1 files changed, 211 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch
new file mode 100644
index 0000000000..14fe56e021
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch
@@ -0,0 +1,211 @@
+From aa161b98cc787f266d8ef358f00fc5b2b3944157 Mon Sep 17 00:00:00 2001
+From: Delta Regeer <bertjw@regeer.org>
+Date: Sun, 3 Mar 2024 16:35:39 -0700
+Subject: [PATCH] Remove code not used by waitress from vendored asyncore
+CVE: CVE-2024-49769
+Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/63678e652d912e67621580123c603e37c319d8c4]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/waitress/wasyncore.py | 45 ------------------
+ tests/test_wasyncore.py   | 96 ++++++++-------------------------------
+ 2 files changed, 18 insertions(+), 123 deletions(-)
+diff --git a/src/waitress/wasyncore.py b/src/waitress/wasyncore.py
+index b5ddce2..117f78a 100644
+--- a/src/waitress/wasyncore.py
+++ b/src/waitress/wasyncore.py
+@@ -379,23 +379,6 @@ class dispatcher:
+         self.addr = addr
+         return self.socket.bind(addr)
+ 
+-    def connect(self, address):
+-        self.connected = False
+-        self.connecting = True
+-        err = self.socket.connect_ex(address)
+-        if (
+-            err in (EINPROGRESS, EALREADY, EWOULDBLOCK)
+-            or err == EINVAL
+-            and os.name == "nt"
+-        ):  # pragma: no cover
+-            self.addr = address
+-            return
+-        if err in (0, EISCONN):
+-            self.addr = address
+-            self.handle_connect_event()
+-        else:
+-            raise OSError(err, errorcode[err])
+-
+     def accept(self):
+         # XXX can return either an address pair or None
+         try:
+@@ -557,34 +540,6 @@ class dispatcher:
+         self.close()
+ 
+ 
+-# ---------------------------------------------------------------------------
+-# adds simple buffered output capability, useful for simple clients.
+-# [for more sophisticated usage use asynchat.async_chat]
+-# ---------------------------------------------------------------------------
+-
+-
+-class dispatcher_with_send(dispatcher):
+-    def __init__(self, sock=None, map=None):
+-        dispatcher.__init__(self, sock, map)
+-        self.out_buffer = b""
+-
+-    def initiate_send(self):
+-        num_sent = 0
+-        num_sent = dispatcher.send(self, self.out_buffer[:65536])
+-        self.out_buffer = self.out_buffer[num_sent:]
+-
+-    handle_write = initiate_send
+-
+-    def writable(self):
+-        return (not self.connected) or len(self.out_buffer)
+-
+-    def send(self, data):
+-        if self.debug:  # pragma: no cover
+-            self.log_info("sending %s" % repr(data))
+-        self.out_buffer = self.out_buffer + data
+-        self.initiate_send()
+-
+-
+ def close_all(map=None, ignore_all=False):
+     if map is None:  # pragma: no cover
+         map = socket_map
+diff --git a/tests/test_wasyncore.py b/tests/test_wasyncore.py
+index 5f38bd9..44b8e19 100644
+--- a/tests/test_wasyncore.py
+++ b/tests/test_wasyncore.py
+@@ -1,6 +1,7 @@
+ import _thread as thread
+ import contextlib
+ import errno
+from errno import EALREADY, EINPROGRESS, EINVAL, EISCONN, EWOULDBLOCK, errorcode
+ import functools
+ import gc
+ from io import BytesIO
+@@ -641,62 +642,6 @@ class DispatcherTests(unittest.TestCase):
+         self.assertTrue(err != "")
+ 
+ 
+-class dispatcherwithsend_noread(asyncore.dispatcher_with_send):  # pragma: no cover
+-    def readable(self):
+-        return False
+-
+-    def handle_connect(self):
+-        pass
+-
+-
+-class DispatcherWithSendTests(unittest.TestCase):
+-    def setUp(self):
+-        pass
+-
+-    def tearDown(self):
+-        asyncore.close_all()
+-
+-    @reap_threads
+-    def test_send(self):
+-        evt = threading.Event()
+-        sock = socket.socket()
+-        sock.settimeout(3)
+-        port = bind_port(sock)
+-
+-        cap = BytesIO()
+-        args = (evt, cap, sock)
+-        t = threading.Thread(target=capture_server, args=args)
+-        t.start()
+-        try:
+-            # wait a little longer for the server to initialize (it sometimes
+-            # refuses connections on slow machines without this wait)
+-            time.sleep(0.2)
+-
+-            data = b"Suppose there isn't a 16-ton weight?"
