1 files changed, 132 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch
new file mode 100644
index 0000000000..f7b6824612
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch
@@ -0,0 +1,132 @@
+From 832a878c9c324ad23dde6cf16520b7768c1a8c5c Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Sat, 5 Mar 2022 23:26:55 -0800
+Subject: [PATCH] Some tests for GHSA-c2jg-hw38-jrqq
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/22b067793cbcd0fb5dee04cfd9115fa85a7ca110]
+CVE: CVE-2022-24801
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/twisted/web/test/test_http.py | 102 ++++++++++++++++++++++++++++++
+ 1 file changed, 102 insertions(+)
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index 86c85d2..0549ed0 100644
+--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
+@@ -1843,6 +1843,56 @@ class ParsingTests(unittest.TestCase):
+             [b"t \ta \tb"],
+         )
+ 
+    def test_headerStripWhitespace(self):
+        """
+        Leading and trailing space and tab characters are stripped from
+        headers. Other forms of whitespace are preserved.
+
+        See RFC 7230 section 3.2.3 and 3.2.4.
+        """
+        processed = []
+
+        class MyRequest(http.Request):
+            def process(self):
+                processed.append(self)
+                self.finish()
+
+        requestLines = [
+            b"GET / HTTP/1.0",
+            b"spaces:   spaces were stripped   ",
+            b"tabs: \t\ttabs were stripped\t\t",
+            b"spaces-and-tabs: \t \t spaces and tabs were stripped\t \t",
+            b"line-tab:   \v vertical tab was preserved\v\t",
+            b"form-feed: \f form feed was preserved \f  ",
+            b"",
+            b"",
+        ]
+
+        self.runRequest(b"\n".join(requestLines), MyRequest, 0)
+        [request] = processed
+        # All leading and trailing whitespace is stripped from the
+        # header-value.
+        self.assertEqual(
+            request.requestHeaders.getRawHeaders(b"spaces"),
+            [b"spaces were stripped"],
+        )
+        self.assertEqual(
+            request.requestHeaders.getRawHeaders(b"tabs"),
+            [b"tabs were stripped"],
+        )
+        self.assertEqual(
+            request.requestHeaders.getRawHeaders(b"spaces-and-tabs"),
+            [b"spaces and tabs were stripped"],
+        )
+        self.assertEqual(
+            request.requestHeaders.getRawHeaders(b"line-tab"),
+            [b"\v vertical tab was preserved\v"],
+        )
+        self.assertEqual(
+            request.requestHeaders.getRawHeaders(b"form-feed"),
+            [b"\f form feed was preserved \f"],
+        )
+
+     def test_tooManyHeaders(self):
+         """
+         C{HTTPChannel} enforces a limit of C{HTTPChannel.maxHeaders} on the
+@@ -2407,6 +2457,58 @@ Hello,
+             ]
+         )
+ 
+    def test_contentLengthMalformed(self):
+        """
+        A request with a non-integer C{Content-Length} header fails with a 400
+        response without calling L{Request.process}.
+        """
+        self.assertRequestRejected(
+            [
+                b"GET /a HTTP/1.1",
+                b"Content-Length: MORE THAN NINE THOUSAND!",
+                b"Host: host.invalid",
+                b"",
+                b"",
+                b"x" * 9001,
+            ]
+        )
+
+    def test_contentLengthTooPositive(self):
+        """
+        A request with a C{Content-Length} header that begins with a L{+} fails
+        with a 400 response without calling L{Request.process}.
+
+        This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
+        """
+        self.assertRequestRejected(
+            [
+                b"GET /a HTTP/1.1",
+                b"Content-Length: +100",
+                b"Host: host.invalid",
+                b"",
+                b"",
+                b"x" * 100,
+            ]
+        )
+
+    def test_contentLengthNegative(self):
+        """
+        A request with a C{Content-Length} header that is negative fails with
+        a 400 response without calling L{Request.process}.
+
+        This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
+        """
+        self.assertRequestRejected(
+            [
+                b"GET /a HTTP/1.1",
+                b"Content-Length: -100",
+                b"Host: host.invalid",
+                b"",
+                b"",
+                b"x" * 200,
+            ]
+        )
+
+     def test_duplicateContentLengthsWithPipelinedRequests(self):
+         """
+         Two pipelined requests, the first of which includes multiple

diff --git a/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch new file mode 100644 index 0000000000..f7b6824612 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-twisted/CVE-2022-24801-1.patch
@@ -0,0 +1,132 @@
	1	From 832a878c9c324ad23dde6cf16520b7768c1a8c5c Mon Sep 17 00:00:00 2001
	2	From: Tom Most <twm@freecog.net>
	3	Date: Sat, 5 Mar 2022 23:26:55 -0800
	4	Subject: [PATCH] Some tests for GHSA-c2jg-hw38-jrqq
	5
	6	Upstream-Status: Backport [https://github.com/twisted/twisted/commit/22b067793cbcd0fb5dee04cfd9115fa85a7ca110]
	7	CVE: CVE-2022-24801
	8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
	9	---
	10	src/twisted/web/test/test_http.py \| 102 ++++++++++++++++++++++++++++++
	11	1 file changed, 102 insertions(+)
	12
	13	diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
	14	index 86c85d2..0549ed0 100644
	15	--- a/src/twisted/web/test/test_http.py
	16	+++ b/src/twisted/web/test/test_http.py
	17	@@ -1843,6 +1843,56 @@ class ParsingTests(unittest.TestCase):
	18	[b"t \ta \tb"],
	19	)
	20
	21	+ def test_headerStripWhitespace(self):
	22	+ """
	23	+ Leading and trailing space and tab characters are stripped from
	24	+ headers. Other forms of whitespace are preserved.
