package/python3-urllib: security bump to version 1.24.3

Fixes the following security vulnerability: CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-28 10:27:16 +02:00 · 2019-08-28 10:27:16 +02:00 · 86f86a724b
commit 86f86a724b
parent 99468e399d
2 changed files with 4 additions and 4 deletions
--- a/package/python-urllib3/python-urllib3.hash
+++ b/package/python-urllib3/python-urllib3.hash
@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/urllib3/json
-md5	20bb5a170a534bd0acd98bfc007fcc22  urllib3-1.24.2.tar.gz
-sha256	9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3  urllib3-1.24.2.tar.gz
+md5	1efcddca675b80f3ac110439921fc66b  urllib3-1.24.3.tar.gz
+sha256	2393a695cd12afedd0dcb26fe5d50d0cf248e5a66f75dbd89a3d4eb333a61af4  urllib3-1.24.3.tar.gz
 # Locally computed sha256 checksums
 sha256	11db569430ca5ad793f1399297b8df5041a22137abaf90642ea71da21d59121c  LICENSE.txt
--- a/package/python-urllib3/python-urllib3.mk
+++ b/package/python-urllib3/python-urllib3.mk
@ -4,9 +4,9 @@
 #
 ################################################################################

-PYTHON_URLLIB3_VERSION = 1.24.2
+PYTHON_URLLIB3_VERSION = 1.24.3
 PYTHON_URLLIB3_SOURCE = urllib3-$(PYTHON_URLLIB3_VERSION).tar.gz
-PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/fd/fa/b21f4f03176463a6cccdb612a5ff71b927e5224e83483012747c12fc5d62
+PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/8a/3c/1bb7ef6c435dea026f06ed9f3ba16aa93f9f4f5d3857a51a35dfa00882f1
 PYTHON_URLLIB3_LICENSE = MIT
 PYTHON_URLLIB3_LICENSE_FILES = LICENSE.txt
 PYTHON_URLLIB3_SETUP_TYPE = setuptools