+-            d = dispatcherwithsend_noread()
+-            d.create_socket()
+-            d.connect((HOST, port))
+-
+-            # give time for socket to connect
+-            time.sleep(0.1)
+-
+-            d.send(data)
+-            d.send(data)
+-            d.send(b"\n")
+-
+-            n = 1000
+-
+-            while d.out_buffer and n > 0:  # pragma: no cover
+-                asyncore.poll()
+-                n -= 1
+-
+-            evt.wait()
+-
+-            self.assertEqual(cap.getvalue(), data * 2)
+-        finally:
+-            join_thread(t, timeout=TIMEOUT)
+-
+-
+ @unittest.skipUnless(
+     hasattr(asyncore, "file_wrapper"), "asyncore.file_wrapper required"
+ )
+@@ -839,6 +784,23 @@ class BaseClient(BaseTestHandler):
+         self.create_socket(family)
+         self.connect(address)
+ 
+    def connect(self, address):
+        self.connected = False
+        self.connecting = True
+        err = self.socket.connect_ex(address)
+        if (
+            err in (EINPROGRESS, EALREADY, EWOULDBLOCK)
+            or err == EINVAL
+            and os.name == "nt"
+        ):  # pragma: no cover
+            self.addr = address
+            return
+        if err in (0, EISCONN):
+            self.addr = address
+            self.handle_connect_event()
+        else:
+            raise OSError(err, errorcode[err])
+
+     def handle_connect(self):
+         pass
+ 
+@@ -1486,13 +1448,6 @@ class Test_dispatcher(unittest.TestCase):
+         inst.set_reuse_addr()
+         self.assertTrue(sock.errored)
+ 
+-    def test_connect_raise_socket_error(self):
+-        sock = dummysocket()
+-        map = {}
+-        sock.connect_ex = lambda *arg: 1
+-        inst = self._makeOne(sock=sock, map=map)
+-        self.assertRaises(socket.error, inst.connect, 0)
+-
+     def test_accept_raise_TypeError(self):
+         sock = dummysocket()
+         map = {}
+@@ -1661,21 +1616,6 @@ class Test_dispatcher(unittest.TestCase):
+         self.assertTrue(sock.closed)
+ 
+ 
+-class Test_dispatcher_with_send(unittest.TestCase):
+-    def _makeOne(self, sock=None, map=None):
+-        from waitress.wasyncore import dispatcher_with_send
+-
+-        return dispatcher_with_send(sock=sock, map=map)
+-
+-    def test_writable(self):
+-        sock = dummysocket()
+-        map = {}
+-        inst = self._makeOne(sock=sock, map=map)
+-        inst.out_buffer = b"123"
+-        inst.connected = True
+-        self.assertTrue(inst.writable())
+-
+-
+ class Test_close_all(unittest.TestCase):
+     def _callFUT(self, map=None, ignore_all=False):
+         from waitress.wasyncore import close_all

diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch new file mode 100644 index 0000000000..14fe56e021 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-5.patch
@@ -0,0 +1,211 @@
	1	From aa161b98cc787f266d8ef358f00fc5b2b3944157 Mon Sep 17 00:00:00 2001
	2	From: Delta Regeer <bertjw@regeer.org>
	3	Date: Sun, 3 Mar 2024 16:35:39 -0700
	4	Subject: [PATCH] Remove code not used by waitress from vendored asyncore
	5
	6	CVE: CVE-2024-49769
	7	Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/63678e652d912e67621580123c603e37c319d8c4]
	8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	9	---
	10	src/waitress/wasyncore.py \| 45 ------------------
	11	tests/test_wasyncore.py \| 96 ++++++++-------------------------------
	12	2 files changed, 18 insertions(+), 123 deletions(-)
	13
	14	diff --git a/src/waitress/wasyncore.py b/src/waitress/wasyncore.py
	15	index b5ddce2..117f78a 100644
	16	--- a/src/waitress/wasyncore.py
	17	+++ b/src/waitress/wasyncore.py
	18	@@ -379,23 +379,6 @@ class dispatcher:
	19	self.addr = addr
	20	return self.socket.bind(addr)
	21
	22	- def connect(self, address):
	23	- self.connected = False
	24	- self.connecting = True
	25	- err = self.socket.connect_ex(address)
	26	- if (
	27	- err in (EINPROGRESS, EALREADY, EWOULDBLOCK)
	28	- or err == EINVAL
	29	- and os.name == "nt"
	30	- ): # pragma: no cover
	31	- self.addr = address
	32	- return
	33	- if err in (0, EISCONN):
	34	- self.addr = address
	35	- self.handle_connect_event()
	36	- else:
	37	- raise OSError(err, errorcode[err])
	38	-
	39	def accept(self):
	40	# XXX can return either an address pair or None
	41	try:
	42	@@ -557,34 +540,6 @@ class dispatcher:
	43	self.close()
	44
	45
	46	-# ---------------------------------------------------------------------------
	47	-# adds simple buffered output capability, useful for simple clients.
	48	-# [for more sophisticated usage use asynchat.async_chat]
	49	-# ---------------------------------------------------------------------------
	50	-
	51	-
	52	-class dispatcher_with_send(dispatcher):
	53	- def __init__(self, sock=None, map=None):
	54	- dispatcher.__init__(self, sock, map)
	55	- self.out_buffer = b""
	56	-
	57	- def initiate_send(self):
	58	- num_sent = 0
	59	- num_sent = dispatcher.send(self, self.out_buffer[:65536])
	60	- self.out_buffer = self.out_buffer[num_sent:]
	61	-
	62	- handle_write = initiate_send
	63	-
	64	- def writable(self):
	65	- return (not self.connected) or len(self.out_buffer)
	66	-
	67	- def send(self, data):
	68	- if self.debug: # pragma: no cover
	69	- self.log_info("sending %s" % repr(data))
	70	- self.out_buffer = self.out_buffer + data
	71	- self.initiate_send()
	72	-
	73	-
	74	def close_all(map=None, ignore_all=False):
	75	if map is None: # pragma: no cover
	76	map = socket_map
	77	diff --git a/tests/test_wasyncore.py b/tests/test_wasyncore.py
	78	index 5f38bd9..44b8e19 100644
	79	--- a/tests/test_wasyncore.py
	80	+++ b/tests/test_wasyncore.py
	81	@@ -1,6 +1,7 @@
	82	import _thread as thread
	83	import contextlib
	84	import errno
	85	+from errno import EALREADY, EINPROGRESS, EINVAL, EISCONN, EWOULDBLOCK, errorcode
	86	import functools
	87	import gc
	88	from io import BytesIO
	89	@@ -641,62 +642,6 @@ class DispatcherTests(unittest.TestCase):
	90	self.assertTrue(err != "")
	91
	92
	93	-class dispatcherwithsend_noread(asyncore.dispatcher_with_send): # pragma: no cover
	94	- def readable(self):
	95	- return False
	96	-
	97	- def handle_connect(self):
	98	- pass
	99	-
	100	-
	101	-class DispatcherWithSendTests(unittest.TestCase):
	102	- def setUp(self):
	103	- pass
	104	-
	105	- def tearDown(self):
	106	- asyncore.close_all()
	107	-
	108	- @reap_threads
	109	- def test_send(self):
	110	- evt = threading.Event()
	111	- sock = socket.socket()
	112	- sock.settimeout(3)
	113	- port = bind_port(sock)
	114	-
	115	- cap = BytesIO()
	116	- args = (evt, cap, sock)
	117	- t = threading.Thread(target=capture_server, args=args)
	118	- t.start()
	119	- try:
	120	- # wait a little longer for the server to initialize (it sometimes
	121	- # refuses connections on slow machines without this wait)
	122	- time.sleep(0.2)
	123	-
	124	- data = b"Suppose there isn't a 16-ton weight?"
