diff -Nru python-oslo.privsep-2.1.1/debian/changelog python-oslo.privsep-2.1.1/debian/changelog --- python-oslo.privsep-2.1.1/debian/changelog 2020-04-09 19:47:38.000000000 +0100 +++ python-oslo.privsep-2.1.1/debian/changelog 2023-08-04 14:56:14.000000000 +0100 @@ -1,3 +1,10 @@ +python-oslo.privsep (2.1.1-0ubuntu2) focal; urgency=medium + + * Backport max_buffer_size fix (LP: #2029952) + - d/p/Bump-max_buffer_size-for-Deserializer.patch + + -- Edward Hope-Morley Fri, 04 Aug 2023 14:56:14 +0100 + python-oslo.privsep (2.1.1-0ubuntu1) focal; urgency=medium * New upstream release for OpenStack Ussuri. diff -Nru python-oslo.privsep-2.1.1/debian/patches/Bump-max_buffer_size-for-Deserializer.patch python-oslo.privsep-2.1.1/debian/patches/Bump-max_buffer_size-for-Deserializer.patch --- python-oslo.privsep-2.1.1/debian/patches/Bump-max_buffer_size-for-Deserializer.patch 1970-01-01 01:00:00.000000000 +0100 +++ python-oslo.privsep-2.1.1/debian/patches/Bump-max_buffer_size-for-Deserializer.patch 2023-08-04 14:56:05.000000000 +0100 @@ -0,0 +1,56 @@ +From c223dbced7d5a8d1920fe764cbce42cf844538e1 Mon Sep 17 00:00:00 2001 +From: Mohammed Naser +Date: Wed, 1 Dec 2021 11:19:26 +0400 +Subject: [PATCH] Bump max_buffer_size for Deserializer + +Since msgpack 0.6.0, some limits were introduced for the +deserializer which were put in to avoid any denial of service +attacks using msgpack. These limits were raised to 100MiB +in the release of msgpack 1.0.0. + +The default buffer sizes that were implemented were quite low +and when running certain `privsep` commands, especially for +Neutron when using linux bridge, where there is a large amount +of netdevs, privsep would crash since msgpack would fail to +decode the message since it considers it too big: + + ValueError: 1174941 exceeds max_str_len(1048576) + +In this commit, the `max_buffer_size` is bumped to the value +that ships with msgpack==1.0.0 to allow for users who don't +have that to continue to function. Also, since `msgpack` is +only being used by the internal API, we're not worried about +a third party coming in and overwhelming the system by +deserializing calls. + +This fix also addresses some weird behaviour where privsep +will die and certain OpenStack agents would start to behave +in a strange way once they hit a certain number of ports (since +any privsep calls would start to fail). + +Closes-Bug: #1844822 +Closes-Bug: #1896734 +Related-Bug: #1928764 +Closes-Bug: #1952611 +Change-Id: I135917522daff95377d07566317ef0fc0d16e7cb +--- + oslo_privsep/comm.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/oslo_privsep/comm.py b/oslo_privsep/comm.py +index c609a87..9de82b4 100644 +--- a/oslo_privsep/comm.py ++++ b/oslo_privsep/comm.py +@@ -72,7 +72,8 @@ class Deserializer(six.Iterator): + self.readsock = readsock + self.unpacker = msgpack.Unpacker(use_list=False, raw=False, + strict_map_key=False, +- unicode_errors='surrogateescape') ++ unicode_errors='surrogateescape', ++ max_buffer_size=100 * 1024 * 1024) + + def __iter__(self): + return self +-- +2.34.1 + diff -Nru python-oslo.privsep-2.1.1/debian/patches/series python-oslo.privsep-2.1.1/debian/patches/series --- python-oslo.privsep-2.1.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ python-oslo.privsep-2.1.1/debian/patches/series 2023-08-04 14:56:05.000000000 +0100 @@ -0,0 +1 @@ +Bump-max_buffer_size-for-Deserializer.patch