Sync from SUSE:SLFO:Main python-aiohttp revision ba75aecd6b8051180d6664ea77ef56ad

This commit is contained in:
Adrian Schröter 2024-09-06 15:29:52 +02:00
parent 684df13196
commit f0432db1fd
5 changed files with 350 additions and 97 deletions

View File

@ -1,65 +0,0 @@
From f984bea2a14c11cb5560aa02263126ed5e1d68bc Mon Sep 17 00:00:00 2001
From: Daniel Garcia Moreno <daniel.garcia@suse.com>
Date: Wed, 26 Apr 2023 09:27:18 +0200
Subject: [PATCH] Update update_query calls to work with latest yarl
This patch pass "{}" when params is "None" to the url.update_query to
avoid setting the url params to None.
Related to this change in yarl:
https://github.com/aio-libs/yarl/commit/dd86b3435093b9ca251ecb7831346b92a3f16b25
Fix https://github.com/aio-libs/aiohttp/issues/7259
---
aiohttp/client.py | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Index: aiohttp-3.8.4/aiohttp/client.py
===================================================================
--- aiohttp-3.8.4.orig/aiohttp/client.py
+++ aiohttp-3.8.4/aiohttp/client.py
@@ -460,7 +460,7 @@ class ClientSession:
]
for trace in traces:
- await trace.send_request_start(method, url.update_query(params), headers)
+ await trace.send_request_start(method, url.update_query(params or {}), headers)
timer = tm.timer()
try:
@@ -578,7 +578,7 @@ class ClientSession:
for trace in traces:
await trace.send_request_redirect(
- method, url.update_query(params), headers, resp
+ method, url.update_query(params or {}), headers, resp
)
redirects += 1
@@ -630,7 +630,7 @@ class ClientSession:
headers.pop(hdrs.AUTHORIZATION, None)
url = parsed_url
- params = None
+ params = {}
resp.release()
continue
@@ -653,7 +653,7 @@ class ClientSession:
for trace in traces:
await trace.send_request_end(
- method, url.update_query(params), headers, resp
+ method, url.update_query(params or {}), headers, resp
)
return resp
@@ -666,7 +666,7 @@ class ClientSession:
for trace in traces:
await trace.send_request_exception(
- method, url.update_query(params), headers, e
+ method, url.update_query(params or {}), headers, e
)
raise

BIN
aiohttp-3.10.5.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

BIN
aiohttp-3.8.5.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,3 +1,322 @@
-------------------------------------------------------------------
Tue Aug 20 06:48:08 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
e Update to 3.10.5:
* Fixed aiohttp.ClientResponse.json() not setting status when
aiohttp.ContentTypeError is raised
* Improved performance of the WebSocket reader
* Fixed decoding base64 chunk in BodyPartReader
* Fixed a race closing the server-side WebSocket where the close code would
not reach the client
* Fixed unconsumed exceptions raised by the WebSocket heartbeat
* Fixed an edge case in the Python parser when chunk separators happen to
align with network chunks
* Fixed multipart reading when stream buffer splits the boundary over
several read() calls
* Fixed aiohttp.TCPConnector doing blocking I/O in the event loop to create
the SSLContext
* Improved performance of aiohttp.ClientWebSocketResponse.receive and
aiohttp.web.WebSocketResponse.receive when there is no timeout.
* Improved performance of starting request handlers with Python 3.12+
* Improved performance of HTTP keep-alive checks
* Fixed server checks for circular symbolic links to be compatible with
Python 3.13
* Fixed request body not being read when ignoring an Upgrade request
* Fixed an edge case where shutdown would wait for timeout when the handler
was already completed
* Fixed connecting to npipe://, tcp://, and unix:// urls
* Fixed WebSocket ping tasks being prematurely garbage collected
* Fixed incorrectly following symlinks for compressed file variants
(bsc#1229226, CVE-2024-42367)
* Fixed monkey patches for Path.stat() and Path.is_dir() for Python 3.13
compatibility
* Fixed url dispatcher index not matching when a variable is preceded by a
fixed string after a slash
* Fixed server response headers for Content-Type and Content-Encoding for
static compressed files
* Fixed duplicate cookie expiration calls in the CookieJar implementation
* Adjusted FileResponse to check file existence and access when preparing
the response
* Fixed AsyncResolver to match ThreadedResolver behavior
* Fixed ws_connect not respecting receive_timeout on WS(S) connection.
* Removed blocking I/O in the event loop for static resources and refactored
exception handling
* Added a Request.wait_for_disconnection() method, as means of allowing
request handlers to be notified of premature client disconnections.
