patch python-twisted to fix CVE-2023-46137

microsoft · Feb 3, 2025 · 3fbc6f8 · 3fbc6f8
1 parent ba0b6ec
commit 3fbc6f8
Show file tree

Hide file tree

Showing 6 changed files with 270 additions and 198 deletions.
diff --git a/SPECS/python-twisted/CVE-2023-46137.patch b/SPECS/python-twisted/CVE-2023-46137.patch
@@ -0,0 +1,68 @@
+From 0996d783f844e08fd5713ca34192e87d1fec3b77 Mon Sep 17 00:00:00 2001
+From: jykanase <[email protected]>
+Date: Mon, 3 Feb 2025 09:29:32 +0000
+Subject: [PATCH] CVE-2023-46137
+
+---
+ src/twisted/web/http.py | 32 +++++++++++++++++++++++++++-----
+ 1 file changed, 27 insertions(+), 5 deletions(-)
+
+diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
+index b80a55a..23f8817 100644
+--- a/src/twisted/web/http.py
++++ b/src/twisted/web/http.py
+@@ -2443,14 +2443,38 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
+
+         self._handlingRequest = True
+
++        # We go into raw mode here even though we will be receiving lines next
++        # in the protocol; however, this data will be buffered and then passed
++        # back to line mode in the setLineMode call in requestDone.
++        self.setRawMode()
++
+         req = self.requests[-1]
+         req.requestReceived(command, path, version)
+
+-    def dataReceived(self, data):
++    def rawDataReceived(self, data: bytes) -> None:
+         """
+-        Data was received from the network.  Process it.
++        This is called when this HTTP/1.1 parser is in raw mode rather than
++        line mode.
++
++        It may be in raw mode for one of two reasons:
++
++            1. All the headers of a request have been received and this
++               L{HTTPChannel} is currently receiving its body.
++
++            2. The full content of a request has been received and is currently
++               being processed asynchronously, and this L{HTTPChannel} is
++               buffering the data of all subsequent requests to be parsed
++               later.
++
++        In the second state, the data will be played back later.
++
++        @note: This isn't really a public API, and should be invoked only by
++            L{LineReceiver}'s line parsing logic.  If you wish to drive an
++            L{HTTPChannel} from a custom data source, call C{dataReceived} on
++            it directly.
++
++        @see: L{LineReceive.rawDataReceived}
+         """
+-        # If we're currently handling a request, buffer this data.
+         if self._handlingRequest:
+             self._dataBuffer.append(data)
+             if (
+@@ -2462,9 +2486,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
