packages/rubygem-puma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-29509

Browse Source
This commit is contained in:
wang_yue111 2021-05-31 11:50:26 +08:00
parent a99bf02d26
commit e492fec2f7
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CVE-2021-29509.patch Normal file
View File

@ -0,0 +1,45 @@
From 2e9cf0b63b8de904d6ebca9fb1474cf0f979c53b Mon Sep 17 00:00:00 2001
From: Nate Berkopec <nate.berkopec@gmail.com>
Date: Tue, 11 May 2021 07:43:32 -0600
Subject: [PATCH] Close keepalive connections after MAX_FAST_INLINE requests
---
lib/puma/server.rb | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/lib/puma/server.rb b/lib/puma/server.rb
index 5b2cd94..4ce0c74 100644
--- a/lib/puma/server.rb
+++ b/lib/puma/server.rb
@@ -487,15 +487,20 @@ module Puma
requests += 1
- check_for_more_data = @status == :run
+ # Closing keepalive sockets after they've made a reasonable
+ # number of requests allows Puma to service many connections
+ # fairly, even when the number of concurrent connections exceeds
+ # the size of the threadpool. It also allows cluster mode Pumas
+ # to keep load evenly distributed across workers, because clients
+ # are randomly assigned a new worker when opening a new connection.
+ #
+ # Previously, Puma would kick connections in this conditional back
+ # to the reactor. However, because this causes the todo set to increase
+ # in size, the wait_until_full mutex would never unlock, leaving
+ # any additional connections unserviced.
+ break if requests >= MAX_FAST_INLINE
- if requests >= MAX_FAST_INLINE
- # This will mean that reset will only try to use the data it already
- # has buffered and won't try to read more data. What this means is that
- # every client, independent of their request speed, gets treated like a slow
- # one once every MAX_FAST_INLINE requests.
- check_for_more_data = false
- end
+ check_for_more_data = @status == :run
unless client.reset(check_for_more_data)
close_socket = false
--
2.23.0

9
rubygem-puma.spec
View File

@ -2,7 +2,7 @@
%bcond_with ragel %bcond_with ragel
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Version: 3.12.6 Version: 3.12.6
Release: 1 Release: 2
Summary: A simple, fast, threaded, and highly concurrent HTTP 1.1 server Summary: A simple, fast, threaded, and highly concurrent HTTP 1.1 server
License: BSD License: BSD
URL: http://puma.io URL: http://puma.io
@ -11,6 +11,8 @@ Source1: https://github.com/puma/%{gem_name}/archive/v%{version}.tar
# Set the default cipher list "PROFILE=SYSTEM". # Set the default cipher list "PROFILE=SYSTEM".
# https://fedoraproject.org/wiki/Packaging:CryptoPolicies # https://fedoraproject.org/wiki/Packaging:CryptoPolicies
Patch0: rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch Patch0: rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch
Patch1: CVE-2021-29509.patch
BuildRequires: openssl-devel ruby(release) rubygems-devel ruby-devel rubygem(rack) BuildRequires: openssl-devel ruby(release) rubygems-devel ruby-devel rubygem(rack)
BuildRequires: rubygem(minitest) BuildRequires: rubygem(minitest)
%if %{with ragel} %if %{with ragel}
@ -31,6 +33,8 @@ Documentation for %{name}.
%prep %prep
%setup -q -n %{gem_name}-%{version} -b 1 %setup -q -n %{gem_name}-%{version} -b 1
%patch0 -p1 %patch0 -p1
%patch1 -p1
%if %{with ragel} %if %{with ragel}
rm -f ext/puma_http11/http11_parser.c rm -f ext/puma_http11/http11_parser.c
ragel ext/puma_http11/http11_parser.rl -C -G2 -I ext/puma_http11 \ ragel ext/puma_http11/http11_parser.rl -C -G2 -I ext/puma_http11 \
@ -96,6 +100,9 @@ popd
%{gem_instdir}/tools %{gem_instdir}/tools
%changelog %changelog
* Mon May 31 2021 wangyue <wangyue92@huawei.com> - 3.12.6-2
- Fix CVE-2021-29509
* Wed Feb 03 2021 shinwell_hu <micromotive@qq.com> - 3.12.6-1 * Wed Feb 03 2021 shinwell_hu <micromotive@qq.com> - 3.12.6-1
- Upgrade to 3.12.6 to fix following known CVEs - Upgrade to 3.12.6 to fix following known CVEs
CVE-2020-11077 CVE-2020-11077