From d5fa84385a719a07338e350121b61aae701657ca Mon Sep 17 00:00:00 2001
From: Jiaying Song <jiaying.song.cn@windriver.com>
Date: Thu, 12 Jun 2025 13:54:52 +0800
Subject: python3-requests: fix CVE-2024-47081

Requests is a HTTP library. Due to a URL parsing issue, Requests
releases prior to 2.32.4 may leak .netrc credentials to third parties
for specific maliciously-crafted URLs. Users should upgrade to version
2.32.4 to receive a fix. For older versions of Requests, use of the
.netrc file can be disabled with `trust_env=False` on one's Requests
Session.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47081

Upstream patch:
https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef

(From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3-requests_2.27.1.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-devtools/python/python3-requests_2.27.1.bb')

diff --git a/meta/recipes-devtools/python/python3-requests_2.27.1.bb b/meta/recipes-devtools/python/python3-requests_2.27.1.bb
index 689a1dffb7..6f7c47abac 100644
--- a/meta/recipes-devtools/python/python3-requests_2.27.1.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.27.1.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
 
 SRC_URI += "file://CVE-2023-32681.patch \
             file://CVE-2024-35195.patch \
+            file://CVE-2024-47081.patch \
            "
 
 SRC_URI[sha256sum] = "68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"
-- 
cgit v1.2.3-54-g00ecf