* Separated connection and socket timeout errors, from ServerTimeoutError.
* The shutdown logic in 3.9 waited on all tasks, which caused issues with
some libraries.
* When using Python 3.12 or later, the writer is no longer scheduled on the
event loop if it can finish synchronously.
* Restored aiohttp.resolver.AsyncResolver to be the default resolver.
- Drop patch remove-re-assert.patch, add BuildRequires on it.
-------------------------------------------------------------------
Wed May 29 13:46:54 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Skip test failing with pytest 8, upstream is on it
* https://github.com/aio-libs/aiohttp/issues/8234
- Also un-skip some of the no-longer-failing tests
-------------------------------------------------------------------
Sat Apr 20 13:59:35 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 3.9.5:
* Fixed "Unclosed client session" when initialization of
:py:class:`~aiohttp.ClientSession` fails
* Fixed regression (from :pr:`8280`) with adding Content-
Disposition to the form-data part after appending to writer
* Added default Content-Disposition in multipart/form-data
responses to avoid broken form-data responses
- from version 3.9.4
* The asynchronous internals now set the underlying causes when
assigning exceptions to the future objects
* Treated values of Accept-Encoding header as case-insensitive
when checking for gzip files
* Improved the DNS resolution performance on cache hit
* Changed the type annotations to allow dict on
:meth:`aiohttp.MultipartWriter.append`,
:meth:`aiohttp.MultipartWriter.append_json` and
:meth:`aiohttp.MultipartWriter.append_form` -- by
:user:`cakemanny` Related issues and pull requests on GitHub:
:issue:`7741`.
* Ensure websocket transport is closed when client does not
close it
* Leave websocket transport open if receive times out or is
cancelled
* Fixed content not being read when an upgrade request was not
supported with the pure Python implementation.
* Fixed a race condition with incoming connections during
server shutdown
* Fixed multipart/form-data compliance with RFC 7578
* Fixed blocking I/O in the event loop while processing files
in a POST request
* Escaped filenames in static view (bsc#1223098, CVE-2024-27306)
* Fixed the pure python parser to mark a connection as closing
when a response has no length
* Upgraded llhttp to 9.2.1, and started rejecting obsolete line
folding in Python parser to match
* Deprecated content_transfer_encoding parameter in
:py:meth:`FormData.add_field()
* Added a note about canceling tasks to avoid delaying server
shutdown
-------------------------------------------------------------------
Mon Mar 4 20:40:03 UTC 2024 - Ben Greiner <code@bnavigator.de>
- Don't test proxy functional: proxy.py is not maintained anymore
-------------------------------------------------------------------
Tue Jan 30 10:26:57 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.9.3
* Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter
when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``)
* Improved test suite handling of paths and temp files to consistently
use pathlib and pytest fixtures.
- from version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829)
* Fixed server-side websocket connection leak.
* Fixed ``web.FileResponse`` doing blocking I/O in the event loop.
* Fixed double compress when compression enabled and compressed file
exists in server file responses.
* Added runtime type check for ``ClientSession`` ``timeout`` parameter.
* Fixed an unhandled exception in the Python HTTP parser on header lines
starting with a colon.
* Improved validation of paths for static resources requests to the server.
* Added support for passing :py:data:`True` to ``ssl`` parameter in
``ClientSession`` while deprecating :py:data:`None`.
* Fixed an unhandled exception in the Python HTTP parser on header lines
starting with a colon.
* Fixed examples of ``fallback_charset_resolver`` function in the
:doc:`client_advanced` document.
* The Sphinx setup was updated to avoid showing the empty
changelog draft section in the tagged release documentation
builds on Read The Docs.
* The changelog categorization was made clearer. The contributors can
now mark their fragment files more accurately.
* Updated :ref:`contributing/Tests coverage <aiohttp-contributing>`
section to show how we use ``codecov``.
* Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite.
- Refresh patches for new version
* remove-re-assert.patch
-------------------------------------------------------------------
Fri Jan 26 08:02:10 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782
-------------------------------------------------------------------
Fri Dec 22 13:46:25 UTC 2023 - Ben Greiner <code@bnavigator.de>
- Fix pytest call
- Update requirements
-------------------------------------------------------------------
Mon Nov 27 15:22:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.9.1:
* Fixed importing aiohttp under PyPy on Windows.
* Fixed async concurrency safety in websocket compressor.
* Fixed ``ClientResponse.close()`` releasing the connection
instead of closing.