+                 # ready.  See docstring for _optimisticEagerReadSize above.
+                 self._networkProducer.pauseProducing()
+             return
+-        return basic.LineReceiver.dataReceived(self, data)
+
+-    def rawDataReceived(self, data):
+         self.resetTimeout()
+
+         try:
+-- 
+2.45.2
+
diff --git a/SPECS/python-twisted/python-twisted.spec b/SPECS/python-twisted/python-twisted.spec
@@ -2,7 +2,7 @@
 Summary:        An asynchronous networking framework written in Python
 Name:           python-twisted
 Version:        22.10.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -15,6 +15,7 @@ Patch0:         disable_multicast_test.patch
 Patch1:         CVE-2024-41671.patch
 # Patch2 is required for both CVE-2024-41671 and CVE-2024-41810
 Patch2:         CVE-2024-41810.patch
+Patch3:         CVE-2023-46137.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  python3-incremental
@@ -101,6 +102,9 @@ LANG=en_US.UTF-8 sudo -u test /home/test/.local/bin/tox -e nocov-posix-alldeps
 %{_bindir}/cftp3
 
 %changelog
+* Mon Feb 03 2025 Jyoti Kanase <[email protected]> - 22.10.0-4
+- Fix CVE-2023-46137
+
 * Thu Aug 01 2024 Sindhu Karri <[email protected]> - 22.10.0-3
 - Fix CVE-2024-41671 and CVE-2024-41810 with a patch
 

diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-20.cm2.aarch64.rpm
-kernel-headers-5.15.173.1-1.cm2.noarch.rpm
+kernel-headers-5.15.164.1-1.cm2.noarch.rpm
 glibc-2.35-7.cm2.aarch64.rpm
 glibc-devel-2.35-7.cm2.aarch64.rpm
 glibc-i18n-2.35-7.cm2.aarch64.rpm
@@ -9,11 +9,11 @@ glibc-nscd-2.35-7.cm2.aarch64.rpm
 glibc-tools-2.35-7.cm2.aarch64.rpm
 zlib-1.2.13-2.cm2.aarch64.rpm
 zlib-devel-1.2.13-2.cm2.aarch64.rpm
-file-5.40-3.cm2.aarch64.rpm
-file-devel-5.40-3.cm2.aarch64.rpm
-file-libs-5.40-3.cm2.aarch64.rpm
-binutils-2.37-10.cm2.aarch64.rpm
-binutils-devel-2.37-10.cm2.aarch64.rpm
+file-5.40-2.cm2.aarch64.rpm
+file-devel-5.40-2.cm2.aarch64.rpm
+file-libs-5.40-2.cm2.aarch64.rpm
+binutils-2.37-8.cm2.aarch64.rpm
+binutils-devel-2.37-8.cm2.aarch64.rpm
 gmp-6.2.1-4.cm2.aarch64.rpm
 gmp-devel-6.2.1-4.cm2.aarch64.rpm
 mpfr-4.1.0-2.cm2.aarch64.rpm
@@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm
 pkgconf-pkg-config-1.8.0-3.cm2.aarch64.rpm
-ncurses-6.4-3.cm2.aarch64.rpm
-ncurses-compat-6.4-3.cm2.aarch64.rpm
-ncurses-devel-6.4-3.cm2.aarch64.rpm
-ncurses-libs-6.4-3.cm2.aarch64.rpm
-ncurses-term-6.4-3.cm2.aarch64.rpm
+ncurses-6.4-2.cm2.aarch64.rpm
+ncurses-compat-6.4-2.cm2.aarch64.rpm
+ncurses-devel-6.4-2.cm2.aarch64.rpm
+ncurses-libs-6.4-2.cm2.aarch64.rpm
+ncurses-term-6.4-2.cm2.aarch64.rpm
 readline-8.1-1.cm2.aarch64.rpm
