mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
python3-aiohttp: patch CVE-2025-69228
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69228 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
0ea6c04dde
commit
6ac033a227
@@ -0,0 +1,47 @@
|
|||||||
|
From 8426e0e6df8a3481c7482d4fbce749bfe77e2e44 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
Date: Sat, 3 Jan 2026 02:48:45 +0000
|
||||||
|
Subject: [PATCH] Enforce client_max_size over entire multipart form (#11889)
|
||||||
|
(#11908)
|
||||||
|
|
||||||
|
From: Sam Bull <git@sambull.org>
|
||||||
|
|
||||||
|
(cherry picked from commit ed90718fab5d34c127a283e10385f19440df7dd0)
|
||||||
|
|
||||||
|
CVE: CVE-2025-69228
|
||||||
|
Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
aiohttp/web_request.py | 2 +-
|
||||||
|
tests/test_web_functional.py | 4 ++--
|
||||||
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/aiohttp/web_request.py b/aiohttp/web_request.py
|
||||||
|
index 96222b0..b5fa40c 100644
|
||||||
|
--- a/aiohttp/web_request.py
|
||||||
|
+++ b/aiohttp/web_request.py
|
||||||
|
@@ -721,8 +721,8 @@ class BaseRequest(MutableMapping[str, Any], HeadersMixin):
|
||||||
|
multipart = await self.multipart()
|
||||||
|
max_size = self._client_max_size
|
||||||
|
|
||||||
|
+ size = 0
|
||||||
|
while (field := await multipart.next()) is not None:
|
||||||
|
- size = 0
|
||||||
|
field_ct = field.headers.get(hdrs.CONTENT_TYPE)
|
||||||
|
|
||||||
|
if isinstance(field, BodyPartReader):
|
||||||
|
diff --git a/tests/test_web_functional.py b/tests/test_web_functional.py
|
||||||
|
index c33b3ce..8ec237b 100644
|
||||||
|
--- a/tests/test_web_functional.py
|
||||||
|
+++ b/tests/test_web_functional.py
|
||||||
|
@@ -1705,8 +1705,8 @@ async def test_app_max_client_size(aiohttp_client) -> None:
|
||||||
|
await resp.release()
|
||||||
|
|
||||||
|
|
||||||
|
-async def test_app_max_client_size_adjusted(aiohttp_client) -> None:
|
||||||
|
- async def handler(request):
|
||||||
|
+async def test_app_max_client_size_adjusted(aiohttp_client: AiohttpClient) -> None:
|
||||||
|
+ async def handler(request: web.Request) -> web.Response:
|
||||||
|
await request.post()
|
||||||
|
return web.Response(body=b"ok")
|
||||||
|
|
||||||
@@ -8,6 +8,7 @@ SRC_URI += "file://CVE-2025-69224.patch \
|
|||||||
file://CVE-2025-69225.patch \
|
file://CVE-2025-69225.patch \
|
||||||
file://CVE-2025-69226.patch \
|
file://CVE-2025-69226.patch \
|
||||||
file://CVE-2025-69227.patch \
|
file://CVE-2025-69227.patch \
|
||||||
|
file://CVE-2025-69228.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "4fc61385e9c98d72fcdf47e6dd81833f47b2f77c114c29cd64a361be57a763a2"
|
SRC_URI[sha256sum] = "4fc61385e9c98d72fcdf47e6dd81833f47b2f77c114c29cd64a361be57a763a2"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user