python3-twisted: Fix CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. References: https://nvd.nist.gov/vuln/detail/CVE-2024-41671 https://ubuntu.com/security/CVE-2024-41671 Upstream patches: https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f https://github.com/twisted/twisted/commit/ef2c755e9e9d57d58132af790bd2fd2b957b3fb1 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-04-23 04:59:35 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-05-25 14:48:44 -0400
commit: 5c4b61d38a86de2c26f4ce5e57aaa169643ac211 (patch)
tree: 3ce31e28cf34dcf1ddf5dddd3ec9869acd05843d /meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
parent: 85275437cd64196d1bef8e16656df04201296fbf (diff)
download: meta-openembedded-5c4b61d38a86de2c26f4ce5e57aaa169643ac211.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb b/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
index c55c86ea50..da83f0123a 100644
--- a/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
@@ -11,6 +11,9 @@ SRC_URI[sha256sum] = "57f32b1f6838facb8c004c89467840367ad38e9e535f8252091345dba5
 PYPI_PACKAGE = "Twisted"
+SRC_URI += "file://CVE-2024-41671-0001.patch \
+            file://CVE-2024-41671-0002.patch"
 inherit pypi python_setuptools_build_meta
 do_install:append() {
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-04-23 04:59:35 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-05-25 14:48:44 -0400
commit	5c4b61d38a86de2c26f4ce5e57aaa169643ac211 (patch)
tree	3ce31e28cf34dcf1ddf5dddd3ec9869acd05843d /meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
parent	85275437cd64196d1bef8e16656df04201296fbf (diff)
download	meta-openembedded-5c4b61d38a86de2c26f4ce5e57aaa169643ac211.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb b/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb index c55c86ea50..da83f0123a 100644 --- a/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb +++ b/meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
@@ -11,6 +11,9 @@ SRC_URI[sha256sum] = "57f32b1f6838facb8c004c89467840367ad38e9e535f8252091345dba5
11		11
12	PYPI_PACKAGE = "Twisted"	12	PYPI_PACKAGE = "Twisted"
13		13
		14	SRC_URI += "file://CVE-2024-41671-0001.patch \
		15	file://CVE-2024-41671-0002.patch"
		16
14	inherit pypi python_setuptools_build_meta	17	inherit pypi python_setuptools_build_meta
15		18
16	do_install:append() {	19	do_install:append() {