From e6126e3115ce6d55696d4ef0397dc2b2fc0be981ce20ff7bc242b02e370b11c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 27 Jun 2025 15:54:16 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-requests revision f98e466568aa47e0b0a6264a17110b35 --- python-requests.changes | 22 ++++++++++++++++++++-- python-requests.spec | 4 ++-- requests-2.32.3.tar.gz | 3 --- requests-2.32.4.tar.gz | 3 +++ 4 files changed, 25 insertions(+), 7 deletions(-) delete mode 100644 requests-2.32.3.tar.gz create mode 100644 requests-2.32.4.tar.gz diff --git a/python-requests.changes b/python-requests.changes index 52d6729..f303c81 100644 --- a/python-requests.changes +++ b/python-requests.changes @@ -1,7 +1,25 @@ +------------------------------------------------------------------- +Tue Jun 10 09:42:31 UTC 2025 - Dirk Müller + +- update to 2.32.4: + * CVE-2024-47081 Fixed an issue where a maliciously crafted URL + and trusted environment will retrieve credentials for the wrong + hostname/machine from a netrc file + * Numerous documentation improvements + * Added support for pypy 3.11 for Linux and macOS. + * Dropped support for pypy 3.9 following its end of support. +- drop CVE-2024-47081.patch (merged upstream) + +------------------------------------------------------------------- +Thu Jun 5 07:22:39 UTC 2025 - Daniel Garcia + +- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak + (gh#psf/requests#6965, CVE-2024-47081, bsc#1244039) + ------------------------------------------------------------------- Thu Oct 24 07:48:08 UTC 2024 - Steve Kowalik -- Switch to pyproject macros. +- Switch to pyproject macros. ------------------------------------------------------------------- Thu Oct 17 06:30:14 UTC 2024 - Steve Kowalik @@ -13,7 +31,7 @@ Thu Oct 17 06:30:14 UTC 2024 - Steve Kowalik ------------------------------------------------------------------- Thu Aug 29 03:17:43 UTC 2024 - Steve Kowalik -- Remove Requires on python-py, it should have been removed earlier. +- Remove Requires on python-py, it should have been removed earlier. ------------------------------------------------------------------- Thu Jun 6 19:38:03 UTC 2024 - Dirk Müller diff --git a/python-requests.spec b/python-requests.spec index bb041d6..8e55f2f 100644 --- a/python-requests.spec +++ b/python-requests.spec @@ -1,7 +1,7 @@ # # spec file for package python-requests # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif %{?sle15_python_module_pythons} Name: python-requests%{psuffix} -Version: 2.32.3 +Version: 2.32.4 Release: 0 Summary: Python HTTP Library License: Apache-2.0 diff --git a/requests-2.32.3.tar.gz b/requests-2.32.3.tar.gz deleted file mode 100644 index d2e0256..0000000 --- a/requests-2.32.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 -size 131218 diff --git a/requests-2.32.4.tar.gz b/requests-2.32.4.tar.gz new file mode 100644 index 0000000..b2b2ae1 --- /dev/null +++ b/requests-2.32.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422 +size 135258