Skip to content

Bump eventlet to fix setting SSLContext minimum_version property that results in RecursionErrors#6061

Merged
arm4b merged 1 commit intoStackStorm:masterfrom
jk464:bugfix/eventlet
Nov 6, 2023
Merged

Bump eventlet to fix setting SSLContext minimum_version property that results in RecursionErrors#6061
arm4b merged 1 commit intoStackStorm:masterfrom
jk464:bugfix/eventlet

Conversation

@jk464
Copy link
Contributor

@jk464 jk464 commented Nov 6, 2023

While writing a sensor for st2 - we hit this error:

stackstorm-docker-compose-st2sensorcontainer-1  | 2023-10-24 14:23:28,648 WARNING [-] Sensor "PollPagerDuty" run method raised an exception: maximum recursion depth exceeded while calling a Python object.
stackstorm-docker-compose-st2sensorcontainer-1  | Traceback (most recent call last):
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2reactor/container/sensor_wrapper.py", line 285, in run
stackstorm-docker-compose-st2sensorcontainer-1  |     self._sensor_instance.run()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2reactor/sensor/base.py", line 121, in run
stackstorm-docker-compose-st2sensorcontainer-1  |     self.poll()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/packs/****_pagerduty/sensors/poll_pagerduty.py", line 27, in poll
stackstorm-docker-compose-st2sensorcontainer-1  |     self._detect_triggered_incidents()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/packs/****_pagerduty/sensors/poll_pagerduty.py", line 42, in _detect_triggered_incidents
stackstorm-docker-compose-st2sensorcontainer-1  |     incidents = self.pagerduty.list_all(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1911, in list_all
stackstorm-docker-compose-st2sensorcontainer-1  |     return list(self.iter_all(url, **kw))
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1788, in iter_all
stackstorm-docker-compose-st2sensorcontainer-1  |     self.get(url, params=data.copy()),
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 602, in get
stackstorm-docker-compose-st2sensorcontainer-1  |     return self.request("GET", url, **kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1121, in request
stackstorm-docker-compose-st2sensorcontainer-1  |     response = self.parent.request(method, full_url, **req_kw)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 589, in request
stackstorm-docker-compose-st2sensorcontainer-1  |     resp = self.send(prep, **send_kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 703, in send
stackstorm-docker-compose-st2sensorcontainer-1  |     r = adapter.send(request, **kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/adapters.py", line 486, in send
stackstorm-docker-compose-st2sensorcontainer-1  |     resp = conn.urlopen(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 790, in urlopen
stackstorm-docker-compose-st2sensorcontainer-1  |     response = self._make_request(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 467, in _make_request
stackstorm-docker-compose-st2sensorcontainer-1  |     self._validate_conn(conn)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1092, in _validate_conn
stackstorm-docker-compose-st2sensorcontainer-1  |     conn.connect()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connection.py", line 642, in connect
stackstorm-docker-compose-st2sensorcontainer-1  |     sock_and_verified = _ssl_wrap_socket_and_match_hostname(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connection.py", line 735, in _ssl_wrap_socket_and_match_hostname
stackstorm-docker-compose-st2sensorcontainer-1  |     context = create_urllib3_context(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 292, in create_urllib3_context
stackstorm-docker-compose-st2sensorcontainer-1  |     context.minimum_version = TLSVersion.TLSv1_2
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   [Previous line repeated 487 more times]
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 584, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     if value == TLSVersion.SSLv3:
stackstorm-docker-compose-st2sensorcontainer-1  | RecursionError: maximum recursion depth exceeded while calling a Python object

Which after some digging seems to be this issue here for eventlet - eventlet/eventlet#726

Bumping evenlet to 0.33.3 fixes this (and requires bumping gunicorn to 21.2.0 to support the new version of eventlet)

This supersedes #5257.

It also has the added benefit of resolving - CVE-2021-21419 (see Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet )

@pull-request-size pull-request-size bot added the size/M PR that changes 30-99 lines. Good size to review. label Nov 6, 2023
@jk464 jk464 force-pushed the bugfix/eventlet branch 2 times, most recently from 7332f9e to b83bb2e Compare November 6, 2023 18:28
@arm4b arm4b added this to the 3.8.1 milestone Nov 6, 2023
arm4b
arm4b approved these changes Nov 6, 2023
View reviewed changes
Copy link
Member

@arm4b arm4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, Thanks!

@jk464
Bump eventlet and gunicorn
31492d5 
eventlet v0.33.3
gunicorn v21.2.0
@arm4b arm4b mentioned this pull request Nov 6, 2023
Closed
13 tasks
@arm4b arm4b requested a review from a team November 6, 2023 21:11
@arm4b arm4b merged commit 71a7478 into StackStorm:master Nov 6, 2023
@jk464 jk464 deleted the bugfix/eventlet branch November 7, 2023 10:49
@arm4b arm4b mentioned this pull request Nov 10, 2023
Closed
13 tasks
@jk464 jk464 mentioned this pull request Nov 27, 2023
Closed
@arm4b arm4b mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nzlosh nzlosh nzlosh approved these changes

+1 more reviewer

@arm4b arm4b arm4b approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement security size/M PR that changes 30-99 lines. Good size to review.

Projects

None yet

Milestone

3.8.1

Development

Successfully merging this pull request may close these issues.

3 participants

@jk464 @arm4b @nzlosh