meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49769-1.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

From fdabcb31093507f50fcaeb46012ec8df8bf76359 Mon Sep 17 00:00:00 2001
From: Delta Regeer <bertjw@regeer.org>
Date: Sun, 3 Mar 2024 16:15:51 -0700
Subject: [PATCH] HTTPChannel is always created from accept, explicitly set
 self.connected to True

CVE: CVE-2024-49769
Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/03cc640fe7106902899f82115c26e37002bca7f1]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 src/waitress/channel.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/waitress/channel.py b/src/waitress/channel.py
index 756adce..cf19ef2 100644
--- a/src/waitress/channel.py
+++ b/src/waitress/channel.py
@@ -67,8 +67,7 @@ class HTTPChannel(wasyncore.dispatcher):
         self.outbuf_lock = threading.Condition()
 
         wasyncore.dispatcher.__init__(self, sock, map=map)
-
-        # Don't let wasyncore.dispatcher throttle self.addr on us.
+        self.connected = True
         self.addr = addr
         self.requests = []