summary refs log tree commit homepage
AgeCommit message (Collapse)AuthorFilesLines
2010-04-19unicorn 0.97.1 - fix HTTP parser for Rainbows!/Zbatery v0.97.1Eric Wong2-2/+2
This release fixes a denial-of-service vector for derived servers exposed directly to untrusted clients. This bug does not affect most Unicorn deployments as Unicorn is only supported with trusted clients (such as nginx) on a LAN. nginx is known to reject clients that send invalid Content-Length headers, so any deployments on a trusted LAN and/or behind nginx are safe. Servers affected by this bug include (but are not limited to) Rainbows! and Zbatery. This bug does not affect Thin nor Mongrel, as neither got the request body filtering treatment that the Unicorn HTTP parser got in August 2009. The bug fixed in this release could result in a denial-of-service as it would trigger a process-wide assertion instead of raising an exception. For servers such as Rainbows!/Zbatery that serve multiple clients per worker process, this could abort all clients connected to the particular worker process that hit the assertion.
2010-04-19http: negative/invalid Content-Length raises exceptionEric Wong2-2/+26
...instead of tripping an assertion. This fixes a potential denial-of-service for servers exposed directly to untrusted clients. This bug does not affect supported Unicorn deployments as Unicorn is only supported with trusted clients (such as nginx) on a LAN. nginx is known to reject clients that send invalid Content-Length headers, so any deployments on a trusted LAN and/or behind nginx are safe. Servers affected by this bug include (but are not limited to) Rainbows! and Zbatery. This does not affect Thin nor Mongrel which never got request body filtering treatment that the Unicorn HTTP parser got in August 2009.
2010-03-01unicorn 0.97.0 - polishing and cleaning up v0.97.0Eric Wong3-3/+3
A bunch of small fixes related to startup/configuration and hot reload issues with HUP: * Variables in the user-generated config.ru files no longer risk clobbering variables used in laucher scripts. * signal handlers are initialized before the pid file is dropped, so over-eager firing of init scripts won't mysteriously nuke a process. * SIGHUP will return app to original state if an updated config.ru fails to load due to {Syntax,Load}Error. * unicorn_rails should be Rails 3 compatible out-of-the-box ('unicorn' works as always, and is recommended for Rails 3) * unicorn_rails is finally "working_directory"-aware when generating default temporary paths and pid file * config.ru encoding is the application's default in 1.9, not forced to binary like many parts of Unicorn. * configurator learned to handle the "user" directive outside of after_fork hook (which will always remain supported). There are also various internal cleanups and possible speedups.
2010-03-01load the Etc module up frontEric Wong1-1/+1
It's part of the standard Ruby library and will always be loaded by various modules (Rack::Utils, Tmpdir) so there's no point in deferring it.
2010-03-01configurator "user" directive outside of after_forkEric Wong2-4/+16
Allowing the "user" directive outside of after_fork reduces the cognitive overhead for folks that do not need the complexity of *_fork hooks. Using Worker#user remains supported as it offers fine-grained control of user switching.
2010-02-28bin/*: remove redundant $DEBUG checkEric Wong2-4/+2
2010-02-28respect user's encoding in config.ru in 1.9Eric Wong2-10/+5
Do not assume the user wants config.ru to be Encoding::BINARY for 1.9.
2010-02-28unicorn_rails: small scoping cleanupEric Wong1-1/+1
2010-02-28put switch parsing for config.ru into Unicorn.builderEric Wong2-9/+9
This lets us reuse code for Zbatery and Rainbows!, too.
2010-02-27tee_input: do not #dup string buffersEric Wong1-2/+2
It's a waste of memory bandwidth to do memcpy() when we know Unicorn::HttpParser (via rb_str_resize()) will allocate new memory for the string for us. An empty String is "free", as we've already paid the Object cost regardless.
2010-02-26tee_input: avoid instance variables, it's a structEric Wong2-54/+54
We'll use struct members exclusively from now on instead of throwing ivars into the mix. This allows us to _unofficially_ support direct access to more members easily. Unofficial extensions may include the ability to splice(2)/tee(2) for better performance. This also makes our object size smaller across all Ruby implementations as well, too (helps Rainbows! out).
2010-02-25unicorn_rails: make this "working_directory"-awareEric Wong3-8/+14
The temporary paths we create to mimic script/server-emulation did not work when working_directory was used. Now we defer path creation until after working_directory is bound.
