From 2b9a33be98d23c37101f37c5b105519915f624cb Mon Sep 17 00:00:00 2001 From: lilong Date: Sun, 28 Apr 2024 10:54:57 +0800 Subject: [PATCH] Address DoS via the Tudoor mechanism (CVE-2023-29483) (cherry picked from commit e06ff729ca85bde63bd0bf1447cd3b7de3fe511c) --- Address-DoS-via-the-Tudoor-mechanism.patch | 104 +++++++++++++++++++++ python-eventlet.spec | 10 +- 2 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 Address-DoS-via-the-Tudoor-mechanism.patch diff --git a/Address-DoS-via-the-Tudoor-mechanism.patch b/Address-DoS-via-the-Tudoor-mechanism.patch new file mode 100644 index 0000000..d652a13 --- /dev/null +++ b/Address-DoS-via-the-Tudoor-mechanism.patch @@ -0,0 +1,104 @@ +From 51e3c4928d4938beb576eff34f3bf97e6e64e6b4 Mon Sep 17 00:00:00 2001 +From: Kelvin J Li <72498127+kelvin-j-li@users.noreply.github.com> +Date: Mon, 19 Feb 2024 21:42:27 +0800 +Subject: [PATCH] Dnspython 2.6.1 - Address DoS via the Tudoor mechanism + (CVE-2023-29483) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix for (CVE-2023-29483) and handling of truncated exceptions in greendns.py provided by Bob Halley from https://github.com/rthalley/eventlet/tree/tudoor + +Do not eat legitimate Truncated exceptions. +--------- +Co-authored-by: Bob Halley +Co-authored-by: Hervé Beraud +--- + eventlet/support/greendns.py | 56 ++++++++++++++++++++++++------------ + 1 file changed, 38 insertions(+), 18 deletions(-) + +diff --git a/eventlet/support/greendns.py b/eventlet/support/greendns.py +index 626214235..365664f24 100644 +--- a/eventlet/support/greendns.py ++++ b/eventlet/support/greendns.py +@@ -713,7 +713,7 @@ def _net_write(sock, data, expiration): + def udp(q, where, timeout=DNS_QUERY_TIMEOUT, port=53, + af=None, source=None, source_port=0, ignore_unexpected=False, + one_rr_per_rrset=False, ignore_trailing=False, +- raise_on_truncation=False, sock=None): ++ raise_on_truncation=False, sock=None, ignore_errors=False): + """coro friendly replacement for dns.query.udp + Return the response obtained after sending a query via UDP. + +@@ -752,7 +752,10 @@ def udp(q, where, timeout=DNS_QUERY_TIMEOUT, port=53, + query. If None, the default, a socket is created. Note that + if a socket is provided, it must be a nonblocking datagram socket, + and the source and source_port are ignored. +- @type sock: socket.socket | None""" ++ @type sock: socket.socket | None ++ @param ignore_errors: if various format errors or response mismatches occur, ++ continue listening. ++ @type ignore_errors: bool""" + + wire = q.to_wire() + if af is None: +@@ -816,26 +819,43 @@ def udp(q, where, timeout=DNS_QUERY_TIMEOUT, port=53, + addr = from_address[0] + addr = dns.ipv6.inet_ntoa(dns.ipv6.inet_aton(addr)) + from_address = (addr, from_address[1], from_address[2], from_address[3]) +- if from_address == destination: ++ if from_address != destination: ++ if ignore_unexpected: ++ continue ++ else: ++ raise dns.query.UnexpectedSource( ++ 'got a response from %s instead of %s' ++ % (from_address, destination)) ++ try: ++ if _handle_raise_on_truncation: ++ r = dns.message.from_wire(wire, ++ keyring=q.keyring, ++ request_mac=q.mac, ++ one_rr_per_rrset=one_rr_per_rrset, ++ ignore_trailing=ignore_trailing, ++ raise_on_truncation=raise_on_truncation) ++ else: ++ r = dns.message.from_wire(wire, ++ keyring=q.keyring, ++ request_mac=q.mac, ++ one_rr_per_rrset=one_rr_per_rrset, ++ ignore_trailing=ignore_trailing) ++ if not q.is_response(r): ++ raise dns.query.BadResponse() + break +- if not ignore_unexpected: +- raise dns.query.UnexpectedSource( +- 'got a response from %s instead of %s' +- % (from_address, destination)) ++ except dns.message.Truncated as e: ++ if ignore_errors and not q.is_response(e.message()): ++ continue ++ else: ++ raise ++ except Exception: ++ if ignore_errors: ++ continue ++ else: ++ raise + finally: + s.close() + +- if _handle_raise_on_truncation: +- r = dns.message.from_wire(wire, keyring=q.keyring, request_mac=q.mac, +- one_rr_per_rrset=one_rr_per_rrset, +- ignore_trailing=ignore_trailing, +- raise_on_truncation=raise_on_truncation) +- else: +- r = dns.message.from_wire(wire, keyring=q.keyring, request_mac=q.mac, +- one_rr_per_rrset=one_rr_per_rrset, +- ignore_trailing=ignore_trailing) +- if not q.is_response(r): +- raise dns.query.BadResponse() + return r + + diff --git a/python-eventlet.spec b/python-eventlet.spec index e28c3dc..fc79c0b 100644 --- a/python-eventlet.spec +++ b/python-eventlet.spec @@ -1,12 +1,15 @@ %global _empty_manifest_terminate_build 0 Name: python-eventlet Version: 0.33.3 -Release: 1 +Release: 2 Summary: Highly concurrent networking library License: MIT URL: http://eventlet.net Source0: https://files.pythonhosted.org/packages/source/e/eventlet/eventlet-%{version}.tar.gz BuildArch: noarch + +Patch0001: Address-DoS-via-the-Tudoor-mechanism.patch + %description Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. @@ -37,7 +40,7 @@ Provides: python3-eventlet-doc Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. %prep -%autosetup -n eventlet-%{version} +%autosetup -n eventlet-%{version} -p1 %build %py3_build @@ -79,6 +82,9 @@ mv %{buildroot}/doclist.lst . %{_docdir}/* %changelog +* Sun Apr 28 2024 lilong - 0.33.3-2 +- Address DoS via the Tudoor mechanism (CVE-2023-29483) + * Sat May 06 2023 xu_ping <707078654@qq.com> - 0.33.3-1 - Update to 0.33.3 -- Gitee