From 469738f56c145f3aa9c1892d6f26f9870a93d2d3 Mon Sep 17 00:00:00 2001
From: Robert-André Mauchin <zebob.m@gmail.com>
Date: Mar 17 2020 16:07:37 +0000
Subject: Add dependent patch for previous fix


Signed-off-by: Robert-André Mauchin <zebob.m@gmail.com>

---

diff --git a/0001-Fix-several-request-smuggling-attacks.patch b/0001-Fix-several-request-smuggling-attacks.patch
index 6b5266c..b29228b 100644
--- a/0001-Fix-several-request-smuggling-attacks.patch
+++ b/0001-Fix-several-request-smuggling-attacks.patch
@@ -114,7 +114,7 @@ diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.
 index 0a0db09b750..578cb500cda 100644
 --- a/src/twisted/web/test/test_http.py
 +++ b/src/twisted/web/test/test_http.py
-@@ -2152,6 +2152,143 @@ Hello,
+@@ -2146,6 +2146,143 @@ Hello,
          self.flushLoggedErrors(AttributeError)
  
  
diff --git a/0001-Refactor-to-reduce-duplication.patch b/0001-Refactor-to-reduce-duplication.patch
new file mode 100644
index 0000000..39fb5a2
--- /dev/null
+++ b/0001-Refactor-to-reduce-duplication.patch
@@ -0,0 +1,135 @@
+From d2f6dd9b3766509f40c980aac67ca8475da67c6f Mon Sep 17 00:00:00 2001
+From: Tom Most <twm@freecog.net>
+Date: Mon, 3 Jun 2019 22:03:22 -0700
+Subject: [PATCH] Refactor to reduce duplication
+
+---
+ src/twisted/web/test/test_http.py | 116 +++++++++++-------------------
+ 1 file changed, 42 insertions(+), 74 deletions(-)
+
+diff --git a/src/twisted/web/test/test_http.py b/src/twisted/web/test/test_http.py
+index ac8f284d36c..1272a644d1e 100644
+--- a/src/twisted/web/test/test_http.py
++++ b/src/twisted/web/test/test_http.py
+@@ -1441,7 +1441,8 @@ class ParsingTests(unittest.TestCase):
+         """
+         Execute a web request based on plain text content.
+ 
+-        @param httpRequest: Content for the request which is processed.
++        @param httpRequest: Content for the request which is processed. Each
++            L{"\n"} will be replaced with L{"\r\n"}.
+         @type httpRequest: C{bytes}
+ 
+         @param requestFactory: 2-argument callable returning a Request.
+@@ -1480,6 +1481,32 @@ class ParsingTests(unittest.TestCase):
+         return channel
+ 
+ 
++    def assertRequestRejected(self, requestLines):
++        """
++        Execute a HTTP request and assert that it is rejected with a 400 Bad
++        Response and disconnection.
++
++        @param requestLines: Plain text lines of the request. These lines will
++            be joined with newlines to form the HTTP request that is processed.
++        @type requestLines: C{list} of C{bytes}
++        """
++        httpRequest = b"\n".join(requestLines)
++        processed = []
++
++        class MyRequest(http.Request):
++            def process(self):
++                processed.append(self)
++                self.finish()
++
++        channel = self.runRequest(httpRequest, MyRequest, success=False)
++        self.assertEqual(
++            channel.transport.value(),
++            b"HTTP/1.1 400 Bad Request\r\n\r\n",
++        )
++        self.assertTrue(channel.transport.disconnecting)
++        self.assertEqual(processed, [])
++
++
+     def test_invalidNonAsciiMethod(self):
+         """
+         When client sends invalid HTTP method containing
+@@ -1603,45 +1630,24 @@ class ParsingTests(unittest.TestCase):
+ 
+     def test_tooManyHeaders(self):
+         """
+-        L{HTTPChannel} enforces a limit of C{HTTPChannel.maxHeaders} on the
++        C{HTTPChannel} enforces a limit of C{HTTPChannel.maxHeaders} on the
+         number of headers received per request.
+         """
+-        processed = []
+-        class MyRequest(http.Request):
+-            def process(self):
+-                processed.append(self)