 readline-devel-8.1-1.cm2.aarch64.rpm
 coreutils-8.32-7.cm2.aarch64.rpm
@@ -69,7 +69,7 @@ libcap-ng-devel-0.8.2-2.cm2.aarch64.rpm
 util-linux-2.37.4-9.cm2.aarch64.rpm
 util-linux-devel-2.37.4-9.cm2.aarch64.rpm
 util-linux-libs-2.37.4-9.cm2.aarch64.rpm
-tar-1.34-3.cm2.aarch64.rpm
+tar-1.34-2.cm2.aarch64.rpm
 xz-5.2.5-1.cm2.aarch64.rpm
 xz-devel-5.2.5-1.cm2.aarch64.rpm
 xz-lang-5.2.5-1.cm2.aarch64.rpm
@@ -95,9 +95,9 @@ elfutils-libelf-0.186-2.cm2.aarch64.rpm
 elfutils-libelf-devel-0.186-2.cm2.aarch64.rpm
 elfutils-libelf-devel-static-0.186-2.cm2.aarch64.rpm
 elfutils-libelf-lang-0.186-2.cm2.aarch64.rpm
-expat-2.6.3-2.cm2.aarch64.rpm
-expat-devel-2.6.3-2.cm2.aarch64.rpm
-expat-libs-2.6.3-2.cm2.aarch64.rpm
+expat-2.6.2-2.cm2.aarch64.rpm
+expat-devel-2.6.2-2.cm2.aarch64.rpm
+expat-libs-2.6.2-2.cm2.aarch64.rpm
 libpipeline-1.5.5-3.cm2.aarch64.rpm
 libpipeline-devel-1.5.5-3.cm2.aarch64.rpm
 gdbm-1.21-1.cm2.aarch64.rpm
@@ -173,8 +173,8 @@ openssl-static-1.1.1k-35.cm2.aarch64.rpm
 libcap-2.60-2.cm2.aarch64.rpm
 libcap-devel-2.60-2.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm
-libarchive-3.6.1-4.cm2.aarch64.rpm
-libarchive-devel-3.6.1-4.cm2.aarch64.rpm
+libarchive-3.6.1-3.cm2.aarch64.rpm
+libarchive-devel-3.6.1-3.cm2.aarch64.rpm
 rpm-4.18.0-4.cm2.aarch64.rpm
 rpm-build-4.18.0-4.cm2.aarch64.rpm
 rpm-build-libs-4.18.0-4.cm2.aarch64.rpm
@@ -188,18 +188,18 @@ libsolv-0.7.24-1.cm2.aarch64.rpm
 libsolv-devel-0.7.24-1.cm2.aarch64.rpm
 libssh2-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
-krb5-1.19.4-3.cm2.aarch64.rpm
-nghttp2-1.57.0-2.cm2.aarch64.rpm
-curl-8.8.0-3.cm2.aarch64.rpm
-curl-devel-8.8.0-3.cm2.aarch64.rpm
-curl-libs-8.8.0-3.cm2.aarch64.rpm
+krb5-1.21.3-1.cm2.aarch64.rpm
+nghttp2-1.57.0-1.cm2.aarch64.rpm
+curl-8.8.0-1.cm2.aarch64.rpm
+curl-devel-8.8.0-1.cm2.aarch64.rpm
+curl-libs-8.8.0-1.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
-libxml2-2.10.4-5.cm2.aarch64.rpm
-libxml2-devel-2.10.4-5.cm2.aarch64.rpm
+libxml2-2.10.4-3.cm2.aarch64.rpm
+libxml2-devel-2.10.4-3.cm2.aarch64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.aarch64.rpm
-glib-2.71.0-3.cm2.aarch64.rpm
+glib-2.71.0-2.cm2.aarch64.rpm
 libltdl-2.4.6-8.cm2.aarch64.rpm
 libltdl-devel-2.4.6-8.cm2.aarch64.rpm
 pcre-8.45-2.cm2.aarch64.rpm
@@ -231,16 +231,16 @@ libffi-devel-3.4.2-3.cm2.aarch64.rpm
 libtasn1-4.19.0-1.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-trust-0.24.1-1.cm2.aarch64.rpm
-ca-certificates-shared-2.0.0-19.cm2.noarch.rpm
-ca-certificates-tools-2.0.0-19.cm2.noarch.rpm
-ca-certificates-base-2.0.0-19.cm2.noarch.rpm
-ca-certificates-2.0.0-19.cm2.noarch.rpm