	125	- d = dispatcherwithsend_noread()
	126	- d.create_socket()
	127	- d.connect((HOST, port))
	128	-
	129	- # give time for socket to connect
	130	- time.sleep(0.1)
	131	-
	132	- d.send(data)
	133	- d.send(data)
	134	- d.send(b"\n")
	135	-
	136	- n = 1000
	137	-
	138	- while d.out_buffer and n > 0: # pragma: no cover
	139	- asyncore.poll()
	140	- n -= 1
	141	-
	142	- evt.wait()
	143	-
	144	- self.assertEqual(cap.getvalue(), data * 2)
	145	- finally:
	146	- join_thread(t, timeout=TIMEOUT)
	147	-
	148	-
	149	@unittest.skipUnless(
	150	hasattr(asyncore, "file_wrapper"), "asyncore.file_wrapper required"
	151	)
	152	@@ -839,6 +784,23 @@ class BaseClient(BaseTestHandler):
	153	self.create_socket(family)
	154	self.connect(address)
	155
	156	+ def connect(self, address):
	157	+ self.connected = False
	158	+ self.connecting = True
	159	+ err = self.socket.connect_ex(address)
	160	+ if (
	161	+ err in (EINPROGRESS, EALREADY, EWOULDBLOCK)
	162	+ or err == EINVAL
	163	+ and os.name == "nt"
	164	+ ): # pragma: no cover
	165	+ self.addr = address
	166	+ return
	167	+ if err in (0, EISCONN):
	168	+ self.addr = address
	169	+ self.handle_connect_event()
	170	+ else:
	171	+ raise OSError(err, errorcode[err])
	172	+
	173	def handle_connect(self):
	174	pass
	175
	176	@@ -1486,13 +1448,6 @@ class Test_dispatcher(unittest.TestCase):
	177	inst.set_reuse_addr()
	178	self.assertTrue(sock.errored)
	179
	180	- def test_connect_raise_socket_error(self):
	181	- sock = dummysocket()
	182	- map = {}
	183	- sock.connect_ex = lambda *arg: 1
	184	- inst = self._makeOne(sock=sock, map=map)
	185	- self.assertRaises(socket.error, inst.connect, 0)
	186	-
	187	def test_accept_raise_TypeError(self):
	188	sock = dummysocket()
	189	map = {}
	190	@@ -1661,21 +1616,6 @@ class Test_dispatcher(unittest.TestCase):
	191	self.assertTrue(sock.closed)
	192
	193
	194	-class Test_dispatcher_with_send(unittest.TestCase):
	195	- def _makeOne(self, sock=None, map=None):
	196	- from waitress.wasyncore import dispatcher_with_send
	197	-
	198	- return dispatcher_with_send(sock=sock, map=map)
	199	-
	200	- def test_writable(self):
	201	- sock = dummysocket()
	202	- map = {}
	203	- inst = self._makeOne(sock=sock, map=map)
	204	- inst.out_buffer = b"123"
	205	- inst.connected = True
	206	- self.assertTrue(inst.writable())
	207	-
	208	-
	209	class Test_close_all(unittest.TestCase):
	210	def _callFUT(self, map=None, ignore_all=False):
	211	from waitress.wasyncore import close_all