Security fix for CVE-2024-12254
Resolves: RHEL-70450
This commit is contained in:
Charalampos Stratakis
parent
9b4125da93
commit
1d8a03b678
@ -0,0 +1,62 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Miss Islington (bot)"
|
||||||
|
<31488909+miss-islington@users.noreply.github.com>
|
||||||
|
Date: Fri, 6 Dec 2024 06:12:40 +0100
|
||||||
|
Subject: [PATCH] 00445: CVE-2024-12254: Ensure
|
||||||
|
_SelectorSocketTransport.writelines pauses the protocol if needed
|
||||||
|
|
||||||
|
Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
|
||||||
|
|
||||||
|
Resolved upstream: https://github.com/python/cpython/issues/127655
|
||||||
|
|
||||||
|
Co-authored-by: J. Nick Koston <nick@koston.org>
|
||||||
|
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
|
||||||
|
---
|
||||||
|
Lib/asyncio/selector_events.py | 1 +
|
||||||
|
Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++
|
||||||
|
.../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 +
|
||||||
|
3 files changed, 14 insertions(+)
|
||||||
|
create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
|
||||||
|
|
||||||
|
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
|
||||||
|
index 790711f834..dd79ad18df 100644
|
||||||
|
--- a/Lib/asyncio/selector_events.py
|
||||||
|
+++ b/Lib/asyncio/selector_events.py
|
||||||
|
@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
|
||||||
|
# If the entire buffer couldn't be written, register a write handler
|
||||||
|
if self._buffer:
|
||||||
|
self._loop._add_writer(self._sock_fd, self._write_ready)
|
||||||
|
+ self._maybe_pause_protocol()
|
||||||
|
|
||||||
|
def can_write_eof(self):
|
||||||
|
return True
|
||||||
|
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
|
||||||
|
index 47693ea4d3..736c19796e 100644
|
||||||
|
--- a/Lib/test/test_asyncio/test_selector_events.py
|
||||||
|
+++ b/Lib/test/test_asyncio/test_selector_events.py
|
||||||
|
@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
|
||||||
|
self.assertTrue(self.sock.send.called)
|
||||||
|
self.assertTrue(self.loop.writers)
|
||||||
|
|
||||||
|
+ def test_writelines_pauses_protocol(self):
|
||||||
|
+ data = memoryview(b'data')
|
||||||
|
+ self.sock.send.return_value = 2
|
||||||
|
+ self.sock.send.fileno.return_value = 7
|
||||||
|
+
|
||||||
|
+ transport = self.socket_transport()
|
||||||
|
+ transport._high_water = 1
|
||||||
|
+ transport.writelines([data])
|
||||||
|
+ self.assertTrue(self.protocol.pause_writing.called)
|
||||||
|
+ self.assertTrue(self.sock.send.called)
|
||||||
|
+ self.assertTrue(self.loop.writers)
|
||||||
|
+
|
||||||
|
@unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
|
||||||
|
def test_write_sendmsg_full(self):
|
||||||
|
data = memoryview(b'data')
|
||||||
|
diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..76cfc58121
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.
|
||||||
@ -401,6 +401,14 @@ Patch371: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-g
|
|||||||
# - https://access.redhat.com/articles/7004769
|
# - https://access.redhat.com/articles/7004769
|
||||||
Patch397: 00397-tarfile-filter.patch
|
Patch397: 00397-tarfile-filter.patch
|
||||||
|
|
||||||
|
# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e
|
||||||
|
# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed
|
||||||
|
#
|
||||||
|
# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
|
||||||
|
#
|
||||||
|
# Resolved upstream: https://github.com/python/cpython/issues/127655
|
||||||
|
Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch
|
||||||
|
|
||||||
# (New patches go here ^^^)
|
# (New patches go here ^^^)
|
||||||
#
|
#
|
||||||
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
|
||||||
@ -1768,8 +1776,8 @@ CheckPython optimized
|
|||||||
%changelog
|
%changelog
|
||||||
* Tue Dec 03 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.8-1
|
* Tue Dec 03 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.8-1
|
||||||
- Update to 3.12.8
|
- Update to 3.12.8
|
||||||
- Security fix for CVE-2024-9287
|
- Security fix for CVE-2024-9287 and CVE-2024-12254
|
||||||
Resolves: RHEL-64877
|
Resolves: RHEL-64877, RHEL-70450
|
||||||
|
|
||||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.12.6-2
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.12.6-2
|
||||||
- Bump release for October 2024 mass rebuild:
|
- Bump release for October 2024 mass rebuild:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user