From 62f93a47613294bc8b8167f4b7cead69b3a9666a Mon Sep 17 00:00:00 2001
From: zhangpan <zp1224248514@163.com>
Date: Mon, 18 Nov 2024 02:33:19 +0000
Subject: [PATCH] fix CVE-2024-1682

---
 backport-CVE-2024-1682.patch | 40 ++++++++++++++++++++++++++++++++++++
 python-requests.spec         |  6 +++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-1682.patch

diff --git a/backport-CVE-2024-1682.patch b/backport-CVE-2024-1682.patch
new file mode 100644
index 0000000..0abc2f8
--- /dev/null
+++ b/backport-CVE-2024-1682.patch
@@ -0,0 +1,40 @@
+From 6106a63eb6c0fa490efa73d44388ac25b1b08af4 Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Tue, 20 Feb 2024 11:58:35 -0800
+Subject: [PATCH] Cleanup defunct links from community docs page
+
+Reference:https://github.com/psf/requests/commit/6106a63eb6c0fa490efa73d44388ac25b1b08af4
+Conflict:NA
+
+---
+ docs/community/out-there.rst | 14 +-------------
+ 1 file changed, 1 insertion(+), 13 deletions(-)
+
+diff --git a/docs/community/out-there.rst b/docs/community/out-there.rst
+index c33ab3c95b..c75c71f6a2 100644
+--- a/docs/community/out-there.rst
++++ b/docs/community/out-there.rst
+@@ -1,22 +1,10 @@
+ 
+ .. image:: https://farm5.staticflickr.com/4239/34450900674_15863ddea0_k_d.jpg
+ 
+-Python for iOS
+---------------
+-
+-Requests is built into the wonderful `Python for iOS <https://itunes.apple.com/us/app/python-2.7-for-ios/id485729872?mt=Python8>`_ runtime!
+-
+-To give it a try, simply::
+-
+-    import requests
+-
+-
+ Articles & Talks
+ ================
+-- `Python for the Web <https://www.gun.io/blog/python-for-the-web>`_ teaches how to use Python to interact with the web, using Requests.
+ - `Daniel Greenfeld's Review of Requests <https://pydanny.blogspot.com/2011/05/python-http-requests-for-humans.html>`_
+-- `My 'Python for Humans' talk <http://python-for-humans.heroku.com>`_ ( `audio <https://codeconf.s3.amazonaws.com/2011/pycodeconf/talks/PyCodeConf2011%20-%20Kenneth%20Reitz.m4a>`_ )
+-- `Issac Kelly's 'Consuming Web APIs' talk <https://issackelly.github.com/Consuming-Web-APIs-with-Python-Talk/slides/slides.html>`_
++- `Issac Kelly's 'Consuming Web APIs' talk <https://issackelly.github.io/Consuming-Web-APIs-with-Python-Talk/slides/slides.html>`_
+ - `Blog post about Requests via Yum <https://arunsag.wordpress.com/2011/08/17/new-package-python-requests-http-for-humans/>`_
+ - `Russian blog post introducing Requests <https://habr.com/post/126262/>`_
+ - `Sending JSON in Requests <http://www.coglib.com/~icordasc/blog/2014/11/sending-json-in-requests.html>`_
diff --git a/python-requests.spec b/python-requests.spec
index 40ac6a7..8760a8f 100644
--- a/python-requests.spec
+++ b/python-requests.spec
@@ -2,7 +2,7 @@
 
 Name:           python-requests
 Version:        2.24.0
-Release:        2
+Release:        3
 Summary:        Python HTTP Library
 License:        ASL 2.0
 URL:            http://python-requests.org/
@@ -13,6 +13,7 @@ Patch2:         requests-2.20.0-no-py2-httpbin.patch
 Patch3:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch
 Patch4:         Remove-tests-that-use-the-tarpit.patch 
 Patch6000:      backport-CVE-2023-32681.patch
+Patch6001:      backport-CVE-2024-1682.patch
 
 BuildArch:      noarch
 
@@ -113,6 +114,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
 %doc HISTORY.md README.md
 
 %changelog
+* Mon Nov 18 2024 zhangpan <zhangpan103@h-partners.com> - 2.24.0-3
+- fix CVE-2024-1682
+
 * Wed May 31 2023 zhangpan <zhangpan103@h-partners.com> - 2.24.0-2
 - fix CVE-2023-32681
 
-- 
Gitee