diff --git a/Update-update_query-calls-to-work-with-latest-yarl.patch b/Update-update_query-calls-to-work-with-latest-yarl.patch deleted file mode 100644 index aed9139..0000000 --- a/Update-update_query-calls-to-work-with-latest-yarl.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f984bea2a14c11cb5560aa02263126ed5e1d68bc Mon Sep 17 00:00:00 2001 -From: Daniel Garcia Moreno -Date: Wed, 26 Apr 2023 09:27:18 +0200 -Subject: [PATCH] Update update_query calls to work with latest yarl - -This patch pass "{}" when params is "None" to the url.update_query to -avoid setting the url params to None. - -Related to this change in yarl: -https://github.com/aio-libs/yarl/commit/dd86b3435093b9ca251ecb7831346b92a3f16b25 - -Fix https://github.com/aio-libs/aiohttp/issues/7259 ---- - aiohttp/client.py | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -Index: aiohttp-3.8.4/aiohttp/client.py -=================================================================== ---- aiohttp-3.8.4.orig/aiohttp/client.py -+++ aiohttp-3.8.4/aiohttp/client.py -@@ -460,7 +460,7 @@ class ClientSession: - ] - - for trace in traces: -- await trace.send_request_start(method, url.update_query(params), headers) -+ await trace.send_request_start(method, url.update_query(params or {}), headers) - - timer = tm.timer() - try: -@@ -578,7 +578,7 @@ class ClientSession: - - for trace in traces: - await trace.send_request_redirect( -- method, url.update_query(params), headers, resp -+ method, url.update_query(params or {}), headers, resp - ) - - redirects += 1 -@@ -630,7 +630,7 @@ class ClientSession: - headers.pop(hdrs.AUTHORIZATION, None) - - url = parsed_url -- params = None -+ params = {} - resp.release() - continue - -@@ -653,7 +653,7 @@ class ClientSession: - - for trace in traces: - await trace.send_request_end( -- method, url.update_query(params), headers, resp -+ method, url.update_query(params or {}), headers, resp - ) - return resp - -@@ -666,7 +666,7 @@ class ClientSession: - - for trace in traces: - await trace.send_request_exception( -- method, url.update_query(params), headers, e -+ method, url.update_query(params or {}), headers, e - ) - raise - diff --git a/aiohttp-3.10.5.tar.gz b/aiohttp-3.10.5.tar.gz new file mode 100644 index 0000000..bad3bb9 --- /dev/null +++ b/aiohttp-3.10.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f071854b47d39591ce9a17981c46790acb30518e2f83dfca8db2dfa091178691 +size 7524360 diff --git a/aiohttp-3.8.5.tar.gz b/aiohttp-3.8.5.tar.gz deleted file mode 100644 index e3d1b9b..0000000 --- a/aiohttp-3.8.5.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b9552ec52cc147dbf1944ac7ac98af7602e51ea2dcd076ed194ca3c0d1c7d0bc -size 7358303 diff --git a/python-aiohttp.changes b/python-aiohttp.changes index aadf8a0..e814f3d 100644 --- a/python-aiohttp.changes +++ b/python-aiohttp.changes @@ -1,3 +1,322 @@ +------------------------------------------------------------------- +Tue Aug 20 06:48:08 UTC 2024 - Steve Kowalik + +e Update to 3.10.5: + * Fixed aiohttp.ClientResponse.json() not setting status when + aiohttp.ContentTypeError is raised + * Improved performance of the WebSocket reader + * Fixed decoding base64 chunk in BodyPartReader + * Fixed a race closing the server-side WebSocket where the close code would + not reach the client + * Fixed unconsumed exceptions raised by the WebSocket heartbeat + * Fixed an edge case in the Python parser when chunk separators happen to + align with network chunks + * Fixed multipart reading when stream buffer splits the boundary over + several read() calls + * Fixed aiohttp.TCPConnector doing blocking I/O in the event loop to create + the SSLContext + * Improved performance of aiohttp.ClientWebSocketResponse.receive and + aiohttp.web.WebSocketResponse.receive when there is no timeout. + * Improved performance of starting request handlers with Python 3.12+ + * Improved performance of HTTP keep-alive checks + * Fixed server checks for circular