Security fix for CVE-2024-47081
Resolves: RHEL-102420
This commit is contained in:
parent
a7ae828b4e
commit
39ae929aff
31
CVE-2024-47081.patch
Normal file
31
CVE-2024-47081.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From c9fc8896562cc154eae41a51941bea6d701ed363 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Fri, 25 Jul 2025 12:17:00 +0200
|
||||
Subject: [PATCH] CVE-2024-47081
|
||||
|
||||
---
|
||||
requests/utils.py | 8 +-------
|
||||
1 file changed, 1 insertion(+), 7 deletions(-)
|
||||
|
||||
diff --git a/requests/utils.py b/requests/utils.py
|
||||
index 04145c8..4a1b829 100644
|
||||
--- a/requests/utils.py
|
||||
+++ b/requests/utils.py
|
||||
@@ -191,13 +191,7 @@ def get_netrc_auth(url, raise_errors=False):
|
||||
return
|
||||
|
||||
ri = urlparse(url)
|
||||
-
|
||||
- # Strip port numbers from netloc. This weird `if...encode`` dance is
|
||||
- # used for Python 3.2, which doesn't support unicode literals.
|
||||
- splitstr = b':'
|
||||
- if isinstance(url, str):
|
||||
- splitstr = splitstr.decode('ascii')
|
||||
- host = ri.netloc.split(splitstr)[0]
|
||||
+ host = ri.hostname
|
||||
|
||||
try:
|
||||
_netrc = netrc(netrc_path).authenticators(host)
|
||||
--
|
||||
2.50.1
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
Name: python-requests
|
||||
Version: 2.20.0
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Summary: HTTP library, written in Python, for human beings
|
||||
|
||||
License: ASL 2.0
|
||||
@ -61,6 +61,12 @@ Patch7: CVE-2023-32681.patch
|
||||
# The issue it tries to solve: https://github.com/psf/requests/issues/6726
|
||||
Patch8: CVE-2024-35195.patch
|
||||
|
||||
# Security fix for CVE-2024-47081
|
||||
# Requests vulnerable to .netrc credentials leak via malicious URLs.
|
||||
# Fix backported from upstream:
|
||||
# https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
|
||||
Patch9: CVE-2024-47081.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
@ -123,6 +129,10 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 25 2025 Lumír Balhar <lbalhar@redhat.com> - 2.20.0-6
|
||||
- Security fix for CVE-2024-47081
|
||||
Resolves: RHEL-102420
|
||||
|
||||
* Tue Dec 17 2024 Lumír Balhar <lbalhar@redhat.com> - 2.20.0-5
|
||||
- Security fix for CVE-2024-35195
|
||||
Resolves: RHEL-37605
|
||||
|
Loading…
Reference in New Issue
Block a user