From b16665bdf7d737ced16c333895053fc2db6d29149bfa265d87066c047e77f44a Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Wed, 28 Jan 2026 16:02:27 +1100 Subject: [PATCH] - Update to 3.13.3: * Security + Brotli and brotlicffi minimum version is now 1.2. Decompression now has a default maximum output size of 32MiB per decompress call (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg) + Check for ASCII in header values (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2) + Forbid non-ASCII decimals in the Range header (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8) + Reject static URLs that traverse outside static root (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76) + Raise exceptions when processing a POST body (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23) + Enforce client_max_size over entire multipart form (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf) + Pause reading of chunks when it reaches a high water mark (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq) + Log only once per Cookie header (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g) * Bug fixes + Fixed proxy authorization headers not being passed when reusing a connection, which caused 407 (Proxy authentication required) errors + Fixed multipart reading failing when encountering an empty body part + Fixed a case where the parser wasn't raising an exception for a websocket continuation frame when there was no initial frame in context * Miscellaneous internal changes + Optimized web server performance when access logging is disabled by reducing time syscalls + Added regression test for cached logging status - Refreshed patches fix-vendoring.patch - Add patch remove-freethreading-cython-option.patch: * Drop newer Cython command line option. --- aiohttp-3.11.16.tar.gz | 3 - aiohttp-3.13.3.tar.gz | 3 + fix-vendoring.patch | 79 +++++++++ python-aiohttp.changes | 195 +++++++++++++++++++++++ python-aiohttp.spec | 53 +++--- remove-freethreading-cython-option.patch | 22 +++ remove-zlib-ng-test-dep.patch | 13 ++ vendor-llhttp.tar.gz | 3 + 8 files changed, 347 insertions(+), 24 deletions(-) delete mode 100644 aiohttp-3.11.16.tar.gz create mode 100644 aiohttp-3.13.3.tar.gz create mode 100644 fix-vendoring.patch create mode 100644 remove-freethreading-cython-option.patch create mode 100644 remove-zlib-ng-test-dep.patch create mode 100644 vendor-llhttp.tar.gz diff --git a/aiohttp-3.11.16.tar.gz b/aiohttp-3.11.16.tar.gz deleted file mode 100644 index cd5e93c..0000000 --- a/aiohttp-3.11.16.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:16f8a2c9538c14a557b4d309ed4d0a7c60f0253e8ed7b6c9a2859a7582f8b1b8 -size 7676826 diff --git a/aiohttp-3.13.3.tar.gz b/aiohttp-3.13.3.tar.gz new file mode 100644 index 0000000..ff64997 --- /dev/null +++ b/aiohttp-3.13.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a949eee43d3782f2daae4f4a2819b2cb9b0c5d3b7f7a927067cc84dafdbb9f88 +size 7844556 diff --git a/fix-vendoring.patch b/fix-vendoring.patch new file mode 100644 index 0000000..c82135c --- /dev/null +++ b/fix-vendoring.patch @@ -0,0 +1,79 @@ +Index: aiohttp-3.13.3/Makefile +=================================================================== +--- aiohttp-3.13.3.orig/Makefile ++++ aiohttp-3.13.3/Makefile +@@ -47,10 +47,8 @@ endif + .SECONDARY: $(call to-hash,$(ALLS)) + + .update-pip: +- @python -m pip install --upgrade pip + + .install-cython: .update-pip $(call to-hash,requirements/cython.txt) +- @python -m pip install -r requirements/cython.in -c requirements/cython.txt + @touch .install-cython + + aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py) +@@ -85,7 +83,6 @@ cythonize: .install-cython $(PYXS:.pyx=. + cythonize-nodeps: $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c + + .install-deps: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c $(call to-hash,$(CYS) $(REQS)) +- @python -m pip install -r requirements/dev.in -c requirements/dev.txt + @touch .install-deps + + .PHONY: lint +@@ -100,7 +97,6 @@ mypy: + mypy + + .develop: .install-deps generate-llhttp $(call to-hash,$(PYS) $(CYS) $(CS)) +- python -m pip