diff options
| author | adam <adam@pkgsrc.org> | 2021-02-26 06:21:51 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2021-02-26 06:21:51 +0000 |
| commit | c322da67ee86cdc387962d325f1cebb2bbd2a663 (patch) | |
| tree | 65c902e13e7c4933e17b8084d18ed5db4ab5ab1e /www | |
| parent | 528ae43359b210f5a103c47d90015a8cd282d07d (diff) | |
| download | pkgsrc-c322da67ee86cdc387962d325f1cebb2bbd2a663.tar.gz | |
py-aiohttp: updated to 3.7.4
3.7.4 (2021-02-25)
Bugfixes
(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.
Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp.
Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.
Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter.
Diffstat (limited to 'www')
| -rw-r--r-- | www/py-aiohttp/Makefile | 5 | ||||
| -rw-r--r-- | www/py-aiohttp/distinfo | 10 |
2 files changed, 7 insertions, 8 deletions
diff --git a/www/py-aiohttp/Makefile b/www/py-aiohttp/Makefile index 08a80bd236d..c3fa449ff69 100644 --- a/www/py-aiohttp/Makefile +++ b/www/py-aiohttp/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.49 2021/02/06 20:41:34 leot Exp $ +# $NetBSD: Makefile,v 1.50 2021/02/26 06:21:51 adam Exp $ -DISTNAME= aiohttp-3.7.3 +DISTNAME= aiohttp-3.7.4 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} -PKGREVISION= 2 CATEGORIES= www python MASTER_SITES= ${MASTER_SITE_PYPI:=a/aiohttp/} diff --git a/www/py-aiohttp/distinfo b/www/py-aiohttp/distinfo index 52078af5cc8..579815d81ba 100644 --- a/www/py-aiohttp/distinfo +++ b/www/py-aiohttp/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.45 2021/02/06 20:41:34 leot Exp $ +$NetBSD: distinfo,v 1.46 2021/02/26 06:21:51 adam Exp $ -SHA1 (aiohttp-3.7.3.tar.gz) = ddd0b02a9dbf2941a27bfab69a85d3c4e329f9c6 -RMD160 (aiohttp-3.7.3.tar.gz) = 8a50b3123a887a447fd806905d283c0a4f639762 -SHA512 (aiohttp-3.7.3.tar.gz) = d1dbbe3cbdeb1a460f5030a08a251a7bb7ae7ec038ca93ba5187b2da1fe21b80ed6513db647ef382d2d92a3d527a34dffbd37f51aa1e8b65bb36d517304b1812 -Size (aiohttp-3.7.3.tar.gz) = 1113127 bytes +SHA1 (aiohttp-3.7.4.tar.gz) = 06852c931a948aec395b76f9b1ebb0147aa79e89 +RMD160 (aiohttp-3.7.4.tar.gz) = 8193c0094d30fb421e41f7149768a4cf20a18954 +SHA512 (aiohttp-3.7.4.tar.gz) = 66fcc837b388020dc998cbaa2db31e48ecec75bcfaa8af9108e2ea265588dafa5684ca96a8fe3ad6759b22e09a4ae6d4efd8653fb76126eccdc826c15cbbe2e6 +Size (aiohttp-3.7.4.tar.gz) = 1114533 bytes SHA1 (patch-setup.py) = dca26da1bc74fd13a127cde3751778b5aadd2eaa |