From bb5b4c3c81005a8acb6ec71bfdc9249bf295730b Mon Sep 17 00:00:00 2001 From: wang_yue111 <648774160@qq.com> Date: Mon, 31 May 2021 11:50:26 +0800 Subject: [PATCH] fix CVE-2021-29509 (cherry picked from commit e492fec2f7f07ba1f0bf796c6e6f29dc11291c1c) --- CVE-2021-29509.patch | 45 ++++++++++++++++++++++++++++++++++++++++++++ rubygem-puma.spec | 9 ++++++++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 CVE-2021-29509.patch diff --git a/CVE-2021-29509.patch b/CVE-2021-29509.patch new file mode 100644 index 0000000..8b0267b --- /dev/null +++ b/CVE-2021-29509.patch @@ -0,0 +1,45 @@ +From 2e9cf0b63b8de904d6ebca9fb1474cf0f979c53b Mon Sep 17 00:00:00 2001 +From: Nate Berkopec +Date: Tue, 11 May 2021 07:43:32 -0600 +Subject: [PATCH] Close keepalive connections after MAX_FAST_INLINE requests + +--- + lib/puma/server.rb | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +diff --git a/lib/puma/server.rb b/lib/puma/server.rb +index 5b2cd94..4ce0c74 100644 +--- a/lib/puma/server.rb ++++ b/lib/puma/server.rb +@@ -487,15 +487,20 @@ module Puma + + requests += 1 + +- check_for_more_data = @status == :run ++ # Closing keepalive sockets after they've made a reasonable ++ # number of requests allows Puma to service many connections ++ # fairly, even when the number of concurrent connections exceeds ++ # the size of the threadpool. It also allows cluster mode Pumas ++ # to keep load evenly distributed across workers, because clients ++ # are randomly assigned a new worker when opening a new connection. ++ # ++ # Previously, Puma would kick connections in this conditional back ++ # to the reactor. However, because this causes the todo set to increase ++ # in size, the wait_until_full mutex would never unlock, leaving ++ # any additional connections unserviced. ++ break if requests >= MAX_FAST_INLINE + +- if requests >= MAX_FAST_INLINE +- # This will mean that reset will only try to use the data it already +- # has buffered and won't try to read more data. What this means is that +- # every client, independent of their request speed, gets treated like a slow +- # one once every MAX_FAST_INLINE requests. +- check_for_more_data = false +- end ++ check_for_more_data = @status == :run + + unless client.reset(check_for_more_data) + close_socket = false +-- +2.23.0 + diff --git a/rubygem-puma.spec b/rubygem-puma.spec index d32d02c..82154e0 100644 --- a/rubygem-puma.spec +++ b/rubygem-puma.spec @@ -2,7 +2,7 @@ %bcond_with ragel Name: rubygem-%{gem_name} Version: 3.12.6 -Release: 1 +Release: 2 Summary: A simple, fast, threaded, and highly concurrent HTTP 1.1 server License: BSD URL: http://puma.io @@ -11,6 +11,8 @@ Source1: https://github.com/puma/%{gem_name}/archive/v%{version}.tar # Set the default cipher list "PROFILE=SYSTEM". # https://fedoraproject.org/wiki/Packaging:CryptoPolicies Patch0: rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch +Patch1: CVE-2021-29509.patch + BuildRequires: openssl-devel ruby(release) rubygems-devel ruby-devel rubygem(rack) BuildRequires: rubygem(minitest) %if %{with ragel} @@ -31,6 +33,8 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} -b 1 %patch0 -p1 +%patch1 -p1 + %if %{with ragel} rm -f ext/puma_http11/http11_parser.c ragel ext/puma_http11/http11_parser.rl -C -G2 -I ext/puma_http11 \ @@ -96,6 +100,9 @@ popd %{gem_instdir}/tools %changelog +* Mon May 31 2021 wangyue - 3.12.6-2 +- Fix CVE-2021-29509 + * Wed Feb 03 2021 shinwell_hu - 3.12.6-1 - Upgrade to 3.12.6 to fix following known CVEs CVE-2020-11077 -- Gitee