python3-waitress: patch CVE-2024-49768

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49768 Pick the patch mentioned in the NVD report (which is a merge commit, and the patches here are the individual commits from that merge) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-07 10:27:46 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-08 22:03:03 +0100
commit: 1ea440cd62d4fc1a0cd4d391bef16cc0ee894458 (patch)
tree: 62350624e99870669a7d036776fa6a4f66525c06 /meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch
parent: e330e3508db2dabb575d25a85967d7bf72af8a06 (diff)
download: meta-openembedded-1ea440cd62d4fc1a0cd4d391bef16cc0ee894458.tar.gz
1 files changed, 162 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch
new file mode 100644
index 0000000000..5d80a267fd
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch
@@ -0,0 +1,162 @@
+From f2ffe56f990a74450143901ac1cfd7138f75ec78 Mon Sep 17 00:00:00 2001
+From: Delta Regeer <bertjw@regeer.org>
+Date: Sat, 26 Oct 2024 22:10:36 -0600
+Subject: [PATCH] Make DummySock() look more like an actual socket
+This forces DummySock() to look like a properly connected socket where
+there is a buffer that is read from by the remote, and a buffer that is
+written to by the remote.
+The local side does the opposite, this way data written by the local
+side can be read by the remote without operating on the same buffer.
+CVE: CVE-2024-49768
+Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/6943dcf556610ece2ff3cddb39e59a05ef110661]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ tests/test_channel.py | 57 +++++++++++++++++++++++++++++++++----------
+ 1 file changed, 44 insertions(+), 13 deletions(-)
+diff --git a/tests/test_channel.py b/tests/test_channel.py
+index 8467ae7..7d677e9 100644
+--- a/tests/test_channel.py
+++ b/tests/test_channel.py
+@@ -18,7 +18,7 @@ class TestHTTPChannel(unittest.TestCase):
+         map = {}
+         inst = self._makeOne(sock, "127.0.0.1", adj, map=map)
+         inst.outbuf_lock = DummyLock()
+-        return inst, sock, map
+        return inst, sock.local(), map
+ 
+     def test_ctor(self):
+         inst, _, map = self._makeOneWithMap()
+@@ -218,7 +218,7 @@ class TestHTTPChannel(unittest.TestCase):
+         def send(_):
+             return 0
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         wrote = inst.write_soon(b"a")
+         self.assertEqual(wrote, 1)
+@@ -236,7 +236,7 @@ class TestHTTPChannel(unittest.TestCase):
+         def send(_):
+             return 0
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         outbufs = inst.outbufs
+         wrote = inst.write_soon(wrapper)
+@@ -270,7 +270,7 @@ class TestHTTPChannel(unittest.TestCase):
+         def send(_):
+             return 0
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         inst.adj.outbuf_high_watermark = 3
+         inst.current_outbuf_count = 4
+@@ -286,7 +286,7 @@ class TestHTTPChannel(unittest.TestCase):
+         def send(_):
+             return 0
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         inst.adj.outbuf_high_watermark = 3
+         inst.total_outbufs_len = 4
+@@ -315,7 +315,7 @@ class TestHTTPChannel(unittest.TestCase):
+             inst.connected = False
+             raise Exception()
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         inst.adj.outbuf_high_watermark = 3
+         inst.total_outbufs_len = 4
+@@ -345,7 +345,7 @@ class TestHTTPChannel(unittest.TestCase):
+             inst.connected = False
+             raise Exception()
+ 
+-        sock.send = send
+        sock.remote.send = send
+ 
+         wrote = inst.write_soon(b"xyz")
+         self.assertEqual(wrote, 3)
+@@ -376,7 +376,7 @@ class TestHTTPChannel(unittest.TestCase):
+         inst.total_outbufs_len = len(inst.outbufs[0])
+         inst.adj.send_bytes = 1
