++ end ++ end ++ ++ if to_delete ++ to_delete.each { |k| env.delete(k) } +++ end +++ if to_add ++ env.merge! to_add ++ end ++ end ++--- /dev/null +++++ b/test/test_normalize.rb ++@@ -0,0 +1,57 @@ +++# frozen_string_literal: true +++ +++require_relative "helper" +++ +++require "puma/request" +++ +++class TestNormalize < Minitest::Test +++ parallelize_me! +++ +++ include Puma::Request +++ +++ def test_comma_headers +++ env = { +++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", +++ "HTTP_X_FORWARDED,FOR" => "2.2.2.2", +++ } +++ +++ req_env_post_parse env +++ +++ expected = { +++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", +++ } +++ +++ assert_equal expected, env +++ +++ # Test that the iteration order doesn't matter +++ +++ env = { +++ "HTTP_X_FORWARDED,FOR" => "2.2.2.2", +++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", +++ } +++ +++ req_env_post_parse env +++ +++ expected = { +++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", +++ } +++ +++ assert_equal expected, env +++ end +++ +++ def test_unmaskable_headers +++ env = { +++ "HTTP_CONTENT,LENGTH" => "100000", +++ "HTTP_TRANSFER,ENCODING" => "chunky" +++ } +++ +++ req_env_post_parse env +++ +++ expected = { +++ "HTTP_CONTENT,LENGTH" => "100000", +++ "HTTP_TRANSFER,ENCODING" => "chunky" +++ } +++ +++ assert_equal expected, env +++ end +++end ++--- a/test/test_request_invalid.rb +++++ b/test/test_request_invalid.rb ++@@ -216,4 +216,32 @@ class TestRequestInvalid < Minitest::Tes ++ ++ assert_status data ++ end +++ +++ def test_underscore_header_1 +++ hdrs = [ +++ "X-FORWARDED-FOR: 1.1.1.1", # proper +++ "X-FORWARDED-FOR: 2.2.2.2", # proper +++ "X_FORWARDED-FOR: 3.3.3.3", # invalid, contains underscore +++ "Content-Length: 5", +++ ].join "\r\n" +++ +++ response = send_http_and_read "#{GET_PREFIX}#{hdrs}\r\n\r\nHello\r\n\r\n" +++ +++ assert_includes response, "HTTP_X_FORWARDED_FOR = 1.1.1.1, 2.2.2.2" +++ refute_includes response, "3.3.3.3" +++ end +++ +++ def test_underscore_header_2 +++ hdrs = [ +++ "X_FORWARDED-FOR: 3.3.3.3", # invalid, contains underscore +++ "X-FORWARDED-FOR: 2.2.2.2", # proper +++ "X-FORWARDED-FOR: 1.1.1.1", # proper +++ "Content-Length: 5", +++ ].join "\r\n" +++ +++ response = send_http_and_read "#{GET_PREFIX}#{hdrs}\r\n\r\nHello\r\n\r\n" +++ +++ assert_includes response, "HTTP_X_FORWARDED_FOR = 2.2.2.2, 1.1.1.1" +++ refute_includes response, "3.3.3.3" +++ end ++ end diff --cc debian/patches/series index 0000000,0000000..ae16f81 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,8 @@@ ++0004-puma.gemspec-drop-git-usage.patch ++0011-disable-minitest-extensions.patch ++0012-disable-cli-ssl-tests.patch ++0013-fix-test-term-not-accepts-new-connections.patch ++0014-disable-test-failing-on-amd64.patch ++CVE-2023-40175.patch ++CVE-2024-21647.patch ++CVE-2024-45614.patch diff --cc debian/puma.1 index 0000000,0000000..47a94c3 new file mode 100644 --- /dev/null +++ b/debian/puma.1 @@@ -1,0 -1,0 +1,165 @@@ ++.TH PUMA "1" "January 2020" "PUMA 3.12" "User Commands" ++ ++.SH NAME ++puma \- fast, concurrent web server for ruby and rack ++ ++.SH USAGE ++.BI "puma [options...]" " [rackup file]" ++.PP ++.B puma [\-h | \-\-help | \-V | \-\-version] ++ ++.SH OPTIONS ++.PP ++The following options are available: ++.TP ++.BI "\-b, \-\-bind " URI ++URI to bind to (tcp://, unix://, ssl://). ++.TP ++.BI "\-C, \-\-config " PATH ++Load given path as a config file. ++.TP ++.BI "\-\-control " URL ++DEPRECATED alias for \fB\-\-control\-url\fR. ++.TP ++.BI "\-\-control\-token " TOKEN ++The \fITOKEN\fR to use as authentication for