diff --git a/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch b/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch deleted file mode 100644 index 70778f9..0000000 --- a/00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Miss Islington (bot)" - <31488909+miss-islington@users.noreply.github.com> -Date: Fri, 6 Dec 2024 06:12:40 +0100 -Subject: [PATCH] 00445: CVE-2024-12254: Ensure - _SelectorSocketTransport.writelines pauses the protocol if needed - -Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. - -Resolved upstream: https://github.com/python/cpython/issues/127655 - -Co-authored-by: J. Nick Koston -Co-authored-by: Kumar Aditya ---- - Lib/asyncio/selector_events.py | 1 + - Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++ - .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + - 3 files changed, 14 insertions(+) - create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst - -diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py -index 790711f834..dd79ad18df 100644 ---- a/Lib/asyncio/selector_events.py -+++ b/Lib/asyncio/selector_events.py -@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data): - # If the entire buffer couldn't be written, register a write handler - if self._buffer: - self._loop._add_writer(self._sock_fd, self._write_ready) -+ self._maybe_pause_protocol() - - def can_write_eof(self): - return True -diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py -index 47693ea4d3..736c19796e 100644 ---- a/Lib/test/test_asyncio/test_selector_events.py -+++ b/Lib/test/test_asyncio/test_selector_events.py -@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): - self.assertTrue(self.sock.send.called) - self.assertTrue(self.loop.writers) - -+ def test_writelines_pauses_protocol(self): -+ data = memoryview(b'data') -+ self.sock.send.return_value = 2 -+ self.sock.send.fileno.return_value = 7 -+ -+ transport = self.socket_transport() -+ transport._high_water = 1 -+ transport.writelines([data]) -+ self.assertTrue(self.protocol.pause_writing.called) -+ self.assertTrue(self.sock.send.called) -+ self.assertTrue(self.loop.writers) -+ - @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') - def test_write_sendmsg_full(self): - data = memoryview(b'data') -diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst -new file mode 100644 -index 0000000000..76cfc58121 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst -@@ -0,0 +1 @@ -+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/python3.12.spec b/python3.12.spec index 79f9a9d..c6086ce 100644 --- a/python3.12.spec +++ b/python3.12.spec @@ -16,7 +16,7 @@ URL: https://www.python.org/ # WARNING When rebasing to a new Python version, # remember to update the python3-docs package as well -%global general_version %{pybasever}.8 +%global general_version %{pybasever}.9 #global prerel ... %global upstream_version %{general_version}%{?prerel} Version: %{general_version}%{?prerel:~%{prerel}} @@ -385,14 +385,6 @@ Patch397: 00397-tarfile-filter.patch # CVE-2023-52425. Future versions of Expat may be more reactive. Patch422: 00422-fix-tests-for-xmlpullparser-with-expat-2-6-0.patch -# 00445 # d1a32daddefad32ceb93155552858c0a0311b23e -# CVE-2024-12254: Ensure _SelectorSocketTransport.writelines pauses the protocol if needed -# -# Ensure _SelectorSocketTransport.writelines pauses the protocol if it reaches the high water mark as needed. -# -# Resolved upstream: https://github.com/python/cpython/issues/127655 -Patch445: 00445-cve-2024-12254-ensure-_selectorsockettransport-writelines-pauses-the-protocol-if-needed.patch - # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora, EL, etc., @@ -1707,6 +1699,11 @@ CheckPython optimized # ====================================================== %changelog +* Tue Feb 04 2025 Charalampos Stratakis - 3.12.9-1 +- Update to 3.12.9 +- Security fix for CVE-2025-0938 +Resolves: RHEL-77261 + * Tue Dec 03 2024 Charalampos Stratakis - 3.12.8-1 - Update to 3.12.8 - Security fix for CVE-2024-9287 and CVE-2024-12254 diff --git a/sources b/sources index 403c2c2..6089763 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (Python-3.12.8.tar.xz) = 406ce1146c4c2c70d252df56bbe9e5970ef469395cbaa211a96af71f32de2cf7abd944906920cc18b4a470027e63a3f64bf7679fb4954b31bf4ca4baf24fa370 -SHA512 (Python-3.12.8.tar.xz.asc) = 19493499ddb80764aa105e100585d2ef872798dc30fdff2e31d158cd7fd65b69ca133c6d9d16eb974660eed6ba474a26a2af3acd13a90522cf50e142492bd9a6 +SHA512 (Python-3.12.9.tar.xz) = c840b14aa21e6a963d18c06ebaafb551d9c9a101b3866417e762fc4a2fde071a7a25fa257faba2956c7344bbc2413ed61690a712d26fba4d0dbeaa50e49b2574 +SHA512 (Python-3.12.9.tar.xz.asc) = b59251ca3a0a17c06ff7d165f6c025eb91127c80be0782642590f5c922297e0710544ac5a9ae977378e393f1c4861149576a0515af5ec0e54e6827c4010d544f