install -e . -c requirements/runtime-deps.txt + @touch .develop + + .PHONY: test +@@ -110,12 +106,12 @@ test: .develop + .PHONY: vtest + vtest: .develop + @pytest -s -v +- @python -X dev -m pytest -s -v -m dev_mode ++ python3 -X dev -m pytest -s -v -m dev_mode + + .PHONY: vvtest + vvtest: .develop + @pytest -vv +- @python -X dev -m pytest -s -v -m dev_mode ++ python3 -X dev -m pytest -s -v -m dev_mode + + + define run_tests_in_docker +@@ -151,7 +147,7 @@ clean: + @rm -rf build + @rm -rf cover + @make -C docs clean +- @python setup.py clean ++ python3 setup.py clean + @rm -f aiohttp/*.so + @rm -f aiohttp/*.pyd + @rm -f aiohttp/*.html +@@ -182,7 +178,6 @@ doc-spelling: + + .PHONY: install + install: .update-pip +- @python -m pip install -r requirements/dev.in -c requirements/dev.txt + + .PHONY: install-dev + install-dev: .develop +@@ -190,4 +185,4 @@ install-dev: .develop + .PHONY: sync-direct-runtime-deps + sync-direct-runtime-deps: + @echo Updating 'requirements/runtime-deps.in' from 'pyproject.toml'... >&2 +- @python requirements/sync-direct-runtime-deps.py ++ python3 requirements/sync-direct-runtime-deps.py +Index: aiohttp-3.13.3/tools/gen.py +=================================================================== +--- aiohttp-3.13.3.orig/tools/gen.py ++++ aiohttp-3.13.3/tools/gen.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/python3 + + import io + import pathlib diff --git a/python-aiohttp.changes b/python-aiohttp.changes index b12bd4f..e84d082 100644 --- a/python-aiohttp.changes +++ b/python-aiohttp.changes @@ -1,3 +1,198 @@ +------------------------------------------------------------------- +Wed Jan 28 04:50:29 UTC 2026 - Steve Kowalik + +- Update to 3.13.3: + * Security + + Brotli and brotlicffi minimum version is now 1.2. Decompression now has + a default maximum output size of 32MiB per decompress call + (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg) + + Check for ASCII in header values + (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2) + + Forbid non-ASCII decimals in the Range header + (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8) + + Reject static URLs that traverse outside static root + (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76) + + Raise exceptions when processing a POST body + (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23) + + Enforce client_max_size over entire multipart form + (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf) + + Pause reading of chunks when it reaches a high water mark + (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq) + + Log only once per Cookie header + (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g) + * Bug fixes + + Fixed proxy authorization headers not being passed when reusing a + connection, which caused 407 (Proxy authentication required) errors + + Fixed multipart reading failing when encountering an empty body part + + Fixed a case where the parser wasn't raising an exception for a + websocket continuation frame when there was no initial frame in context + * Miscellaneous internal changes + + Optimized web server performance when access logging is disabled by + reducing time syscalls + + Added regression test for cached logging status +- Refreshed patches fix-vendoring.patch +- Add patch remove-freethreading-cython-option.patch: + * Drop newer Cython command line option. + +------------------------------------------------------------------- +Fri Nov 14 03:13:57 UTC 2025 - Steve Kowalik + +- Skip a test broken by idna 3.11. + +------------------------------------------------------------------- +Mon Nov 3 11:51:55 UTC 2025 - Dirk Müller + +- update to 3.13.2: + * Fixed cookie parser to continue parsing subsequent cookies + when encountering a malformed cookie that fails regex + validation, such as Google's g_state cookie with unescaped + quotes -- by :user:`bdraco`. Related issues and pull requests + on GitHub: :issue:`11632`. + * Fixed loading netrc credentials from the default + :file:`~/.netrc` (:file:`~/_netrc` on Windows) location when + the :envvar:`NETRC` environment variable is not set -- by + :user:`bdraco`. Related issues and pull requests on GitHub: + :issue:`11713`, :issue:`11714`. + * Fixed WebSocket compressed sends to be cancellation safe. + Tasks are now shielded during compression to prevent + compressor state corruption. This ensures that the stateful + compressor remains consistent even when send operations are + cancelled -- by :user:`bdraco`. Related issues and pull + requests on GitHub: :issue:`11725`. + * Make configuration options in AppRunner also available in + run_app() -- by :user:`Cycloctane`. Related issues and pull + requests on GitHub: :issue:`11633`. + * Switched to backports.zstd for Python <3.14 and fixed zstd + decompression for chunked zstd streams -- by :user:`ZhaoMJ`. + Note: Users who installed zstandard for support on Python + <3.14 will now need to install backports.zstd instead + (installing aiohttp[speedups] will do this automatically). + Related issues and pull requests on GitHub: :issue:`11623`. + * Updated Content-Type header parsing to return + application/octet-stream when header contains invalid syntax. + See RFC 9110. -- by :user:`sgaist`. Related issues and pull + requests on GitHub: :issue:`10889`. + * Fixed Python 3.14 support when built without zstd support -- + by :user:`JacobHenner`. Related issues and pull requests on + GitHub: :issue:`11603`. + * Fixed blocking I/O in the event loop when using netrc + authentication by moving netrc file lookup to an executor -- + by :user:`bdraco`. Related issues and pull requests on + GitHub: :issue:`11634`. + * Fixed routing to a sub-application added via .add_domain() + not working if the same path exists on the parent app. -- by + :user:`Dreamsorcerer`. Related issues and pull requests on + GitHub: :issue:`11673`. + * Moved core packaging metadata from :file:`setup.cfg` to + :file:`pyproject.toml` per PEP 621 -- by :user:`cdce8p`. + Related issues and pull requests on GitHub: :issue:`9951`. + +------------------------------------------------------------------- +Thu Oct 16 21:40:07 UTC 2025 - Matej Cepl + +- Add fix-vendoring.patch + +------------------------------------------------------------------- +Thu Oct 16 14:06:37 UTC 2025 - Adrian Schröter + +- Update to 3.13.0 + Details: https://github.com/aio-libs/aiohttp/releases/tag/v3.13.0 + * python 3.14 support + * zstd support +- drop remove-isal-test-dep.patch +- "make cythonize" is required as poetry is not supporting cython +- add vendor-llhttp.tar.gz of new git submodule. + added downloaded nodejs modules + +------------------------------------------------------------------- +Thu Aug 7 11:36:47 UTC 2025 - John Paul Adrian Glaubitz + +- Update to 3.12.15 + * Fixed :class:`~aiohttp.DigestAuthMiddleware` to preserve the algorithm case + from the server's challenge in the authorization response. This improves + compatibility with servers that perform case-sensitive algorithm matching + (e.g., servers expecting ``algorithm=MD5-sess`` instead of ``algorithm=MD5-SESS``) + * Remove outdated contents of ``aiohttp-devtools`` and ``aiohttp-swagger`` + from Web_advanced docs. + * Started including the ``llhttp`` :file:`LICENSE` file in wheels by adding + ``vendor/llhttp/LICENSE`` to ``license-files`` in :file:`setup.cfg` + * Updated a regex in `test_aiohttp_request_coroutine` for Python 3.14. + +------------------------------------------------------------------- +Mon Jul 28 08:16:17 UTC 2025 - Nico Krapp + +- Add remove-zlib-ng-test-dep.patch to remove python-zlib-ng test + dependency +- enable test_leaks again, works with limited threads + +------------------------------------------------------------------- +Mon Jul 14 15:17:06 UTC 2025 - Dirk Müller + +- update to 3.12.14: + * Fixed file uploads failing with HTTP 422 errors when + encountering 307/308 redirects, and 301/302 redirects for + non-POST methods, by preserving the request body when + appropriate per RFC 9110 -- by :user:`bdraco`. Related issues + and pull requests on GitHub: :issue:`11270`. + * Fixed :py:meth:`ClientSession.close() + ` hanging indefinitely when + using HTTPS requests through HTTP proxies -- by + :user:`bdraco`. Related issues