From c322da67ee86cdc387962d325f1cebb2bbd2a663 Mon Sep 17 00:00:00 2001 From: adam Date: Fri, 26 Feb 2021 06:21:51 +0000 Subject: py-aiohttp: updated to 3.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 3.7.4 (2021-02-25) Bugfixes (SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg. Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp. Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target. Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter. --- www/py-aiohttp/Makefile | 5 ++--- www/py-aiohttp/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'www') diff --git a/www/py-aiohttp/Makefile b/www/py-aiohttp/Makefile index 08a80bd236d..c3fa449ff69 100644 --- a/www/py-aiohttp/Makefile +++ b/www/py-aiohttp/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.49 2021/02/06 20:41:34 leot Exp $ +# $NetBSD: Makefile,v 1.50 2021/02/26 06:21:51 adam Exp $ -DISTNAME= aiohttp-3.7.3 +DISTNAME= aiohttp-3.7.4 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} -PKGREVISION= 2 CATEGORIES= www python MASTER_SITES= ${MASTER_SITE_PYPI:=a/aiohttp/} diff --git a/www/py-aiohttp/distinfo b/www/py-aiohttp/distinfo index 52078af5cc8..579815d81ba 100644 --- a/www/py-aiohttp/distinfo +++ b/www/py-aiohttp/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.45 2021/02/06 20:41:34 leot Exp $ +$NetBSD: distinfo,v 1.46 2021/02/26 06:21:51 adam Exp $ -SHA1 (aiohttp-3.7.3.tar.gz) = ddd0b02a9dbf2941a27bfab69a85d3c4e329f9c6 -RMD160 (aiohttp-3.7.3.tar.gz) = 8a50b3123a887a447fd806905d283c0a4f639762 -SHA512 (aiohttp-3.7.3.tar.gz) = d1dbbe3cbdeb1a460f5030a08a251a7bb7ae7ec038ca93ba5187b2da1fe21b80ed6513db647ef382d2d92a3d527a34dffbd37f51aa1e8b65bb36d517304b1812 -Size (aiohttp-3.7.3.tar.gz) = 1113127 bytes +SHA1 (aiohttp-3.7.4.tar.gz) = 06852c931a948aec395b76f9b1ebb0147aa79e89 +RMD160 (aiohttp-3.7.4.tar.gz) = 8193c0094d30fb421e41f7149768a4cf20a18954 +SHA512 (aiohttp-3.7.4.tar.gz) = 66fcc837b388020dc998cbaa2db31e48ecec75bcfaa8af9108e2ea265588dafa5684ca96a8fe3ad6759b22e09a4ae6d4efd8653fb76126eccdc826c15cbbe2e6 +Size (aiohttp-3.7.4.tar.gz) = 1114533 bytes SHA1 (patch-setup.py) = dca26da1bc74fd13a127cde3751778b5aadd2eaa -- cgit v1.2.3