Security fix for CVE-2024-47081
Resolves: RHEL-105461
This commit is contained in:
Lumir Balhar
parent
02bb6a0fff
commit
455e3b4139
31
CVE-2024-47081.patch
Normal file
31
CVE-2024-47081.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From c9fc8896562cc154eae41a51941bea6d701ed363 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Fri, 25 Jul 2025 12:17:00 +0200
|
||||
Subject: [PATCH] CVE-2024-47081
|
||||
|
||||
---
|
||||
requests/utils.py | 8 +-------
|
||||
1 file changed, 1 insertion(+), 7 deletions(-)
|
||||
|
||||
diff --git a/requests/utils.py b/requests/utils.py
|
||||
index 04145c8..4a1b829 100644
|
||||
--- a/requests/utils.py
|
||||
+++ b/requests/utils.py
|
||||
@@ -191,13 +191,7 @@ def get_netrc_auth(url, raise_errors=False):
|
||||
return
|
||||
|
||||
ri = urlparse(url)
|
||||
-
|
||||
- # Strip port numbers from netloc. This weird `if...encode`` dance is
|
||||
- # used for Python 3.2, which doesn't support unicode literals.
|
||||
- splitstr = b':'
|
||||
- if isinstance(url, str):
|
||||
- splitstr = splitstr.decode('ascii')
|
||||
- host = ri.netloc.split(splitstr)[0]
|
||||
+ host = ri.hostname
|
||||
|
||||
try:
|
||||
_netrc = netrc(netrc_path).authenticators(host)
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
Name: python-requests
|
||||
Version: 2.25.1
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
Summary: HTTP library, written in Python, for human beings
|
||||
|
||||
License: ASL 2.0
|
||||
@ -63,6 +63,12 @@ Patch6: support_IPv6_CIDR_in_no_proxy.patch
|
||||
# The issue it tries to solve: https://github.com/psf/requests/issues/6726
|
||||
Patch7: CVE-2024-35195.patch
|
||||
|
||||
# Security fix for CVE-2024-47081
|
||||
# Requests vulnerable to .netrc credentials leak via malicious URLs.
|
||||
# Fix backported from upstream:
|
||||
# https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
|
||||
Patch8: CVE-2024-47081.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
@ -138,6 +144,10 @@ sed -i 's/ --doctest-modules//' pytest.ini
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 25 2025 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-10
|
||||
- Security fix for CVE-2024-47081
|
||||
Resolves: RHEL-105461
|
||||
|
||||
* Fri Jan 10 2025 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-9
|
||||
- Security fix for CVE-2024-35195
|
||||
Resolves: RHEL-37609
|
||||
|
||||
Loading…
Reference in New Issue
Block a user