File 1521_delegate_parseqs_stdlib_bpo42967.patch of Package python-Twisted

From 7130df7ee21ebd93d7e15e7c4ef752b759f8e1c3 Mon Sep 17 00:00:00 2001
From: Thomas Grainger <tagrain@gmail.com>
Date: Sun, 21 Feb 2021 11:54:25 +0000
Subject: [PATCH] delegate to stdlib parse qs

---
 src/twisted/web/http.py                    | 29 +---------------------
 src/twisted/web/newsfragments/10096.bugfix |  1 +
 2 files changed, 2 insertions(+), 28 deletions(-)
 create mode 100644 src/twisted/web/newsfragments/10096.bugfix

Index: twisted-24.10.0/src/twisted/web/http.py
===================================================================
--- twisted-24.10.0.orig/src/twisted/web/http.py
+++ twisted-24.10.0/src/twisted/web/http.py
@@ -125,6 +125,7 @@ from urllib.parse import (
     ParseResultBytes,
     unquote_to_bytes as unquote,
     urlparse as _urlparse,
+    parse_qs,
 )
 
 from zope.interface import Attribute, Interface, implementer, provider
@@ -371,34 +372,6 @@ def urlparse(url):
     return ParseResultBytes(scheme, netloc, path, params, query, fragment)
 
 
-def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
-    """
-    Like C{cgi.parse_qs}, but with support for parsing byte strings on Python 3.
-
-    This was created to help with Python 2 to Python 3 migration.
-    Consider using L{urllib.parse.parse_qs}.
-
-    @type qs: C{bytes}
-    """
-    d = {}
-    items = [s2 for s1 in qs.split(b"&") for s2 in s1.split(b";")]
-    for item in items:
-        try:
-            k, v = item.split(b"=", 1)
-        except ValueError:
-            if strict_parsing:
-                raise
-            continue
-        if v or keep_blank_values:
-            k = unquote(k.replace(b"+", b" "))
-            v = unquote(v.replace(b"+", b" "))
-            if k in d:
-                d[k].append(v)
-            else:
-                d[k] = [v]
-    return d
-
-
 def datetimeToString(msSinceEpoch=None):
     """
     Convert seconds since epoch to HTTP datetime string.
Index: twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
===================================================================
--- /dev/null
+++ twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
@@ -0,0 +1 @@
+delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures