From e82579ab7aa8dad709b4c552e011e4be54485f75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Mon, 26 Oct 2020 14:48:09 +0100
Subject: [PATCH] Created 2020-10-26T144755.rxp on branch 8.0.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

subject: Pike 8.0: Fix race-condition in Concurrent.Promise
from: 390d6181d989365f3ed1dd1c7a7d0daa2ef56877
to: 30dcc4ac544c71544191678bf6a42ad2dbc62753
originator: Henrik Grubbström (Grubba) <grubba@grubba.org>
depends: 2020-08-28T110259
restart: true

Multiple fixes:

• Concurrent.Promise: Fixed race-condition in finalise().

The API for finalise() raced with on_{success,failure}(), as
new callbacks could get registered after finalise() was called,
but before the state was updated.

Fixes #10055.

• Tools.Standalone.httpserver: Fix directory traversal vulnerability

Thanks to Chris Angelico <rosuav@gmail.com> for the report.
---
 .../2020-10-26T144755/2020-10-26T144755.rxp      | Bin 0 -> 2234 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 refs/heads/8.0/patches/2020-10-26T144755/2020-10-26T144755.rxp

diff --git a/refs/heads/8.0/patches/2020-10-26T144755/2020-10-26T144755.rxp b/refs/heads/8.0/patches/2020-10-26T144755/2020-10-26T144755.rxp
new file mode 100644
index 0000000000000000000000000000000000000000..0470aa4fc96d4e039ebf013626f2996bd4d166bd
GIT binary patch
literal 2234
zcmb2|=3oE==C_fri*D}_J$L_w=7uvVzI`rTQ#4*BMZWgAcF%Wqif!kw(_b?jgr;m*
z<{`?GyE^jxm&jiNwT=5c=P!BQu*Bu3ka}<Wc6*-NLY{M^_Z1&xyt~nQ+shki$7fru
zyZ!#_t@CoVH@5LMan>E)@iX?0#oc|kUw@T3|5E7ox0v<6d%nospR&9#xg_tW{gc3y
zwJUhU`j;MdYv1+#=lzX$_ig@Ke_idvirZi3O+0?-zsWoK7r9BZiuF!*&EH&h=I=Kn
z-p?~q-(JrYdg8RfB}%*En}TDry5er72TtZ6YL9>1yW(-{mh*ouyysyTT-?K2XTOPk
z+jY(rsjPcXY~Nk*)@9%QuWii+AO5V9cAeY6YSN`qz;0XbAS3F?d)Y+ZY|+geJD-vY
zk28MTFMsk7-v5h5j>Yh-QPG^!F&o$vm)!lwXUFe<IYlf`?r`v3i|m8V`=9!(Nsp9c
z(K(&Q*qc0`?YZO`rP(nba<&P*jJcr7cyE$l|0k6RHojj}_a`NGuh3756qB6TJ*AzE
z^Utr~GF4X7fJe*SgzZk2C`$0IE#H|EUZ0j-#8=OrGBbYWWDDMNrOEQ0oG0}xRrD_!
zd#V~Y%ob5zAgL_BeEl-_&5!r*v90_3?d`?>#aTkjA6IOakj)j;Ii1X@t><%7Kj8Il
zuB~<N9j~mKdOc8kVvWF7u8;rKuh_}_efi>RNaMGdiH!?>otYhf@9@==`tl9S7_whj
z=^j@-yYP0d<zd|zb*0!(J)%}D%x@+M9lFRdF~BU=+~cqci^D{n2^;pw_9)G}Ad&Jy
zeyS?x?hv)mh?ol&?b7o+l#cFdZQ@wybYW{;%{}g%&e!>@GplkWIEvF07WF6ky_ElC