the control server. ++.TP ++.BI "\-\-control\-url " URL ++The bind \fIURL\fR to use for the control server and app. Use \fIauto\fR to ++use a temp unix server. This requires to use a \fB\-\-control\-token\fR, which ++needs to be given with every request to the control server (\fItoken=foo\fR). ++.TP ++.B \-d, \-\-daemon ++Demonize the server into the background. ++.TP ++.B \-\-debug ++Show low level debugging information. ++.TP ++.BI "\-\-dir " DIR ++Change to given directory before starting. ++.TP ++.BI "\-e, \-\-environment " ENVIRONMENT ++The environment to run the Rack app on. Default \fIdevelopment\fR. ++.TP ++.BI "\-I, \-\-include " PATH ++Specify \fB$LOAD_PATH\fR directories. ++.TP ++.BI "\-p, \-\-port " PORT ++Define the TCP port to bind to. Use \fB\-b\fR for more advanced options. ++.TP ++.BI "\-\-pidfile " PATH ++Use the given path as PID file. ++.TP ++.B \-\-preload ++Preload the application. This loads all the application code prior to forking. ++Preloading reduces total memory usage of an application and is only available ++in cluster mode. ++.TP ++.B \-\-prune\-bundler ++Prune out the bundler env if possible. ++.TP ++.B \-q, \-\-quiet ++Do not log requests internally. Default: \fItrue\fR. ++.TP ++.B \-v, \-\-log-requests ++Log requests as they occur. ++.TP ++.BI "\-R, \-\-restart\-cmd " CMD ++The \fBpuma\fR command to run during a hot restart. Default: \fIinferred\fR. ++.TP ++.BI "\-S, \-\-state " PATH ++Where to store the state details. ++.TP ++.BI "\-t, \-\-threads " INT ++Min:max threads to use. Puma will automatically scale the number of threads, ++from the minimum until it caps out at the maximum, based on how much traffic ++is present. Default: \fI0:16\fR. ++.TP ++.B \-\-tcp\-mode ++Run the app in raw TCP mode instead of HTTP mode. ++.TP ++.B \-\-early-hints ++Enable early hints support. ++.TP ++.BI "\-w, \-\-workers " COUNT ++Activate cluster mode and define number of worker processes to create. In this ++mode workers are forked from a master process. Each child process still has ++its own thread pool and the \fB\-t\fR setting is per worker. ++.TP ++.BI "\-\-tag " NAME ++Additional text to display in process listing. ++.TP ++.BI "\-\-redirect\-stdout " FILE ++Redirect \fBSTDOUT\fR to a specific file. ++.TP ++.BI "\-\-redirect\-stderr " FILE ++Redirect \fBSTDERR\fR to a specific file. ++.TP ++.B \-\-[no\-]redirect\-append ++Append to redirected files. ++.TP ++.B \-h, \-\-help ++Show help. ++.TP ++.B \-V, \-\-version ++Print the version information. ++ ++.SH EXAMPLES ++.PP ++The following examples show how to bind TCP or sockets: ++.PP ++Bind Puma to a socket with the -b (or --bind) flag: ++.RS ++.B puma -b tcp://127.0.0.1:9292 ++.RE ++.PP ++To use a UNIX Socket instead of TCP: ++.RS ++.B puma -b unix:///var/run/puma.sock ++.RE ++.PP ++To change the permissions of the UNIX socket, add a umask parameter: ++.RS ++.B puma -b 'unix:///var/run/puma.sock?umask=0111' ++.RE ++.PP ++In need of a bit of security use SSL sockets: ++.RS ++.B puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert' ++.RE ++.PP ++The following example show how to Create a control server and use ++.BR pumactl (1) ++to interact with the control server to restart \fBpuma\fR. ++.RS ++.B puma --control-url tcp://127.0.0.1:9293 --control-token foo ++.br ++.B pumactl --control-url 'tcp://127.0.0.1:9293' --control-token foo restart ++.RE ++.PP ++ ++.SH "CONFIGURATION FILE" ++.B puma ++will look for a configuration file at \fIconfig/puma.rb\fR. If an environment ++is specified, either via the \fB\-e\fR and \fB\-\-environment\fR