2 files changed, 52 insertions, 2 deletions
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch
new file mode 100644
index 0000000000..cadfe27adc
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch
@@ -0,0 +1,49 @@
+From 9ef3eb4a9f79c106b8a5518fc600412ad81dff5c Mon Sep 17 00:00:00 2001
+From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
+Date: Sat, 3 Jan 2026 00:39:41 +0000
+Subject: [PATCH] Reject non-ascii digits in Range header (#11903)
+**This is a backport of PR #11887 as merged into master
+(7a067d1905e1eeb921a50010dd0004990dbb3bf0).**
+Co-authored-by: Sam Bull <git@sambull.org>
+CVE: CVE-2025-69225
+Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ aiohttp/web_request.py    | 2 +-
+ tests/test_web_request.py | 7 +++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+diff --git a/aiohttp/web_request.py b/aiohttp/web_request.py
+index 4bc670a..d565557 100644
+--- a/aiohttp/web_request.py
+++ b/aiohttp/web_request.py
+@@ -598,7 +598,7 @@ class BaseRequest(MutableMapping[str, Any], HeadersMixin):
+         if rng is not None:
+             try:
+                 pattern = r"^bytes=(\d*)-(\d*)$"
+-                start, end = re.findall(pattern, rng)[0]
+                start, end = re.findall(pattern, rng, re.ASCII)[0]
+             except IndexError:  # pattern was not found in header
+                 raise ValueError("range not in acceptable format")
+ 
+diff --git a/tests/test_web_request.py b/tests/test_web_request.py
+index c6398ac..704fc18 100644
+--- a/tests/test_web_request.py
+++ b/tests/test_web_request.py
+@@ -227,6 +227,13 @@ def test_range_to_slice_tail_stop() -> None:
+     assert req.content[req.http_range] == payload[-500:]
+ 
+ 
+def test_range_non_ascii() -> None:
+    # ५ = DEVANAGARI DIGIT FIVE
+    req = make_mocked_request("GET", "/", headers=CIMultiDict([("RANGE", "bytes=4-५")]))
+    with pytest.raises(ValueError, match="range not in acceptable format"):
+        req.http_range
+
+
+ def test_non_keepalive_on_http10() -> None:
+     req = make_mocked_request("GET", "/", version=HttpVersion(1, 0))
+     assert not req.keep_alive
diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
index d3782f2d48..43482db392 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
@@ -7,8 +7,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
 SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"
 SRC_URI += "file://CVE-2024-52304.patch \
-            file://CVE-2025-53643.patch \
+           file://CVE-2025-53643.patch \
-"
+           file://CVE-2025-69225.patch \
+           "
 PYPI_PACKAGE = "aiohttp"
 inherit python_setuptools_build_meta pypi

diff --git a/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch new file mode 100644 index 0000000000..cadfe27adc --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-69225.patch
@@ -0,0 +1,49 @@
		1	From 9ef3eb4a9f79c106b8a5518fc600412ad81dff5c Mon Sep 17 00:00:00 2001
		2	From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
		3	Date: Sat, 3 Jan 2026 00:39:41 +0000
		4	Subject: [PATCH] Reject non-ascii digits in Range header (#11903)
		5
		6	**This is a backport of PR #11887 as merged into master
		7	(7a067d1905e1eeb921a50010dd0004990dbb3bf0).**
		8
		9	Co-authored-by: Sam Bull <git@sambull.org>
		10
		11	CVE: CVE-2025-69225
		12	Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96]
		13	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		14	---
		15	aiohttp/web_request.py \| 2 +-
		16	tests/test_web_request.py \| 7 +++++++
		17	2 files changed, 8 insertions(+), 1 deletion(-)
		18
		19	diff --git a/aiohttp/web_request.py b/aiohttp/web_request.py
		20	index 4bc670a..d565557 100644
		21	--- a/aiohttp/web_request.py
		22	+++ b/aiohttp/web_request.py
		23	@@ -598,7 +598,7 @@ class BaseRequest(MutableMapping[str, Any], HeadersMixin):
		24	if rng is not None:
		25	try:
		26	pattern = r"^bytes=(\d)-(\d)$"
		27	- start, end = re.findall(pattern, rng)[0]
		28	+ start, end = re.findall(pattern, rng, re.ASCII)[0]
		29	except IndexError: # pattern was not found in header
		30	raise ValueError("range not in acceptable format")
		31
		32	diff --git a/tests/test_web_request.py b/tests/test_web_request.py
		33	index c6398ac..704fc18 100644
		34	--- a/tests/test_web_request.py
		35	+++ b/tests/test_web_request.py
		36	@@ -227,6 +227,13 @@ def test_range_to_slice_tail_stop() -> None:
		37	assert req.content[req.http_range] == payload[-500:]
		38
		39
		40	+def test_range_non_ascii() -> None:
		41	+ # ५ = DEVANAGARI DIGIT FIVE
		42	+ req = make_mocked_request("GET", "/", headers=CIMultiDict([("RANGE", "bytes=4-५")]))
		43	+ with pytest.raises(ValueError, match="range not in acceptable format"):
		44	+ req.http_range
		45	+
		46	+
		47	def test_non_keepalive_on_http10() -> None:
		48	req = make_mocked_request("GET", "/", version=HttpVersion(1, 0))
		49	assert not req.keep_alive


diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb index d3782f2d48..43482db392 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.9.5.bb
@@ -7,8 +7,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
7	SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"	7	SRC_URI[sha256sum] = "edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551"
8		8
9	SRC_URI += "file://CVE-2024-52304.patch \	9	SRC_URI += "file://CVE-2024-52304.patch \
10	file://CVE-2025-53643.patch \	10	file://CVE-2025-53643.patch \
11	"	11	file://CVE-2025-69225.patch \
		12	"
12		13
13	PYPI_PACKAGE = "aiohttp"	14	PYPI_PACKAGE = "aiohttp"
14	inherit python_setuptools_build_meta pypi	15	inherit python_setuptools_build_meta pypi