diff --git a/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch b/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch new file mode 100644 index 0000000..1b32db3 --- /dev/null +++ b/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch @@ -0,0 +1,46 @@ +From bfc2e93d755bf496e5ef4cae9609d2823122c909 Mon Sep 17 00:00:00 2001 +From: "J. Nick Koston" +Date: Thu, 5 Dec 2024 10:01:10 -0600 +Subject: [PATCH 01/10] Ensure writelines pauses the protocol if needed + +--- + Lib/asyncio/selector_events.py | 1 + Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++ + Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 + 3 files changed, 14 insertions(+) + +--- a/Lib/asyncio/selector_events.py ++++ b/Lib/asyncio/selector_events.py +@@ -1183,6 +1183,7 @@ class _SelectorSocketTransport(_Selector + # If the entire buffer couldn't be written, register a write handler + if self._buffer: + self._loop._add_writer(self._sock_fd, self._write_ready) ++ self._maybe_pause_protocol() + + def can_write_eof(self): + return True +--- a/Lib/test/test_asyncio/test_selector_events.py ++++ b/Lib/test/test_asyncio/test_selector_events.py +@@ -805,6 +805,18 @@ class SelectorSocketTransportTests(test_ + self.assertTrue(self.sock.send.called) + self.assertTrue(self.loop.writers) + ++ def test_writelines_pauses_protocol(self): ++ data = memoryview(b'data') ++ self.sock.send.return_value = 2 ++ self.sock.send.fileno.return_value = 7 ++ ++ transport = self.socket_transport() ++ transport._high_water = 1 ++ transport.writelines([data]) ++ self.assertTrue(self.protocol.pause_writing.called) ++ self.assertTrue(self.sock.send.called) ++ self.assertTrue(self.loop.writers) ++ + @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') + def test_write_sendmsg_full(self): + data = memoryview(b'data') +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst +@@ -0,0 +1 @@ ++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/python312.changes b/python312.changes index 6d97e0e..10e66c3 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Dec 6 20:39:56 UTC 2024 - Matej Cepl + +- Add CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch + preventing exhaustion of memory (gh#python/cpython#127655, + bsc#1234290, CVE-2024-12254). + ------------------------------------------------------------------- Wed Dec 4 21:47:08 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index 9c5789c..524488f 100644 --- a/python312.spec +++ b/python312.spec @@ -182,6 +182,9 @@ Patch41: docs-docutils_014-Sphinx_420.patch # PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com # Make documentation extensions working with Python 3.6 Patch44: doc-py38-to-py36.patch +# PATCH-FIX-UPSTREAM CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch bsc#1234290 mcepl@suse.com +# x +Patch45: CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,8 +441,7 @@ This package contains libpython3.2 shared library for embedding in other applications. %prep -%setup -q -n %{tarname} -%autopatch -p1 +%autosetup -p1 -n %{tarname} # Fix devhelp doc build gh#python/cpython#120150 echo "master_doc = 'contents'" >> Doc/conf.py