Subject: CVS commit: pkgsrc/www/py-aiohttp
From: Adam Ciarcinski
Date: 2021-02-26 07:21:52
Message id: 20210226062152.21B23FA95@cvs.NetBSD.org

Log Message:
py-aiohttp: updated to 3.7.4

3.7.4 (2021-02-25)

Bugfixes

(SECURITY BUG) Started preventing open redirects in the \ 
aiohttp.web.normalize_path_middleware middleware. For more details, see \ 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

Thanks to Beast Glatisant for finding the first instance of this issue and \ 
Jelmer Vernooij for reporting and tracking it down in aiohttp.

Fix interpretation difference of the pure-Python and the Cython-based HTTP \ 
parsers construct a yarl.URL object for HTTP request-target.

Before this fix, the Python parser would turn the URI's absolute-path for \ 
//some-path into / while the Cython code preserved it as //some-path. Now, both \ 
do the latter.

Files:
RevisionActionfile
1.50modifypkgsrc/www/py-aiohttp/Makefile
1.46modifypkgsrc/www/py-aiohttp/distinfo