diff --git a/CVE-2024-12254-3.12-gh-127655-Ensure-_SelectorSocketTransport.write.patch b/CVE-2024-12254-3.12-gh-127655-Ensure-_SelectorSocketTransport.write.patch new file mode 100644 index 0000000000000000000000000000000000000000..727650551c2b3814d2dd719de2a73f54a6b722c0 --- /dev/null +++ b/CVE-2024-12254-3.12-gh-127655-Ensure-_SelectorSocketTransport.write.patch @@ -0,0 +1,67 @@ +From 9aa0deb2eef2655a1029ba228527b152353135b5 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 6 Dec 2024 06:12:40 +0100 +Subject: [PATCH] [3.12] gh-127655: Ensure + `_SelectorSocketTransport.writelines` pauses the protocol if needed + (GH-127656) (#127664) + +gh-127655: Ensure `_SelectorSocketTransport.writelines` pauses the protocol if needed (GH-127656) + +Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed. +(cherry picked from commit e991ac8f2037d78140e417cc9a9486223eb3e786) + +Co-authored-by: J. Nick Koston +Co-authored-by: Kumar Aditya +--- + Lib/asyncio/selector_events.py | 1 + + Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++++ + .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + + 3 files changed, 14 insertions(+) + create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst + +diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py +index 790711f8340..dd79ad18df3 100644 +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data): + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py +index 47693ea4d3c..736c19796ef 100644 +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ def test_writelines_send_partial(self): + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') +diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +new file mode 100644 +index 00000000000..76cfc58121d +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +@@ -0,0 +1 @@ ++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. +-- +2.39.3 + diff --git a/python3.12.spec b/python3.12.spec index 3848129939922d8c7519399df6acbe9bf356df71..91f5ed5d6f8693249309d906def291cb46cba252 100644 --- a/python3.12.spec +++ b/python3.12.spec @@ -65,7 +65,7 @@ Summary: Version %{pybasever} of the Python interpreter Name: python%{pybasever} Version: %{src_version} -Release: 10%{?dist} +Release: 11%{?dist} License: Python-2.0.1 URL: https://www.python.org/ @@ -84,6 +84,7 @@ Patch0004: CVE-2024-8088.patch Patch0005: CVE-2024-7592.patch Patch0006: CVE-2024-6923.patch Patch0007: CVE-2024-9287-3.12-gh-124651-Quote-template-strings-in-venv-activa.patch +Patch0008: CVE-2024-12254-3.12-gh-127655-Ensure-_SelectorSocketTransport.write.patch Patch3000: 00251-change-user-install-location.patch Patch3001: 00371-revert-bpo-1596321-fix-threading-_shutdown-for-the-main-thread-gh-28549-gh-28589.patch @@ -1074,6 +1075,11 @@ LD_LIBRARY_PATH=$(pwd)/normal $(pwd)/normal/python -m test.regrtest \ %endif %changelog +* Mon Dec 9 2024 Shuo Wang - 3.12.2-11 +- fix CVE-2024-12254 +- gh-127655: Ensure _SelectorSocketTransport.writelines pauses the +- protocol if needed (GH-127656) (#127664) + * Tue Nov 5 2024 Shuo Wang - 3.12.2-10 - fix CVE-2024-6923 - Quote template strings in `venv` activation scripts (GH-124712) (GH-126185)