Skip to content

Resolved pTest failure by upgrading python-twisted to version 23.10.0 #17675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
v-aaditya wants to merge 4 commits into
base: 3.0-dev
Choose a base branch
from
Open

Resolved pTest failure by upgrading python-twisted to version 23.10.0 #17675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4c33797
Fix pTest failure by upgrading python-twisted to version 23.10.0
v-aaditya Jun 10, 2026
27bb383
Removed old patch file
v-aaditya Jun 10, 2026
e7b9728
Fixed patch for CVE-2026-42304 and Circular dependency issue
v-aaditya Jun 10, 2026
2163c86
Updated patch for disabling tests
v-aaditya Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions SPECS/pytest/pytest.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: pytest is a mature full-featured Python testing tool that helps you write better programs
Name: pytest
Version: 7.4.0
Release: 2%{?dist}
Release: 3%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Azure Linux
Expand All @@ -20,7 +20,6 @@ BuildRequires: python3-hypothesis
BuildRequires: python3-py
BuildRequires: python3-setuptools
BuildRequires: python3-setuptools_scm
BuildRequires: python3-twisted
BuildRequires: python3-xml
Requires: python3
Requires: python3-setuptools
Expand Down Expand Up @@ -66,6 +65,10 @@ ln -snf py.test%{python3_version} %{buildroot}%{_bindir}/py.test3
%{python3_sitelib}/*

%changelog
* Wed Jun 10 2026 Aditya Singh <v-aditysing@microsoft.com> - 7.4.0-3
- Removed BuildRequires python3-twisted to break a build-time dependency introduced
by python-twisted 23.10.0 needing python3-hatch-fancy-pypi-readme (which transitively BRs pytest).

* Mon Oct 07 2024 Devin Anderson <danderson@microsoft.com> - 7.4.0-2
- Add missing runtime dependency on 'iniconfig' package.

Expand Down
69 changes: 0 additions & 69 deletions SPECS/python-twisted/CVE-2023-46137.patch
View file
Open in desktop

This file was deleted.

17 changes: 9 additions & 8 deletions SPECS/python-twisted/CVE-2024-41671.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ From: Sindhu Karri <lakarri@microsoft.com>
Date: Thu, 1 Aug 2024 09:39:06 +0000
Subject: [PATCH 1/3] 4a930de1 patch apply pass 1 without rejs

Upstream Patch Reference: https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc.patch
---
src/twisted/web/http.py | 2 +-
src/twisted/web/newsfragments/12248.bugfix | 1 +
Expand All @@ -11,10 +12,10 @@ Subject: [PATCH 1/3] 4a930de1 patch apply pass 1 without rejs
create mode 100644 src/twisted/web/newsfragments/12248.bugfix

diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
index b80a55a..2c3ba55 100644
index 2bad147..3081b02 100644
--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
@@ -2331,8 +2333,8 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
@@ -2319,8 +2319,8 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
self.__header = line

def _finishRequestBody(self, data):
Expand All @@ -32,7 +33,7 @@ index 0000000..2fb6067
@@ -0,0 +1 @@
+The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7)
diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
index f8027f1..e07cf98 100644
index d6a6a17..a19ed89 100644
--- a/src/twisted/web/test/test_http.py
+++ b/src/twisted/web/test/test_http.py
@@ -135,7 +135,7 @@ class DummyHTTPHandler(http.Request):
Expand All @@ -44,7 +45,7 @@ index f8027f1..e07cf98 100644
request = b"'''\n" + length + b"\n" + data + b"'''\n"
self.setResponseCode(200)
self.setHeader(b"Request", self.uri)
@@ -566,17 +566,23 @@ class HTTP0_9Tests(HTTP1_0Tests):
@@ -563,17 +563,23 @@ class HTTP0_9Tests(HTTP1_0Tests):

class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
"""
Expand Down Expand Up @@ -72,7 +73,7 @@ index f8027f1..e07cf98 100644
)

expectedResponses = [
@@ -593,14 +599,16 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
@@ -590,14 +596,16 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
b"Request: /",
b"Command: POST",
b"Version: HTTP/1.1",
Expand All @@ -93,7 +94,7 @@ index f8027f1..e07cf98 100644
"""
b = StringTransport()
a = http.HTTPChannel()
@@ -609,10 +617,9 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
@@ -606,10 +614,9 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
# one byte at a time, to stress it.
for byte in iterbytes(self.requests):
a.dataReceived(byte)
Expand All @@ -105,7 +106,7 @@ index f8027f1..e07cf98 100644
self.assertEqual(1, len(a.requests))

# Now, process each request one at a time.
@@ -621,8 +628,95 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
@@ -618,8 +625,95 @@ class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
request = a.requests[0].original
request.delayedProcess()

Expand Down Expand Up @@ -204,5 +205,5 @@ index f8027f1..e07cf98 100644
def test_pipeliningReadLimit(self):
"""
--
2.33.8
2.45.4

Loading
Loading