rpms/python-requests
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.32.4

Browse Source 
- Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs

(cherry picked from Fedora commit 8607c2fb6581a3f649be34ed5adb77bd1c67fc6d)

Resolves: RHEL-105460
This commit is contained in:
Miro Hrončok 2025-07-07 12:12:42 +02:00 committed by Lumir Balhar
parent 935c98f0c6
commit f0b8efe222
5 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -53,3 +53,4 @@
/requests-v2.28.2.tar.gz /requests-v2.28.2.tar.gz
/requests-v2.31.0.tar.gz /requests-v2.31.0.tar.gz
/requests-v2.32.3.tar.gz /requests-v2.32.3.tar.gz
/requests-v2.32.4.tar.gz

9
python-requests.spec
View File

@ -5,8 +5,8 @@
%bcond extras %{undefined rhel} %bcond extras %{undefined rhel}
Name: python-requests Name: python-requests
Version: 2.32.3 Version: 2.32.4
Release: 2%{?dist} Release: 1%{?dist}
Summary: HTTP library, written in Python, for human beings Summary: HTTP library, written in Python, for human beings
License: Apache-2.0 License: Apache-2.0
@ -94,6 +94,11 @@ sed -i 's/ --doctest-modules//' pyproject.toml
%changelog %changelog
* Mon Jul 07 2025 Miro Hrončok <mhroncok@redhat.com> - 2.32.4-1
- Update to 2.32.4
- Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs
Resolves: RHEL-105460
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.32.3-2 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.32.3-2
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018

2
sources
View File

@ -1 +1 @@
SHA512 (requests-v2.32.3.tar.gz) = ea3e85e035efed0fe22bf8640491ffb20c2ac50359bb1e11c9147ed850cac5e4a6a36ab58a48fc6c6d6a44df2b511e8a5d902444c034da6baa6adc5f9417697f SHA512 (requests-v2.32.4.tar.gz) = 7638061283a5e66c51f26107f5a88d090d35feecbf5a9075af842b67c0abd727af855346e2385130fa79738395a3821107be300e3de60a9a0e84fe69904288cd

12
system-certs.patch
View File

@ -1,7 +1,7 @@
From bb733473e91e71b812ada46bc110f607630f9327 Mon Sep 17 00:00:00 2001 From e0ce6c20989a205489df47f8abaff5369ed588ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com> From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com>
Date: Thu, 30 May 2024 11:10:29 +0200 Date: Thu, 30 May 2024 11:10:29 +0200
Subject: [PATCH 1/2] system certs Subject: [PATCH] system certs
Co-authored-by: Lumir Balhar <lbalhar@redhat.com> Co-authored-by: Lumir Balhar <lbalhar@redhat.com>
--- ---
@ -23,17 +23,17 @@ index 8d44e0e..fa10a53 100644
idna>=2.5,<4 idna>=2.5,<4
urllib3>=1.21.1,<3 urllib3>=1.21.1,<3
diff --git a/setup.py b/setup.py diff --git a/setup.py b/setup.py
index 1b0eb37..03d19b0 100755 index 7d9b52b..17da826 100755
--- a/setup.py --- a/setup.py
+++ b/setup.py +++ b/setup.py
@@ -62,7 +62,6 @@ requires = [ @@ -37,7 +37,6 @@ requires = [
"charset_normalizer>=2,<4", "charset_normalizer>=2,<4",
"idna>=2.5,<4", "idna>=2.5,<4",
"urllib3>=1.21.1,<3", "urllib3>=1.21.1,<3",
- "certifi>=2017.4.17", - "certifi>=2017.4.17",
] ]
test_requirements = [ test_requirements = [
"pytest-httpbin==2.0.0", "pytest-httpbin==2.1.0",
diff --git a/src/requests/certs.py b/src/requests/certs.py diff --git a/src/requests/certs.py b/src/requests/certs.py
index be422c3..9aee713 100644 index be422c3..9aee713 100644
--- a/src/requests/certs.py --- a/src/requests/certs.py
@ -55,5 +55,5 @@ index be422c3..9aee713 100644
if __name__ == "__main__": if __name__ == "__main__":
print(where()) print(where())
-- --
2.45.1 2.50.0

4
tests/upstream/runtest.sh
View File

@ -52,8 +52,8 @@ rlJournalStart
# pip-install libraries not in the repos # pip-install libraries not in the repos
# pytest is installed in fmf requirement # pytest is installed in fmf requirement
rlRun "$PYTHON -m pip install pytest-mock==3.12.0 trustme==1.1.0 werkzeug==3.0.3 \ rlRun "$PYTHON -m pip install pytest-mock==3.14.0 trustme==1.2.0 werkzeug==3.1.3 \
httpbin==0.10.2 pytest-httpbin==2.0.0" pytest-httpbin==2.1.0"
# Move to test dir, print what is there # Move to test dir, print what is there
rlRun "cd $(dirname $TmpDir/BUILD/*requests*/tests)" rlRun "cd $(dirname $TmpDir/BUILD/*requests*/tests)"