From 107eefed37e4af39ec1565c57d03c7f9adea69af Mon Sep 17 00:00:00 2001
From: "Qi.Chen@windriver.com" <Qi.Chen@windriver.com>
Date: Wed, 17 Oct 2018 10:32:11 +0800
Subject: python-requests: fix CVE-2018-18074

Backport two patches to fix the following CVE.

CVE: CVE-2018-18074

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-python/recipes-devtools/python/python-requests.inc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'meta-python/recipes-devtools/python/python-requests.inc')

diff --git a/meta-python/recipes-devtools/python/python-requests.inc b/meta-python/recipes-devtools/python/python-requests.inc
index efc652d94f..301c2f82ff 100644
--- a/meta-python/recipes-devtools/python/python-requests.inc
+++ b/meta-python/recipes-devtools/python/python-requests.inc
@@ -3,6 +3,12 @@ HOMEPAGE = "http://python-requests.org"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=bfbeafb85a2cee261510d65d5ec19156"
 
+FILESEXTRAPATHS_prepend := "${THISDIR}/python-requests:"
+
+SRC_URI += "file://0001-Strip-Authorization-header-whenever-root-URL-changes.patch \
+            file://0002-Rework-authorization-stripping-logic-as-discussed.patch \
+            "
+
 SRC_URI[md5sum] = "6c1a31afec9d614e2e71a91ee6ca2878"
 SRC_URI[sha256sum] = "ec22d826a36ed72a7358ff3fe56cbd4ba69dd7a6718ffd450ff0e9df7a47ce6a"
 
-- 
cgit v1.2.3-54-g00ecf