+ca-certificates-shared-2.0.0-18.cm2.noarch.rpm
+ca-certificates-tools-2.0.0-18.cm2.noarch.rpm
+ca-certificates-base-2.0.0-18.cm2.noarch.rpm
+ca-certificates-2.0.0-18.cm2.noarch.rpm
 dwz-0.14-2.cm2.aarch64.rpm
-unzip-6.0-21.cm2.aarch64.rpm
-python3-3.9.19-8.cm2.aarch64.rpm
-python3-devel-3.9.19-8.cm2.aarch64.rpm
-python3-libs-3.9.19-8.cm2.aarch64.rpm
-python3-setuptools-3.9.19-8.cm2.noarch.rpm
+unzip-6.0-20.cm2.aarch64.rpm
+python3-3.9.19-4.cm2.aarch64.rpm
+python3-devel-3.9.19-4.cm2.aarch64.rpm
+python3-libs-3.9.19-4.cm2.aarch64.rpm
+python3-setuptools-3.9.19-4.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 which-2.21-8.cm2.aarch64.rpm
 libselinux-3.2-1.cm2.aarch64.rpm

diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-20.cm2.x86_64.rpm
-kernel-headers-5.15.173.1-1.cm2.noarch.rpm
+kernel-headers-5.15.164.1-1.cm2.noarch.rpm
 glibc-2.35-7.cm2.x86_64.rpm
 glibc-devel-2.35-7.cm2.x86_64.rpm
 glibc-i18n-2.35-7.cm2.x86_64.rpm
@@ -9,11 +9,11 @@ glibc-nscd-2.35-7.cm2.x86_64.rpm
 glibc-tools-2.35-7.cm2.x86_64.rpm
 zlib-1.2.13-2.cm2.x86_64.rpm
 zlib-devel-1.2.13-2.cm2.x86_64.rpm
-file-5.40-3.cm2.x86_64.rpm
-file-devel-5.40-3.cm2.x86_64.rpm
-file-libs-5.40-3.cm2.x86_64.rpm
-binutils-2.37-10.cm2.x86_64.rpm
-binutils-devel-2.37-10.cm2.x86_64.rpm
+file-5.40-2.cm2.x86_64.rpm
+file-devel-5.40-2.cm2.x86_64.rpm
+file-libs-5.40-2.cm2.x86_64.rpm
+binutils-2.37-8.cm2.x86_64.rpm
+binutils-devel-2.37-8.cm2.x86_64.rpm
 gmp-6.2.1-4.cm2.x86_64.rpm
 gmp-devel-6.2.1-4.cm2.x86_64.rpm
 mpfr-4.1.0-2.cm2.x86_64.rpm
@@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm
 pkgconf-pkg-config-1.8.0-3.cm2.x86_64.rpm
-ncurses-6.4-3.cm2.x86_64.rpm
-ncurses-compat-6.4-3.cm2.x86_64.rpm
-ncurses-devel-6.4-3.cm2.x86_64.rpm
-ncurses-libs-6.4-3.cm2.x86_64.rpm
-ncurses-term-6.4-3.cm2.x86_64.rpm
+ncurses-6.4-2.cm2.x86_64.rpm
+ncurses-compat-6.4-2.cm2.x86_64.rpm
+ncurses-devel-6.4-2.cm2.x86_64.rpm
+ncurses-libs-6.4-2.cm2.x86_64.rpm
+ncurses-term-6.4-2.cm2.x86_64.rpm
 readline-8.1-1.cm2.x86_64.rpm
 readline-devel-8.1-1.cm2.x86_64.rpm
 coreutils-8.32-7.cm2.x86_64.rpm
@@ -69,7 +69,7 @@ libcap-ng-devel-0.8.2-2.cm2.x86_64.rpm
 util-linux-2.37.4-9.cm2.x86_64.rpm
 util-linux-devel-2.37.4-9.cm2.x86_64.rpm
 util-linux-libs-2.37.4-9.cm2.x86_64.rpm
-tar-1.34-3.cm2.x86_64.rpm
+tar-1.34-2.cm2.x86_64.rpm
 xz-5.2.5-1.cm2.x86_64.rpm
 xz-devel-5.2.5-1.cm2.x86_64.rpm
 xz-lang-5.2.5-1.cm2.x86_64.rpm
@@ -95,9 +95,9 @@ elfutils-libelf-0.186-2.cm2.x86_64.rpm
 elfutils-libelf-devel-0.186-2.cm2.x86_64.rpm
 elfutils-libelf-devel-static-0.186-2.cm2.x86_64.rpm
 elfutils-libelf-lang-0.186-2.cm2.x86_64.rpm
-expat-2.6.3-2.cm2.x86_64.rpm