and pull requests on GitHub: + :issue:`11273`. + * Bumped minimum version of aiosignal to 1.4+ to resolve typing + issues -- by :user:`Dreamsorcerer`. Related issues and pull + requests on GitHub: :issue:`11280`. + * Added initial trailer parsing logic to Python HTTP parser -- + by :user:`Dreamsorcerer`. Related issues and pull requests on + GitHub: :issue:`11269`. + * Clarified exceptions raised by WebSocketResponse.send_frame + et al. -- by :user:`DoctorJohn`. Related issues and pull + requests on GitHub: :issue:`11234`. + +------------------------------------------------------------------- +Mon Jun 30 06:00:18 UTC 2025 - Daniel Garcia + +- Add remove-isal-test-dep.patch to remove python-isal test + dependency, that's not part of Factory yet. + +------------------------------------------------------------------- +Fri Jun 20 05:53:30 UTC 2025 - Markéta Machová + +- Update to 3.12.13 + * Optimized web server performance when access logging is disabled + by reducing time syscalls + * Improved performance of the WebSocket reader + * Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop + and newer Python versions + * Added a comprehensive HTTP Digest Authentication client middleware + (DigestAuthMiddleware) that implements RFC 7616. + * Fixed pytest plugin to not use deprecated asyncio policy APIs. + * Allow user setting zlib compression backend + * Added host parameter to aiohttp_server fixture + * Added socket_factory to aiohttp.TCPConnector to allow specifying + custom socket options + * Upgraded to LLHTTP 9.3.0 + * Optimized small HTTP requests/responses by coalescing headers and + body into a single TCP packet + * Removed non SPDX-license description from setup.cfg + * Added support for building against system llhttp library + * Fixed compatibility issue with Cython 3.1.1 + * Added support for reusable request bodies to enable retries, + redirects, and digest authentication + * Improved performance of isinstance checks by using collections.abc + types instead of typing module equivalents + * Added ssl_shutdown_timeout parameter to aiohttp.ClientSession and + aiohttp.TCPConnector to control the grace period for SSL shutdown + handshake on TLS connections. + * Downgraded the logging level for connector close errors from ERROR + to DEBUG, as these are expected behavior with TLS 1.3 connections + * Fixed cookie parsing to be more lenient when handling cookies with + special characters in names or values + * Improved SSL connection handling by changing the default ssl_shutdown_timeout + from 0.1 to 0 seconds. The ssl_shutdown_timeout parameter is now deprecated + and will be removed in aiohttp 4.0 +- Review tests + ------------------------------------------------------------------- Tue Apr 15 09:18:21 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-aiohttp.spec b/python-aiohttp.spec index ed260c6..251e77b 100644 --- a/python-aiohttp.spec +++ b/python-aiohttp.spec @@ -1,7 +1,7 @@ # # spec file for package python-aiohttp # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,24 +19,32 @@ %bcond_with docs %{?sle15_python_module_pythons} Name: python-aiohttp -Version: 3.11.16 +Version: 3.13.3 Release: 0 Summary: Asynchronous HTTP client/server framework License: Apache-2.0 URL: https://github.com/aio-libs/aiohttp Source: https://files.pythonhosted.org/packages/source/a/aiohttp/aiohttp-%{version}.tar.gz +# llhttp vendor tar ball manually created based on git submodule via: +# - yarn +# - make generate +# - tar cfvz vendor-llhttp.tar.gz vendor/ +Source2: vendor-llhttp.tar.gz Patch0: test_no_warnings_fix.patch -Requires: python-aiohappyeyeballs >= 2.3.0 -Requires: python-aiosignal >= 1.1.2 +# PATCH-FIX-OPENSUSE remove-zlib-ng-test-dep.patch +Patch2: remove-zlib-ng-test-dep.patch +# PATCH-FIX-OPENSUSE fix-vendoring.patch +Patch3: fix-vendoring.patch +# PATCH-FIX-SLE Remove incompatible Cython command line argument +Patch4: remove-freethreading-cython-option.patch +Requires: python-aiohappyeyeballs >= 2.5.0 +Requires: python-aiosignal >= 1.4 Requires: python-attrs >= 17.3.0 Requires: python-frozenlist >= 1.1.1 -%if 0%{?python_version_nodots} < 