core/python3: patch CVE-2024-12254

[ commit 717301b5302681e860de49ca12981cec9166e057 ] Add patch to fix CVE-2024-12254: "Unbounded memory buffering in SelectorSocketTransport.writelines()". - https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/ - python/cpython#127655 - python/cpython#127656
bell-sw · Dec 9, 2024 · 913761c · 913761c
1 parent 442c81e
commit 913761c
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/core/python3/APKBUILD b/core/python3/APKBUILD
@@ -5,7 +5,7 @@ pkgname=python3
 # the python3-tkinter's pkgver needs to be synchronized with this.
 pkgver=3.12.8
 _basever="${pkgver%.*}"
-pkgrel=0
+pkgrel=1
 pkgdesc="Python programming language"
 url="https://www.python.org/"
 arch="all"
@@ -48,6 +48,7 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
 	musl:musl-find_library.patch
 	musl:test_posix-nodev-disable.patch
 	fix-run_fileexflags-test.patch
+	CVE-2024-12254.patch
 
 	0100-test_urllib-skip-test_url_host_with_-test-cases.patch
 	0101-Unset-BASH_XTRACEFD-in-tests.patch
@@ -56,6 +57,8 @@ options="net" # Required for tests
 builddir="$srcdir/Python-$pkgver"
 
 # secfixes:
+#   3.12.8-r1:
+#     - CVE-2024-12254
 #   3.12.8-r0:
 #     - CVE-2024-9287
 #   3.12.6-r0:
@@ -285,6 +288,7 @@ sha512sums="
 ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
 606cf7b3df0c81c90571c6bc65e4f07e065867739fa0d36e9c8e1ad2d6bcd64d265f90c4a7881880fc7e0c85eed94d1f72655a5c70d92ca63e5cc4bd3be8f145  test_posix-nodev-disable.patch
 0e1155b1976be46d68fe50161b9644ac272d95c51f44ada51a0fd67a0154df89833752e97cfc85e977b384fca82b58907c30405a103f3a33a1483b9f76ce632f  fix-run_fileexflags-test.patch
+594bca29856d481960c7caae45efcfe64dbc1f53b00d58c1aa560fdedb5d15794db9b66f7f3b6edc9a9b81d553a7299e61063b200e2f2fe52e0028bbc78a78fd  CVE-2024-12254.patch
 942f13ecef2efa251b948b5ad4a58cb9b7237e399a05b184ddbfad62419d60f2f810478097d2fb58997543540c55035469b3df394ff0cb87c99da11007454d2e  0100-test_urllib-skip-test_url_host_with_-test-cases.patch
 77d3a4cfe57f9ca8cfae748f9164a8977b7c6af4d6de06d2593945716b9c71a7cdc5e4425b4019c8c2c5730bf84f1c207d2d2e8efae8afe9d782920c2275f220  0101-Unset-BASH_XTRACEFD-in-tests.patch
 "
diff --git a/core/python3/CVE-2024-12254.patch b/core/python3/CVE-2024-12254.patch
@@ -0,0 +1,62 @@
+https://github.com/python/cpython/issues/127655
+
+From 5d355244e7c4f5d64216647ee0bf510dd8dc2bd6 Mon Sep 17 00:00:00 2001
+From: "J. Nick Koston" <nick@koston.org>
+Date: Thu, 5 Dec 2024 22:33:03 -0600
+Subject: [PATCH] gh-127655: Ensure `_SelectorSocketTransport.writelines`
+ pauses the protocol if needed (GH-127656)
+
+Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed.
+(cherry picked from commit e991ac8f2037d78140e417cc9a9486223eb3e786)
+
+Co-authored-by: J. Nick Koston <nick@koston.org>
+Co-authored-by: Kumar Aditya <kumaraditya@python.org>
+---
+ Lib/asyncio/selector_events.py                       |  1 +
+ Lib/test/test_asyncio/test_selector_events.py        | 12 ++++++++++++
+ .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst   |  1 +
+ 3 files changed, 14 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+
+diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
+index 790711f834096b..dd79ad18df3b18 100644
+--- a/Lib/asyncio/selector_events.py
++++ b/Lib/asyncio/selector_events.py
+@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
+         # If the entire buffer couldn't be written, register a write handler
+         if self._buffer:
+             self._loop._add_writer(self._sock_fd, self._write_ready)
++            self._maybe_pause_protocol()
+
+     def can_write_eof(self):
+         return True
+diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
+index 47693ea4d3ce2e..736c19796ef3fc 100644
+--- a/Lib/test/test_asyncio/test_selector_events.py
++++ b/Lib/test/test_asyncio/test_selector_events.py
+@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
+         self.assertTrue(self.sock.send.called)
+         self.assertTrue(self.loop.writers)
+
++    def test_writelines_pauses_protocol(self):
++        data = memoryview(b'data')
++        self.sock.send.return_value = 2
++        self.sock.send.fileno.return_value = 7
++
++        transport = self.socket_transport()
++        transport._high_water = 1
++        transport.writelines([data])
++        self.assertTrue(self.protocol.pause_writing.called)
++        self.assertTrue(self.sock.send.called)
++        self.assertTrue(self.loop.writers)
++
+     @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
+     def test_write_sendmsg_full(self):
+         data = memoryview(b'data')
+diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+new file mode 100644
+index 00000000000000..76cfc58121d3bd
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+@@ -0,0 +1 @@
++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.