From 1ea440cd62d4fc1a0cd4d391bef16cc0ee894458 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 7 Jan 2026 10:27:46 +0100 Subject: python3-waitress: patch CVE-2024-49768 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49768 Pick the patch mentioned in the NVD report (which is a merge commit, and the patches here are the individual commits from that merge) Signed-off-by: Gyorgy Sarvari --- .../python/python3-waitress/CVE-2024-49768-4.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch (limited to 'meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch') diff --git a/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch new file mode 100644 index 0000000000..11c9dd4ccd --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch @@ -0,0 +1,34 @@ +From c516dad4f749d1b1b1c675680a76c1f6d2523857 Mon Sep 17 00:00:00 2001 +From: Delta Regeer +Date: Sat, 26 Oct 2024 22:22:32 -0600 +Subject: [PATCH] Add documentation for channel_request_lookahead + +CVE: CVE-2024-49768 +Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/810a435f9e9e293bd3446a5ce2df86f59c4e7b1b] +Signed-off-by: Gyorgy Sarvari +--- + docs/arguments.rst | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/docs/arguments.rst b/docs/arguments.rst +index f9b9310..ba1797a 100644 +--- a/docs/arguments.rst ++++ b/docs/arguments.rst +@@ -301,3 +301,17 @@ url_prefix + be stripped of the prefix. + + Default: ``''`` ++ ++channel_request_lookahead ++ Sets the amount of requests we can continue to read from the socket, while ++ we are processing current requests. The default value won't allow any ++ lookahead, increase it above ``0`` to enable. ++ ++ When enabled this inserts a callable ``waitress.client_disconnected`` into ++ the environment that allows the task to check if the client disconnected ++ while waiting for the response at strategic points in the execution and to ++ cancel the operation. ++ ++ Default: ``0`` ++ ++ .. versionadded:: 2.0.0 -- cgit v1.2.3-54-g00ecf