New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
for eventlet issue 913 - Dnspython 2.6.0rc1 dns.query.udp() API chang… #916
Conversation
…e heads-up eventlet#913 - used the new param 'ignore_errors'
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #916 +/- ##
=====================================
- Coverage 56% 56% -1%
=====================================
Files 89 89
Lines 9718 9728 +10
Branches 1809 1812 +3
=====================================
Hits 5461 5461
- Misses 3883 3892 +9
- Partials 374 375 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My local tests are successful with dnspython version 2.5.0
and version 2.6.0rc1
:
$ tox -e py312 # ok with version 2.5.0 (the default pulled version)
$ .tox/py312/bin/pip install --force-reinstall -v dnspython==2.6.0rc1 # upgrade
$ tox -e py312 # ok with the newer version 2.6.0rc1
It would be awesome if you can provide a unit test that reflect the fixed problem (https://github.com/eventlet/eventlet/blob/master/tests/greendns_test.py#L233).
@kelvin-j-li do you plan to propose related unit test (see my previous suggestion), or can I merge this patch? |
This fix is not enough, and the change at line 837 is a regression without the updated receive code. The main fix for the CVE are the changes to receive_udp in this commit I don't have a good unit test for these as they involve receiving various invalid things and ignoring them. |
I think eventlet changes should look a lot like this branch Also, I added some unit tests to dnspython, see class IgnoreErrors if you want to adapt them. |
@rthalley: Thanks for details |
hi Hervé / Bob: Do you prefer me to copy the code from https://github.com/rthalley/eventlet/tree/tudoor to this PR? I am ok with close this PR and use Bob's change/PR instead from https://github.com/rthalley/eventlet/tree/tudoor Many thanks! |
Hi @kelvin-j-li We have to use the latest version of the Bob's branch with the @rthalley do you have any preference? |
I didn't do a PR in part because I don't have time to write the tests; I mostly wanted to show the sort of thing that is needed to keep the CVE fix. I'm ok with just copying from my branch. |
…d exceptions in greendns.py provided by Bob Halley from https://github.com/rthalley/eventlet/tree/tudoor
hi @4383 / @rthalley, cfe9b7b - (HEAD -> master, origin/master, origin/HEAD) Copied the complete fix for (CVE-2023-29483) and handling of truncated exceptions in greendns.py provided by Bob Halley from https://github.com/rthalley/eventlet/tree/tudoor thanks! |
Thanks guys (@kelvin-j-li, @rthalley) for the collaboration. This patch LGTM, I'm going to merge it. |
…e heads-up #913