+         inst.adj.outbuf_high_watermark = 2
+-        sock.send = lambda x, do_close=True: False
+        sock.remote.send = lambda x, do_close=True: False
+         inst.will_close = False
+         inst.last_activity = 0
+         result = inst.handle_write()
+@@ -400,7 +400,7 @@ class TestHTTPChannel(unittest.TestCase):
+ 
+     def test__flush_some_full_outbuf_socket_returns_zero(self):
+         inst, sock, map = self._makeOneWithMap()
+-        sock.send = lambda x: False
+        sock.remote.send = lambda x: False
+         inst.outbufs[0].append(b"abc")
+         inst.total_outbufs_len = sum(len(x) for x in inst.outbufs)
+         result = inst._flush_some()
+@@ -907,7 +907,8 @@ class DummySock:
+     closed = False
+ 
+     def __init__(self):
+-        self.sent = b""
+        self.local_sent = b""
+        self.remote_sent = b""
+ 
+     def setblocking(self, *arg):
+         self.blocking = True
+@@ -925,14 +926,44 @@ class DummySock:
+         self.closed = True
+ 
+     def send(self, data):
+-        self.sent += data
+        self.remote_sent += data
+         return len(data)
+ 
+     def recv(self, buffer_size):
+-        result = self.sent[:buffer_size]
+-        self.sent = self.sent[buffer_size:]
+        result = self.local_sent[:buffer_size]
+        self.local_sent = self.local_sent[buffer_size:]
+         return result
+ 
+    def local(self):
+        outer = self
+
+        class LocalDummySock:
+            def send(self, data):
+                outer.local_sent += data
+                return len(data)
+
+            def recv(self, buffer_size):
+                result = outer.remote_sent[:buffer_size]
+                outer.remote_sent = outer.remote_sent[buffer_size:]
+                return result
+
+            def close(self):
+                outer.closed = True
+
+            @property
+            def sent(self):
+                return outer.remote_sent
+
+            @property
+            def closed(self):
+                return outer.closed
+
+            @property
+            def remote(self):
+                return outer
+
+        return LocalDummySock()
+
+ 
+ class DummyLock:
+     notified = False
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-07 10:27:46 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-08 22:03:03 +0100
commit	1ea440cd62d4fc1a0cd4d391bef16cc0ee894458 (patch)
tree	62350624e99870669a7d036776fa6a4f66525c06 /meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch
parent	e330e3508db2dabb575d25a85967d7bf72af8a06 (diff)
download	meta-openembedded-1ea440cd62d4fc1a0cd4d391bef16cc0ee894458.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch new file mode 100644 index 0000000000..5d80a267fd --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-1.patch
@@ -0,0 +1,162 @@
	1	From f2ffe56f990a74450143901ac1cfd7138f75ec78 Mon Sep 17 00:00:00 2001
	2	From: Delta Regeer <bertjw@regeer.org>
	3	Date: Sat, 26 Oct 2024 22:10:36 -0600
	4	Subject: [PATCH] Make DummySock() look more like an actual socket
	5
	6	This forces DummySock() to look like a properly connected socket where
	7	there is a buffer that is read from by the remote, and a buffer that is
	8	written to by the remote.
	9
	10	The local side does the opposite, this way data written by the local
	11	side can be read by the remote without operating on the same buffer.
	12
	13	CVE: CVE-2024-49768
	14	Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/6943dcf556610ece2ff3cddb39e59a05ef110661]
	15	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	16	---
	17	tests/test_channel.py \| 57 +++++++++++++++++++++++++++++++++----------
	18	1 file changed, 44 insertions(+), 13 deletions(-)
	19
	20	diff --git a/tests/test_channel.py b/tests/test_channel.py
	21	index 8467ae7..7d677e9 100644
	22	--- a/tests/test_channel.py
	23	+++ b/tests/test_channel.py