+-
+         requestLines = [b"GET / HTTP/1.0"]
+         for i in range(http.HTTPChannel.maxHeaders + 2):
+             requestLines.append(networkString("%s: foo" % (i,)))
+         requestLines.extend([b"", b""])
+ 
+-        channel = self.runRequest(b"\n".join(requestLines), MyRequest, 0)
+-        self.assertEqual(processed, [])
+-        self.assertEqual(
+-            channel.transport.value(),
+-            b"HTTP/1.1 400 Bad Request\r\n\r\n")
++        self.assertRequestRejected(requestLines)
+ 
+ 
+     def test_invalidContentLengthHeader(self):
+         """
+-        If a Content-Length header with a non-integer value is received, a 400
+-        (Bad Request) response is sent to the client and the connection is
+-        closed.
++        If a I{Content-Length} header with a non-integer value is received,
++        a 400 (Bad Request) response is sent to the client and the connection
++        is closed.
+         """
+-        processed = []
+-        class MyRequest(http.Request):
+-            def process(self):
+-                processed.append(self)
+-                self.finish()
+-
+-        requestLines = [b"GET / HTTP/1.0", b"Content-Length: x", b"", b""]
+-        channel = self.runRequest(b"\n".join(requestLines), MyRequest, 0)
+-        self.assertEqual(
+-            channel.transport.value(),
+-            b"HTTP/1.1 400 Bad Request\r\n\r\n")
+-        self.assertTrue(channel.transport.disconnecting)
+-        self.assertEqual(processed, [])
++        self.assertRequestRejected([b"GET / HTTP/1.0", b"Content-Length: x", b"", b""])
+ 
+ 
+     def test_invalidHeaderNoColon(self):
+@@ -1649,24 +1655,12 @@ class ParsingTests(unittest.TestCase):
+         If a header without colon is received a 400 (Bad Request) response
+         is sent to the client and the connection is closed.
+         """
+-        processed = []
+-        class MyRequest(http.Request):
+-            def process(self):
+-                processed.append(self)
+-                self.finish()
+-
+-        requestLines = [b"GET / HTTP/1.0", b"HeaderName ", b"", b""]
+-        channel = self.runRequest(b"\n".join(requestLines), MyRequest, 0)
+-        self.assertEqual(
+-            channel.transport.value(),
+-            b"HTTP/1.1 400 Bad Request\r\n\r\n")
+-        self.assertTrue(channel.transport.disconnecting)
+-        self.assertEqual(processed, [])
++        self.assertRequestRejected([b"GET / HTTP/1.0", b"HeaderName ", b"", b""])
+ 
+ 
+     def test_headerLimitPerRequest(self):
+         """
+-        L{HTTPChannel} enforces the limit of C{HTTPChannel.maxHeaders} per
++        C{HTTPChannel} enforces the limit of C{HTTPChannel.maxHeaders} per
+         request so that headers received in an earlier request do not count
+         towards the limit when processing a later request.
+         """
diff --git a/python-twisted.spec b/python-twisted.spec
index fed63fa..57f97d4 100644
--- a/python-twisted.spec
+++ b/python-twisted.spec
@@ -17,7 +17,8 @@ Source0:        %{pypi_source Twisted %{version} tar.bz2}
 # https://twistedmatrix.com/trac/ticket/9642
 Patch1:         0001-Import-gobject-from-gi.repository-in-Python-3.patch
 # CVE-2020-10109
-Patch2:         https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281.patch#/0001-Fix-several-request-smuggling-attacks.patch
+Patch2:         https://github.com/twisted/twisted/commit/d2f6dd9b3766509f40c980aac67ca8475da67c6f.patch#/0001-Refactor-to-reduce-duplication.patch
+Patch3:         https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281.patch#/0001-Fix-several-request-smuggling-attacks.patch
 
 %description
 %{common_description}