diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-07 10:27:47 +0100 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-08 22:03:03 +0100 |
| commit | 1bd2effd23f752dc53eafb8032c8874fd36f872d (patch) | |
| tree | b20559f32d72eb87cc8f3c1c350e93212d209f7d /meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch | |
| parent | 1ea440cd62d4fc1a0cd4d391bef16cc0ee894458 (diff) | |
| download | meta-openembedded-1bd2effd23f752dc53eafb8032c8874fd36f872d.tar.gz | |
python3-waitress: patch CVE-2024-49769
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49769
Pick the patch that is referenced in the NVD report (which is
a merge commit. The patches here are the individual patches from
that merge).
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch new file mode 100644 index 0000000000..a34ee4fb11 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | From 646d7bfa81185b961b4797965f5c7ff0e380bc5c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Delta Regeer <bertjw@regeer.org> | ||
| 3 | Date: Sun, 3 Mar 2024 16:16:48 -0700 | ||
| 4 | Subject: [PATCH] Assume socket is not connected when passed to | ||
| 5 | wasyncore.dispatcher | ||
| 6 | |||
| 7 | No longer call getpeername() on the remote socket either, as it is not | ||
| 8 | necessary for any of the places where waitress requires that self.addr | ||
| 9 | in a subclass of the dispatcher needs it. | ||
| 10 | |||
| 11 | This removes a race condition when setting up a HTTPChannel where we | ||
| 12 | accepted the socket, and know the remote address, yet call getpeername() | ||
| 13 | again which would have the unintended side effect of potentially setting | ||
| 14 | self.connected to False because the remote has already shut down part of | ||
| 15 | the socket. | ||
| 16 | |||
| 17 | This issue was uncovered in #418, where the server would go into a hard | ||
| 18 | loop because self.connected was used in various parts of the code base. | ||
| 19 | |||
| 20 | CVE: CVE-2024-49769 | ||
| 21 | Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/840aebce1c4c1bfd9036f402c1f5d5a4d2f4a1c2] | ||
| 22 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 23 | --- | ||
| 24 | src/waitress/wasyncore.py | 16 ---------------- | ||
| 25 | 1 file changed, 16 deletions(-) | ||
| 26 | |||
| 27 | diff --git a/src/waitress/wasyncore.py b/src/waitress/wasyncore.py | ||
| 28 | index b3459e0..b5ddce2 100644 | ||
| 29 | --- a/src/waitress/wasyncore.py | ||
| 30 | +++ b/src/waitress/wasyncore.py | ||
| 31 | @@ -298,22 +298,6 @@ class dispatcher: | ||
| 32 | # get a socket from a blocking source. | ||
| 33 | sock.setblocking(0) | ||
| 34 | self.set_socket(sock, map) | ||
| 35 | - self.connected = True | ||
| 36 | - # The constructor no longer requires that the socket | ||
| 37 | - # passed be connected. | ||
| 38 | - try: | ||
| 39 | - self.addr = sock.getpeername() | ||
| 40 | - except OSError as err: | ||
| 41 | - if err.args[0] in (ENOTCONN, EINVAL): | ||
| 42 | - # To handle the case where we got an unconnected | ||
| 43 | - # socket. | ||
| 44 | - self.connected = False | ||
| 45 | - else: | ||
| 46 | - # The socket is broken in some unknown way, alert | ||
| 47 | - # the user and remove it from the map (to prevent | ||
| 48 | - # polling of broken sockets). | ||
| 49 | - self.del_channel(map) | ||
| 50 | - raise | ||
| 51 | else: | ||
| 52 | self.socket = None | ||
| 53 | |||