2010-02-25doc: clarify the intent of `unicorn_rails`Eric Wong1-1/+6
2010-02-24unicorn_rails: avoid namespace conflicts in config.ruEric Wong1-55/+59
We'll use our Rails-only version of Unicorn.builder so the lambda is safe without another binding.
2010-02-24unicorn_rails: make this Rails 3-compatibleEric Wong1-5/+3
The stock config/boot.rb file in a Rails 3 app is much lighter and does not export any Rails/RAILS_* constants, so we'll wait until we get config/environment.rb loaded.
2010-02-22util: simplify chown_logsEric Wong1-2/+1
no point in using "next" here
2010-02-22avoid needlessly preallocating read bufferEric Wong1-1/+1
Copy-on-write will always invalidate it regardless, and the first request is likely to be slow for any app.
2010-02-19update TODOEric Wong1-4/+1
* Bourne shell - TAP test suite stolen from Rainbows! * tests currently pass under FreeBSD 7.2
2010-02-18.gitignore: add "*.o" object filesEric Wong1-0/+1
This was always in my .git/info/exclude so I never noticed until now.
2010-02-18http: document CFLAGS used for developmentEric Wong1-0/+13
this file may be sourced and used later, too
2010-02-18http: const correctness fixesEric Wong3-7/+18
Not fun, but maybe this can help us spot _real_ problems more easily in the future.
2010-02-18http: cleanup globals and ABI namespaceEric Wong2-4/+5
* init_globals() is a static function, avoid conflicting with any potential libraries out there... * mUnicorn and cHttpParser do not need to be static globals they're not used outside of Init_unicorn_http().
2010-02-18http: avoid signedness warningsEric Wong3-12/+11
We never come close to the signed limits anywhere, so it should be safe either way, but make paranoid compiler settings less noisy if possible.
2010-02-18Unicorn::builder to wrap our Rack::Builder usageEric Wong3-35/+92
This should make it easier to reuse code in derivative servers like Rainbows! and Zbatery. Unfortunately, we can't depend on Rack::Builder/Rack::Server yet since Rack 1.1 just got them and notable frameworks (like Rails 2.3.x) do not fully work with Rack 1.1 yet). This also fixes subtle issue with config.ru files that could have variables that conflict with the Unicorn-specific namespace (this bug still affects "unicorn_rails", which could use some reworking as well).
2010-02-18graceful handling of bad config.ru + HUP w/ preload_appEric Wong2-1/+55
If preload_app is true and Unicorn is HUP-ed with a bad config.ru, then it would be possible to have Unicorn in a bad state and constantly throw 500 errors. We now detect syntax and load errors since they're likely to appear in modified Rackup files, and will restore the original app if reloading failed.
2010-02-17test-lib: don't croak if "error" is in the test nameEric Wong1-1/+1
2010-02-17tests: import basic TAP library from Rainbows!Eric Wong12-0/+577
2010-02-17GNUmakefile: remove old, lower-case variablesEric Wong1-7/+3
We started using upper-case variables a while back, so just remove the backwards-compatibility clutter.
2010-02-13http: fix memory leak exposed in concurrent serversEric Wong2-2/+18
First off, this memory leak DOES NOT affect Unicorn itself. Unicorn allocates the HttpParser once and always reuses it in every sequential request. This leak affects applications which repeatedly allocate a new HTTP parser. Thus this bug affects _all_ deployments of Rainbows! and Zbatery. These servers allocate a new parser for every client connection. I misread the Data_Make_Struct/Data_Wrap_Struct documentation and ended up passing NULL as the "free" argument instead of -1, causing the memory to never be freed. From README.EXT in the MRI source which I misread: > The free argument is the function to free the pointer > allocation. If this is -1, the pointer will be just freed. > The functions mark and free will be called from garbage > collector.
2010-02-09reorder commonly accessed HttpServer struct membersEric Wong1-2/+2
Earlier elements of a Struct (in both Ruby and C) are faster to access, so put more-often accessed elements like :app first. This does not noticeably affect most applications, but may matter to some micro benchmarks somewhere...
2010-02-08test_http_parser_ng: remove redundant "coding: binary"Eric Wong1-1/+0
we've already got "-*- encoding: binary -*-" in everything
2010-02-08examples/init.sh: add "reopen-logs" targetEric Wong1-1/+4
2010-02-08examples/init.sh: reenable set -uEric Wong1-1/+3
This may be used as a basis of other scripts so we need to stash $1 before we "set -u"
2010-02-08Rakefile: autoload rubygemsEric Wong1-4/+1
2010-01-25KNOWN_ISSUES: background threads + Logger monkey patchEric Wong2-0/+33
Thanks to Michael Guterl for informing us of the issues and testing the monkey patch.