z`tM=jOKGEZ0rr+v{~yo(ZZFAt@L2NHY%S?;t2>qECAvj!jz4nTeDS7<o40;=@E~no
zqJ!ytX48!OB7IWtO%n}|+?<v%S-o^omLjX$x3omZSuM|wh->mH#yn-)d`azJ`7}2x
zs|y;7iVRxr<np!0*|ugIMn2teXWCAq&ZlOrr`30tTSwMwuV1}#?hJ>R`rEubo2QB0
zK5)x*OX$bsitC1^UVHX6-M{f9dgqVFHhmQ`&0l%MLQ|eeHgVp5(v)^`o{C+v!kz`q
zN0&J5<XM-|!?<^w$d$gkFO{!dxVYnc!`|6$s<ZeNL$qaBqs*^IUR@PCBP%fU;1|`N
z?H?-LuiG*I-S4EjgK^TMO;Yn;YcI=`O3#wdbKdIVB(<DV`<-~uIwLi`85<_NjjlMI
zx8(he+TH#OHD8wQotMsEbw#$sdfxjlcMVG39(d`r`4PXac2AA|n{u|;>+gTfdtBOP
zd;KL((~0Cp^A~*8e#^}{l)v4~d!qej_vXN#Ty>)Hws(3S7B5KB_Fcf>xPZZzEtIGG
zte3+RmtWj(Sw7x5rJ(QZ{dZBgd5_|0ri0;|60Y6**rK25Q#a4g|4h(!wu2Wk(uAIz
z^DK~bk}(ZQj1QXkqQdd0O~%yJtqY7l++;nHC%Ln$#x{B>)9H^4QinF}l-Tm%&-FLA
zc4QxF))(C^so1S?<wsQXVz-sA8J<d<D9*A<{~f*PwUT&(X~MZVo;z-c1bT$dWP2g%
za`0Egf&!*TUsx?P(u@x-*nV<Bpw`upIn$fGmu2f4A2Ob_WO~agrK5jmICeW<c@_W2
zPU}+5zJPt1f@|}3vH6}<I;+^eAR}g((w2X-GS>FCZa0}`dcNdA+*bajvz_!5jxP1v
z_Wj5Wi;sOb!%B4{Y_wNs-_KPmnBC;(A+7(!XkL$az*n_|c||H;tOLH@DQf<?MpWTo
zl6ZiRy<iT<a|X6IX$%!wZu&}X_P?J<vF0aAZa3c9H#4YRY|GS78|SxWe?8-}dQRsx
zn}tk=t|fU+Xv=A9JNJO+fNJ_ozE}R%(@N7!0vQ4hKl{y^qpB3WZdT-^MfuEP$8UDA
zZ8+9!TkU^$eTKxU-{<Z<ITp2KM$c2GZ@hN?eBYA9PVPNvn4`)WyQwf*PwlAGc9o{{
z;ts~K>sM8_)I4wy%;39oZ3CO-8^4@sONzu4S5<u#ah0C&W5?DBcMYz+=lj8bR7Z1V
zh|P?x6%M`;MmlRHmw3-t&)K%9Xkm8l+R#rkgtxfNWmZTyoAfy_#ysR%(|M=18?QYA
zazl5|diQ*1aBQ)9+2csfrFpM){C`X}ig;<@C)?3C=`&xEY|)0T6GN9iaF_ga<&fTt
z6?S~G4Y3R3I&N&+Z1qzw_~Cv-@t`c$)){9H$SW8>yy>L=Yo%C_=hncByKb&3)~@c%
z|9G!hW>$;DB{!)r_crw=uG_jwQq4tc%f#&6>Bo*`U0t&1<xI<mkrVf)iJs(N+dPGP
z<*5dzwV|fl|4Y~N{y$YzR2}%_n9#PH-#7S8S=-CCJ}E3L?f*snJh{v}b^o`gOj5eg
zzx?s%_y2Q_zumF>eZB0Dm-c)A|F%8$qkVO1%-3%AS;;qV@lQS$5wrFczicj(rSY-c
z<VC+uG^X~SFx;=y#CGP$XZ3JfWq*&iq0yD6B)5wyd#(6Bea15OYAx?@LzBwt$;Yf;
z-2K6IDuw0w{G2Npf1b<#-{ZU>i1+#8+o#OiB@btrEGsamEdA8xQeko1M`PWDg!ESZ
zS$0$1kB3#7?K-xtE3LOBcG6jItrfp3Ws>f*iYD_NZRfOk>G~mddX1;?(Zh$r4xj(n
z!?9|nm4c`~+XRJp$FhwAZw|YrJYkhlud-bok$v&sb*ulmhvOdb9_2q5vohlF&Ynf>
z3#|8_c-+GI>hp}#rh2p05;pmqeBIh`?sKS7x*>nir&^uwuCtzgc~rm`Tbgq)@7v#)
zciIgXJPvM{x#dFO+gZz}JP&$dm9TU{)hA<b7JGI3&O6@|-T!{yKg}iF{7Qh;vsb@1
z{MZy^=&t&>%-2bfOM6<&O_xxGYKFc4uQWa`%J10Kz0zu?$NGpx|8y@NyWBtXskTYk
zbc?Q+a}qYlW&~VN6%Cs0G0~ajQIArflE<`XN(`&s+FP4kYTJ?T{J{U;i#at?{*N<l
SdhaLy5tk2&@Mch8U;qF&ZA;St

literal 0
HcmV?d00001

-- 
GitLab