From b3957d941adfe1db4bd96c0265e849db0dac9fe6f865b9e5691371a7b0f23cba Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 10 Jun 2025 09:43:04 +0000
Subject: [PATCH] - update to 2.32.4:   * CVE-2024-47081 Fixed an issue where a
 maliciously crafted URL     and trusted environment will retrieve credentials
 for the wrong     hostname/machine from a netrc file   * Numerous
 documentation improvements   * Added support for pypy 3.11 for Linux and
 macOS.   * Dropped support for pypy 3.9 following its end of support. - drop
 CVE-2024-47081.patch (merged upstream) - Switch to pyproject macros. - Remove
 Requires on python-py, it should have been removed earlier.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=195
---
 CVE-2024-47081.patch    | 28 ----------------------------
 python-requests.changes | 16 ++++++++++++++--
 python-requests.spec    |  4 +---
 requests-2.32.3.tar.gz  |  3 ---
 requests-2.32.4.tar.gz  |  3 +++
 5 files changed, 18 insertions(+), 36 deletions(-)
 delete mode 100644 CVE-2024-47081.patch
 delete mode 100644 requests-2.32.3.tar.gz
 create mode 100644 requests-2.32.4.tar.gz

diff --git a/CVE-2024-47081.patch b/CVE-2024-47081.patch
deleted file mode 100644
index ff43083..0000000
--- a/CVE-2024-47081.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 57acb7c26d809cf864ec439b8bcd6364702022d5 Mon Sep 17 00:00:00 2001
-From: Nate Prewitt <nate.prewitt@gmail.com>
-Date: Wed, 25 Sep 2024 08:03:20 -0700
-Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
-
----
- src/requests/utils.py | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-Index: requests-2.32.3/src/requests/utils.py
-===================================================================
---- requests-2.32.3.orig/src/requests/utils.py
-+++ requests-2.32.3/src/requests/utils.py
-@@ -233,13 +233,7 @@ def get_netrc_auth(url, raise_errors=Fal
-             return
- 
-         ri = urlparse(url)
--
--        # Strip port numbers from netloc. This weird `if...encode`` dance is
--        # used for Python 3.2, which doesn't support unicode literals.
--        splitstr = b":"
--        if isinstance(url, str):
--            splitstr = splitstr.decode("ascii")
--        host = ri.netloc.split(splitstr)[0]
-+        host = ri.hostname
- 
-         try:
-             _netrc = netrc(netrc_path).authenticators(host)
diff --git a/python-requests.changes b/python-requests.changes
index 5d39093..f303c81 100644
--- a/python-requests.changes
+++ b/python-requests.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Tue Jun 10 09:42:31 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.32.4:
+  * CVE-2024-47081 Fixed an issue where a maliciously crafted URL
+    and trusted environment will retrieve credentials for the wrong
+    hostname/machine from a netrc file
+  * Numerous documentation improvements
+  * Added support for pypy 3.11 for Linux and macOS.
+  * Dropped support for pypy 3.9 following its end of support.
+- drop CVE-2024-47081.patch (merged upstream)
+
 -------------------------------------------------------------------
 Thu Jun  5 07:22:39 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 
@@ -7,7 +19,7 @@ Thu Jun  5 07:22:39 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
 -------------------------------------------------------------------
 Thu Oct 24 07:48:08 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
-- Switch to pyproject macros. 
+- Switch to pyproject macros.
 
 -------------------------------------------------------------------
 Thu Oct 17 06:30:14 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
@@ -19,7 +31,7 @@ Thu Oct 17 06:30:14 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 -------------------------------------------------------------------
 Thu Aug 29 03:17:43 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
-- Remove Requires on python-py, it should have been removed earlier. 
+- Remove Requires on python-py, it should have been removed earlier.
 
 -------------------------------------------------------------------
 Thu Jun  6 19:38:03 UTC 2024 - Dirk Müller <dmueller@suse.com>
diff --git a/python-requests.spec b/python-requests.spec
index 9b785dc..8e55f2f 100644
--- a/python-requests.spec
+++ b/python-requests.spec
@@ -26,7 +26,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-requests%{psuffix}
-Version:        2.32.3
+Version:        2.32.4
 Release:        0
 Summary:        Python HTTP Library
 License:        Apache-2.0
@@ -34,8 +34,6 @@ URL:            https://docs.python-requests.org/
 Source:         https://files.pythonhosted.org/packages/source/r/requests/requests-%{version}.tar.gz
 # PATCH-FIX-UPSTREAM gh#psf/requests#6731
 Patch0:         inject-default-ca-bundles.patch
-# PATCH-FIX-UPSTREAM CVE-2024-47081.patch gh#psf/requests#6965, bsc#1244039
-Patch1:         CVE-2024-47081.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
diff --git a/requests-2.32.3.tar.gz b/requests-2.32.3.tar.gz
deleted file mode 100644
index d2e0256..0000000
--- a/requests-2.32.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760
-size 131218
diff --git a/requests-2.32.4.tar.gz b/requests-2.32.4.tar.gz
new file mode 100644
index 0000000..b2b2ae1
--- /dev/null
+++ b/requests-2.32.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422
+size 135258