2010-01-19initialize signal handlers before writing pid fileEric Wong5-6/+23
This prevents trigger-happy init scripts from reading the pid file (and thus sending signals) to a not-fully initialized master process to handle them. This does NOT fix anything if other processes are sending signals prematurely without relying on the presence of the pid file. It's not possible to prevent all cases of this in one process, even in a purely C application, so we won't bother trying. We continue to always defer signal handling to the main loop anyways, and signals sent to the master process will be deferred/ignored until Unicorn::HttpServer#join is run.
2010-01-19remove unused MAX_HEADER constantEric Wong1-6/+3
This constant hasn't been in active use in our Ruby code for ages now. All HTTP header constraints are defined in the C/Ragel HTTP parser and we have tests for them, so there's no need to repeat ourselves.
2010-01-19bump version to 0.97.0preEric Wong1-1/+1
There may be some large-ish internal changes for 0.97.0
2010-01-19TODO: test suite passes under FreeBSDEric Wong1-1/+1
2010-01-19FAQ entry for Rails 2.3.x + Rack 1.1.x incompatibilityEric Wong1-0/+7
2010-01-07unicorn 0.96.0 - Rack 1.1 bump v0.96.0Eric Wong3-3/+3
This release includes small changes for things allowed by Rack 1.1. It is also now easier to detect if daemonized process fails to start. Manpages received some minor updates as well. Rack 1.1 allowed us to make the following environment changes: * "rack.logger" is now set to the "logger" specified in the Unicorn config file. This defaults to a Logger instance pointing to $stderr. * "rack.version" is now at [1,1]. Unicorn remains compatible with previous Rack versions if your app depends on it. While only specified since Rack 1.1, Unicorn has always exposed "rack.input" in binary mode (and has ridiculous integration tests that go outside of Ruby to prove it!).
2010-01-07Merge branch 'rack-1.1'Eric Wong5-3/+18
* rack-1.1: http_response: disallow blank, multi-value headers local.mk.sample: use rack-1.1.0 bump "rack.version" env to [1,1] set env["rack.logger"] for applications
2010-01-05http_response: disallow blank, multi-value headersEric Wong1-1/+2
The HeaderHash optimizations in Rack 1.1 interact badly with Rails 2.3.5 (and possibly other frameworks/apps) which set multi-value "Set-Cookie" headers without relying on the proper methods provided by Rack::Utils. While this is an issue with Rails not using properly, there may be similar apps that make this mistake and Rack::Lint does not guard against it. Rack-ML-Ref: <20100105235845.GB3377@dcvr.yhbt.net>
2010-01-05local.mk.sample: use rack-1.1.0Eric Wong1-1/+1
2010-01-05bump Rails test to 2.3.5Eric Wong16-0/+0
Rails 2.3.3.1 is ancient
2010-01-05Merge branch 'ready_pipe'Eric Wong5-11/+47
* ready_pipe: launcher: no point in sync-ing $stdin launcher: fix compatibility with other servers clarify errors when listeners fail to bind launcher: descriptive error message on startup failure Avoid leaking ready pipe file descriptor to workers exit with failure if master dies when daemonized
2010-01-05NEWS: generation depends on .manifestEric Wong1-1/+1
2009-12-29launcher: no point in sync-ing $stdinEric Wong1-2/+1
Inspection of the MRI source reveals that IO#sync=true only appears to only apply for writes. Though it could eventually make sense to disable read buffering by setting IO#sync=true, it does not appear to happen. Of course we never read from $stdin anyways....
2009-12-29launcher: fix compatibility with other serversEric Wong1-29/+32
Rainbows! does not yet know about ready_pipe, and will probably not know about it until Unicorn 0.97.0
2009-12-28clarify errors when listeners fail to bindIƱaki Baz Castillo1-0/+3
When using multiple listeners, the log messages can be potentially misleading as to which listener fails to bind: Before: INFO -- : unlinking existing socket=/tmp/unicorn.sock INFO -- : listening on addr=/tmp/unicorn.sock fd=3 unicorn/socket_helper.rb:110:in `initialize': Permission denied - bind(2) (Errno::EACCES) After: INFO -- : unlinking existing socket=/tmp/openxdms.sock INFO -- : listening on addr=/tmp/openxdms.sock fd=3 FATAL -- : error adding listener addr=0.0.0.0:84 unicorn/socket_helper.rb:110:in `initialize': Permission denied - bind(2) (Errno::EACCES)