[pkgsrc/trunk]: pkgsrc/www/py-aiohttp py-aiohttp: updated to 3.7.4

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/559ba195b330
branches:  trunk
changeset: 447770:559ba195b330
user:      adam <adam%pkgsrc.org@localhost>
date:      Fri Feb 26 06:21:51 2021 +0000

description:
py-aiohttp: updated to 3.7.4

3.7.4 (2021-02-25)

Bugfixes

(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.

Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp.

Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.

Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter.

diffstat:

 www/py-aiohttp/Makefile |   5 ++---
 www/py-aiohttp/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 8 deletions(-)

diffs (30 lines):

diff -r a76f4a5cd23d -r 559ba195b330 www/py-aiohttp/Makefile
--- a/www/py-aiohttp/Makefile   Fri Feb 26 06:21:04 2021 +0000
+++ b/www/py-aiohttp/Makefile   Fri Feb 26 06:21:51 2021 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2021/02/06 20:41:34 leot Exp $
+# $NetBSD: Makefile,v 1.50 2021/02/26 06:21:51 adam Exp $
 
-DISTNAME=      aiohttp-3.7.3
+DISTNAME=      aiohttp-3.7.4
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=   2
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=a/aiohttp/}
 
diff -r a76f4a5cd23d -r 559ba195b330 www/py-aiohttp/distinfo
--- a/www/py-aiohttp/distinfo   Fri Feb 26 06:21:04 2021 +0000
+++ b/www/py-aiohttp/distinfo   Fri Feb 26 06:21:51 2021 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.45 2021/02/06 20:41:34 leot Exp $
+$NetBSD: distinfo,v 1.46 2021/02/26 06:21:51 adam Exp $
 
-SHA1 (aiohttp-3.7.3.tar.gz) = ddd0b02a9dbf2941a27bfab69a85d3c4e329f9c6
-RMD160 (aiohttp-3.7.3.tar.gz) = 8a50b3123a887a447fd806905d283c0a4f639762
-SHA512 (aiohttp-3.7.3.tar.gz) = d1dbbe3cbdeb1a460f5030a08a251a7bb7ae7ec038ca93ba5187b2da1fe21b80ed6513db647ef382d2d92a3d527a34dffbd37f51aa1e8b65bb36d517304b1812
-Size (aiohttp-3.7.3.tar.gz) = 1113127 bytes
+SHA1 (aiohttp-3.7.4.tar.gz) = 06852c931a948aec395b76f9b1ebb0147aa79e89
+RMD160 (aiohttp-3.7.4.tar.gz) = 8193c0094d30fb421e41f7149768a4cf20a18954
+SHA512 (aiohttp-3.7.4.tar.gz) = 66fcc837b388020dc998cbaa2db31e48ecec75bcfaa8af9108e2ea265588dafa5684ca96a8fe3ad6759b22e09a4ae6d4efd8653fb76126eccdc826c15cbbe2e6
+Size (aiohttp-3.7.4.tar.gz) = 1114533 bytes
 SHA1 (patch-setup.py) = dca26da1bc74fd13a127cde3751778b5aadd2eaa