main/python3: patch CVE-2024-12254

Add patch to fix CVE-2024-12254: "Unbounded memory buffering in
SelectorSocketTransport.writelines()".

- https://mail.python.org/archives/list/[email protected]/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/
- python/cpython#127655
- python/cpython#127656

Author: Daniel Néri

main/python3/APKBUILD

@@ -4,7 +4,7 @@ pkgname=python3
 # the python3-tkinter's pkgver needs to be synchronized with this.
 pkgver=3.12.8
 _basever="${pkgver%.*}"
-pkgrel=0
+pkgrel=1
 pkgdesc="High-level scripting language"
 url="https://www.python.org/"
 arch="all"
@@ -46,11 +46,14 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
 	musl-find_library.patch
 	test_posix-nodev-disable.patch
 	fix-run_fileexflags-test.patch
+	CVE-2024-12254.patch
 	"
 options="net" # Required for tests
 builddir="$srcdir/Python-$pkgver"
 
 # secfixes:
+#   3.12.8-r1:
+#     - CVE-2024-12254
 #   3.12.8-r0:
 #     - CVE-2024-9287
 #   3.12.6-r0:
@@ -267,4 +270,5 @@ sha512sums="
 ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2  musl-find_library.patch
 606cf7b3df0c81c90571c6bc65e4f07e065867739fa0d36e9c8e1ad2d6bcd64d265f90c4a7881880fc7e0c85eed94d1f72655a5c70d92ca63e5cc4bd3be8f145  test_posix-nodev-disable.patch
 0e1155b1976be46d68fe50161b9644ac272d95c51f44ada51a0fd67a0154df89833752e97cfc85e977b384fca82b58907c30405a103f3a33a1483b9f76ce632f  fix-run_fileexflags-test.patch
+594bca29856d481960c7caae45efcfe64dbc1f53b00d58c1aa560fdedb5d15794db9b66f7f3b6edc9a9b81d553a7299e61063b200e2f2fe52e0028bbc78a78fd  CVE-2024-12254.patch
 "

main/python3/CVE-2024-12254.patch

@@ -0,0 +1,62 @@
+https://github.com/python/cpython/issues/127655
+
+From 5d355244e7c4f5d64216647ee0bf510dd8dc2bd6 Mon Sep 17 00:00:00 2001
+From: "J. Nick Koston" <[email protected]>
+Date: Thu, 5 Dec 2024 22:33:03 -0600
+Subject: [PATCH] gh-127655: Ensure `_SelectorSocketTransport.writelines`
+ pauses the protocol if needed (GH-127656)
+
+Ensure `_SelectorSocketTransport.writelines` pauses the protocol if it reaches the high water mark as needed.
+(cherry picked from commit e991ac8f2037d78140e417cc9a9486223eb3e786)
+
+Co-authored-by: J. Nick Koston <[email protected]>
+Co-authored-by: Kumar Aditya <[email protected]>
+---
+ Lib/asyncio/selector_events.py                       |  1 +
+ Lib/test/test_asyncio/test_selector_events.py        | 12 ++++++++++++
+ .../2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst   |  1 +
+ 3 files changed, 14 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+
+diff --git a/Lib/asyncio/selector_events.py b/Lib/asyncio/selector_events.py
+index 790711f834096b..dd79ad18df3b18 100644
+--- a/Lib/asyncio/selector_events.py
++++ b/Lib/asyncio/selector_events.py
+@@ -1183,6 +1183,7 @@ def writelines(self, list_of_data):
+         # If the entire buffer couldn't be written, register a write handler
+         if self._buffer:
+             self._loop._add_writer(self._sock_fd, self._write_ready)
++            self._maybe_pause_protocol()
+ 
+     def can_write_eof(self):
+         return True
+diff --git a/Lib/test/test_asyncio/test_selector_events.py b/Lib/test/test_asyncio/test_selector_events.py
+index 47693ea4d3ce2e..736c19796ef3fc 100644
+--- a/Lib/test/test_asyncio/test_selector_events.py
++++ b/Lib/test/test_asyncio/test_selector_events.py
+@@ -805,6 +805,18 @@ def test_writelines_send_partial(self):
+         self.assertTrue(self.sock.send.called)
+         self.assertTrue(self.loop.writers)
+ 
++    def test_writelines_pauses_protocol(self):
++        data = memoryview(b'data')
++        self.sock.send.return_value = 2
++        self.sock.send.fileno.return_value = 7
++
++        transport = self.socket_transport()
++        transport._high_water = 1
++        transport.writelines([data])
++        self.assertTrue(self.protocol.pause_writing.called)
++        self.assertTrue(self.sock.send.called)
++        self.assertTrue(self.loop.writers)
++
+     @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
+     def test_write_sendmsg_full(self):
+         data = memoryview(b'data')
+diff --git a/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+new file mode 100644
+index 00000000000000..76cfc58121d3bd
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
+@@ -0,0 +1 @@
++Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.