symbolic links to be compatible with + Python 3.13 + * Fixed request body not being read when ignoring an Upgrade request + * Fixed an edge case where shutdown would wait for timeout when the handler + was already completed + * Fixed connecting to npipe://, tcp://, and unix:// urls + * Fixed WebSocket ping tasks being prematurely garbage collected + * Fixed incorrectly following symlinks for compressed file variants + (bsc#1229226, CVE-2024-42367) + * Fixed monkey patches for Path.stat() and Path.is_dir() for Python 3.13 + compatibility + * Fixed url dispatcher index not matching when a variable is preceded by a + fixed string after a slash + * Fixed server response headers for Content-Type and Content-Encoding for + static compressed files + * Fixed duplicate cookie expiration calls in the CookieJar implementation + * Adjusted FileResponse to check file existence and access when preparing + the response + * Fixed AsyncResolver to match ThreadedResolver behavior + * Fixed ws_connect not respecting receive_timeout on WS(S) connection. + * Removed blocking I/O in the event loop for static resources and refactored + exception handling + * Added a Request.wait_for_disconnection() method, as means of allowing + request handlers to be notified of premature client disconnections. + * Separated connection and socket timeout errors, from ServerTimeoutError. + * The shutdown logic in 3.9 waited on all tasks, which caused issues with + some libraries. + * When using Python 3.12 or later, the writer is no longer scheduled on the + event loop if it can finish synchronously. + * Restored aiohttp.resolver.AsyncResolver to be the default resolver. +- Drop patch remove-re-assert.patch, add BuildRequires on it. + +------------------------------------------------------------------- +Wed May 29 13:46:54 UTC 2024 - Markéta Machová + +- Skip test failing with pytest 8, upstream is on it + * https://github.com/aio-libs/aiohttp/issues/8234 +- Also un-skip some of the no-longer-failing tests + +------------------------------------------------------------------- +Sat Apr 20 13:59:35 UTC 2024 - Dirk Müller + +- update to 3.9.5: + * Fixed "Unclosed client session" when initialization of + :py:class:`~aiohttp.ClientSession` fails + * Fixed regression (from :pr:`8280`) with adding Content- + Disposition to the form-data part after appending to writer + * Added default Content-Disposition in multipart/form-data + responses to avoid broken form-data responses +- from version 3.9.4 + * The asynchronous internals now set the underlying causes when + assigning exceptions to the future objects + * Treated values of Accept-Encoding header as case-insensitive + when checking for gzip files + * Improved the DNS resolution performance on cache hit + * Changed the type annotations to allow dict on + :meth:`aiohttp.MultipartWriter.append`, + :meth:`aiohttp.MultipartWriter.append_json` and + :meth:`aiohttp.MultipartWriter.append_form` -- by + :user:`cakemanny` Related issues and pull requests on GitHub: + :issue:`7741`. + * Ensure websocket transport is closed when client does not + close it + * Leave websocket transport open if receive times out or is + cancelled + * Fixed content not being read when an upgrade request was not + supported with the pure Python implementation. + * Fixed a race condition with incoming connections during + server shutdown + * Fixed multipart/form-data compliance with RFC 7578 + * Fixed blocking I/O in the event loop while processing files + in a POST request + * Escaped filenames in static view (bsc#1223098, CVE-2024-27306) + * Fixed the pure python parser to mark a connection as closing + when a response has no length + * Upgraded llhttp to 9.2.1, and started rejecting obsolete line + folding in Python parser to match + * Deprecated content_transfer_encoding parameter in + :py:meth:`FormData.add_field() + * Added a note about canceling tasks to avoid delaying server + shutdown + +------------------------------------------------------------------- +Mon Mar 4 20:40:03 UTC 2024 - Ben Greiner + +- Don't test proxy functional: proxy.py is not maintained anymore + +------------------------------------------------------------------- +Tue Jan 30 10:26:57 UTC 2024 - John Paul Adrian Glaubitz + +- Update to version 3.9.3 + * Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter + when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``) + * Improved test suite handling of paths and temp files to consistently + use pathlib and pytest fixtures. +- from version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829) + * Fixed server-side websocket connection leak. + * Fixed ``web.FileResponse`` doing blocking I/O in the event loop. + * Fixed double compress when compression enabled and compressed file + exists in server file responses. + * Added runtime type check for ``ClientSession`` ``timeout`` parameter. + * Fixed an unhandled exception in the Python HTTP parser on header lines + starting with a colon. + * Improved validation of paths for static resources requests to the server. + * Added support for passing :py:data:`True` to ``ssl`` parameter in + ``ClientSession`` while deprecating :py:data:`None`. + * Fixed an unhandled exception in the Python HTTP parser on header lines + starting with a colon. + * Fixed examples of ``fallback_charset_resolver`` function in the + :doc:`client_advanced` document. + * The Sphinx setup was updated to avoid showing the empty + changelog draft section in the tagged release documentation + builds on Read The Docs. + * The changelog categorization was made clearer. The contributors can + now mark their fragment files more accurately. + * Updated :ref:`contributing/Tests coverage ` + section to show how we use ``codecov``. + * Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite. +- Refresh patches for new version + * remove-re-assert.patch + +------------------------------------------------------------------- +Fri Jan 26 08:02:10 UTC 2024 - Daniel Garcia + +- Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782 + +------------------------------------------------------------------- +Fri Dec 22 13:46:25 UTC 2023 - Ben Greiner + +- Fix pytest call +- Update requirements + +------------------------------------------------------------------- +Mon Nov 27 15:22:11 UTC 2023 - Dirk Müller + +- update to 3.9.1: + * Fixed importing aiohttp under PyPy on Windows. + * Fixed async concurrency safety in websocket compressor. + * Fixed ``ClientResponse.close()`` releasing the connection + instead of closing. + * Fixed a regression where connection may get closed during + upgrade. -- by :user:`Dreamsorcerer` + * Fixed messages being reported as upgraded without an Upgrade + header in Python parser. -- by :user:`Dreamsorcerer` + +------------------------------------------------------------------- +Sat Nov 25 22:51:20 UTC 2023 - Dirk Müller + +- update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082) + * Introduced ``AppKey`` for static typing support of + ``Application`` storage. + * Added a graceful shutdown period which allows pending tasks + to complete before the application's cleanup is called. + * Added `handler_cancellation`_ parameter to cancel web handler on + client disconnection. + * This (optionally) reintroduces a feature removed in a + previous release. + * Recommended for those looking for an extra level of + protection against denial-of-service attacks. + * Added support for setting response header parameters + ``max_line_size`` and ``max_field_size``. + * Added ``auto_decompress`` parameter to + ``ClientSession.request`` to override + ``ClientSession._auto_decompress``. + * Changed ``raise_for_status`` to allow a coroutine. + * Added client brotli compression support (optional with + runtime check). + * Added ``client_max_size`` to ``BaseRequest.clone()`` to allow + overriding the request body