* Fixed a regression where connection may get closed during
upgrade. -- by :user:`Dreamsorcerer`
* Fixed messages being reported as upgraded without an Upgrade
header in Python parser. -- by :user:`Dreamsorcerer`
-------------------------------------------------------------------
Sat Nov 25 22:51:20 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082)
* Introduced ``AppKey`` for static typing support of
``Application`` storage.
* Added a graceful shutdown period which allows pending tasks
to complete before the application's cleanup is called.
* Added `handler_cancellation`_ parameter to cancel web handler on
client disconnection.
* This (optionally) reintroduces a feature removed in a
previous release.
* Recommended for those looking for an extra level of
protection against denial-of-service attacks.
* Added support for setting response header parameters
``max_line_size`` and ``max_field_size``.
* Added ``auto_decompress`` parameter to
``ClientSession.request`` to override
``ClientSession._auto_decompress``.
* Changed ``raise_for_status`` to allow a coroutine.
* Added client brotli compression support (optional with
runtime check).
* Added ``client_max_size`` to ``BaseRequest.clone()`` to allow
overriding the request body size. -- :user:`anesabml`.
* Added a middleware type alias
``aiohttp.typedefs.Middleware``.
* Exported ``HTTPMove`` which can be used to catch any
redirection request that has a location -- :user:`dreamsorcerer`.
* Changed the ``path`` parameter in ``web.run_app()`` to accept
a ``pathlib.Path`` object.
* Performance: Skipped filtering ``CookieJar`` when the jar is
empty or all cookies have expired.
* Performance: Only check origin if insecure scheme and there
are origins to treat as secure, in
``CookieJar.filter_cookies()``.
* Performance: Used timestamp instead of ``datetime`` to
achieve faster cookie expiration in ``CookieJar``.
* Added support for passing a custom server name parameter to
HTTPS connection.
* Added support for using Basic Auth credentials from
:file:`.netrc` file when making HTTP requests with the
* :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is
set to ``True``. -- by :user:`yuvipanda`.
* Turned access log into no-op when the logger is disabled.
* Added typing information to ``RawResponseMessage``. -- by
:user:`Gobot1234`
* Removed ``async-timeout`` for Python 3.11+ (replaced with
``asyncio.timeout()`` on newer releases).
* Added support for ``brotlicffi`` as an alternative to
``brotli`` (fixing Brotli support on PyPy).
* Added ``WebSocketResponse.get_extra_info()`` to access a
protocol transport's extra info.
* Allow ``link`` argument to be set to None/empty in HTTP 451
exception.
* Fixed client timeout not working when incoming data is always
available without waiting. -- by :user:`Dreamsorcerer`.
* Fixed ``readuntil`` to work with a delimiter of more than one
character.
* Added ``__repr__`` to ``EmptyStreamReader`` to avoid
``AttributeError``.
* Fixed bug when using ``TCPConnector`` with
``ttl_dns_cache=0``.
* Fixed response returned from expect handler being thrown
away. -- by :user:`Dreamsorcerer`
* Avoided raising ``UnicodeDecodeError`` in multipart and in
HTTP headers parsing.
* Changed ``sock_read`` timeout to start after writing has
finished, avoiding read timeouts caused by an unfinished
write. -- by :user:`dtrifiro`
* Fixed missing query in tracing method URLs when using
``yarl`` 1.9+.
* Changed max 32-bit timestamp to an aware datetime object, for
consistency with the non-32-bit one, and to avoid a
``DeprecationWarning`` on Python 3.12.
* Fixed ``EmptyStreamReader.iter_chunks()`` never ending.
* Fixed a rare ``RuntimeError: await wasn't used with future``
exception.
* Fixed issue with insufficient HTTP method and version
validation.
* Added check to validate that absolute URIs have schemes.
* Fixed unhandled exception when Python HTTP parser encounters
unpaired Unicode surrogates.
* Updated parser to disallow invalid characters in header field
names and stop accepting LF as a request line separator.
* Fixed Python HTTP parser not treating 204/304/1xx as an empty
body.
* Ensure empty body response for 1xx/204/304 per RFC 9112 sec
6.3.
* Fixed an issue when a client request is closed before
completing a chunked payload. -- by :user:`Dreamsorcerer`
* Edge Case Handling for ResponseParser for missing reason
value.
* Fixed ``ClientWebSocketResponse.close_code`` being
erroneously set to ``None`` when there are concurrent async
tasks receiving data and closing the connection.
* Added HTTP method validation.
* Fixed arbitrary sequence types being allowed to inject values
via version parameter. -- by :user:`Dreamsorcerer`
* Performance: Fixed increase in latency with small messages
from websocket compression changes.