flags, or ++through the \fIRACK_ENV\fR or the \fIRAILS_ENV\fR environment variables, it ++looks for configuration at \fIconfig/puma/.rb\fR. ++.PP ++The \fB\-C\fR flag allows one to pass on a custom configuration location. If ++the value specified is a dash (\fI\-\fR) \fBpuma\fR won't look for any ++configuration file: ++.PP ++.RS ++.B puma -C \(dq\-\(dq ++.RE ++ ++.SH "SEE ALSO" ++.PP ++There is extensive documentation at <\%https://puma.io/puma/\%> and ++<\%https://github.com/puma/puma\%>. ++ ++.SH AUTHOR ++.PP ++This manual page was written by \fBDaniel Leidert\fP ++<\%dleidert@debian\.org\%>, for the Debian GNU/Linux system (but may be used by ++others). diff --cc debian/puma.docs index 0000000,0000000..b43bf86 new file mode 100644 --- /dev/null +++ b/debian/puma.docs @@@ -1,0 -1,0 +1,1 @@@ ++README.md diff --cc debian/puma.examples index 0000000,0000000..e39721e new file mode 100644 --- /dev/null +++ b/debian/puma.examples @@@ -1,0 -1,0 +1,1 @@@ ++examples/* diff --cc debian/puma.lintian-overrides index 0000000,0000000..c5391ca new file mode 100644 --- /dev/null +++ b/debian/puma.lintian-overrides @@@ -1,0 -1,0 +1,2 @@@ ++# this is one of several sub-directories; no need to rename it ++repeated-path-segment puma usr/share/doc/puma/examples/puma/ diff --cc debian/puma.manpages index 0000000,0000000..c9bff2d new file mode 100644 --- /dev/null +++ b/debian/puma.manpages @@@ -1,0 -1,0 +1,3 @@@ ++debian/puma.1 ++debian/pumactl.1 ++ diff --cc debian/pumactl.1 index 0000000,0000000..67e70d6 new file mode 100644 --- /dev/null +++ b/debian/pumactl.1 @@@ -1,0 -1,0 +1,99 @@@ ++.TH PUMA "1" "January 2020" "PUMA 3.12" "User Commands" ++ ++.SH NAME ++pumactl \- command line client for puma ++ ++.SH USAGE ++.B pumactl [options...] [commands] ++.PP ++.B pumactl [\-h | \-\-help | \-V | \-\-version] ++ ++.SH COMMANDS ++.TP ++.B halt ++Halt the server. ++.TP ++.B restart ++Restart the server. ++.TP ++.B phased-restart ++Restart server but phase out old workers while starting new workers one at a ++time. ++.TP ++.B start ++Start the server. ++.TP ++.B stats ++Show stats about the server. ++.TP ++.B status ++Show server status. ++.TP ++.B stop ++Stop server. ++.TP ++.B reload-worker-directory ++Reload the worker directory. ++.TP ++.B gc ++Start garbage collector. ++.TP ++.B gc-stats ++Show information about garbage collector. ++ ++.SH OPTIONS ++.PP ++The following options are available: ++.TP ++.BI "\-F, \-\-config\-file " PATH ++Load given path as a config file. ++.TP ++.BI "\-T, \-\-control\-token " TOKEN ++The \fITOKEN\fR to use as authentication for the control server. ++.TP ++.BI "\-C, \-\-control\-url " URL ++The bind \fIURL\fR to use for the control server and app. Use \fIauto\fR to ++use a temp unix server. This requires to use a \fB\-\-control\-token\fR, which ++needs to be given with every request to the control server (\fItoken=foo\fR). ++.TP ++.BI "\-p, \-\-pid " PID ++Define the TCP port to bind to. Use \fB\-b\fR for more advanced options. ++.TP ++.BI "\-P, \-\-pidfile " PATH ++Use the given path as PID file. ++.TP ++.B \-Q, \-\-quiet ++Don't display messages. ++.TP ++.BI "\-S, \-\-state " PATH ++Where the state file is. ++.TP ++.B \-H, \-\-help ++Show help. ++.TP ++.B \-V, \-\-version ++Print the version information. ++ ++.SH EXAMPLES ++Create a control server and use ++.BR pumactl (1) ++to interact with the control server to restart \fBpuma\fR. ++.RS ++.B puma --control-url tcp://127.0.0.1:9293 --control-token foo ++.br ++.B pumactl --control-url 'tcp://127.0.0.1:9293' --control-token foo restart ++.RE ++.PP ++ ++.SH "SEE ALSO" ++.PP ++.BR puma (1) ++.PP ++There is extensive documentation at <\%https://puma.io/puma/\%> and ++<\%https://github.com/puma/puma\%>. ++ ++.SH AUTHOR ++.PP ++This manual page was written by \fBDaniel Leidert\fP ++<\%dleidert@debian\.org\%>, for the Debian GNU/Linux system (but may be used by ++others). diff --cc debian/ruby-tests.rake index 0000000,0000000..412b8da new file mode 100644 --- /dev/null +++ b/debian/ruby-tests.rake @@@ -1,0 -1,0 +1,30 @@@ ++require 'gem2deb/rake/testtask' ++ ++Gem2Deb::Rake::TestTask.new do |t| ++ t.libs = ['test'] ++ if ENV['AUTOPKGTEST_TEST_PUMA_SERVER_SSL'] ++ ENV['OPENSSL_CONF'] = '' # https://github.com/puma/puma/issues/2147 ++ t.test_files = FileList['test/test_*_ssl.rb'] ++ else ++ t.test_files = FileList['test/**/*_test.rb'] + FileList['test/**/test_*.rb'] - FileList[ ++ 'test/test_*ssl.rb', ++ 'test/test_integration_systemd.rb', ++ 'test/test_integration_cluster.rb', ++ 'test/test_integration_pumactl.rb', ++ 'test/test_worker_gem_independence.rb', ++ 'test/test_preserve_bundler_env.rb', ++ 'test/test_request_invalid.rb', ++ 'test/test_busy_worker.rb', ++ ] ++ end ++ t.verbose = true ++end.tap do |t| ++ exclude = %w[ ++ test_application_logs_are_flushed_on_write ++ test_hot_restart_does_not_drop_connections ++ test_logs_all_localhost_bindings ++ test_multiple_requests_waiting_on_less_busy_worker ++ test_term_not_accepts_new_connections ++ ] ++ t.options << ' ' << "-e'/" << exclude.join('|') << "/'" ++end diff --cc debian/rules index 0000000,0000000..fef8de6 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,12 @@@ ++#!/usr/bin/make -f ++ ++export GEM2DEB_TEST_RUNNER = --check-dependencies ++export DH_RUBY = --gem-install ++export DH_RUBY_GEM_INSTALL_EXCLUDE = benchmarks/* docs/* win_gem_test/* tools/* bin/puma-wild ++export LANG = C.UTF-8 ++ ++%: ++ dh $@ --buildsystem=ruby --with ruby ++ ++override_dh_installchangelogs: ++ dh_installchangelogs History.md diff --cc debian/salsa-ci.yml index 0000000,0000000..33c3a64 new file mode 100644 --- /dev/null +++ b/debian/salsa-ci.yml @@@ -1,0 -1,0 +1,4 @@@ ++--- ++include: ++ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml ++ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/source/lintian-overrides index 0000000,0000000..362d49e new file mode 100644 --- /dev/null +++ b/debian/source/lintian-overrides @@@ -1,0 -1,0 +1,2 @@@ ++# no signed tarballs by upstream ++puma source: debian-watch-does-not-check-gpg-signature diff --cc debian/tests/control index 0000000,0000000..e4c5aad new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,4 @@@ ++Test-Command: export AUTOPKGTEST_TEST_PUMA_SERVER_SSL=1 && gem2deb-test-runner --check-dependencies --autopkgtest ++Depends: @, @builddeps@ ++Restrictions: allow-stderr ++Features: test-name=ssl diff --cc debian/upstream/metadata index 0000000,0000000..5d1f0b9 new file mode 100644 --- /dev/null +++ b/debian/upstream/metadata @@@ -1,0 -1,0 +1,7 @@@ ++--- ++Archive: GitHub ++Bug-Database: https://github.com/puma/puma/issues ++Bug-Submit: https://github.com/puma/puma/issues ++Changelog: https://github.com/puma/puma/tags ++Repository: https://github.com/puma/puma.git ++Repository-Browse: https://github.com/puma/puma diff --cc debian/watch index 0000000,0000000..5ce4047 new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,5 @@@ ++version=4 ++opts="searchmode=plain, \ ++ filenamemangle=s/.+\/v@ANY_VERSION@/@PACKAGE@-$1\.tar\.gz/" \ ++https://api.github.com/repos/puma/puma/releases \ ++https://api.github.com/repos/puma/puma/tarball/v@ANY_VERSION@