Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump eventlet to fix setting SSLContext minimum_version property that results in RecursionErrors #6061

Merged
merged 1 commit into from
Nov 6, 2023
Merged

Bump eventlet to fix setting SSLContext minimum_version property that results in RecursionErrors #6061

merged 1 commit into from
Nov 6, 2023

Conversation

jk464
Copy link
Contributor

@jk464 jk464 commented Nov 6, 2023

While writing a sensor for st2 - we hit this error:

stackstorm-docker-compose-st2sensorcontainer-1  | 2023-10-24 14:23:28,648 WARNING [-] Sensor "PollPagerDuty" run method raised an exception: maximum recursion depth exceeded while calling a Python object.
stackstorm-docker-compose-st2sensorcontainer-1  | Traceback (most recent call last):
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2reactor/container/sensor_wrapper.py", line 285, in run
stackstorm-docker-compose-st2sensorcontainer-1  |     self._sensor_instance.run()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/st2reactor/sensor/base.py", line 121, in run
stackstorm-docker-compose-st2sensorcontainer-1  |     self.poll()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/packs/****_pagerduty/sensors/poll_pagerduty.py", line 27, in poll
stackstorm-docker-compose-st2sensorcontainer-1  |     self._detect_triggered_incidents()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/packs/****_pagerduty/sensors/poll_pagerduty.py", line 42, in _detect_triggered_incidents
stackstorm-docker-compose-st2sensorcontainer-1  |     incidents = self.pagerduty.list_all(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1911, in list_all
stackstorm-docker-compose-st2sensorcontainer-1  |     return list(self.iter_all(url, **kw))
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1788, in iter_all
stackstorm-docker-compose-st2sensorcontainer-1  |     self.get(url, params=data.copy()),
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 602, in get
stackstorm-docker-compose-st2sensorcontainer-1  |     return self.request("GET", url, **kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/virtualenvs/****_pagerduty/lib/python3.8/site-packages/pdpyras.py", line 1121, in request
stackstorm-docker-compose-st2sensorcontainer-1  |     response = self.parent.request(method, full_url, **req_kw)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 589, in request
stackstorm-docker-compose-st2sensorcontainer-1  |     resp = self.send(prep, **send_kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/sessions.py", line 703, in send
stackstorm-docker-compose-st2sensorcontainer-1  |     r = adapter.send(request, **kwargs)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/requests/adapters.py", line 486, in send
stackstorm-docker-compose-st2sensorcontainer-1  |     resp = conn.urlopen(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 790, in urlopen
stackstorm-docker-compose-st2sensorcontainer-1  |     response = self._make_request(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 467, in _make_request
stackstorm-docker-compose-st2sensorcontainer-1  |     self._validate_conn(conn)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1092, in _validate_conn
stackstorm-docker-compose-st2sensorcontainer-1  |     conn.connect()
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connection.py", line 642, in connect
stackstorm-docker-compose-st2sensorcontainer-1  |     sock_and_verified = _ssl_wrap_socket_and_match_hostname(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/connection.py", line 735, in _ssl_wrap_socket_and_match_hostname
stackstorm-docker-compose-st2sensorcontainer-1  |     context = create_urllib3_context(
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/opt/stackstorm/st2/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 292, in create_urllib3_context
stackstorm-docker-compose-st2sensorcontainer-1  |     context.minimum_version = TLSVersion.TLSv1_2
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 586, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     super(SSLContext, SSLContext).minimum_version.__set__(self, value)
stackstorm-docker-compose-st2sensorcontainer-1  |   [Previous line repeated 487 more times]
stackstorm-docker-compose-st2sensorcontainer-1  |   File "/usr/lib/python3.8/ssl.py", line 584, in minimum_version
stackstorm-docker-compose-st2sensorcontainer-1  |     if value == TLSVersion.SSLv3:
stackstorm-docker-compose-st2sensorcontainer-1  | RecursionError: maximum recursion depth exceeded while calling a Python object

Which after some digging seems to be this issue here for eventlet - eventlet/eventlet#726

Bumping evenlet to 0.33.3 fixes this (and requires bumping gunicorn to 21.2.0 to support the new version of eventlet)

This supersedes #5257.

It also has the added benefit of resolving - CVE-2021-21419 (see Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet )

@pull-request-size pull-request-size bot added the size/M PR that changes 30-99 lines. Good size to review. label Nov 6, 2023
@jk464 jk464 force-pushed the bugfix/eventlet branch 2 times, most recently from 7332f9e to b83bb2e Compare November 6, 2023 18:28
@arm4b arm4b added this to the 3.8.1 milestone Nov 6, 2023
arm4b
arm4b approved these changes Nov 6, 2023
View reviewed changes
Copy link
Member

@arm4b arm4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, Thanks!

@jk464
Bump eventlet and gunicorn
31492d5 
eventlet v0.33.3
gunicorn v21.2.0
@arm4b arm4b mentioned this pull request Nov 6, 2023
Closed
13 tasks
@arm4b arm4b requested a review from a team November 6, 2023 21:11
@arm4b arm4b merged commit 71a7478 into StackStorm:master Nov 6, 2023
35 checks passed
@jk464 jk464 deleted the bugfix/eventlet branch November 7, 2023 10:49
@arm4b arm4b mentioned this pull request Nov 10, 2023
Closed
13 tasks
@jk464 jk464 mentioned this pull request Nov 27, 2023
Closed
@arm4b arm4b mentioned this pull request Dec 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nzlosh nzlosh nzlosh approved these changes

@arm4b arm4b arm4b approved these changes

Assignees
No one assigned
Labels
enhancement security size/M PR that changes 30-99 lines. Good size to review.
Projects
None yet
Milestone
3.8.1
Development

Successfully merging this pull request may close these issues.
3 participants
@jk464 @arm4b @nzlosh