meta-openembedded/meta-python/recipes-devtools/python/python3-waitress/CVE-2024-49768-4.patch
Gyorgy Sarvari 1ea440cd62 python3-waitress: patch CVE-2024-49768
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-49768

Pick the patch mentioned in the NVD report (which is a merge commit,
and the patches here are the individual commits from that merge)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-01-08 22:03:03 +01:00

35 lines
1.2 KiB
Diff

From c516dad4f749d1b1b1c675680a76c1f6d2523857 Mon Sep 17 00:00:00 2001
From: Delta Regeer <bertjw@regeer.org>
Date: Sat, 26 Oct 2024 22:22:32 -0600
Subject: [PATCH] Add documentation for channel_request_lookahead
CVE: CVE-2024-49768
Upstream-Status: Backport [https://github.com/Pylons/waitress/commit/810a435f9e9e293bd3446a5ce2df86f59c4e7b1b]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
docs/arguments.rst | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/docs/arguments.rst b/docs/arguments.rst
index f9b9310..ba1797a 100644
--- a/docs/arguments.rst
+++ b/docs/arguments.rst
@@ -301,3 +301,17 @@ url_prefix
be stripped of the prefix.
Default: ``''``
+
+channel_request_lookahead
+ Sets the amount of requests we can continue to read from the socket, while
+ we are processing current requests. The default value won't allow any
+ lookahead, increase it above ``0`` to enable.
+
+ When enabled this inserts a callable ``waitress.client_disconnected`` into
+ the environment that allows the task to check if the client disconnected
+ while waiting for the response at strategic points in the execution and to
+ cancel the operation.
+
+ Default: ``0``
+
+ .. versionadded:: 2.0.0