From 49db759ea97392f1b0f74dc4aad38a1aa5e2118d Mon Sep 17 00:00:00 2001 From: jykanase Date: Tue, 4 Feb 2025 05:22:25 +0000 Subject: [PATCH] patch python-twisted to fix CVE-2023-46137 --- SPECS/python-twisted/CVE-2023-46137.patch | 69 +++++++++++++++++++++++ SPECS/python-twisted/python-twisted.spec | 7 ++- 2 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 SPECS/python-twisted/CVE-2023-46137.patch diff --git a/SPECS/python-twisted/CVE-2023-46137.patch b/SPECS/python-twisted/CVE-2023-46137.patch new file mode 100644 index 00000000000..1fd60c21d2f --- /dev/null +++ b/SPECS/python-twisted/CVE-2023-46137.patch @@ -0,0 +1,69 @@ +From 0996d783f844e08fd5713ca34192e87d1fec3b77 Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Mon, 3 Feb 2025 09:29:32 +0000 +Subject: [PATCH] CVE-2023-46137 + +Source Link: https://github.com/twisted/twisted/pull/11979 +--- + src/twisted/web/http.py | 32 +++++++++++++++++++++++++++----- + 1 file changed, 27 insertions(+), 5 deletions(-) + +diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py +index b80a55a..23f8817 100644 +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -2443,14 +2443,38 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin): + + self._handlingRequest = True + ++ # We go into raw mode here even though we will be receiving lines next ++ # in the protocol; however, this data will be buffered and then passed ++ # back to line mode in the setLineMode call in requestDone. ++ self.setRawMode() ++ + req = self.requests[-1] + req.requestReceived(command, path, version) + +- def dataReceived(self, data): ++ def rawDataReceived(self, data: bytes) -> None: + """ +- Data was received from the network. Process it. ++ This is called when this HTTP/1.1 parser is in raw mode rather than ++ line mode. ++ ++ It may be in raw mode for one of two reasons: ++ ++ 1. All the headers of a request have been received and this ++ L{HTTPChannel} is currently receiving its body. ++ ++ 2. The full content of a request has been received and is currently ++ being processed asynchronously, and this L{HTTPChannel} is ++ buffering the data of all subsequent requests to be parsed ++ later. ++ ++ In the second state, the data will be played back later. ++ ++ @note: This isn't really a public API, and should be invoked only by ++ L{LineReceiver}'s line parsing logic. If you wish to drive an ++ L{HTTPChannel} from a custom data source, call C{dataReceived} on ++ it directly. ++ ++ @see: L{LineReceive.rawDataReceived} + """ +- # If we're currently handling a request, buffer this data. + if self._handlingRequest: + self._dataBuffer.append(data) + if ( +@@ -2462,9 +2486,7 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin): + # ready. See docstring for _optimisticEagerReadSize above. + self._networkProducer.pauseProducing() + return +- return basic.LineReceiver.dataReceived(self, data) + +- def rawDataReceived(self, data): + self.resetTimeout() + + try: +-- +2.45.2 + diff --git a/SPECS/python-twisted/python-twisted.spec b/SPECS/python-twisted/python-twisted.spec index 8d5b3b65401..fc1dccd51ff 100644 --- a/SPECS/python-twisted/python-twisted.spec +++ b/SPECS/python-twisted/python-twisted.spec @@ -2,7 +2,7 @@ Summary: An asynchronous networking framework written in Python Name: python-twisted Version: 22.10.0 -Release: 3%{?dist} +Release: 4%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -15,7 +15,7 @@ Patch0: disable_multicast_test.patch Patch1: CVE-2024-41671.patch # Patch2 is required for both CVE-2024-41671 and CVE-2024-41810 Patch2: CVE-2024-41810.patch - +Patch3: CVE-2023-46137.patch BuildRequires: python3-devel BuildRequires: python3-incremental BuildRequires: python3-pyOpenSSL @@ -101,6 +101,9 @@ LANG=en_US.UTF-8 sudo -u test /home/test/.local/bin/tox -e nocov-posix-alldeps %{_bindir}/cftp3 %changelog +* Mon Feb 03 2025 Jyoti Kanase - 22.10.0-4 +- Fix CVE-2023-46137 + * Thu Aug 01 2024 Sindhu Karri - 22.10.0-3 - Fix CVE-2024-41671 and CVE-2024-41810 with patches