rpms/python3.12
13
0
Fork 0
Code Issues Pull Requests Releases Activity

Security fix for CVE-2024-12254

Browse Source 
Resolves: RHEL-70315
This commit is contained in:
Charalampos Stratakis 2024-12-06 20:14:08 +01:00
parent 3ec335d7a8
commit 3d54f2a65f
2 changed files with 72 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch Normal file
View File

@ -0,0 +1,62 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com>
Date: Fri, 6 Dec 2024 06:12:40 +0100
Subject: [PATCH] 00445: CVE-2024-12254: Ensure
_SelectorSocketTransport.writelines pauses the protocol if needed
Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
Resolved upstream: https://github.com/python/cpython/issues/127655
Co-authored-by: J. Nick Koston <nick@koston.org>
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
---
Lib/asyncio/selector_events.py | 1 +
Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++
.../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 +
3 files changed, 14 insertions(+)
create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
index 790711f834..dd79ad18df 100644
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
# If the entire buffer couldn't be written, register a write handler
if self._buffer:
self._loop._add_writer(self._sock_fd, self._write_ready)
+ self._maybe_pause_protocol()
def can_write_eof(self):
return True
diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
index 47693ea4d3..736c19796e 100644
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
self.assertTrue(self.sock.send.called)
self.assertTrue(self.loop.writers)
+ def test_writelines_pauses_protocol(self):
+ data = memoryview(b'data')
+ self.sock.send.return_value = 2
+ self.sock.send.fileno.return_value = 7
+
+ transport = self.socket_transport()
+ transport._high_water = 1
+ transport.writelines([data])
+ self.assertTrue(self.protocol.pause_writing.called)
+ self.assertTrue(self.sock.send.called)
+ self.assertTrue(self.loop.writers)
+
@unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
def test_write_sendmsg_full(self):
data = memoryview(b'data')
diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
new file mode 100644
index 0000000000..76cfc58121
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
@@ -0,0 +1 @@
+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.

12
python3.12.spec
View File

@ -389,6 +389,14 @@ Patch397: 00397-tarfile-filter.patch
# CVE-2023-52425. Future versions of Expat may be more reactive.
Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch
# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e
# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed
#
# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed.
#
# Resolved upstream: https://github.com/python/cpython/issues/127655
Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch
# (New patches go here ^^^)
#
# When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -1881,8 +1889,8 @@ fi
%changelog
* Tue Dec 03 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.12.8-1
- Update to 3.12.8
- Security fix for CVE-2024-9287
Resolves: RHEL-64880
- Security fix for CVE-2024-9287 and CVE-2024-12254
Resolves: RHEL-64880, RHEL-70315
* Mon Sep 09 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 3.12.6-1
- Update to 3.12.6