From bbae1b28e6f6f265c6f89dda34c24ae2e192d064 Mon Sep 17 00:00:00 2001 From: Abhijith PA Date: Wed, 29 Jan 2025 07:26:33 +0530 Subject: [PATCH] Import puma_5.6.5-3+deb12u1.debian.tar.xz [dgit import tarball puma 5.6.5-3+deb12u1 puma_5.6.5-3+deb12u1.debian.tar.xz] --- README.source | 14 + changelog | 300 ++++++++++++++++++ clean | 1 + control | 30 ++ copyright | 41 +++ gbp.conf | 3 + .../0004-puma.gemspec-drop-git-usage.patch | 21 ++ .../0011-disable-minitest-extensions.patch | 39 +++ patches/0012-disable-cli-ssl-tests.patch | 21 ++ ...est-term-not-accepts-new-connections.patch | 20 ++ .../0014-disable-test-failing-on-amd64.patch | 14 + patches/CVE-2023-40175.patch | 143 +++++++++ patches/CVE-2024-21647.patch | 93 ++++++ patches/CVE-2024-45614.patch | 195 ++++++++++++ patches/series | 8 + puma.1 | 165 ++++++++++ puma.docs | 1 + puma.examples | 1 + puma.lintian-overrides | 2 + puma.manpages | 3 + pumactl.1 | 99 ++++++ ruby-tests.rake | 30 ++ rules | 12 + salsa-ci.yml | 4 + source/format | 1 + source/lintian-overrides | 2 + tests/control | 4 + upstream/metadata | 7 + watch | 5 + 29 files changed, 1279 insertions(+) create mode 100644 README.source create mode 100644 changelog create mode 100644 clean create mode 100644 control create mode 100644 copyright create mode 100644 gbp.conf create mode 100644 patches/0004-puma.gemspec-drop-git-usage.patch create mode 100644 patches/0011-disable-minitest-extensions.patch create mode 100644 patches/0012-disable-cli-ssl-tests.patch create mode 100644 patches/0013-fix-test-term-not-accepts-new-connections.patch create mode 100644 patches/0014-disable-test-failing-on-amd64.patch create mode 100644 patches/CVE-2023-40175.patch create mode 100644 patches/CVE-2024-21647.patch create mode 100644 patches/CVE-2024-45614.patch create mode 100644 patches/series create mode 100644 puma.1 create mode 100644 puma.docs create mode 100644 puma.examples create mode 100644 puma.lintian-overrides create mode 100644 puma.manpages create mode 100644 pumactl.1 create mode 100644 ruby-tests.rake create mode 100755 rules create mode 100644 salsa-ci.yml create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100644 tests/control create mode 100644 upstream/metadata create mode 100644 watch diff --git a/README.source b/README.source new file mode 100644 index 0000000..620cda3 --- /dev/null +++ b/README.source @@ -0,0 +1,14 @@ +puma (4.3.1-1) + + Several tests have been disabled by default: + + - test/test_puma_server_ssl.rb has been disabled because all tests fail + randomly. However these tests have never been performed in puma 3.x and + they also work randomly. So until someone can look into them and fix them, + we decided to not run them (see also #921931). + + - test_control_for_ssl (test/test_cli.rb) and + test_control_ssl (test/test_pumactl.rb) show similar issues and don't seem + to imply that the package fails to work. So they have been disabled too. + + -- Daniel Leidert Wed, 05 Feb 2020 23:51:51 +0100 diff --git a/changelog b/changelog new file mode 100644 index 0000000..bcafd37 --- /dev/null +++ b/changelog @@ -0,0 +1,300 @@ +puma (5.6.5-3+deb12u1) bookworm; urgency=medium + + * Team upload + * d/patches/ + + CVE-2023-40175.patch: Fix CVE-2023-40175, incorrect behavior when + parsing chunked transfer encoding bodies and zero-length + Content-Length headers in a way that allowed HTTP request + smuggling. (Closes: #1050079) + + + CVE-2024-21647.patch: Fix CVE-2024-21647 by limiting the size of + chunk extensions. (Closes: #1060345) + + + CVE-2024-45614.patch: Fix CVE-2024-45614, clients could clobber + values set by intermediate proxies (such as X-Forwarded-For) by + providing a underscore version of the same header. + (Closes: #1082379) + + -- Abhijith PA Wed, 29 Jan 2025 07:26:33 +0530 + +puma (5.6.5-3) unstable; urgency=medium + + * Team upload. + * d/control (Vcs-Git): Fix URL. + + -- Daniel Leidert Thu, 09 Feb 2023 16:24:05 +0100 + +puma (5.6.5-2) unstable; urgency=medium + + * debian/ruby-tests.rake: skip test that fails often (Closes: #1006022) + * debian/ruby-tests.rake: exclude tests that fail often but not always + + -- Antonio Terceiro Wed, 02 Nov 2022 09:26:37 -0300 + +puma (5.6.5-1) unstable; urgency=medium + + * Update watch file for github.com pattern change + * New upstream version 5.6.5 + * Refresh patches + * Bump Standards-Version to 4.6.1 (no changes needed) + + -- Pirate Praveen Sun, 16 Oct 2022 22:44:46 +0530 + +puma (5.6.4-1) unstable; urgency=medium + + * New upstream version 5.6.4 + * Refresh patches + * Disable some tests that fail with + NameError: uninitialized constant Puma::LogWriter + * Remove tmp/restart.txt in clean + + -- Pirate Praveen Mon, 04 Apr 2022 13:24:10 +0530 + +puma (5.5.2-2) unstable; urgency=medium + + * Team upload + * debian/rules: force an UTF-8 locale + * debian/ruby-tests.rake: wrap lines + * debian/ruby-tests.rake: run all ssl tests on autopkgtest only + * debian/test/control: give ssl test a name + + -- Antonio Terceiro Tue, 02 Nov 2021 16:35:12 -0300 + +puma (5.5.2-1) unstable; urgency=medium + + * Team upload + * New upstream version 5.5.2 + - Builds and tests fine again (Closes: #998295) + * Add build-dependency on ruby-localhost + * debian/rules: exclude several unnecessary files from installation + + -- Antonio Terceiro Tue, 02 Nov 2021 14:39:10 -0300 + +puma (5.3.2-3) unstable; urgency=medium + + * Use --gem-install layout option of dh-ruby + + -- Pirate Praveen Tue, 12 Oct 2021 02:24:33 +0530 + +puma (5.3.2-2) unstable; urgency=medium + + * Reupload to unstable + * Bump Standards-Version to 4.6.0 (no changes needed) + * Bump debhelper compatibility level to 13 + + -- Pirate Praveen Mon, 11 Oct 2021 03:17:23 +0530 + +puma (5.3.2-1) experimental; urgency=medium + + * New upstream version 5.3.2 (Closes: #989054) (Fixes: CVE-2021-29509) + * Refresh patches + + -- Pirate Praveen Fri, 28 May 2021 22:34:53 +0530 + +puma (4.3.8-1) unstable; urgency=medium + + * New upstream version 4.3.8 (Closes: #989054) (Fixes: CVE-2021-29509) + + -- Pirate Praveen Wed, 26 May 2021 10:24:19 +0530 + +puma (5.2.2-2) experimental; urgency=medium + + * Disable test that failied on amd64 buildd + + -- Pirate Praveen Mon, 08 Mar 2021 23:03:52 +0530 + +puma (5.2.2-1) experimental; urgency=medium + + * New upstream version 5.2.2 + * Bump Standards-Version to 4.5.1 (no changes needed) + * Refresh patches for new upstream release + * Add ruby-minitest-stub-const as build dependency + * Disable failing tests + + -- Pirate Praveen Sun, 07 Mar 2021 21:03:52 +0530 + +puma (4.3.6-1) unstable; urgency=medium + + * Team upload. + * New upstream version. + - Fixes CVE-2020-11076 and CVE-2020-11077 (closes: #972102). + * d/copyright: Minor update. + * d/puma.lintian-overrides: Add package override. + * d/ruby-tests.rake: Add logic to run SSL test. + * d/patches/*.patch: Add missing headers and refresh. + * d/source/lintian-overrides: Add source override. + * d/tests/control: Set environment variable to run the SSL tests separately + (similar to the solution used in the jekyll package). + * d/tests/test-puma-server-ssl*: Removed. + + -- Daniel Leidert Thu, 15 Oct 2020 20:57:29 +0200 + +puma (4.3.3-3) unstable; urgency=medium + + * Include patch from gitlab to improve performance + + -- Pirate Praveen Tue, 18 Aug 2020 00:15:20 +0530 + +puma (4.3.3-2) unstable; urgency=medium + + [ Daniel Leidert ] + * debian/tests/test_puma_server_ssl, + debian/tests/test_puma_server_ssl.rake: Run test/test_puma_server_ssl.rb + in an openssl enviroment not using the Debian defaults. + * debian/tests/control: Add new test. + + [ Debian Janitor ] + * Set field Upstream-Contact in debian/copyright. + * Remove obsolete fields Contact, Name from debian/upstream/metadata + (already present in machine-readable debian/copyright). + + [ Pirate Praveen ] + * Remove debian-branch option from debian/gbp.conf + * Reupload to unstable + + -- Pirate Praveen Mon, 03 Aug 2020 15:37:16 +0530 + +puma (4.3.3-1) experimental; urgency=medium + + * Team upload. + * New upstream release. + - Fixes CVE-2020-5247 (closes: #952766). + - Fixes CVE-2020-5249 (closes: #953122). + * d/control (Section): Change to web. + (Vcs-Git): Indicate branch name via -b debian/experimental. + (Homepage): Use secure URL. + (Depends): Use ${ruby:Depends}. + * d/copyright (Source): Use secure URL. + * d/rules: Add override to install upstream changelog. + * d/watch: Use package name for tarball. + + -- Daniel Leidert Thu, 05 Mar 2020 01:34:17 +0100 + +puma (4.3.1-1) experimental; urgency=medium + + * Team upload. + * New upstream release + - Fixes CVE-2019-16770 Keepalive thread overload/DoS (closes: #946312). + * d/control (Rules-Requires-Root): Set to binary-targets. + (Build-Depends, Depends): Add ruby-nio4r. + (Build-Depends): Add curl for test/test_integration_single.rb. + * d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb. + * d/README.source: Add to explain tests which have been disabled. + * d/patches/0004-puma.gemspec-drop-git-usage.patch: Refresh patch. + * d/patches/0011-disable-minitest-extensions.patch: Add patch. + - Disable unavailable minitest extensions (retry and proveit). + * d/patches/0012-disable-cli-ssl-tests.patch: Add patch. + - Disable CLI SSL tests. + * d/patches/0013-fix-test-term-not-accepts-new-connections.patch: Add. + - Fix test_term_not_accepts_new_connections to be locale independent. + * d/patches/0002-test_integration-disable-test-that-fails-randomly.patch, + d/patches/0003-test_cli-disable-test-that-rails-randomly.patch, + d/patches/0005-test_puma_server-disable-test-that-fails-randomly.patch, + d/patches/0006-test-helper.rb-drop-bundler-usage.patch, + d/patches/0007-test-test_cli.rb-disable-test-that-fails-randomly.patch, + d/patches/0008-fix-ssl-tests.patch, + d/patches/0009-disable-tests-failing-in-single-cpu.patch, + d/patches/0010-fix-cluster-exit-for-ruby27.patch: Remove obsolete patches. + * d/patches/series: Adjust. + + -- Daniel Leidert Thu, 06 Feb 2020 11:45:11 +0100 + +puma (3.12.4-1) unstable; urgency=medium + + * Team upload. + * New upstream release. + - Fixes CVE-2020-5247 (closes: #952766). + - Fixes CVE-2020-5249 (closes: #953122). + * d/control (Section): Changed to web. + (Homepage): Use secure URL. + (Depends): Add ${ruby:Depends}. + * d/copyright (Source): Use secure URL. + * d/ruby-tests.rake: Disable test/test_puma_server_ssl.rb for the moment. + These tests fail due to openssl being configured to use SECLEVEL2 + (https://github.com/puma/puma/issues/2147). + * d/rules: Add override to install upstream changelog. + * d/watch: Rename downloaded tarball to include package name. + * d/patches/0008-fix-ssl-tests.patch: Remove patch. Applied upstream. + * d/patches/CVE-2019-16770.patch: Ditto. + * d/patches/*.patch: Refresh patches. + * d/patches/series: Adjust. + + -- Daniel Leidert Wed, 04 Mar 2020 23:09:16 +0100 + +puma (3.12.0-4) unstable; urgency=medium + + * Team upload. + * d/control (Rules-Requires-Root): Set to binary-targets. + * d/patches/0011-disable-minitest-extensions.patch: Add patch. + - Disable unavailable minitest retry extension. + * d/patches/CVE-2019-16770.patch: Add patch. + - Backport fix for CVE-2019-16770 from upstream (closes: #946312). + * d/patches/series: Add patch. + + -- Daniel Leidert Thu, 06 Feb 2020 12:54:59 +0100 + +puma (3.12.0-3) unstable; urgency=medium + + * Team upload. + * d/compat: Remove obsolete file. + * d/control: Add Rules-Requires-Root field. + (Build-Depends): Use debhelper-compat. + (Standards-Version): Bump to 4.5.0. + (Depends): Drop ruby-interpreter. + * d/copyright (Format): Fix insecure-copyright-format-uri and add myself. + * d/puma.1, d/pumactl.1: Add manual pages. + * d/puma.manpages: Install manual pages. + * d/ruby-tests.rake: Set verbose mode. + * d/patches/0010-fix-cluster-exit-for-ruby27.patch: Add patch. + - Fix hang with Ruby >= 2.6 when shutting down workers. + * d/patches/series: Enable new patch. + * d/upstream/metadata: Add metadata. + * d/upstream/metadata: Add metadata. + + -- Daniel Leidert Wed, 05 Feb 2020 18:20:58 +0100 + +puma (3.12.0-2) unstable; urgency=medium + + * Disable tests failing in single cpu (Closes: #921931) + + -- Pirate Praveen Sun, 10 Feb 2019 18:56:47 +0530 + +puma (3.12.0-1) unstable; urgency=medium + + [ Balint Reczey ] + * New upstream version 3.12.0 + * Refresh patches + + [ Pirate Praveen ] + * Fix OpenSSL 1.1.1 test failures with upstream patch (Closes: #900156) + * Bump Standards-Version to 4.3.0 (no changes needed) + * Add myself to uploaders + + -- Pirate Praveen Sun, 10 Feb 2019 10:56:59 +0530 + +puma (3.11.3-1) unstable; urgency=medium + + * Team upload + * Remove myself from Uploaders: + * New upstream version 3.11.3 + * Build against libssl-dev instead of libssl1.0-dev (Closes: #859542) + * Refresh packaging files with `dh-make-ruby -wo .` + * Bump debhelper compat to 11 + * Change Vcs-* to point to salsa.debian.org + * Use standard debian/ruby-tests.rake + * drop build-dependency on ruby-hoe + * Refresh patches + * New patches: + - 0006-test-helper.rb-drop-bundler-usage.patch + - 0007-test-test_cli.rb-disable-test-that-fails-randomly.patch + * Replace 0001-test_puma_server_ssl-update-for-newer-versions-of-Op.patch + with 0001-test_puma_server_ssl-disable-test-that-takes-too-lon.patch + + + -- Antonio Terceiro Wed, 28 Mar 2018 18:53:22 -0300 + +puma (3.6.0-1) unstable; urgency=medium + + * Initial release (Closes: #720336) + + -- Antonio Terceiro Thu, 10 Nov 2016 16:47:06 -0200 diff --git a/clean b/clean new file mode 100644 index 0000000..4535125 --- /dev/null +++ b/clean @@ -0,0 +1 @@ +tmp/restart.txt diff --git a/control b/control new file mode 100644 index 0000000..84a0183 --- /dev/null +++ b/control @@ -0,0 +1,30 @@ +Source: puma +Section: web +Priority: optional +Maintainer: Debian Ruby Team +Uploaders: Pirate Praveen +Build-Depends: curl, + debhelper-compat (= 13), + gem2deb (>= 1.6), + libssl-dev, + rake, + ruby-localhost, + ruby-nio4r (>= 2), + ruby-rack (<< 3), + ruby-minitest-stub-const +Standards-Version: 4.6.1 +Vcs-Git: https://salsa.debian.org/ruby-team/puma.git +Vcs-Browser: https://salsa.debian.org/ruby-team/puma +Homepage: https://puma.io +Testsuite: autopkgtest-pkg-ruby +XS-Ruby-Versions: all +Rules-Requires-Root: binary-targets + +Package: puma +Architecture: any +XB-Ruby-Versions: ${ruby:Versions} +Depends: ruby, ${misc:Depends}, ${ruby:Depends}, ${shlibs:Depends} +Description: threaded HTTP 1.1 server for Ruby/Rack applications + Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for + Ruby/Rack applications. Puma is intended for use in both development and + production environments. diff --git a/copyright b/copyright new file mode 100644 index 0000000..32ce732 --- /dev/null +++ b/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: puma +Upstream-Contact: https://github.com/puma/puma/issues +Source: https://github.com/puma/puma + +Files: * +Copyright: 2005, Zed Shaw + 2011, Evan Phoenix +License: BSD-3-clause + +Files: debian/* +Copyright: 2016 Antonio Terceiro + 2020 Daniel Leidert +License: BSD-3-clause +Comment: The Debian packaging is licensed under the same terms as the source. + +License: BSD-3-clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the Evan Phoenix nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..51fd1ac --- /dev/null +++ b/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = true +verbose = true diff --git a/patches/0004-puma.gemspec-drop-git-usage.patch b/patches/0004-puma.gemspec-drop-git-usage.patch new file mode 100644 index 0000000..d5f0d7c --- /dev/null +++ b/patches/0004-puma.gemspec-drop-git-usage.patch @@ -0,0 +1,21 @@ +From: Antonio Terceiro +Date: Wed, 5 Feb 2020 21:36:05 +0100 +Subject: Drop git usage from gemspec + +Forwarded: not-needed +--- + puma.gemspec | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/puma.gemspec ++++ b/puma.gemspec +@@ -13,8 +13,7 @@ + if RbConfig::CONFIG['ruby_version'] >= '2.5' + s.metadata["msys2_mingw_dependencies"] = "openssl" + end +- s.files = `git ls-files -- bin docs ext lib tools`.split("\n") + +- %w[History.md LICENSE README.md] ++ s.files = Dir.glob('**/*').reject { |f| f =~ /^debian\//} + s.homepage = "https://puma.io" + + if s.respond_to?