	24	@@ -18,7 +18,7 @@ class TestHTTPChannel(unittest.TestCase):
	25	map = {}
	26	inst = self._makeOne(sock, "127.0.0.1", adj, map=map)
	27	inst.outbuf_lock = DummyLock()
	28	- return inst, sock, map
	29	+ return inst, sock.local(), map
	30
	31	def test_ctor(self):
	32	inst, _, map = self._makeOneWithMap()
	33	@@ -218,7 +218,7 @@ class TestHTTPChannel(unittest.TestCase):
	34	def send(_):
	35	return 0
	36
	37	- sock.send = send
	38	+ sock.remote.send = send
	39
	40	wrote = inst.write_soon(b"a")
	41	self.assertEqual(wrote, 1)
	42	@@ -236,7 +236,7 @@ class TestHTTPChannel(unittest.TestCase):
	43	def send(_):
	44	return 0
	45
	46	- sock.send = send
	47	+ sock.remote.send = send
	48
	49	outbufs = inst.outbufs
	50	wrote = inst.write_soon(wrapper)
	51	@@ -270,7 +270,7 @@ class TestHTTPChannel(unittest.TestCase):
	52	def send(_):
	53	return 0
	54
	55	- sock.send = send
	56	+ sock.remote.send = send
	57
	58	inst.adj.outbuf_high_watermark = 3
	59	inst.current_outbuf_count = 4
	60	@@ -286,7 +286,7 @@ class TestHTTPChannel(unittest.TestCase):
	61	def send(_):
	62	return 0
	63
	64	- sock.send = send
	65	+ sock.remote.send = send
	66
	67	inst.adj.outbuf_high_watermark = 3
	68	inst.total_outbufs_len = 4
	69	@@ -315,7 +315,7 @@ class TestHTTPChannel(unittest.TestCase):
	70	inst.connected = False
	71	raise Exception()
	72
	73	- sock.send = send
	74	+ sock.remote.send = send
	75
	76	inst.adj.outbuf_high_watermark = 3
	77	inst.total_outbufs_len = 4
	78	@@ -345,7 +345,7 @@ class TestHTTPChannel(unittest.TestCase):
	79	inst.connected = False
	80	raise Exception()
	81
	82	- sock.send = send
	83	+ sock.remote.send = send
	84
	85	wrote = inst.write_soon(b"xyz")
	86	self.assertEqual(wrote, 3)
	87	@@ -376,7 +376,7 @@ class TestHTTPChannel(unittest.TestCase):
	88	inst.total_outbufs_len = len(inst.outbufs[0])
	89	inst.adj.send_bytes = 1
	90	inst.adj.outbuf_high_watermark = 2
	91	- sock.send = lambda x, do_close=True: False
	92	+ sock.remote.send = lambda x, do_close=True: False
	93	inst.will_close = False
	94	inst.last_activity = 0
	95	result = inst.handle_write()
	96	@@ -400,7 +400,7 @@ class TestHTTPChannel(unittest.TestCase):
	97
	98	def test__flush_some_full_outbuf_socket_returns_zero(self):
	99	inst, sock, map = self._makeOneWithMap()
	100	- sock.send = lambda x: False
	101	+ sock.remote.send = lambda x: False
	102	inst.outbufs[0].append(b"abc")
	103	inst.total_outbufs_len = sum(len(x) for x in inst.outbufs)
	104	result = inst._flush_some()
	105	@@ -907,7 +907,8 @@ class DummySock:
	106	closed = False
	107
	108	def __init__(self):
	109	- self.sent = b""
	110	+ self.local_sent = b""
	111	+ self.remote_sent = b""
	112
	113	def setblocking(self, *arg):
	114	self.blocking = True
	115	@@ -925,14 +926,44 @@ class DummySock:
	116	self.closed = True
	117
	118	def send(self, data):
	119	- self.sent += data
	120	+ self.remote_sent += data
	121	return len(data)
	122
	123	def recv(self, buffer_size):
	124	- result = self.sent[:buffer_size]
	125	- self.sent = self.sent[buffer_size:]
	126	+ result = self.local_sent[:buffer_size]
	127	+ self.local_sent = self.local_sent[buffer_size:]
	128	return result
	129
	130	+ def local(self):
	131	+ outer = self
	132	+
	133	+ class LocalDummySock:
	134	+ def send(self, data):
	135	+ outer.local_sent += data
	136	+ return len(data)
	137	+
	138	+ def recv(self, buffer_size):
	139	+ result = outer.remote_sent[:buffer_size]
	140	+ outer.remote_sent = outer.remote_sent[buffer_size:]
	141	+ return result
	142	+
	143	+ def close(self):
	144	+ outer.closed = True
	145	+
	146	+ @property
	147	+ def sent(self):
	148	+ return outer.remote_sent
	149	+
	150	+ @property
	151	+ def closed(self):
	152	+ return outer.closed
	153	+
	154	+ @property
	155	+ def remote(self):
	156	+ return outer
	157	+
	158	+ return LocalDummySock()
	159	+
	160
	161	class DummyLock:
	162	notified = False