	25	+
	26	+ See RFC 7230 section 3.2.3 and 3.2.4.
	27	+ """
	28	+ processed = []
	29	+
	30	+ class MyRequest(http.Request):
	31	+ def process(self):
	32	+ processed.append(self)
	33	+ self.finish()
	34	+
	35	+ requestLines = [
	36	+ b"GET / HTTP/1.0",
	37	+ b"spaces: spaces were stripped ",
	38	+ b"tabs: \t\ttabs were stripped\t\t",
	39	+ b"spaces-and-tabs: \t \t spaces and tabs were stripped\t \t",
	40	+ b"line-tab: \v vertical tab was preserved\v\t",
	41	+ b"form-feed: \f form feed was preserved \f ",
	42	+ b"",
	43	+ b"",
	44	+ ]
	45	+
	46	+ self.runRequest(b"\n".join(requestLines), MyRequest, 0)
	47	+ [request] = processed
	48	+ # All leading and trailing whitespace is stripped from the
	49	+ # header-value.
	50	+ self.assertEqual(
	51	+ request.requestHeaders.getRawHeaders(b"spaces"),
	52	+ [b"spaces were stripped"],
	53	+ )
	54	+ self.assertEqual(
	55	+ request.requestHeaders.getRawHeaders(b"tabs"),
	56	+ [b"tabs were stripped"],
	57	+ )
	58	+ self.assertEqual(
	59	+ request.requestHeaders.getRawHeaders(b"spaces-and-tabs"),
	60	+ [b"spaces and tabs were stripped"],
	61	+ )
	62	+ self.assertEqual(
	63	+ request.requestHeaders.getRawHeaders(b"line-tab"),
	64	+ [b"\v vertical tab was preserved\v"],
	65	+ )
	66	+ self.assertEqual(
	67	+ request.requestHeaders.getRawHeaders(b"form-feed"),
	68	+ [b"\f form feed was preserved \f"],
	69	+ )
	70	+
	71	def test_tooManyHeaders(self):
	72	"""
	73	C{HTTPChannel} enforces a limit of C{HTTPChannel.maxHeaders} on the
	74	@@ -2407,6 +2457,58 @@ Hello,
	75	]
	76	)
	77
	78	+ def test_contentLengthMalformed(self):
	79	+ """
	80	+ A request with a non-integer C{Content-Length} header fails with a 400
	81	+ response without calling L{Request.process}.
	82	+ """
	83	+ self.assertRequestRejected(
	84	+ [
	85	+ b"GET /a HTTP/1.1",
	86	+ b"Content-Length: MORE THAN NINE THOUSAND!",
	87	+ b"Host: host.invalid",
	88	+ b"",
	89	+ b"",
	90	+ b"x" * 9001,
	91	+ ]
	92	+ )
	93	+
	94	+ def test_contentLengthTooPositive(self):
	95	+ """
	96	+ A request with a C{Content-Length} header that begins with a L{+} fails
	97	+ with a 400 response without calling L{Request.process}.
	98	+
	99	+ This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
	100	+ """
	101	+ self.assertRequestRejected(
	102	+ [
	103	+ b"GET /a HTTP/1.1",
	104	+ b"Content-Length: +100",
	105	+ b"Host: host.invalid",
	106	+ b"",
	107	+ b"",
	108	+ b"x" * 100,
	109	+ ]
	110	+ )
	111	+
	112	+ def test_contentLengthNegative(self):
	113	+ """
	114	+ A request with a C{Content-Length} header that is negative fails with
	115	+ a 400 response without calling L{Request.process}.
	116	+
	117	+ This is a potential request smuggling vector: see GHSA-c2jg-hw38-jrqq.
	118	+ """
	119	+ self.assertRequestRejected(
	120	+ [
	121	+ b"GET /a HTTP/1.1",
	122	+ b"Content-Length: -100",
	123	+ b"Host: host.invalid",
	124	+ b"",
	125	+ b"",
	126	+ b"x" * 200,
	127	+ ]
	128	+ )
	129	+
	130	def test_duplicateContentLengthsWithPipelinedRequests(self):
	131	"""
	132	Two pipelined requests, the first of which includes multiple