(:metadata=) diff --git a/patches/0011-disable-minitest-extensions.patch b/patches/0011-disable-minitest-extensions.patch new file mode 100644 index 0000000..6548af7 --- /dev/null +++ b/patches/0011-disable-minitest-extensions.patch @@ -0,0 +1,39 @@ +From: Daniel Leidert +Date: Wed, 5 Feb 2020 22:20:42 +0100 +Subject: Disable unavailable minitest extensions + +Forwarded: not-needed +--- + test/helper.rb | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/test/helper.rb ++++ b/test/helper.rb +@@ -14,7 +14,6 @@ + require_relative "minitest/verbose" + require "minitest/autorun" + require "minitest/pride" +-require "minitest/proveit" + require "minitest/stub_const" + require "net/http" + require_relative "helpers/apps" +@@ -102,10 +101,6 @@ + end + + Minitest::Test.prepend TimeoutEveryTestCase +-if ENV['CI'] +- require 'minitest/retry' +- Minitest::Retry.use! +-end + + module TestSkips + +@@ -178,7 +173,7 @@ + REPO_NAME = ENV['GITHUB_REPOSITORY'] ? ENV['GITHUB_REPOSITORY'][/[^\/]+\z/] : 'puma' + + def self.run(reporter, options = {}) # :nodoc: +- prove_it! ++ #prove_it! + super + end + diff --git a/patches/0012-disable-cli-ssl-tests.patch b/patches/0012-disable-cli-ssl-tests.patch new file mode 100644 index 0000000..1be1cd9 --- /dev/null +++ b/patches/0012-disable-cli-ssl-tests.patch @@ -0,0 +1,21 @@ +From: Daniel Leidert +Date: Wed, 5 Feb 2020 23:18:37 +0100 +Subject: Disable cli ssl tests + +Forwarded: not-needed +--- + test/test_cli.rb | 2 +- + test/test_pumactl.rb | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/test/test_pumactl.rb ++++ b/test/test_pumactl.rb +@@ -223,7 +223,7 @@ + refute_includes log, 'send_request' + end + +- def test_control_ssl ++ def __test_control_ssl + skip_unless :ssl + + host = "127.0.0.1" diff --git a/patches/0013-fix-test-term-not-accepts-new-connections.patch b/patches/0013-fix-test-term-not-accepts-new-connections.patch new file mode 100644 index 0000000..9dae6b6 --- /dev/null +++ b/patches/0013-fix-test-term-not-accepts-new-connections.patch @@ -0,0 +1,20 @@ +From: Daniel Leidert +Date: Thu, 6 Feb 2020 11:24:24 +0100 +Subject: Fix test to read output locale independent + +The test fails if run in a non-English environment. +--- + test/test_integration_single.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/test/test_integration_single.rb ++++ b/test/test_integration_single.rb +@@ -76,7 +76,7 @@ + true while @server.gets !~ /Gracefully stopping/ # wait for server to begin graceful shutdown + + # Invoke a request which must be rejected +- _stdin, _stdout, rejected_curl_stderr, rejected_curl_wait_thread = Open3.popen3("curl #{HOST}:#{@tcp_port}") ++ _stdin, _stdout, rejected_curl_stderr, rejected_curl_wait_thread = Open3.popen3({ "LC_ALL" => "C" }, "curl http://#{HOST}:#{@tcp_port}") + + assert nil != Process.getpgid(@server.pid) # ensure server is still running + assert nil != Process.getpgid(curl_wait_thread[:pid]) # ensure first curl invocation still in progress diff --git a/patches/0014-disable-test-failing-on-amd64.patch b/patches/0014-disable-test-failing-on-amd64.patch new file mode 100644 index 0000000..196e878 --- /dev/null +++ b/patches/0014-disable-test-failing-on-amd64.patch @@ -0,0 +1,14 @@ +This test failed on amd64 buildd +https://buildd.debian.org/status/fetch.php?pkg=puma&arch=amd64&ver=5.2.2-1&stamp=1615133735&raw=0 + +--- a/test/test_puma_server.rb ++++ b/test/test_puma_server.rb +@@ -1294,7 +1294,7 @@ + end + end + +- def test_command_ignored_before_run ++ def __test_command_ignored_before_run + @server.stop # ignored + @server.run + @server.halt diff --git a/patches/CVE-2023-40175.patch b/patches/CVE-2023-40175.patch new file mode 100644 index 0000000..be9cff8 --- /dev/null +++ b/patches/CVE-2023-40175.patch @@ -0,0 +1,143 @@ +From 7405a219801dcebc0ad6e0aa108d4319ca23f662 Mon Sep 17 00:00:00 2001 +From: Nate Berkopec +Date: Fri, 18 Aug 2023 09:47:23 +0900 +Subject: [PATCH] Merge pull request from GHSA-68xg-gqqm-vgj8 + +* Reject empty string for Content-Length + +* Ignore trailers in last chunk + +* test_puma_server.rb - use heredoc, test_cl_and_te_smuggle + +* client.rb - stye/RubyCop + +* test_puma_server.rb - indented heredoc rubocop disable + +* Dentarg comments + +* Remove unused variable + +--------- + +Co-authored-by: MSP-Greg +--- + lib/puma/client.rb | 23 ++++++++++++++-------- + test/test_puma_server.rb | 42 +++++++++++++++++++++++++++++++++++++++- + 2 files changed, 56 insertions(+), 9 deletions(-) + +diff --git a/lib/puma/client.rb b/lib/puma/client.rb +index e966f995e8..9c11912caa 100644 +--- a/lib/puma/client.rb ++++ b/lib/puma/client.rb +@@ -45,7 +45,8 @@ class Client + + # chunked body validation + CHUNK_SIZE_INVALID = /[^\h]/.freeze +- CHUNK_VALID_ENDING = "\r\n".freeze ++ CHUNK_VALID_ENDING = Const::LINE_END ++ CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize + + # Content-Length header value validation + CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze +@@ -347,8 +348,8 @@ def setup_body + cl = @env[CONTENT_LENGTH] + + if cl +- # cannot contain characters that are not \d +- if cl =~ CONTENT_LENGTH_VALUE_INVALID ++ # cannot contain characters that are not \d, or be empty ++ if cl =~ CONTENT_LENGTH_VALUE_INVALID || cl.empty? + raise HttpParserError, "Invalid Content-Length: #{cl.inspect}" + end + else +@@ -509,7 +510,7 @@ def decode_chunk(chunk) + + while !io.eof? + line = io.gets +- if line.end_with?("\r\n") ++ if line.end_with?(CHUNK_VALID_ENDING) + # Puma doesn't process chunk extensions, but should parse if they're + # present, which is the reason for the semicolon regex + chunk_hex = line.strip[/\A[^;]+/] +@@ -521,13 +522,19 @@ def decode_chunk(chunk) + @in_last_chunk = true + @body.rewind + rest = io.read +- last_crlf_size = "\r\n".bytesize +- if rest.bytesize < last_crlf_size ++ if rest.bytesize < CHUNK_VALID_ENDING_SIZE + @buffer = nil +- @partial_part_left = last_crlf_size - rest.bytesize ++ @partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize + return false + else +- @buffer = rest[last_crlf_size..