CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2025/12/06 06:02:42
Modified files:
www/py-urllib3 : Makefile distinfo
Added files:
www/py-urllib3/patches: patch-src_urllib3_response_py
patch-test_test_response_py
Log message:
update to py3-urllib3-1.26.20
also add backported patch from 2.6.0 to fix potential DoS where an attacker
could compose an HTTP response with virtually unlimited links in the
Content-Encoding header
https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
(the patch to mitigate decompression bombs - GHSA-2xpw-w6gg-jr37,
https://github.com/urllib3/urllib3/commit/c19571de34c47de - is less practical
to backport and not included here).
