diff --git a/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch b/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch new file mode 100644 index 0000000..70778f9 --- /dev/null +++ b/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch @@ -0,0 +1,62 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 6 Dec 2024 06:12:40 +0100 +Subject: [PATCH] 00445: CVE-2024-12254: Ensure + _SelectorSocketTransport.writelines pauses the protocol if needed + +Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. + +Resolved upstream: https://github.com/python/cpython/issues/127655 + +Co-authored-by: J. Nick Koston +Co-authored-by: Kumar Aditya +--- + Lib/asyncio/selector_events.py | 1 + + Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++ + .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + + 3 files changed, 14 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst + +diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py +index 790711f834..dd79ad18df 100644 +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data): + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py +index 47693ea4d3..736c19796e 100644 +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') +diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +new file mode 100644 +index 0000000000..76cfc58121 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +@@ -0,0 +1 @@ ++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/python3.12.spec b/python3.12.spec index 5f378a4..dc677d6 100644 --- a/python3.12.spec +++ b/python3.12.spec @@ -401,6 +401,14 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g # - https://access.redhat.com/articles/7004769 Patch397: 00397-tarfile-filter.patch +# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e +# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed +# +# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. +# +# Resolved upstream: https://github.com/python/cpython/issues/127655 +Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1768,8 +1776,8 @@ CheckPython optimized %changelog * Tue Dec 03 2024 Charalampos Stratakis - 3.12.8-1 - Update to 3.12.8 -- Security fix for CVE-2024-9287 -Resolves: RHEL-64877 +- Security fix for CVE-2024-9287 and CVE-2024-12254 +Resolves: RHEL-64877, RHEL-70450 * Tue Oct 29 2024 Troy Dawson - 3.12.6-2 - Bump release for October 2024 mass rebuild: