From c6df50684cf837fee53d77c83a19e34f455b89f68f6e993e2057c34b0276eca3 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Fri, 4 Nov 2022 15:18:41 +0000
Subject: [PATCH] revert

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=37
---
 ...022-42919-loc-priv-mulitproc-forksrv.patch | 59 -------------------
 python311.changes                             |  8 ---
 python311.spec                                |  4 --
 3 files changed, 71 deletions(-)
 delete mode 100644 CVE-2022-42919-loc-priv-mulitproc-forksrv.patch

diff --git a/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch b/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
deleted file mode 100644
index e616e48..0000000
--- a/CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001
-From: "Gregory P. Smith" <greg@krypto.org>
-Date: Thu, 20 Oct 2022 15:30:09 -0700
-Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for
- multiprocessing (GH-98501)
-
-Linux abstract sockets are insecure as they lack any form of filesystem
-permissions so their use allows anyone on the system to inject code into
-the process.
-
-This removes the default preference for abstract sockets in
-multiprocessing introduced in Python 3.9+ via
-https://github.com/python/cpython/pull/18866 while fixing
-https://github.com/python/cpython/issues/84031.
-
-Explicit use of an abstract socket by a user now generates a
-RuntimeWarning.  If we choose to keep this warning, it should be
-backported to the 3.7 and 3.8 branches.
-(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
-
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/multiprocessing/connection.py                                       |    5 ---
- Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst |   15 ++++++++++
- 2 files changed, 15 insertions(+), 5 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-
---- a/Lib/multiprocessing/connection.py
-+++ b/Lib/multiprocessing/connection.py
-@@ -73,11 +73,6 @@ def arbitrary_address(family):
-     if family == 'AF_INET':
-         return ('localhost', 0)
-     elif family == 'AF_UNIX':
--        # Prefer abstract sockets if possible to avoid problems with the address
--        # size.  When coding portable applications, some implementations have
--        # sun_path as short as 92 bytes in the sockaddr_un struct.
--        if util.abstract_sockets_supported:
--            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
-         return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
-     elif family == 'AF_PIPE':
-         return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
-@@ -0,0 +1,15 @@
-+On Linux the :mod:`multiprocessing` module returns to using filesystem backed
-+unix domain sockets for communication with the *forkserver* process instead of
-+the Linux abstract socket namespace.  Only code that chooses to use the
-+:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
-+
-+Abstract sockets have no permissions and could allow any user on the system in
-+the same `network namespace
-+<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
-+whole system) to inject code into the multiprocessing *forkserver* process.
-+This was a potential privilege escalation. Filesystem based socket permissions
-+restrict this to the *forkserver* process user as was the default in Python 3.8
-+and earlier.
-+
-+This prevents Linux `CVE-2022-42919
-+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.
diff --git a/python311.changes b/python311.changes
index d99ad2a..025047b 100644
--- a/python311.changes
+++ b/python311.changes
@@ -1,11 +1,3 @@
--------------------------------------------------------------------
-Fri Nov  4 14:59:53 UTC 2022 - Matej Cepl <mcepl@suse.com>
-
-- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
-  CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
-  privilege escalation via the multiprocessing forkserver start
-  method.
-
 -------------------------------------------------------------------
 Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python311.spec b/python311.spec
index b3ed512..2d3cba8 100644
--- a/python311.spec
+++ b/python311.spec
@@ -169,9 +169,6 @@ Patch36:        support-expat-CVE-2022-25236-patched.patch
 # PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
 # this patch makes things totally awesome
 Patch37:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-42919-loc-priv-mulitproc-forksrv.patch bsc#1204886 mcepl@suse.com
-# Avoid Linux specific local privilege escalation via the multiprocessing forkserver start method
-Patch38:        CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -439,7 +436,6 @@ other applications.
 %patch35 -p1
 %patch36 -p1
 %patch37 -p1
-%patch38 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac