debcrafters-packages team mailing list archive

Thread
Date
[Bug 2130145] [NEW] Merge requests from Debian Unstable for resolute

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Lena Voytek <2130145@xxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Oct 2025 20:20:45 -0000
Reply-to: Bug 2130145 <2130145@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Scheduled-For: ubuntu-25.11
Ubuntu: 2.32.3+dfsg-5ubuntu2
Debian Unstable: 2.32.5+dfsg-1

A new release of requests is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the
tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the
title as desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the resolute Release Notes:
https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/

### New Debian Changes ###

requests (2.32.5+dfsg-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.

 -- Colin Watson <cjwatson@xxxxxxxxxx>  Fri, 29 Aug 2025 11:26:45 +0100

requests (2.32.4+dfsg-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
    - CVE-2024-47081: Fixed an issue where a maliciously crafted URL and
      trusted environment will retrieve credentials for the wrong
      hostname/machine from a netrc file (closes: #1107368).
  * Avoid harmless "date: invalid date '@'" error in autopkgtest.

 -- Colin Watson <cjwatson@xxxxxxxxxx>  Mon, 18 Aug 2025 11:18:19 +0100


### Old Ubuntu Delta ###

requests (2.32.3+dfsg-5ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
      lookup instead of netloc
    - CVE-2024-47081

 -- Bruce Cable <bruce.cable@xxxxxxxxxxxxx>  Wed, 11 Jun 2025 13:28:01
+1000

requests (2.32.3+dfsg-5ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2085279). Remaining changes:
    - d/p/remove-charset-normalizer-dependency.patch: Remove charset-normalizer
      as a build dependency (LP #1975541).

 -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Thu, 22 May 2025 16:50:10
-0400

** Affects: requests (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dcr-merge

** Changed in: requests (Ubuntu)
    Milestone: None => ubuntu-25.11

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to requests in Ubuntu.
https://bugs.launchpad.net/bugs/2130145

Title:
  Merge requests from Debian Unstable for resolute

Status in requests package in Ubuntu:
  New

Bug description:
  Scheduled-For: ubuntu-25.11
  Ubuntu: 2.32.3+dfsg-5ubuntu2
  Debian Unstable: 2.32.5+dfsg-1

  A new release of requests is available for merging from Debian
  Unstable.

  If it turns out this needs a sync rather than a merge, please change
  the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally)
  update the title as desired.

  If this merge pulls in a new upstream version, also consider adding an
  entry to the resolute Release Notes:
  https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/

  ### New Debian Changes ###

  requests (2.32.5+dfsg-1) unstable; urgency=medium

    * Team upload.
    * New upstream release.

   -- Colin Watson <cjwatson@xxxxxxxxxx>  Fri, 29 Aug 2025 11:26:45
  +0100

  requests (2.32.4+dfsg-1) unstable; urgency=medium

    * Team upload.
    * New upstream release.
      - CVE-2024-47081: Fixed an issue where a maliciously crafted URL and
        trusted environment will retrieve credentials for the wrong
        hostname/machine from a netrc file (closes: #1107368).
    * Avoid harmless "date: invalid date '@'" error in autopkgtest.

   -- Colin Watson <cjwatson@xxxxxxxxxx>  Mon, 18 Aug 2025 11:18:19
  +0100


  ### Old Ubuntu Delta ###

  requests (2.32.3+dfsg-5ubuntu2) questing; urgency=medium

    * SECURITY UPDATE: Information Leak
      - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
        lookup instead of netloc
      - CVE-2024-47081

   -- Bruce Cable <bruce.cable@xxxxxxxxxxxxx>  Wed, 11 Jun 2025 13:28:01
  +1000

  requests (2.32.3+dfsg-5ubuntu1) questing; urgency=medium

    * Merge with Debian unstable (LP: #2085279). Remaining changes:
      - d/p/remove-charset-normalizer-dependency.patch: Remove charset-normalizer
        as a build dependency (LP #1975541).

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Thu, 22 May 2025 16:50:10
  -0400

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/2130145/+subscriptions