Update to 2.32.4

- Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs

(cherry picked from Fedora commit 8607c2fb6581a3f649be34ed5adb77bd1c67fc6d)

Resolves: RHEL-105460
This commit is contained in:
Miro Hrončok 2025-07-07 12:12:42 +02:00 committed by Lumir Balhar
parent 935c98f0c6
commit f0b8efe222
5 changed files with 17 additions and 11 deletions

1
.gitignore vendored
View File

@ -53,3 +53,4 @@
/requests-v2.28.2.tar.gz
/requests-v2.31.0.tar.gz
/requests-v2.32.3.tar.gz
/requests-v2.32.4.tar.gz

View File

@ -5,8 +5,8 @@
%bcond extras %{undefined rhel}
Name: python-requests
Version: 2.32.3
Release: 2%{?dist}
Version: 2.32.4
Release: 1%{?dist}
Summary: HTTP library, written in Python, for human beings
License: Apache-2.0
@ -94,6 +94,11 @@ sed -i 's/ --doctest-modules//' pyproject.toml
%changelog
* Mon Jul 07 2025 Miro Hrončok <mhroncok@redhat.com> - 2.32.4-1
- Update to 2.32.4
- Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs
Resolves: RHEL-105460
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.32.3-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018

View File

@ -1 +1 @@
SHA512 (requests-v2.32.3.tar.gz) = ea3e85e035efed0fe22bf8640491ffb20c2ac50359bb1e11c9147ed850cac5e4a6a36ab58a48fc6c6d6a44df2b511e8a5d902444c034da6baa6adc5f9417697f
SHA512 (requests-v2.32.4.tar.gz) = 7638061283a5e66c51f26107f5a88d090d35feecbf5a9075af842b67c0abd727af855346e2385130fa79738395a3821107be300e3de60a9a0e84fe69904288cd

View File

@ -1,7 +1,7 @@
From bb733473e91e71b812ada46bc110f607630f9327 Mon Sep 17 00:00:00 2001
From e0ce6c20989a205489df47f8abaff5369ed588ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com>
Date: Thu, 30 May 2024 11:10:29 +0200
Subject: [PATCH 1/2] system certs
Subject: [PATCH] system certs
Co-authored-by: Lumir Balhar <lbalhar@redhat.com>
---
@ -23,17 +23,17 @@ index 8d44e0e..fa10a53 100644
idna>=2.5,<4
urllib3>=1.21.1,<3
diff --git a/setup.py b/setup.py
index 1b0eb37..03d19b0 100755
index 7d9b52b..17da826 100755
--- a/setup.py
+++ b/setup.py
@@ -62,7 +62,6 @@ requires = [
@@ -37,7 +37,6 @@ requires = [
"charset_normalizer>=2,<4",
"idna>=2.5,<4",
"urllib3>=1.21.1,<3",
- "certifi>=2017.4.17",
]
test_requirements = [
"pytest-httpbin==2.0.0",
"pytest-httpbin==2.1.0",
diff --git a/src/requests/certs.py b/src/requests/certs.py
index be422c3..9aee713 100644
--- a/src/requests/certs.py
@ -55,5 +55,5 @@ index be422c3..9aee713 100644
if __name__ == "__main__":
print(where())
--
2.45.1
2.50.0

View File

@ -52,8 +52,8 @@ rlJournalStart
# pip-install libraries not in the repos
# pytest is installed in fmf requirement
rlRun "$PYTHON -m pip install pytest-mock==3.12.0 trustme==1.1.0 werkzeug==3.0.3 \
httpbin==0.10.2 pytest-httpbin==2.0.0"
rlRun "$PYTHON -m pip install pytest-mock==3.14.0 trustme==1.2.0 werkzeug==3.1.3 \
pytest-httpbin==2.1.0"
# Move to test dir, print what is there
rlRun "cd $(dirname $TmpDir/BUILD/*requests*/tests)"