1 files changed, 53 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch
new file mode 100644
index 0000000000..a34ee4fb11
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch
@@ -0,0 +1,53 @@
+From 646d7bfa81185b961b4797965f5c7ff0e380bc5c Mon Sep 17 00:00:00 2001
+From: Delta Regeer <bertjw@regeer.org>
+Date: Sun, 3 Mar 2024 16:16:48 -0700
+Subject: [PATCH] Assume socket is not connected when passed to
+ wasyncore.dispatcher
+No longer call getpeername() on the remote socket either, as it is not
+necessary for any of the places where waitress requires that self.addr
+in a subclass of the dispatcher needs it.
+This removes a race condition when setting up a HTTPChannel where we
+accepted the socket, and know the remote address, yet call getpeername()
+again which would have the unintended side effect of potentially setting
+self.connected to False because the remote has already shut down part of
+the socket.
+This issue was uncovered in #418, where the server would go into a hard
+loop because self.connected was used in various parts of the code base.
+CVE: CVE-2024-49769
+Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/840aebce1c4c1bfd9036f402c1f5d5a4d2f4a1c2]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/waitress/wasyncore.py | 16 ----------------
+ 1 file changed, 16 deletions(-)
+diff --git a/src/waitress/wasyncore.py b/src/waitress/wasyncore.py
+index b3459e0..b5ddce2 100644
+--- a/src/waitress/wasyncore.py
+++ b/src/waitress/wasyncore.py
+@@ -298,22 +298,6 @@ class dispatcher:
+             # get a socket from a blocking source.
+             sock.setblocking(0)
+             self.set_socket(sock, map)
+-            self.connected = True
+-            # The constructor no longer requires that the socket
+-            # passed be connected.
+-            try:
+-                self.addr = sock.getpeername()
+-            except OSError as err:
+-                if err.args[0] in (ENOTCONN, EINVAL):
+-                    # To handle the case where we got an unconnected
+-                    # socket.
+-                    self.connected = False
+-                else:
+-                    # The socket is broken in some unknown way, alert
+-                    # the user and remove it from the map (to prevent
+-                    # polling of broken sockets).
+-                    self.del_channel(map)
+-                    raise
+         else:
+             self.socket = None
+

diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch new file mode 100644 index 0000000000..a34ee4fb11 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-2.patch
@@ -0,0 +1,53 @@
	1	From 646d7bfa81185b961b4797965f5c7ff0e380bc5c Mon Sep 17 00:00:00 2001
	2	From: Delta Regeer <bertjw@regeer.org>
	3	Date: Sun, 3 Mar 2024 16:16:48 -0700
	4	Subject: [PATCH] Assume socket is not connected when passed to
	5	wasyncore.dispatcher
	6
	7	No longer call getpeername() on the remote socket either, as it is not
	8	necessary for any of the places where waitress requires that self.addr
	9	in a subclass of the dispatcher needs it.
	10
	11	This removes a race condition when setting up a HTTPChannel where we
	12	accepted the socket, and know the remote address, yet call getpeername()
	13	again which would have the unintended side effect of potentially setting
	14	self.connected to False because the remote has already shut down part of
	15	the socket.
	16
	17	This issue was uncovered in #418, where the server would go into a hard
	18	loop because self.connected was used in various parts of the code base.
	19
	20	CVE: CVE-2024-49769
	21	Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/840aebce1c4c1bfd9036f402c1f5d5a4d2f4a1c2]
	22	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	23	---
	24	src/waitress/wasyncore.py \| 16 ----------------
	25	1 file changed, 16 deletions(-)
	26
	27	diff --git a/src/waitress/wasyncore.py b/src/waitress/wasyncore.py
	28	index b3459e0..b5ddce2 100644
	29	--- a/src/waitress/wasyncore.py
	30	+++ b/src/waitress/wasyncore.py
	31	@@ -298,22 +298,6 @@ class dispatcher:
	32	# get a socket from a blocking source.
	33	sock.setblocking(0)
	34	self.set_socket(sock, map)
	35	- self.connected = True
	36	- # The constructor no longer requires that the socket
	37	- # passed be connected.
	38	- try:
	39	- self.addr = sock.getpeername()
	40	- except OSError as err:
	41	- if err.args[0] in (ENOTCONN, EINVAL):
	42	- # To handle the case where we got an unconnected
	43	- # socket.
	44	- self.connected = False
	45	- else:
	46	- # The socket is broken in some unknown way, alert
	47	- # the user and remove it from the map (to prevent
	48	- # polling of broken sockets).
	49	- self.del_channel(map)
	50	- raise
	51	else:
	52	self.socket = None
	53