Accepting request 801093 from home:PSuarezHernandez:branches:devel:languages:python

- Avoid possible race condition on persistent HTTP connections (bsc#1169604) - Added: * 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch OBS-URL: https://build.opensuse.org/request/show/801093 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cheroot?expand=0&rev=26
2020-05-07 10:24:50 +00:00
parent d85aa3fe43
commit 9d44ebf08a
3 changed files with 53 additions and 1 deletions
--- a/0001-Avoid-race-condition-on-persistent-HTTP-connections.patch
+++ b/0001-Avoid-race-condition-on-persistent-HTTP-connections.patch
@@ -0,0 +1,41 @@
+From 49a8934d726574f7ff85356e6acbfdc06ca7fbdb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
+ <psuarezhernandez@suse.com>
+Date: Wed, 6 May 2020 14:04:48 +0100
+Subject: [PATCH] Avoid race condition on persistent HTTP connections
+
+Add a HTTP "Keep-Alive" header with "timeout" on the HTTP response
+to avoid a race condition on persistent HTTP connections when the
+HTTP client reuses a connection after the "socket.timeout" exception
+triggered on the HTTPServer but before the FIN packet is produced.
+
+When this happens, the client gets a "connection reset by peer" after
+writting the request.
+
+This commit makes a HTTP client to know about this "Keep-Alive" idle
+timeout by exposing it on the HTTP "Keep-Alive" response header, so
+the connection won't be reused if it was "idle" for that "timeout"
+after the last request response.
+---
+ cheroot/server.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/cheroot/server.py b/cheroot/server.py
+index 223bed86..f29559b4 100644
+--- a/cheroot/server.py
+++ b/cheroot/server.py
+@@ -1167,6 +1167,11 @@ class HTTPRequest:
+                 if not self.close_connection:
+                     self.outheaders.append((b'Connection', b'Keep-Alive'))
+ 
+        self.outheaders.append((
+            b'Keep-Alive',
+            "timeout={}".format(self.server.timeout).encode('ISO-8859-1'),
+        ))
+
+         if (not self.close_connection) and (not self.chunked_read):
+             # Read any remaining request body data on the socket.
+             # "If an origin server receives a request that does not include an
+-- 
+2.23.0
+
--- a/python-cheroot.changes
+++ b/python-cheroot.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu May  7 09:33:29 UTC 2020 - Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
+
+- Avoid possible race condition on persistent HTTP connections (bsc#1169604) 
+
+- Added:
+  * 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch
+
 -------------------------------------------------------------------
 Mon Mar 16 10:23:16 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>

--- a/python-cheroot.spec
+++ b/python-cheroot.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-cheroot
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,9 @@ Summary:        Pure-python HTTP server
 License:        BSD-3-Clause
 URL:            https://github.com/cherrypy/cheroot
 Source:         https://files.pythonhosted.org/packages/source/c/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
+# PATCH-FIX_UPSTREAM //github.com/cherrypy/cheroot/pull/282
+Patch1:         0001-Avoid-race-condition-on-persistent-HTTP-connections.patch
+
 BuildRequires:  %{python_module jaraco.functools}
 BuildRequires:  %{python_module jaraco.text >= 3.1}
 BuildRequires:  %{python_module more-itertools >= 2.6}