From 6b95f43f12690def2dac54fe5cdba11be29ba03d Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Mon, 16 Jun 2025 08:52:57 -0500
Subject: [PATCH] chore: update requests to 2.32.4

Resolves CVE-2024-47081

Related-to: https://github.com/rackerlabs/genestack-images/security/code-scanning/44
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 scripts/glance-cve-patching.sh   | 4 ++--
 scripts/heat-cve-patching.sh     | 4 ++--
 scripts/keystone-cve-patching.sh | 2 +-
 scripts/octavia-cve-patching.sh  | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/glance-cve-patching.sh b/scripts/glance-cve-patching.sh
index 10c1e76..657509b 100644
--- a/scripts/glance-cve-patching.sh
+++ b/scripts/glance-cve-patching.sh
@@ -7,7 +7,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then
                                        "requests==2.32.4"
 elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
     # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27,
-    #           CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-4340,CVE-2024-37891,CVE-2024-5569,CVE-2024-12797
+    #           CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-4340,CVE-2024-37891,CVE-2024-5569,CVE-2024-12797,CVE-2024-47081
     /var/lib/openstack/bin/pip install --upgrade \
                                        "Jinja2==3.1.6" \
                                        "PyMySQL>=1.1.1,<1.2" \
@@ -16,7 +16,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
                                        "dnspython>=2.6.1,<2.7" \
                                        "eventlet>=0.35.2,<0.36" \
                                        "idna>=3.7,<3.8" \
-                                       "requests>=2.32.0,<2.33" \
+                                       "requests==2.32.4" \
                                        "sqlparse>=0.5.0,<0.6" \
                                        "urllib3==1.26.19" \
                                        "zipp>=3.19.1,<3.20"
diff --git a/scripts/heat-cve-patching.sh b/scripts/heat-cve-patching.sh
index 646fece..f8bf571 100644
--- a/scripts/heat-cve-patching.sh
+++ b/scripts/heat-cve-patching.sh
@@ -7,7 +7,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then
                                        "requests==2.32.4"
 elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
     # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27,
-    #           CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797
+    #           CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081
     /var/lib/openstack/bin/pip install --upgrade \
                                        "Jinja2==3.1.6" \
                                        "PyMySQL==1.1.1" \
@@ -16,6 +16,6 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
                                        "dnspython==2.6.1" \
                                        "eventlet==0.35.2" \
                                        "idna==3.7" \
-                                       "requests==2.32.0" \
+                                       "requests==2.32.4" \
                                        "urllib3==1.26.19"
 fi
diff --git a/scripts/keystone-cve-patching.sh b/scripts/keystone-cve-patching.sh
index 3792116..a999ffb 100644
--- a/scripts/keystone-cve-patching.sh
+++ b/scripts/keystone-cve-patching.sh
@@ -8,7 +8,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then
 elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
     # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,CVE-2024-34069,
     #           CVE-2024-49766,CVE-2024-49767,GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,
-    #           CVE-2024-12797,CVE-2025-47278
+    #           CVE-2024-12797,CVE-2025-47278,CVE-2024-47081
     /var/lib/openstack/bin/pip install --upgrade \
                                        "Flask==3.1.1" \
                                        "Jinja2==3.1.6" \
diff --git a/scripts/octavia-cve-patching.sh b/scripts/octavia-cve-patching.sh
index a31a479..eaa2f21 100644
--- a/scripts/octavia-cve-patching.sh
+++ b/scripts/octavia-cve-patching.sh
@@ -8,7 +8,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then
 elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
     # CVE fixes CVE-2024-36039,CVE-2024-6827,CVE-2024-1135,CVE-2024-49767,CVE-2024-34069,CVE-2024-56326,CVE-2024-56326,CVE-2024-56201
     #           CVE-2024-35195,CVE-2024-37891,CVE-2024-3651,CVE-2023-29483,CVE-2024-49766,CVE-2024-42353,CVE-2025-27516,CVE-2024-34064
-    #           CVE-2024-12797
+    #           CVE-2024-12797,CVE-2024-47081
     /var/lib/openstack/bin/pip install --upgrade \
                                        "Jinja2==3.1.6" \
                                        "PyMySQL==1.1.1" \
@@ -20,7 +20,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then
                                        "gunicorn==23.0.0" \
                                        "idna==3.7" \
                                        "pyopenssl==24.3.0" \
-                                       "requests==2.32.0" \
+                                       "requests==2.32.4" \
                                        "urllib3==1.26.19" \
                                        "zipp==3.19.1"
 fi