-expat-devel-2.6.3-2.cm2.x86_64.rpm
-expat-libs-2.6.3-2.cm2.x86_64.rpm
+expat-2.6.2-2.cm2.x86_64.rpm
+expat-devel-2.6.2-2.cm2.x86_64.rpm
+expat-libs-2.6.2-2.cm2.x86_64.rpm
 libpipeline-1.5.5-3.cm2.x86_64.rpm
 libpipeline-devel-1.5.5-3.cm2.x86_64.rpm
 gdbm-1.21-1.cm2.x86_64.rpm
@@ -173,8 +173,8 @@ openssl-static-1.1.1k-35.cm2.x86_64.rpm
 libcap-2.60-2.cm2.x86_64.rpm
 libcap-devel-2.60-2.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm
-libarchive-3.6.1-4.cm2.x86_64.rpm
-libarchive-devel-3.6.1-4.cm2.x86_64.rpm
+libarchive-3.6.1-3.cm2.x86_64.rpm
+libarchive-devel-3.6.1-3.cm2.x86_64.rpm
 rpm-4.18.0-4.cm2.x86_64.rpm
 rpm-build-4.18.0-4.cm2.x86_64.rpm
 rpm-build-libs-4.18.0-4.cm2.x86_64.rpm
@@ -188,18 +188,18 @@ libsolv-0.7.24-1.cm2.x86_64.rpm
 libsolv-devel-0.7.24-1.cm2.x86_64.rpm
 libssh2-1.9.0-4.cm2.x86_64.rpm
 libssh2-devel-1.9.0-4.cm2.x86_64.rpm
-krb5-1.19.4-3.cm2.x86_64.rpm
-nghttp2-1.57.0-2.cm2.x86_64.rpm
-curl-8.8.0-3.cm2.x86_64.rpm
-curl-devel-8.8.0-3.cm2.x86_64.rpm
-curl-libs-8.8.0-3.cm2.x86_64.rpm
+krb5-1.21.3-1.cm2.x86_64.rpm
+nghttp2-1.57.0-1.cm2.x86_64.rpm
+curl-8.8.0-1.cm2.x86_64.rpm
+curl-devel-8.8.0-1.cm2.x86_64.rpm
+curl-libs-8.8.0-1.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
-libxml2-2.10.4-5.cm2.x86_64.rpm
-libxml2-devel-2.10.4-5.cm2.x86_64.rpm
+libxml2-2.10.4-3.cm2.x86_64.rpm
+libxml2-devel-2.10.4-3.cm2.x86_64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.x86_64.rpm
-glib-2.71.0-3.cm2.x86_64.rpm
+glib-2.71.0-2.cm2.x86_64.rpm
 libltdl-2.4.6-8.cm2.x86_64.rpm
 libltdl-devel-2.4.6-8.cm2.x86_64.rpm
 pcre-8.45-2.cm2.x86_64.rpm
@@ -231,16 +231,16 @@ libffi-devel-3.4.2-3.cm2.x86_64.rpm
 libtasn1-4.19.0-1.cm2.x86_64.rpm
 p11-kit-0.24.1-1.cm2.x86_64.rpm
 p11-kit-trust-0.24.1-1.cm2.x86_64.rpm
-ca-certificates-shared-2.0.0-19.cm2.noarch.rpm
-ca-certificates-tools-2.0.0-19.cm2.noarch.rpm
-ca-certificates-base-2.0.0-19.cm2.noarch.rpm
-ca-certificates-2.0.0-19.cm2.noarch.rpm
+ca-certificates-shared-2.0.0-18.cm2.noarch.rpm
+ca-certificates-tools-2.0.0-18.cm2.noarch.rpm
+ca-certificates-base-2.0.0-18.cm2.noarch.rpm
+ca-certificates-2.0.0-18.cm2.noarch.rpm
 dwz-0.14-2.cm2.x86_64.rpm
-unzip-6.0-21.cm2.x86_64.rpm
-python3-3.9.19-8.cm2.x86_64.rpm
-python3-devel-3.9.19-8.cm2.x86_64.rpm
-python3-libs-3.9.19-8.cm2.x86_64.rpm
-python3-setuptools-3.9.19-8.cm2.noarch.rpm
+unzip-6.0-20.cm2.x86_64.rpm
+python3-3.9.19-4.cm2.x86_64.rpm
+python3-devel-3.9.19-4.cm2.x86_64.rpm
+python3-libs-3.9.19-4.cm2.x86_64.rpm
+python3-setuptools-3.9.19-4.cm2.noarch.rpm
 python3-pygments-2.4.2-7.cm2.noarch.rpm
 which-2.21-8.cm2.x86_64.rpm
 libselinux-3.2-1.cm2.x86_64.rpm