size. -- :user:`anesabml`. + * Added a middleware type alias + ``aiohttp.typedefs.Middleware``. + * Exported ``HTTPMove`` which can be used to catch any + redirection request that has a location -- :user:`dreamsorcerer`. + * Changed the ``path`` parameter in ``web.run_app()`` to accept + a ``pathlib.Path`` object. + * Performance: Skipped filtering ``CookieJar`` when the jar is + empty or all cookies have expired. + * Performance: Only check origin if insecure scheme and there + are origins to treat as secure, in + ``CookieJar.filter_cookies()``. + * Performance: Used timestamp instead of ``datetime`` to + achieve faster cookie expiration in ``CookieJar``. + * Added support for passing a custom server name parameter to + HTTPS connection. + * Added support for using Basic Auth credentials from + :file:`.netrc` file when making HTTP requests with the + * :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is + set to ``True``. -- by :user:`yuvipanda`. + * Turned access log into no-op when the logger is disabled. + * Added typing information to ``RawResponseMessage``. -- by + :user:`Gobot1234` + * Removed ``async-timeout`` for Python 3.11+ (replaced with + ``asyncio.timeout()`` on newer releases). + * Added support for ``brotlicffi`` as an alternative to + ``brotli`` (fixing Brotli support on PyPy). + * Added ``WebSocketResponse.get_extra_info()`` to access a + protocol transport's extra info. + * Allow ``link`` argument to be set to None/empty in HTTP 451 + exception. + * Fixed client timeout not working when incoming data is always + available without waiting. -- by :user:`Dreamsorcerer`. + * Fixed ``readuntil`` to work with a delimiter of more than one + character. + * Added ``__repr__`` to ``EmptyStreamReader`` to avoid + ``AttributeError``. + * Fixed bug when using ``TCPConnector`` with + ``ttl_dns_cache=0``. + * Fixed response returned from expect handler being thrown + away. -- by :user:`Dreamsorcerer` + * Avoided raising ``UnicodeDecodeError`` in multipart and in + HTTP headers parsing. + * Changed ``sock_read`` timeout to start after writing has + finished, avoiding read timeouts caused by an unfinished + write. -- by :user:`dtrifiro` + * Fixed missing query in tracing method URLs when using + ``yarl`` 1.9+. + * Changed max 32-bit timestamp to an aware datetime object, for + consistency with the non-32-bit one, and to avoid a + ``DeprecationWarning`` on Python 3.12. + * Fixed ``EmptyStreamReader.iter_chunks()`` never ending. + * Fixed a rare ``RuntimeError: await wasn't used with future`` + exception. + * Fixed issue with insufficient HTTP method and version + validation. + * Added check to validate that absolute URIs have schemes. + * Fixed unhandled exception when Python HTTP parser encounters + unpaired Unicode surrogates. + * Updated parser to disallow invalid characters in header field + names and stop accepting LF as a request line separator. + * Fixed Python HTTP parser not treating 204/304/1xx as an empty + body. + * Ensure empty body response for 1xx/204/304 per RFC 9112 sec + 6.3. + * Fixed an issue when a client request is closed before + completing a chunked payload. -- by :user:`Dreamsorcerer` + * Edge Case Handling for ResponseParser for missing reason + value. + * Fixed ``ClientWebSocketResponse.close_code`` being + erroneously set to ``None`` when there are concurrent async + tasks receiving data and closing the connection. + * Added HTTP method validation. + * Fixed arbitrary sequence types being allowed to inject values + via version parameter. -- by :user:`Dreamsorcerer` + * Performance: Fixed increase in latency with small messages + from websocket compression changes. + * Improved Documentation + * Fixed the `ClientResponse.release`'s type in the doc. Changed + from `comethod` to `method`. + * Added information on behavior of base_url parameter in + `ClientSession`. + * Completed ``trust_env`` parameter description to honor + ``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env. + * Dropped Python 3.6 support. + * Dropped Python 3.7 support. -- by :user:`Dreamsorcerer` + * Removed support for abandoned ``tokio`` event loop. + * Made ``print`` argument in ``run_app()`` optional. + * Improved performance of ``ceil_timeout`` in some cases. + * Changed importing Gunicorn to happen on-demand, decreasing + import time by ~53%. -- :user:`Dreamsorcerer` + * Improved import time by replacing ``http.server`` with + ``http.HTTPStatus``. + * Fixed annotation of ``ssl`` parameter to disallow ``True``. +- drop Update-update_query-calls-to-work-with-latest-yarl.patch + (upstream) + +------------------------------------------------------------------- +Tue Nov 7 11:52:54 UTC 2023 - Dirk Müller + +- update to 3.8.6 (bsc#1217181, CVE-2023-47627): + * Security bugfixes + * Upgraded the vendored copy of llhttp_ to v9.1.3 + * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- + pjjw-qhg8-p2p9. + * Updated Python parser to comply with RFCs 9110/9112 + * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- + gfw2-4jvh-wgfg. + * Added ``fallback_charset_resolver`` parameter in + ``ClientSession`` to allow a user-supplied + character set detection function. + Character set detection will no longer be included in 3.9 as + a default. If this feature is needed, + please use `fallback_charset_resolver + * Enabled lenient response parsing for more flexible parsing in + the client + * Fixed ``PermissionError`` when ``.netrc`` is unreadable due + to permissions. + * Fixed output of parsing errors + * Fixed ``GunicornWebWorker`` max_requests_jitter not working. + * Fixed sorting in ``filter_cookies`` to use cookie with + longest path. + * Fixed display of ``BadStatusLine`` messages from llhttp_. + +------------------------------------------------------------------- +Sat Oct 14 17:27:26 UTC 2023 - Matej Cepl + +- Add remove-re-assert.patch, we really don’t need beautifuly + presented exceptions for our testing; remove re-assert BR. + ------------------------------------------------------------------- Mon Sep 11 20:43:01 UTC 2023 - Dirk Müller @@ -138,7 +457,7 @@ Sat Dec 11 19:18:47 UTC 2021 - Ben Greiner checks. #6276 * Added information on running complex applications with additional tasks/processes -- :user:`Dreamsorcerer`. #6278 -- Release 3.8.0 (2021-10-31) +- Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641) * Features * Added a GunicornWebWorker feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return diff --git a/python-aiohttp.spec b/python-aiohttp.spec index 4d20466..f942d4e 100644 --- a/python-aiohttp.spec +++ b/python-aiohttp.spec @@ -1,7 +1,7 @@ # # spec file for package python-aiohttp # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,28 +16,24 @@ # -%define skip_python2 1 -# requires some unavailable modules %bcond_with docs %{?sle15_python_module_pythons} Name: python-aiohttp -Version: 3.8.5 +Version: 3.10.5 Release: 0 Summary: Asynchronous HTTP client/server framework License: Apache-2.0 URL: https://github.com/aio-libs/aiohttp Source: https://files.pythonhosted.org/packages/source/a/aiohttp/aiohttp-%{version}.tar.gz -# PATCH-FIX-UPSTREAM Update-update_query-calls-to-work-with-latest-yarl.patch gh#aio-libs/aiohttp#7260 -Patch1: Update-update_query-calls-to-work-with-latest-yarl.patch +Requires: python-aiohappyeyeballs >= 2.3.0 Requires: python-aiosignal >= 1.1.2 Requires: python-attrs >= 17.3.0 Requires: python-frozenlist >= 1.1.1 +%if 0%{?python_version_nodots} < 311 Requires: (python-async_timeout >= 4.0 with python-async_timeout < 5) -Requires: (python-asynctest = 0.13.0 if python-base < 3.8) +%endif Requires: (python-charset-normalizer >= 2.0 with python-charset-normalizer < 4) -Requires: (python-idna_ssl >= 1.0 if python-base < 3.7) Requires: (python-multidict >= 4.5 with python-multidict < 7) -Requires: (python-typing_extensions >= 3.7.4 if python-base < 3.8) Requires: (python-yarl >= 