Steve Kowalik
b16665bdf7
* Security
+ Brotli and brotlicffi minimum version is now 1.2. Decompression now has
a default maximum output size of 32MiB per decompress call
(bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
+ Check for ASCII in header values
(bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
+ Forbid non-ASCII decimals in the Range header
(bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
+ Reject static URLs that traverse outside static root
(bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76)
+ Raise exceptions when processing a POST body
(bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23)
+ Enforce client_max_size over entire multipart form
(bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf)
+ Pause reading of chunks when it reaches a high water mark
(bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq)
+ Log only once per Cookie header
(bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g)
* Bug fixes
+ Fixed proxy authorization headers not being passed when reusing a
connection, which caused 407 (Proxy authentication required) errors
+ Fixed multipart reading failing when encountering an empty body part
+ Fixed a case where the parser wasn't raising an exception for a
websocket continuation frame when there was no initial frame in context
* Miscellaneous internal changes
+ Optimized web server performance when access logging is disabled by
reducing time syscalls
+ Added regression test for cached logging status
- Refreshed patches fix-vendoring.patch
- Add patch remove-freethreading-cython-option.patch:
* Drop newer Cython command line option.
80 lines
2.3 KiB
Diff
80 lines
2.3 KiB
Diff
Index: aiohttp-3.13.3/Makefile
|
|
===================================================================
|
|
--- aiohttp-3.13.3.orig/Makefile
|
|
+++ aiohttp-3.13.3/Makefile
|
|
@@ -47,10 +47,8 @@ endif
|
|
.SECONDARY: $(call to-hash,$(ALLS))
|
|
|
|
.update-pip:
|
|
- @python -m pip install --upgrade pip
|
|
|
|
.install-cython: .update-pip $(call to-hash,requirements/cython.txt)
|
|
- @python -m pip install -r requirements/cython.in -c requirements/cython.txt
|
|
@touch .install-cython
|
|
|
|
aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py)
|
|
@@ -85,7 +83,6 @@ cythonize: .install-cython $(PYXS:.pyx=.
|
|
cythonize-nodeps: $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c
|
|
|
|
.install-deps: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c $(call to-hash,$(CYS) $(REQS))
|
|
- @python -m pip install -r requirements/dev.in -c requirements/dev.txt
|
|
@touch .install-deps
|
|
|
|
.PHONY: lint
|
|
@@ -100,7 +97,6 @@ mypy:
|
|
mypy
|
|
|
|
.develop: .install-deps generate-llhttp $(call to-hash,$(PYS) $(CYS) $(CS))
|
|
- python -m pip install -e . -c requirements/runtime-deps.txt
|
|
@touch .develop
|
|
|
|
.PHONY: test
|
|
@@ -110,12 +106,12 @@ test: .develop
|
|
.PHONY: vtest
|
|
vtest: .develop
|
|
@pytest -s -v
|
|
- @python -X dev -m pytest -s -v -m dev_mode
|
|
+ python3 -X dev -m pytest -s -v -m dev_mode
|
|
|
|
.PHONY: vvtest
|
|
vvtest: .develop
|
|
@pytest -vv
|
|
- @python -X dev -m pytest -s -v -m dev_mode
|
|
+ python3 -X dev -m pytest -s -v -m dev_mode
|
|
|
|
|
|
define run_tests_in_docker
|
|
@@ -151,7 +147,7 @@ clean:
|
|
@rm -rf build
|
|
@rm -rf cover
|
|
@make -C docs clean
|
|
- @python setup.py clean
|
|
+ python3 setup.py clean
|
|
@rm -f aiohttp/*.so
|
|
@rm -f aiohttp/*.pyd
|
|
@rm -f aiohttp/*.html
|
|
@@ -182,7 +178,6 @@ doc-spelling:
|
|
|
|
.PHONY: install
|
|
install: .update-pip
|
|
- @python -m pip install -r requirements/dev.in -c requirements/dev.txt
|
|
|
|
.PHONY: install-dev
|
|
install-dev: .develop
|
|
@@ -190,4 +185,4 @@ install-dev: .develop
|
|
.PHONY: sync-direct-runtime-deps
|
|
sync-direct-runtime-deps:
|
|
@echo Updating 'requirements/runtime-deps.in' from 'pyproject.toml'... >&2
|
|
- @python requirements/sync-direct-runtime-deps.py
|
|
+ python3 requirements/sync-direct-runtime-deps.py
|
|
Index: aiohttp-3.13.3/tools/gen.py
|
|
===================================================================
|
|
--- aiohttp-3.13.3.orig/tools/gen.py
|
|
+++ aiohttp-3.13.3/tools/gen.py
|
|
@@ -1,4 +1,4 @@
|
|
-#!/usr/bin/env python
|
|
+#!/usr/bin/python3
|
|
|
|
import io
|
|
import pathlib
|