forked from microsoft/azurelinux
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2026-25645.patch
More file actions
38 lines (32 loc) · 1.35 KB
/
CVE-2026-25645.patch
File metadata and controls
38 lines (32 loc) · 1.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From 7d89bfc6c07cb594bd31ab71f2de622694fe2e66 Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prewitt@gmail.com>
Date: Wed, 25 Mar 2026 08:57:56 -0600
Subject: [PATCH] Merge commit from fork
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7.patch
---
requests/utils.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/requests/utils.py b/requests/utils.py
index 502c7bc..e0fcdbc 100644
--- a/requests/utils.py
+++ b/requests/utils.py
@@ -282,12 +282,13 @@ def extract_zipped_paths(path):
return path
# we have a valid zip archive and a valid member of that archive
- tmp = tempfile.gettempdir()
- extracted_path = os.path.join(tmp, member.split("/")[-1])
- if not os.path.exists(extracted_path):
- # use read + write to avoid the creating nested folders, we only want the file, avoids mkdir racing condition
- with atomic_open(extracted_path) as file_handler:
- file_handler.write(zip_file.read(member))
+ suffix = os.path.splitext(member.split("/")[-1])[-1]
+ fd, extracted_path = tempfile.mkstemp(suffix=suffix)
+ try:
+ os.write(fd, zip_file.read(member))
+ finally:
+ os.close(fd)
+
return extracted_path
--
2.45.4