import UBI python-requests-2.25.1-10.el9_6

This commit is contained in:
eabdullin 2025-08-04 02:51:12 +00:00
parent 9b3c4b784b
commit 9f5b439c10
2 changed files with 42 additions and 1 deletions

View File

@ -0,0 +1,31 @@
From c9fc8896562cc154eae41a51941bea6d701ed363 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Fri, 25 Jul 2025 12:17:00 +0200
Subject: [PATCH] CVE-2024-47081
---
requests/utils.py | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/requests/utils.py b/requests/utils.py
index 04145c8..4a1b829 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -191,13 +191,7 @@ def get_netrc_auth(url, raise_errors=False):
return
ri = urlparse(url)
-
- # Strip port numbers from netloc. This weird `if...encode`` dance is
- # used for Python 3.2, which doesn't support unicode literals.
- splitstr = b':'
- if isinstance(url, str):
- splitstr = splitstr.decode('ascii')
- host = ri.netloc.split(splitstr)[0]
+ host = ri.hostname
try:
_netrc = netrc(netrc_path).authenticators(host)
--
2.50.1

View File

@ -5,7 +5,7 @@
Name: python-requests
Version: 2.25.1
Release: 9%{?dist}
Release: 10%{?dist}
Summary: HTTP library, written in Python, for human beings
License: ASL 2.0
@ -63,6 +63,12 @@ Patch6: support_IPv6_CIDR_in_no_proxy.patch
# The issue it tries to solve: https://github.com/psf/requests/issues/6726
Patch7: CVE-2024-35195.patch
# Security fix for CVE-2024-47081
# Requests vulnerable to .netrc credentials leak via malicious URLs.
# Fix backported from upstream:
# https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
Patch8: CVE-2024-47081.patch
BuildArch: noarch
%description
@ -138,6 +144,10 @@ sed -i 's/ --doctest-modules//' pytest.ini
%changelog
* Fri Jul 25 2025 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-10
- Security fix for CVE-2024-47081
Resolves: RHEL-105461
* Fri Jan 10 2025 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-9
- Security fix for CVE-2024-35195
Resolves: RHEL-37609