1.0 with python-yarl < 2) Recommends: python-Brotli Recommends: python-aiodns @@ -45,24 +41,21 @@ Recommends: python-cChardet Suggests: %{name}-doc # SECTION build requirements BuildRequires: %{python_module Cython} -BuildRequires: %{python_module devel >= 3.6} +BuildRequires: %{python_module devel >= 3.9} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} BuildRequires: fdupes -BuildRequires: http-parser-devel BuildRequires: python-rpm-macros # /SECTION # SECTION install requirements +BuildRequires: %{python_module aiohappyeyeballs >= 2.3.0} BuildRequires: %{python_module aiosignal >= 1.1.2} BuildRequires: %{python_module async_timeout >= 4.0 with %python-async_timeout < 5} -BuildRequires: %{python_module asynctest = 0.13.0 if %python-base < 3.8} BuildRequires: %{python_module attrs >= 17.3.0} BuildRequires: %{python_module charset-normalizer >= 2.0 with %python-charset-normalizer < 4} BuildRequires: %{python_module frozenlist >= 1.1.1} -BuildRequires: %{python_module idna_ssl >= 1.0 if %python-base < 3.7} BuildRequires: %{python_module multidict >= 4.5 with %python-multidict < 7} -BuildRequires: %{python_module typing_extensions >= 3.7.4 if %python-base < 3.8} BuildRequires: %{python_module yarl >= 1.0 with %python-yarl < 2} # /SECTION # SECTION test requirements @@ -71,11 +64,12 @@ BuildRequires: %{python_module Brotli} BuildRequires: %{python_module freezegun} BuildRequires: %{python_module gunicorn} BuildRequires: %{python_module pluggy} -BuildRequires: %{python_module proxy.py} BuildRequires: %{python_module pytest >= 6.2.0} BuildRequires: %{python_module pytest-mock} BuildRequires: %{python_module pytest-timeout} +BuildRequires: %{python_module pytest-xdist} BuildRequires: %{python_module re-assert} +BuildRequires: %{python_module time-machine} BuildRequires: %{python_module trustme} # /SECTION # SECTION docs @@ -131,27 +125,32 @@ rm -r %{buildroot}%{$python_sitearch}/aiohttp/.hash %check donttest="test_aiohttp_request_coroutine or test_mark_formdata_as_processed or test_aiohttp_plugin_async or test_secure_https_proxy_absolute_path" # no name resolution -donttest+=" or test_client_session_timeout_zero or test_requote_redirect_url_default" +donttest+=" or test_client_session_timeout_zero" # flaky donttest+=" or test_https_proxy_unsupported_tls_in_tls" -# not running under pytest ?! -donttest+=" or test_no_warnings" -%{python_expand # Does not work on python <= 3.6 -if [ %{$python_version_nodots} -eq 36 ]; then - #See https://github.com/openSUSE/python-rpm-macros#flavor-expansion for an explanation of this hack - $python_donttest=" or test_read_boundary_with_incomplete_chunk" -fi -} +donttest+=" or test_shutdown_handler_cancellation_suppressed" +# raises not expected "ConnectionResetError" with openssl 3.2 and python < 3.11 +donttest+=" or test_tcp_connector_raise_connector_ssl_error[pyloop]" +# fails with pytest 8 https://github.com/aio-libs/aiohttp/issues/8234 +donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)" -# Disable DeprecationWarning to avoid error with the latest setuptools -# and pkg_resources deprecation -%pytest_arch tests -rsEf -k "not ($donttest ${$python_donttest})" -W ignore::DeprecationWarning +# requires python-on-whales +rm -v tests/autobahn/test_autobahn.py +# uses proxy.py which is not maintained anymore +rm -v tests/test_proxy_functional.py +# randomly fails on xdist splits +single_runs="(test_run_app or test_web_runner)" +# breaks without threading +single_runs+=" and not test_shutdown_handler_cancellation_suppressed" +test -d aiohttp && mv aiohttp aiohttp.bkp +%pytest_arch %{?jobs: -n %jobs} tests -k "not ($donttest or ${single_runs})" +%pytest_arch tests -k "${single_runs}" %files %{python_files} %license LICENSE.txt %doc CHANGES.rst CONTRIBUTORS.txt README.rst %{python_sitearch}/aiohttp -%{python_sitearch}/aiohttp-%{version}*-info +%{python_sitearch}/aiohttp-%{version}.dist-info %if %{with docs} %if 0%{?suse_version} > 1500