python3-aiohttp: fix CVE-2025-53643 and drop CVE-2024-42367 patch

- Fix CVE-2025-53643:
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and
Python. Prior to version 3.12.14, the Python parser is vulnerable to a
request smuggling vulnerability due to not parsing trailer sections of
an HTTP request. If a pure Python version of aiohttp is installed (i.e.
without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled,
then an attacker may be able to execute a request smuggling attack to
bypass certain firewalls or proxy protections. Version 3.12.14 contains
a patch for this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-53643

- Drop CVE-2024-42367.patch:
According to upstream discussion and advisory [1][2], aiohttp 3.8.6 is
not affected by CVE-2024-42367, and the patch is therefore no longer
needed.

[1] https://github.com/advisories/GHSA-jwhx-xcg6-8xhj
[2] https://github.com/aio-libs/aiohttp/issues/11149

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb

@@ -10,7 +10,7 @@ SRC_URI += "file://CVE-2024-23334.patch \
             file://CVE-2024-52304.patch \
             file://CVE-2023-49082.patch \
             file://CVE-2024-27306.patch \
-            file://CVE-2024-42367.patch \
+            file://CVE-2025-53643.patch \
            "
 
 SRC_URI[sha256sum] = "b0cf2a4501bff9330a8a5248b4ce951851e415bdcce9dc158e76cfd55e15085c"