pool/python-aiohttp
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-main
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Steve Kowalik
b16665bdf7 - Update to 3.13.3: 
* Security
    + Brotli and brotlicffi minimum version is now 1.2. Decompression now has
      a default maximum output size of 32MiB per decompress call
      (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
    + Check for ASCII in header values
      (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
    + Forbid non-ASCII decimals in the Range header
      (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
    + Reject static URLs that traverse outside static root
      (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76)
    + Raise exceptions when processing a POST body
      (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23)
    + Enforce client_max_size over entire multipart form
      (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf)
    + Pause reading of chunks when it reaches a high water mark
      (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq)
    + Log only once per Cookie header
      (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g)
  * Bug fixes
    + Fixed proxy authorization headers not being passed when reusing a
      connection, which caused 407 (Proxy authentication required) errors
    + Fixed multipart reading failing when encountering an empty body part
    + Fixed a case where the parser wasn't raising an exception for a
      websocket continuation frame when there was no initial frame in context
  * Miscellaneous internal changes
    + Optimized web server performance when access logging is disabled by
      reducing time syscalls
    + Added regression test for cached logging status
- Refreshed patches fix-vendoring.patch
- Add patch remove-freethreading-cython-option.patch:
  * Drop newer Cython command line option.
 2026-01-28 16:02:27 +11:00
4 changed files with 33 additions and 5 deletions
Expand all files Collapse all files

6
python-aiohttp.changes
View File

@@ -1,5 +1,5 @@
-------------------------------------------------------------------
Fri Jan 9 01:40:14 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
Wed Jan 28 04:50:29 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 3.13.3:
* Security
@@ -30,7 +30,9 @@ Fri Jan 9 01:40:14 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
+ Optimized web server performance when access logging is disabled by
reducing time syscalls
+ Added regression test for cached logging status
- Refreshed patch fix-vendoring.patch
- Refreshed patches fix-vendoring.patch
- Add patch remove-freethreading-cython-option.patch:
* Drop newer Cython command line option.
-------------------------------------------------------------------
Fri Nov 14 03:13:57 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>

2
python-aiohttp.spec
View File

@@ -35,6 +35,8 @@ Patch0: test_no_warnings_fix.patch
Patch2: remove-zlib-ng-test-dep.patch
# PATCH-FIX-OPENSUSE fix-vendoring.patch
Patch3: fix-vendoring.patch
# PATCH-FIX-SLE Remove incompatible Cython command line argument
Patch4: remove-freethreading-cython-option.patch
Requires: python-aiohappyeyeballs >= 2.5.0
Requires: python-aiosignal >= 1.4
Requires: python-attrs >= 17.3.0

22
remove-freethreading-cython-option.patch Normal file
View File

@@ -0,0 +1,22 @@
Index: aiohttp-3.13.3/Makefile
===================================================================
--- aiohttp-3.13.3.orig/Makefile
+++ aiohttp-3.13.3/Makefile
@@ -57,14 +57,14 @@ aiohttp/_find_header.c: $(call to-hash,a
# Special case for reader since we want to be able to disable
# the extension with AIOHTTP_NO_EXTENSIONS
aiohttp/_websocket/reader_c.c: aiohttp/_websocket/reader_c.py
- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror
+ cython -3 -o $@ $< -I aiohttp -Werror
# _find_headers generator creates _headers.pyi as well
aiohttp/%.c: aiohttp/%.pyx $(call to-hash,$(CYS)) aiohttp/_find_header.c
- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror
+ cython -3 -o $@ $< -I aiohttp -Werror
aiohttp/_websocket/%.c: aiohttp/_websocket/%.pyx $(call to-hash,$(CYS))
- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror
+ cython -3 -o $@ $< -I aiohttp -Werror
vendor/llhttp/node_modules: vendor/llhttp/package.json
cd vendor/llhttp; npm ci

8
remove-zlib-ng-test-dep.patch
View File

@@ -1,6 +1,8 @@
--- a/tests/conftest.py.orig 2025-10-16 16:10:22.546232519 +0200
+++ a/tests/conftest.py 2025-10-16 16:10:30.949427637 +0200
@@ -336,7 +336,7 @@
Index: aiohttp-3.13.3/tests/conftest.py
===================================================================
--- aiohttp-3.13.3.orig/tests/conftest.py
+++ aiohttp-3.13.3/tests/conftest.py
@@ -381,7 +381,7 @@ def unused_port_socket() -> Generator[so
s.close()