* Improved Documentation
* Fixed the `ClientResponse.release`'s type in the doc. Changed
from `comethod` to `method`.
* Added information on behavior of base_url parameter in
`ClientSession`.
* Completed ``trust_env`` parameter description to honor
``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env.
* Dropped Python 3.6 support.
* Dropped Python 3.7 support. -- by :user:`Dreamsorcerer`
* Removed support for abandoned ``tokio`` event loop.
* Made ``print`` argument in ``run_app()`` optional.
* Improved performance of ``ceil_timeout`` in some cases.
* Changed importing Gunicorn to happen on-demand, decreasing
import time by ~53%. -- :user:`Dreamsorcerer`
* Improved import time by replacing ``http.server`` with
``http.HTTPStatus``.
* Fixed annotation of ``ssl`` parameter to disallow ``True``.
- drop Update-update_query-calls-to-work-with-latest-yarl.patch
(upstream)
-------------------------------------------------------------------
Tue Nov 7 11:52:54 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 3.8.6 (bsc#1217181, CVE-2023-47627):
* Security bugfixes
* Upgraded the vendored copy of llhttp_ to v9.1.3
* https://github.com/aio-libs/aiohttp/security/advisories/GHSA-
pjjw-qhg8-p2p9.
* Updated Python parser to comply with RFCs 9110/9112
* https://github.com/aio-libs/aiohttp/security/advisories/GHSA-
gfw2-4jvh-wgfg.
* Added ``fallback_charset_resolver`` parameter in
``ClientSession`` to allow a user-supplied
character set detection function.
Character set detection will no longer be included in 3.9 as
a default. If this feature is needed,
please use `fallback_charset_resolver
* Enabled lenient response parsing for more flexible parsing in
the client
* Fixed ``PermissionError`` when ``.netrc`` is unreadable due
to permissions.
* Fixed output of parsing errors
* Fixed ``GunicornWebWorker`` max_requests_jitter not working.
* Fixed sorting in ``filter_cookies`` to use cookie with
longest path.
* Fixed display of ``BadStatusLine`` messages from llhttp_.
-------------------------------------------------------------------
Sat Oct 14 17:27:26 UTC 2023 - Matej Cepl <mcepl@cepl.eu>
- Add remove-re-assert.patch, we really dont need beautifuly
presented exceptions for our testing; remove re-assert BR.
-------------------------------------------------------------------
Mon Sep 11 20:43:01 UTC 2023 - Dirk Müller <dmueller@suse.com>
@ -138,7 +457,7 @@ Sat Dec 11 19:18:47 UTC 2021 - Ben Greiner <code@bnavigator.de>
checks. #6276
* Added information on running complex applications with
additional tasks/processes -- :user:`Dreamsorcerer`. #6278
- Release 3.8.0 (2021-10-31)
- Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641)
* Features
* Added a GunicornWebWorker feature for extending the aiohttp
server configuration by allowing the 'wsgi' coroutine to return

View File

@ -1,7 +1,7 @@
#
# spec file for package python-aiohttp
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,28 +16,24 @@
#
%define skip_python2 1
# requires some unavailable modules
%bcond_with docs
%{?sle15_python_module_pythons}
Name: python-aiohttp
Version: 3.8.5
Version: 3.10.5
Release: 0
Summary: Asynchronous HTTP client/server framework
License: Apache-2.0
URL: https://github.com/aio-libs/aiohttp
Source: https://files.pythonhosted.org/packages/source/a/aiohttp/aiohttp-%{version}.tar.gz
# PATCH-FIX-UPSTREAM Update-update_query-calls-to-work-with-latest-yarl.patch gh#aio-libs/aiohttp#7260
Patch1: Update-update_query-calls-to-work-with-latest-yarl.patch
Requires: python-aiohappyeyeballs >= 2.3.0
Requires: python-aiosignal >= 1.1.2
Requires: python-attrs >= 17.3.0
Requires: python-frozenlist >= 1.1.1
%if 0%{?python_version_nodots} < 311
Requires: (python-async_timeout >= 4.0 with python-async_timeout < 5)
Requires: (python-asynctest = 0.13.0 if python-base < 3.8)
%endif
Requires: (python-charset-normalizer >= 2.0 with python-charset-normalizer < 4)
Requires: (python-idna_ssl >= 1.0 if python-base < 3.7)
Requires: (python-multidict >= 4.5 with python-multidict < 7)
