From 5f7e7f99b7b89ae0c36c493ad9460693fbd39979 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Thu, 3 Jul 2025 09:30:31 +0800
Subject: [PATCH] [CVE] CVE-2024-47081

to #21721
add patch to fix CVE-2024-47081
Project: TC2024080204
Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
---
 1-bugfix-for-CVE-2024-47081.patch | 28 ++++++++++++++++++++++++++++
 python-requests.spec              |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 1-bugfix-for-CVE-2024-47081.patch

diff --git a/1-bugfix-for-CVE-2024-47081.patch b/1-bugfix-for-CVE-2024-47081.patch
new file mode 100644
index 0000000..b271a34
--- /dev/null
+++ b/1-bugfix-for-CVE-2024-47081.patch
@@ -0,0 +1,28 @@
+From 96ba401c1296ab1dda74a2365ef36d88f7d144ef Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Wed, 25 Sep 2024 08:03:20 -0700
+Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
+
+---
+ src/requests/utils.py | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/requests/utils.py b/src/requests/utils.py
+index 699683e5d9..8a307ca8a0 100644
+--- a/src/requests/utils.py
++++ b/src/requests/utils.py
+@@ -236,13 +236,7 @@ def get_netrc_auth(url, raise_errors=False):
+             return
+ 
+         ri = urlparse(url)
+-
+-        # Strip port numbers from netloc. This weird `if...encode`` dance is
+-        # used for Python 3.2, which doesn't support unicode literals.
+-        splitstr = b":"
+-        if isinstance(url, str):
+-            splitstr = splitstr.decode("ascii")
+-        host = ri.netloc.split(splitstr)[0]
++        host = ri.hostname
+ 
+         try:
+             _netrc = netrc(netrc_path).authenticators(host)
diff --git a/python-requests.spec b/python-requests.spec
index b6d3760..c67774e 100644
--- a/python-requests.spec
+++ b/python-requests.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 %bcond_with tests
 
 
@@ -11,6 +11,7 @@ License:        ASL 2.0
 URL:            https://pypi.io/project/requests
 Source0:        https://github.com/psf/requests/releases/download/v%{version}/requests-%{version}.tar.gz
 
+Patch1: 1-bugfix-for-CVE-2024-47081.patch
 BuildArch:      noarch
 
 %description
@@ -88,6 +89,9 @@ sed -i 's/ --doctest-modules//' pyproject.toml
 %doc README.md HISTORY.md
 
 %changelog
+* Thu Jul 03 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.32.3-2
+- Fix CVE-2024-47081
+
 * Wed Apr 23 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 2.32.3-1
 - updat eto 2.32.3
 
-- 
Gitee