-1] ++ # if the next character is a CRLF, set buffer to everything after that CRLF ++ start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING) ++ CHUNK_VALID_ENDING_SIZE ++ else # we have started a trailer section, which we do not support. skip it! ++ rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2 ++ end ++ ++ @buffer = rest[start_of_rest..-1] + @buffer = nil if @buffer.empty? + set_ready + return true +diff --git a/test/test_puma_server.rb b/test/test_puma_server.rb +index 298e44b439..2bfaf98848 100644 +--- a/test/test_puma_server.rb ++++ b/test/test_puma_server.rb +@@ -627,7 +627,7 @@ def test_large_chunked_request + [200, {}, [""]] + } + +- header = "GET / HTTP/1.1\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n" ++ header = "GET / HTTP/1.1\r\nConnection: close\r\nContent-Length: 200\r\nTransfer-Encoding: chunked\r\n\r\n" + + chunk_header_size = 6 # 4fb8\r\n + # Current implementation reads one chunk of CHUNK_SIZE, then more chunks of size 4096. +@@ -1365,4 +1365,44 @@ def test_rack_url_scheme_user + data = send_http_and_read "GET / HTTP/1.0\r\n\r\n" + assert_equal "user", data.split("\r\n").last + end ++ ++ def test_cl_empty_string ++ server_run do |env| ++ [200, {}, [""]] ++ end ++ ++ empty_cl_request = "GET / HTTP/1.1\r\nHost: localhost\r\nContent-Length:\r\n\r\nGET / HTTP/1.1\r\nHost: localhost\r\n\r\n" ++ ++ data = send_http_and_read empty_cl_request ++ assert_operator data, :start_with?, 'HTTP/1.1 400 Bad Request' ++ end ++ ++ def test_crlf_trailer_smuggle ++ server_run do |env| ++ [200, {}, [""]] ++ end ++ ++ smuggled_payload = "GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\nHost: whatever\r\n\r\n0\r\nX:POST / HTTP/1.1\r\nHost: whatever\r\n\r\nGET / HTTP/1.1\r\nHost: whatever\r\n\r\n" ++ ++ data = send_http_and_read smuggled_payload ++ assert_equal 2, data.scan("HTTP/1.1 200 OK").size ++ end ++ ++ # test to check if content-length is ignored when 'transfer-encoding: chunked' ++ # is used. See also test_large_chunked_request ++ def test_cl_and_te_smuggle ++ body = nil ++ server_run { |env| ++ body = env['rack.input'].read ++ [200, {}, [""]] ++ } ++ ++ req = "POST /search HTTP/1.1\r\nHost: vulnerable-website.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n7b\r\nGET /404 HTTP/1.1\r\nHost: vulnerable-website.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 144\r\n\r\nx=\r\n0\r\n\r\n" ++ ++ data = send_http_and_read req ++ ++ assert_includes body, "GET /404 HTTP/1.1\r\n" ++ assert_includes body, "Content-Length: 144\r\n" ++ assert_equal 1, data.scan("HTTP/1.1 200 OK").size ++ end + end diff --git a/patches/CVE-2024-21647.patch b/patches/CVE-2024-21647.patch new file mode 100644 index 0000000..47e523e --- /dev/null +++ b/patches/CVE-2024-21647.patch @@ -0,0 +1,93 @@ +From bbb880ffb6debbfdea535b4b3eb2204d49ae151d Mon Sep 17 00:00:00 2001 +From: Nate Berkopec +Date: Mon, 8 Jan 2024 14:48:43 +0900 +Subject: [PATCH] Merge pull request from GHSA-c2f4-cvqm-65w2 + +Co-authored-by: MSP-Greg +Co-authored-by: Patrik Ragnarsson +Co-authored-by: Evan Phoenix +--- + lib/puma/client.rb | 27 +++++++++++++++++++++++++++ + test/test_puma_server.rb | 14 ++++++++++++++ + 2 files changed, 41 insertions(+) + +--- a/lib/puma/client.rb ++++ b/lib/puma/client.rb +@@ -48,6 +48,14 @@ module Puma + CHUNK_VALID_ENDING = Const::LINE_END + CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize + ++ # The maximum number of bytes we'll buffer looking for a valid ++ # chunk header. ++ MAX_CHUNK_HEADER_SIZE = 4096 ++ ++ # The maximum amount of excess data the client sends ++ # using chunk size extensions before we abort the connection. ++ MAX_CHUNK_EXCESS = 16 * 1024 ++ + # Content-Length header value validation + CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze + +@@ -460,6 +468,7 @@ module Puma + @chunked_body = true + @partial_part_left = 0 + @prev_chunk = "" ++ @excess_cr = 0 + + @body = Tempfile.new(Const::PUMA_TMP_BASE) + @body.unlink +@@ -541,6 +550,20 @@ module Puma + end + end + ++ # Track the excess as a function of the size of the ++ # header vs the size of the actual data. Excess can ++ # go negative (and is expected to) when the body is ++ # significant. ++ # The additional of chunk_hex.size and 2 compensates ++ # for a client sending 1 byte in a chunked body over ++ # a long period of time, making sure that that client ++ # isn't accidentally eventually punished. ++ @excess_cr += (line.size - len - chunk_hex.size - 2) ++ ++ if @excess_cr >= MAX_CHUNK_EXCESS ++ raise HttpParserError, "Maximum chunk excess detected" ++ end ++ + len += 2 + + part = io.read(len) +@@ -568,6 +591,10 @@ module Puma + @partial_part_left = len - part.size + end + else ++ if @prev_chunk.size + chunk.size >= MAX_CHUNK_HEADER_SIZE ++ raise HttpParserError, "maximum size of chunk header exceeded" ++ end ++ + @prev_chunk = line + return false + end +--- a/test/test_puma_server.rb ++++ b/test/test_puma_server.rb +@@ -648,6 +648,20 @@ EOF + end + end + ++ def test_large_chunked_request_header ++ server_run(environment: :production) { |env| ++ [200, {}, [""]] ++ } ++ ++ max_chunk_header_size = Puma::Client::MAX_CHUNK_HEADER_SIZE ++ header = "GET / HTTP/1.1\r\nConnection: close\r\nContent-Length: 200\r\nTransfer-Encoding: chunked\r\n\r\n" ++ socket = send_http "#{header}1;t#{'x' * (max_chunk_header_size + 2)}" ++ ++ data = socket.read ++ ++ assert_match "HTTP/1.1 400 Bad Request\r\n\r\n", data ++ end ++ + def test_chunked_request_pause_before_value + body = nil + content_length = nil diff --git a/patches/CVE-2024-45614.patch b/patches/CVE-2024-45614.patch new file mode 100644 index 0000000..b15eb82 --- /dev/null +++ b/patches/CVE-2024-45614.patch @@ -0,0 +1,195 @@ +From cac3fd18cf29ed43719ff5d52d9cfec215f0a043 Mon Sep 17 00:00:00 2001 +From: Evan Phoenix +Date: Wed, 18 Sep 2024 21:56:07 -0700 +Subject: [PATCH] Merge commit from fork + +* Prevent underscores from clobbering hyphen headers + +* Special case encoding headers to prevent app confusion + +* Handle _ as , in jruby as well + +* Silence RuboCop offense + +--------- + +Co-authored-by: Patrik Ragnarsson +--- + ext/puma_http11/org/jruby/puma/Http11.java | 2 + + lib/puma/const.rb | 8 +++ + lib/puma/request.rb | 19 ++++++-- + test/test_normalize.rb | 57 ++++++++++++++++++++++ + test/test_request_invalid.rb | 28 +++++++++++ + 5 files changed, 111 insertions(+), 3 deletions(-) + create mode 100644 test/test_normalize.rb + +--- a/ext/puma_http11/org/jruby/puma/Http11.java ++++ b/ext/puma_http11/org/jruby/puma/Http11.java +@@ -99,6 +99,8 @@ public class Http11 extends RubyObject { + int bite = b.get(i) & 0xFF; + if(bite == '-') { + b.set(i, (byte)'_'); ++ } else if(bite == '_') { ++ b.set(i, (byte)','); + } else { + b.set(i, (byte)Character.toUpperCase(bite)); + } +--- a/lib/puma/const.rb ++++ b/lib/puma/const.rb +@@ -244,6 +244,14 @@ module Puma + # header values can contain HTAB? + ILLEGAL_HEADER_VALUE_REGEX = /[\x00-\x08\x0A-\x1F]/.freeze + ++ # The keys of headers that should not be convert to underscore ++ # normalized versions. These headers are ignored at the request reading layer, ++ # but if we normalize them after reading, it's just confusing for the application. ++ UNMASKABLE_HEADERS = { ++ "HTTP_TRANSFER,ENCODING" => true, ++ "HTTP_CONTENT,LENGTH" => true, ++ } ++ + # Banned keys of response header + BANNED_HEADER_KEY = /\A(rack\.|status\z)/.freeze + +--- a/lib/puma/request.rb ++++ b/lib/puma/request.rb +@@ -318,6 +318,11 @@ module Puma + # compatibility, we'll convert them back. This code is written to + # avoid allocation in the common case (ie there are no headers + # with `,` in their names), that's why it has the extra conditionals. ++ # ++ # @note If a normalized version of a `,` header already exists, we ignore ++ # the `,` version. This prevents clobbering headers managed by proxies ++ # but not by clients (Like X-Forwarded-For). ++ # + # @param env [Hash] see Puma::Client#env, from request, modifies in place + # @version 5.0.3 + # +@@ -326,23 +331,30 @@ module Puma + to_add = nil + + env.each do |k,v| +- if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING" ++ if k.start_with?("HTTP_") and k.include?(",") and !UNMASKABLE_HEADERS.key?(k) + if to_delete + to_delete << k + else + to_delete = [k] + end + ++ new_k = k.tr(",", "_") ++ if env.key?(new_k) ++ next ++ end ++ + unless to_add + to_add = {} + end + +- to_add[k.tr(",", "_")] = v ++ to_add[new_k] = v + end + end + + if to_delete + to_delete.each { |k| env.delete(k) } ++ end ++ if to_add + env.merge! to_add + end + end +--- /dev/null ++++ b/test/test_normalize.rb +@@ -0,0 +1,57 @@ ++# frozen_string_literal: true ++ ++require_relative "helper" ++ ++require "puma/request" ++ ++class TestNormalize < Minitest::Test ++ parallelize_me! ++ ++ include Puma::Request ++ ++ def test_comma_headers ++ env = { ++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", ++ "HTTP_X_FORWARDED,FOR" => "2.2.2.2", ++ } ++ ++ req_env_post_parse env ++ ++ expected = { ++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", ++ } ++ ++ assert_equal expected, env ++ ++ # Test that the iteration order doesn't matter ++ ++ env = { ++ "HTTP_X_FORWARDED,FOR" => "2.2.2.2", ++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", ++ } ++ ++ req_env_post_parse env ++ ++ expected = { ++ "HTTP_X_FORWARDED_FOR" => "1.1.1.1", ++ } ++ ++ assert_equal expected, env ++ end ++ ++ def test_unmaskable_headers ++ env = { ++ "HTTP_CONTENT,LENGTH" => "100000", ++ "HTTP_TRANSFER,ENCODING" => "chunky" ++ } ++ ++ req_env_post_parse env ++ ++ expected = { ++ "HTTP_CONTENT,LENGTH" => "100000", ++ "HTTP_TRANSFER,ENCODING" => "chunky" ++ } ++ ++ assert_equal expected, env ++ end ++end +--- a/test/test_request_invalid.rb ++++ b/test/test_request_invalid.rb +@@ -216,4 +216,32 @@ class TestRequestInvalid < Minitest::Tes + + assert_status data + end ++ ++ def test_underscore_header_1 ++ hdrs = [ ++ "X-FORWARDED-FOR: 1.1.1.1", # proper ++ "X-FORWARDED-FOR: 2.2.2.2", # proper ++ "X_FORWARDED-FOR: 3.3.3.3", # invalid, contains underscore ++ "Content-Length: 5", ++ ].join "\r\n" ++ ++ response = send_http_and_read "#{GET_PREFIX}#{hdrs}\r\n\r\nHello\r\n\r\n" ++ ++ assert_includes response, "HTTP_X_FORWARDED_FOR = 1.1.1.1, 2.2.2.2" ++ refute_includes response, "3.3.3.3" ++ end ++ ++ def test_underscore_header_2 ++ hdrs = [ ++ "X_FORWARDED-FOR: 3.3.3.3", # invalid, contains underscore ++ "X-FORWARDED-FOR: 2.2.2.2", # proper ++ "X-FORWARDED-FOR: 1.1.1.1", # proper ++ "Content-Length: 5", ++ ].join "\r\n" ++ ++ response = send_http_and_read "#{GET_PREFIX}#{hdrs}\r\n\r\nHello\r\n\r\n" ++ ++ assert_includes response, "HTTP_X_FORWARDED_FOR = 2.2.2.2, 1.1.1.1" ++ refute_includes response, "3.3.3.3" ++ end + end diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..ae16f81 --- /dev/null +++ b/patches/series @@ -0,0 +1,8 @@ +0004-puma.gemspec-drop-git-usage.patch +0011-disable-minitest-extensions.patch +0012-disable-cli-ssl-tests.patch +0013-fix-test-term-not-accepts-new-connections.patch +0014-disable-test-failing-on-amd64.patch +CVE-2023-40175.patch +CVE-2024-21647.patch +CVE-2024-45614.patch diff --git a/puma.1 b/puma.1 new file mode 100644 index 0000000..47a94c3 --- /dev/null +++ b/puma.1 @@ -0,0 +1,165 @@ +.TH PUMA "1" "January 2020" "PUMA 3.12" "User Commands" + +.SH NAME +puma \- fast, concurrent web server for ruby and rack + +.SH USAGE +.BI "puma [options...]" " [rackup file]" +.PP +.B puma [\-h | \-\-help | \-V | \-\-version] + +.SH OPTIONS +.PP +The following options are available: +.TP +.BI "\-b, \-\-bind " URI +URI to bind to (tcp://, unix://, ssl://). +.TP +.BI "\-C, \-\-config " PATH +Load given path as a config file. +.TP +.BI "\-\-control " URL +DEPRECATED alias for \fB\-\-control\-url\fR. +.TP +.BI "\-\-control\-token " TOKEN +The \fITOKEN\fR to use as authentication for the control server. +.TP +.BI "\-\-control\-url " URL +The bind \fIURL\fR to use for the control server and app. Use \fIauto\fR to +use a temp unix server. This requires to use a \fB\-\-control\-token\fR, which +needs to be given with every request to the control server (\fItoken=foo\fR). +.TP +.B \-d, \-\-daemon +Demonize the server into the background. +.TP +.B \-\-debug +Show low level debugging information. +.TP +.BI "\-\-dir " DIR +Change to given directory before starting. +.TP +.BI "\-e, \-\-environment " ENVIRONMENT +The environment to run the Rack app on. Default \fIdevelopment\fR. +.TP +.BI "\-I, \-\-include " PATH +Specify \fB$LOAD_PATH\fR directories. +.TP +.BI "\-p, \-\-port " PORT +Define the TCP port to bind to. Use \fB\-b\fR for more advanced options. +.TP +.BI "\-\-pidfile " PATH +Use the given path as PID file. +.TP +.B \-\-preload +Preload the application. This loads all the application code prior to forking. +Preloading reduces total memory usage of an application and is only available +in cluster mode. +.TP +.B \-\-prune\-bundler +Prune out the bundler env if possible. +.TP +.B \-q, \-\-quiet +Do not log requests internally. Default: \fItrue\fR. +.TP +.B \-v, \-\-log-requests +Log requests as they occur. +.TP +.BI "\-R, \-\-restart\-cmd " CMD +The \fBpuma\fR command to run during a hot restart. Default: \fIinferred\fR. +.TP +.BI "\-S, \-\-state " PATH +Where to store the state details. +.TP +.BI "\-t, \-\-threads " INT +Min:max threads to use. Puma will automatically scale the number of threads, +from the minimum until it caps out at the maximum, based on how much traffic +is present. Default: \fI0:16\fR. +.TP +.B \-\-tcp\-mode +Run the app in raw TCP mode instead of HTTP mode. +.TP +.B \-\-early-hints +Enable early hints support. +.TP +.BI "\-w, \-\-workers " COUNT +Activate cluster mode and define number of worker processes to create. In this +mode workers are forked from a master process. Each child process still has +its own thread pool and the \fB\-t\fR setting is per worker. +.TP +.BI "\-\-tag " NAME +Additional text to display in process listing. +.TP +.BI "\-\-redirect\-stdout " FILE +Redirect \fBSTDOUT\fR to a specific file. +.TP +.BI "\-\-redirect\-stderr " FILE +Redirect \fBSTDERR\fR to a specific file. +.TP +.B \-\-[no\-]redirect\-append +Append to redirected files. +.TP +.B \-h, \-\-help +Show help. +.TP +.B \-V, \-\-version +Print the version information. + +.SH EXAMPLES +.PP +The following examples show how to bind TCP or sockets: +.PP +Bind Puma to a socket with the -b (or --bind) flag: +.RS +.B puma -b tcp://127.0.0.1:9292 +.RE +.PP +To use a UNIX Socket instead of TCP: +.RS +.B puma -b unix:///var/run/puma.sock +.RE +.PP +To change the permissions of the UNIX socket, add a umask parameter: +.RS +.B puma -b 'unix:///var/run/puma.sock?umask=0111' +.RE +.PP +In need of a bit of security use SSL sockets: +.RS +.B puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert' +.RE +.PP +The following example show how to Create a control server and use +.BR pumactl (1) +to interact with the control server to restart \fBpuma\fR. +.RS +.B puma --control-url tcp://127.0.0.1:9293 --control-token foo +.br +.B pumactl --control-url 'tcp://127.0.0.1:9293' --control-token foo restart +.RE +.PP + +.SH "CONFIGURATION FILE" +.B puma +will look for a configuration file at \fIconfig/puma.rb\fR. If an environment +is specified, either via the \fB\-e\fR and \fB\-\-environment\fR flags, or +through the \fIRACK_ENV\fR or the \fIRAILS_ENV\fR environment variables, it +looks for configuration at \fIconfig/puma/.rb\fR. +.PP +The \fB\-C\fR flag allows one to pass on a custom configuration location. If +the value specified is a dash (\fI\-\fR) \fBpuma\fR won't look for any +configuration file: +.PP +.RS +.B puma -C \(dq\-\(dq +.RE + +.SH "SEE ALSO" +.PP +There is extensive documentation at <\%https://puma.io/puma/\%> and +<\%https://github.com/puma/puma\%>. + +.SH AUTHOR +.PP +This manual page was written by \fBDaniel Leidert\fP +<\%dleidert@debian\.org\%>, for the Debian GNU/Linux system (but may be used by +others). diff --git a/puma.docs b/puma.docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/puma.docs @@ -0,0 +1 @@ +README.md diff --git a/puma.examples b/puma.examples new file mode 100644 index 0000000..e39721e --- /dev/null +++ b/puma.examples @@ -0,0 +1 @@ +examples/* diff --git a/puma.lintian-overrides b/puma.lintian-overrides new file mode 100644 index 0000000..c5391ca --- /dev/null +++ b/puma.lintian-overrides @@ -0,0 +1,2 @@ +# this is one of several sub-directories; no need to rename it +repeated-path-segment puma usr/share/doc/puma/examples/puma/ diff --git a/puma.manpages b/puma.manpages new file mode 100644 index 0000000..c9bff2d --- /dev/null +++ b/puma.manpages @@ -0,0 +1,3 @@ +debian/puma.1 +debian/pumactl.1 + diff --git a/pumactl.1 b/pumactl.1 new file mode 100644 index 0000000..67e70d6 --- /dev/null +++ b/pumactl.1 @@ -0,0 +1,99 @@ +.TH PUMA "1" "January 2020" "PUMA 3.12" "User Commands" + +.SH NAME +pumactl \- command line client for puma + +.SH USAGE +.B pumactl [options...] [commands] +.PP +.B pumactl [\-h | \-\-help | \-V | \-\-version] + +.SH COMMANDS +.TP +.B halt +Halt the server. +.TP +.B restart +Restart the server. +.TP +.B phased-restart +Restart server but phase out old workers while starting new workers one at a +time. +.TP +.B start +Start the server. +.TP +.B stats +Show stats about the server. +.TP +.B status +Show server status. +.TP +.B stop +Stop server. +.TP +.B reload-worker-directory +Reload the worker directory. +.TP +.B gc +Start garbage collector. +.TP +.B gc-stats +Show information about garbage collector. + +.SH OPTIONS +.PP +The following options are available: +.TP +.BI "\-F, \-\-config\-file " PATH +Load given path as a config file. +.TP +.BI "\-T, \-\-control\-token " TOKEN +The \fITOKEN\fR to use as authentication for the control server. +.TP +.BI "\-C, \-\-control\-url " URL +The bind \fIURL\fR to use for the control server and app. Use \fIauto\fR to +use a temp unix server. This requires to use a \fB\-\-control\-token\fR, which +needs to be given with every request to the control server (\fItoken=foo\fR). +.TP +.BI "\-p, \-\-pid " PID +Define the TCP port to bind to. Use \fB\-b\fR for more advanced options. +.TP +.BI "\-P, \-\-pidfile " PATH +Use the given path as PID file. +.TP +.B \-Q, \-\-quiet +Don't display messages. +.TP +.BI "\-S, \-\-state " PATH +Where the state file is. +.TP +.B \-H, \-\-help +Show help. +.TP +.B \-V, \-\-version +Print the version information. + +.SH EXAMPLES +Create a control server and use +.BR pumactl (1) +to interact with the control server to restart \fBpuma\fR. +.RS +.B puma --control-url tcp://127.0.0.1:9293 --control-token foo +.br +.B pumactl --control-url 'tcp://127.0.0.1:9293' --control-token foo restart +.RE +.PP + +.SH "SEE ALSO" +.PP +.BR puma (1) +.PP +There is extensive documentation at <\%https://puma.io/puma/\%> and +<\%https://github.com/puma/puma\%>. + +.SH AUTHOR +.PP +This manual page was written by \fBDaniel Leidert\fP +<\%dleidert@debian\.org\%>, for the Debian GNU/Linux system (but may be used by +others). diff --git a/ruby-tests.rake b/ruby-tests.rake new file mode 100644 index 0000000..412b8da --- /dev/null +++ b/ruby-tests.rake @@ -0,0 +1,30 @@ +require 'gem2deb/rake/testtask' + +Gem2Deb::Rake::TestTask.new do |t| + t.libs = ['test'] + if ENV['AUTOPKGTEST_TEST_PUMA_SERVER_SSL'] + ENV['OPENSSL_CONF'] = '' # https://github.com/puma/puma/issues/2147 + t.test_files = FileList['test/test_*_ssl.rb'] + else + t.test_files = FileList['test/**/*_test.rb'] + FileList['test/**/test_*.rb'] - FileList[ + 'test/test_*ssl.rb', + 'test/test_integration_systemd.rb', + 'test/test_integration_cluster.rb', + 'test/test_integration_pumactl.rb', + 'test/test_worker_gem_independence.rb', + 'test/test_preserve_bundler_env.rb', + 'test/test_request_invalid.rb', + 'test/test_busy_worker.rb', + ] + end + t.verbose = true +end.tap do |t| + exclude = %w[ + test_application_logs_are_flushed_on_write + test_hot_restart_does_not_drop_connections + test_logs_all_localhost_bindings + test_multiple_requests_waiting_on_less_busy_worker + test_term_not_accepts_new_connections + ] + t.options << ' ' << "-e'/" << exclude.join('|') << "/'" +end diff --git a/rules b/rules new file mode 100755 index 0000000..fef8de6 --- /dev/null +++ b/rules @@ -0,0 +1,12 @@ +#!/usr/bin/make -f + +export GEM2DEB_TEST_RUNNER = --check-dependencies +export DH_RUBY = --gem-install +export DH_RUBY_GEM_INSTALL_EXCLUDE = benchmarks/* docs/* win_gem_test/* tools/* bin/puma-wild +export LANG = C.UTF-8 + +%: + dh $@ --buildsystem=ruby --with ruby + +override_dh_installchangelogs: + dh_installchangelogs History.md diff --git a/salsa-ci.yml b/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 0000000..362d49e --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1,2 @@ +# no signed tarballs by upstream +puma source: debian-watch-does-not-check-gpg-signature diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..e4c5aad --- /dev/null +++ b/tests/control @@ -0,0 +1,4 @@ +Test-Command: export AUTOPKGTEST_TEST_PUMA_SERVER_SSL=1 && gem2deb-test-runner --check-dependencies --autopkgtest +Depends: @, @builddeps@ +Restrictions: allow-stderr +Features: test-name=ssl diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..5d1f0b9 --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,7 @@ +--- +Archive: GitHub +Bug-Database: https://github.com/puma/puma/issues +Bug-Submit: https://github.com/puma/puma/issues +Changelog: https://github.com/puma/puma/tags +Repository: https://github.com/puma/puma.git +Repository-Browse: https://github.com/puma/puma diff --git a/watch b/watch new file mode 100644 index 0000000..5ce4047 --- /dev/null +++ b/watch @@ -0,0 +1,5 @@ +version=4 +opts="searchmode=plain, \ + filenamemangle=s/.+\/v@ANY_VERSION@/@PACKAGE@-$1\.tar\.gz/" \ +https://api.github.com/repos/puma/puma/releases \ +https://api.github.com/repos/puma/puma/tarball/v@ANY_VERSION@ -- 2.30.2