forked from pool/python-requests
Accepting request 1284404 from devel:languages:python
- update to 2.32.4:
* CVE-2024-47081 Fixed an issue where a maliciously crafted URL
and trusted environment will retrieve credentials for the wrong
hostname/machine from a netrc file
* Numerous documentation improvements
* Added support for pypy 3.11 for Linux and macOS.
* Dropped support for pypy 3.9 following its end of support.
- drop CVE-2024-47081.patch (merged upstream)
- Switch to pyproject macros.
- Remove Requires on python-py, it should have been removed earlier.
OBS-URL: https://build.opensuse.org/request/show/1284404
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=87
This commit is contained in:
Git OBS Bridge
@@ -1,28 +0,0 @@
|
||||
From 57acb7c26d809cf864ec439b8bcd6364702022d5 Mon Sep 17 00:00:00 2001
|
||||
From: Nate Prewitt <nate.prewitt@gmail.com>
|
||||
Date: Wed, 25 Sep 2024 08:03:20 -0700
|
||||
Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
|
||||
|
||||
---
|
||||
src/requests/utils.py | 8 +-------
|
||||
1 file changed, 1 insertion(+), 7 deletions(-)
|
||||
|
||||
Index: requests-2.32.3/src/requests/utils.py
|
||||
===================================================================
|
||||
--- requests-2.32.3.orig/src/requests/utils.py
|
||||
+++ requests-2.32.3/src/requests/utils.py
|
||||
@@ -233,13 +233,7 @@ def get_netrc_auth(url, raise_errors=Fal
|
||||
return
|
||||
|
||||
ri = urlparse(url)
|
||||
-
|
||||
- # Strip port numbers from netloc. This weird `if...encode`` dance is
|
||||
- # used for Python 3.2, which doesn't support unicode literals.
|
||||
- splitstr = b":"
|
||||
- if isinstance(url, str):
|
||||
- splitstr = splitstr.decode("ascii")
|
||||
- host = ri.netloc.split(splitstr)[0]
|
||||
+ host = ri.hostname
|
||||
|
||||
try:
|
||||
_netrc = netrc(netrc_path).authenticators(host)
|
||||
@@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 10 09:42:31 UTC 2025 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 2.32.4:
|
||||
* CVE-2024-47081 Fixed an issue where a maliciously crafted URL
|
||||
and trusted environment will retrieve credentials for the wrong
|
||||
hostname/machine from a netrc file
|
||||
* Numerous documentation improvements
|
||||
* Added support for pypy 3.11 for Linux and macOS.
|
||||
* Dropped support for pypy 3.9 following its end of support.
|
||||
- drop CVE-2024-47081.patch (merged upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 5 07:22:39 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
%endif
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-requests%{psuffix}
|
||||
Version: 2.32.3
|
||||
Version: 2.32.4
|
||||
Release: 0
|
||||
Summary: Python HTTP Library
|
||||
License: Apache-2.0
|
||||
@@ -34,8 +34,6 @@ URL: https://docs.python-requests.org/
|
||||
Source: https://files.pythonhosted.org/packages/source/r/requests/requests-%{version}.tar.gz
|
||||
# PATCH-FIX-UPSTREAM gh#psf/requests#6731
|
||||
Patch0: inject-default-ca-bundles.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-47081.patch gh#psf/requests#6965, bsc#1244039
|
||||
Patch1: CVE-2024-47081.patch
|
||||
BuildRequires: %{python_module base >= 3.7}
|
||||
BuildRequires: %{python_module pip}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
|
||||
BIN
requests-2.32.3.tar.gz
(Stored with Git LFS)
BIN
requests-2.32.3.tar.gz
(Stored with Git LFS)
Binary file not shown.
BIN
requests-2.32.4.tar.gz
(Stored with Git LFS)
Normal file
BIN
requests-2.32.4.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Reference in New Issue
Block a user