Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1614320512271630"
MIME-Version: 1.0
Date: Fri, 26 Feb 2021 06:21:52 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/www/py-aiohttp
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20210226062152.21B23FA95@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1614320512271630
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	adam
Date:		Fri Feb 26 06:21:52 UTC 2021

Modified Files:
	pkgsrc/www/py-aiohttp: Makefile distinfo

Log Message:
py-aiohttp: updated to 3.7.4

3.7.4 (2021-02-25)

Bugfixes

(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooĳ for reporting and tracking it down in aiohttp.

Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter.


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/www/py-aiohttp/Makefile
cvs rdiff -u -r1.45 -r1.46 pkgsrc/www/py-aiohttp/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1614320512271630
Content-Disposition: inline
Content-Length: 1721
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/py-aiohttp/Makefile
diff -u pkgsrc/www/py-aiohttp/Makefile:1.49 pkgsrc/www/py-aiohttp/Makefile:1.50
--- pkgsrc/www/py-aiohttp/Makefile:1.49	Sat Feb  6 20:41:34 2021
+++ pkgsrc/www/py-aiohttp/Makefile	Fri Feb 26 06:21:51 2021
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2021/02/06 20:41:34 leot Exp $
+# $NetBSD: Makefile,v 1.50 2021/02/26 06:21:51 adam Exp $
 
-DISTNAME=	aiohttp-3.7.3
+DISTNAME=	aiohttp-3.7.4
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=	2
 CATEGORIES=	www python
 MASTER_SITES=	${MASTER_SITE_PYPI:=a/aiohttp/}
 

Index: pkgsrc/www/py-aiohttp/distinfo
diff -u pkgsrc/www/py-aiohttp/distinfo:1.45 pkgsrc/www/py-aiohttp/distinfo:1.46
--- pkgsrc/www/py-aiohttp/distinfo:1.45	Sat Feb  6 20:41:34 2021
+++ pkgsrc/www/py-aiohttp/distinfo	Fri Feb 26 06:21:51 2021
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.45 2021/02/06 20:41:34 leot Exp $
+$NetBSD: distinfo,v 1.46 2021/02/26 06:21:51 adam Exp $
 
-SHA1 (aiohttp-3.7.3.tar.gz) = ddd0b02a9dbf2941a27bfab69a85d3c4e329f9c6
-RMD160 (aiohttp-3.7.3.tar.gz) = 8a50b3123a887a447fd806905d283c0a4f639762
-SHA512 (aiohttp-3.7.3.tar.gz) = d1dbbe3cbdeb1a460f5030a08a251a7bb7ae7ec038ca93ba5187b2da1fe21b80ed6513db647ef382d2d92a3d527a34dffbd37f51aa1e8b65bb36d517304b1812
-Size (aiohttp-3.7.3.tar.gz) = 1113127 bytes
+SHA1 (aiohttp-3.7.4.tar.gz) = 06852c931a948aec395b76f9b1ebb0147aa79e89
+RMD160 (aiohttp-3.7.4.tar.gz) = 8193c0094d30fb421e41f7149768a4cf20a18954
+SHA512 (aiohttp-3.7.4.tar.gz) = 66fcc837b388020dc998cbaa2db31e48ecec75bcfaa8af9108e2ea265588dafa5684ca96a8fe3ad6759b22e09a4ae6d4efd8653fb76126eccdc826c15cbbe2e6
+Size (aiohttp-3.7.4.tar.gz) = 1114533 bytes
 SHA1 (patch-setup.py) = dca26da1bc74fd13a127cde3751778b5aadd2eaa


--_----------=_1614320512271630--