1 files changed, 34 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch
new file mode 100644
index 0000000000..6ea5bdb065
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch
@@ -0,0 +1,34 @@
+From ee501847c38e21be0683ba81925472f219044a65 Mon Sep 17 00:00:00 2001
+From: Delta Regeer <bertjw@regeer.org>
+Date: Sun, 3 Mar 2024 16:26:22 -0700
+Subject: [PATCH] Don't exit handle_write early -- even if socket is not
+ connected
+Calling handle_close() multiple times does not hurt anything, and is
+safe.
+CVE: CVE-2024-49769
+Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/8cba302b1ac08c2874ae179b2af2445e89311bac]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/waitress/channel.py | 6 ------
+ 1 file changed, 6 deletions(-)
+diff --git a/src/waitress/channel.py b/src/waitress/channel.py
+index cf19ef2..f4d9677 100644
+--- a/src/waitress/channel.py
+++ b/src/waitress/channel.py
+@@ -91,13 +91,7 @@ class HTTPChannel(wasyncore.dispatcher):
+         # Precondition: there's data in the out buffer to be sent, or
+         # there's a pending will_close request
+ 
+-        if not self.connected:
+-            # we dont want to close the channel twice
+-
+-            return
+-
+         # try to flush any pending output
+-
+         if not self.requests:
+             # 1. There are no running tasks, so we don't need to try to lock
+             #    the outbuf before sending

diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch new file mode 100644 index 0000000000..6ea5bdb065 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-4.patch
@@ -0,0 +1,34 @@
	1	From ee501847c38e21be0683ba81925472f219044a65 Mon Sep 17 00:00:00 2001
	2	From: Delta Regeer <bertjw@regeer.org>
	3	Date: Sun, 3 Mar 2024 16:26:22 -0700
	4	Subject: [PATCH] Don't exit handle_write early -- even if socket is not
	5	connected
	6
	7	Calling handle_close() multiple times does not hurt anything, and is
	8	safe.
	9
	10	CVE: CVE-2024-49769
	11	Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/8cba302b1ac08c2874ae179b2af2445e89311bac]
	12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	13	---
	14	src/waitress/channel.py \| 6 ------
	15	1 file changed, 6 deletions(-)
	16
	17	diff --git a/src/waitress/channel.py b/src/waitress/channel.py
	18	index cf19ef2..f4d9677 100644
	19	--- a/src/waitress/channel.py
	20	+++ b/src/waitress/channel.py
	21	@@ -91,13 +91,7 @@ class HTTPChannel(wasyncore.dispatcher):
	22	# Precondition: there's data in the out buffer to be sent, or
	23	# there's a pending will_close request
	24
	25	- if not self.connected:
	26	- # we dont want to close the channel twice
	27	-
	28	- return
	29	-
	30	# try to flush any pending output
	31	-
	32	if not self.requests:
	33	# 1. There are no running tasks, so we don't need to try to lock
	34	# the outbuf before sending