python3-twisted: Fix CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP
requests out-of-order, possibly resulting in information disclosure. This vulnerability
is fixed in 24.7.0rc1.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
https://ubuntu.com/security/CVE-2024-41671

Upstream patches:
f1cb4e616e
ef2c755e9e

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta-python/recipes-devtools/python/python3-twisted/CVE-2024-41671-0001.patch

@@ -0,0 +1,33 @@
+From f1cb4e616e9f23b4dd044a6db44365060950c64f Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Mon, 22 Jul 2024 22:21:10 -0700
+Subject: [PATCH] Use chunking in the pipelining tests
+
+CVE: CVE-2024-41671
+
+Upstream-Status: Backport [https://github.com/twisted/twisted/commit/f1cb4e616e9f23b4dd044a6db44365060950c64f]
+
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/twisted/web/test/test_http.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index 7ffea4e..5d88ff1 100644
+--- a/src/twisted/web/test/test_http.py
++++ b/src/twisted/web/test/test_http.py
+@@ -575,9 +575,11 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
+         b"Content-Length: 10\r\n"
+         b"\r\n"
+         b"0123456789POST / HTTP/1.1\r\n"
+-        b"Content-Length: 10\r\n"
++        b"Transfer-Encoding: chunked\r\n"
+         b"\r\n"
++        b"a\r\n"
+         b"0123456789"
++        b"0\r\n"
+     )
+
+     expectedResponses = [
+--
+2.40.0