Requires: (python-typing_extensions >= 3.7.4 if python-base < 3.8)
Requires: (python-yarl >= 1.0 with python-yarl < 2)
Recommends: python-Brotli
Recommends: python-aiodns
@ -45,24 +41,21 @@ Recommends: python-cChardet
Suggests: %{name}-doc
# SECTION build requirements
BuildRequires: %{python_module Cython}
BuildRequires: %{python_module devel >= 3.6}
BuildRequires: %{python_module devel >= 3.9}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes
BuildRequires: http-parser-devel
BuildRequires: python-rpm-macros
# /SECTION
# SECTION install requirements
BuildRequires: %{python_module aiohappyeyeballs >= 2.3.0}
BuildRequires: %{python_module aiosignal >= 1.1.2}
BuildRequires: %{python_module async_timeout >= 4.0 with %python-async_timeout < 5}
BuildRequires: %{python_module asynctest = 0.13.0 if %python-base < 3.8}
BuildRequires: %{python_module attrs >= 17.3.0}
BuildRequires: %{python_module charset-normalizer >= 2.0 with %python-charset-normalizer < 4}
BuildRequires: %{python_module frozenlist >= 1.1.1}
BuildRequires: %{python_module idna_ssl >= 1.0 if %python-base < 3.7}
BuildRequires: %{python_module multidict >= 4.5 with %python-multidict < 7}
BuildRequires: %{python_module typing_extensions >= 3.7.4 if %python-base < 3.8}
BuildRequires: %{python_module yarl >= 1.0 with %python-yarl < 2}
# /SECTION
# SECTION test requirements
@ -71,11 +64,12 @@ BuildRequires: %{python_module Brotli}
BuildRequires: %{python_module freezegun}
BuildRequires: %{python_module gunicorn}
BuildRequires: %{python_module pluggy}
BuildRequires: %{python_module proxy.py}
BuildRequires: %{python_module pytest >= 6.2.0}
BuildRequires: %{python_module pytest-mock}
BuildRequires: %{python_module pytest-timeout}
BuildRequires: %{python_module pytest-xdist}
BuildRequires: %{python_module re-assert}
BuildRequires: %{python_module time-machine}
BuildRequires: %{python_module trustme}
# /SECTION
# SECTION docs
@ -131,27 +125,32 @@ rm -r %{buildroot}%{$python_sitearch}/aiohttp/.hash
%check
donttest="test_aiohttp_request_coroutine or test_mark_formdata_as_processed or test_aiohttp_plugin_async or test_secure_https_proxy_absolute_path"
# no name resolution
donttest+=" or test_client_session_timeout_zero or test_requote_redirect_url_default"
donttest+=" or test_client_session_timeout_zero"
# flaky
donttest+=" or test_https_proxy_unsupported_tls_in_tls"
# not running under pytest ?!
donttest+=" or test_no_warnings"
%{python_expand # Does not work on python <= 3.6
if [ %{$python_version_nodots} -eq 36 ]; then
#See https://github.com/openSUSE/python-rpm-macros#flavor-expansion for an explanation of this hack
$python_donttest=" or test_read_boundary_with_incomplete_chunk"
fi
}
donttest+=" or test_shutdown_handler_cancellation_suppressed"
# raises not expected "ConnectionResetError" with openssl 3.2 and python < 3.11
donttest+=" or test_tcp_connector_raise_connector_ssl_error[pyloop]"
# fails with pytest 8 https://github.com/aio-libs/aiohttp/issues/8234
donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)"
# Disable DeprecationWarning to avoid error with the latest setuptools
# and pkg_resources deprecation
%pytest_arch tests -rsEf -k "not ($donttest ${$python_donttest})" -W ignore::DeprecationWarning
# requires python-on-whales
rm -v tests/autobahn/test_autobahn.py
# uses proxy.py which is not maintained anymore
rm -v tests/test_proxy_functional.py
# randomly fails on xdist splits
single_runs="(test_run_app or test_web_runner)"
# breaks without threading
single_runs+=" and not test_shutdown_handler_cancellation_suppressed"
test -d aiohttp && mv aiohttp aiohttp.bkp
%pytest_arch %{?jobs: -n %jobs} tests -k "not ($donttest or ${single_runs})"
%pytest_arch tests -k "${single_runs}"
%files %{python_files}
%license LICENSE.txt
%doc CHANGES.rst CONTRIBUTORS.txt README.rst
%{python_sitearch}/aiohttp
%{python_sitearch}/aiohttp-%{version}*-info
%{python_sitearch}/aiohttp-%{version}.dist-info
%if %{with docs}
%if 0%{?suse_version} > 1500