311 -Requires: (python-async_timeout >= 4.0 with python-async_timeout < 5) -%endif Requires: (python-charset-normalizer >= 2.0 with python-charset-normalizer < 4) Requires: (python-multidict >= 4.5 with python-multidict < 7) Requires: (python-yarl >= 1.17.0 with python-yarl < 2) -Recommends: python-Brotli +Recommends: python-Brotli >= 1.2 Recommends: python-aiodns Recommends: python-cChardet Suggests: %{name}-doc @@ -50,9 +58,8 @@ BuildRequires: fdupes BuildRequires: python-rpm-macros # /SECTION # SECTION install requirements -BuildRequires: %{python_module aiohappyeyeballs >= 2.3.0} -BuildRequires: %{python_module aiosignal >= 1.1.2} -BuildRequires: %{python_module async_timeout >= 4.0 with %python-async_timeout < 5} +BuildRequires: %{python_module aiohappyeyeballs >= 2.5.0} +BuildRequires: %{python_module aiosignal >= 1.4} BuildRequires: %{python_module attrs >= 17.3.0} BuildRequires: %{python_module charset-normalizer >= 2.0 with %python-charset-normalizer < 4} BuildRequires: %{python_module frozenlist >= 1.1.1} @@ -60,8 +67,8 @@ BuildRequires: %{python_module multidict >= 4.5 with %python-multidict < 7} BuildRequires: %{python_module yarl >= 1.17.0 with %python-yarl < 2} # /SECTION # SECTION test requirements -BuildRequires: %{python_module aiodns} -BuildRequires: %{python_module Brotli} +BuildRequires: %{python_module Brotli >= 1.2} +BuildRequires: %{python_module blockbuster} BuildRequires: %{python_module freezegun} BuildRequires: %{python_module gunicorn} BuildRequires: %{python_module pluggy} @@ -108,6 +115,11 @@ HTML documentation on the API and examples for %{name}. # don't check coverage sed -i '/--cov/d' setup.cfg +# vendored llhttp +tar xfv %{S:2} +# prepare cython files manually for now +make cythonize + %build export CFLAGS="%{optflags}" %pyproject_wheel @@ -127,15 +139,15 @@ rm -r %{buildroot}%{$python_sitearch}/aiohttp/.hash %check donttest="test_aiohttp_request_coroutine or test_mark_formdata_as_processed or test_aiohttp_plugin_async or test_secure_https_proxy_absolute_path" -# # no name resolution -# donttest+=" or test_client_session_timeout_zero" # # flaky # donttest+=" or test_https_proxy_unsupported_tls_in_tls" # donttest+=" or test_shutdown_handler_cancellation_suppressed" -# raises not expected "ConnectionResetError" with openssl 3.2 and python < 3.11 -donttest+=" or test_tcp_connector_raise_connector_ssl_error[pyloop]" -# # fails with pytest 8 https://github.com/aio-libs/aiohttp/issues/8234 -# donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)" +# https://github.com/aio-libs/aiohttp/issues/11113 +donttest+=" or test_tcp_connector_ssl_shutdown_timeout" +# most probably https://github.com/cbornet/blockbuster/issues/47 +donttest+=" or (test_cookie_jar and (heap or expire)) or test_treat_as_secure_origin_init" +# broken with idna 3.11 https://github.com/aio-libs/aiohttp/pull/11638 +donttest+=" or test_invalid_idna" # requires python-on-whales rm -v tests/autobahn/test_autobahn.py @@ -149,8 +161,7 @@ single_runs="(test_run_app or test_web_runner)" # breaks without threading single_runs+=" and not test_shutdown_handler_cancellation_suppressed" test -d aiohttp && mv aiohttp aiohttp.bkp -%pytest_arch %{?jobs: -n %jobs} tests -k "not ($donttest or ${single_runs})" -%pytest_arch tests -k "${single_runs}" +%pytest_arch tests -n 4 -k "not ($donttest or skip_blockbuster)" %files %{python_files} %license LICENSE.txt diff --git a/remove-freethreading-cython-option.patch b/remove-freethreading-cython-option.patch new file mode 100644 index 0000000..18468d6 --- /dev/null +++ b/remove-freethreading-cython-option.patch @@ -0,0 +1,22 @@ +Index: aiohttp-3.13.3/Makefile +=================================================================== +--- aiohttp-3.13.3.orig/Makefile ++++ aiohttp-3.13.3/Makefile +@@ -57,14 +57,14 @@ aiohttp/_find_header.c: $(call to-hash,a + # Special case for reader since we want to be able to disable + # the extension with AIOHTTP_NO_EXTENSIONS + aiohttp/_websocket/reader_c.c: aiohttp/_websocket/reader_c.py +- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror ++ cython -3 -o $@ $< -I aiohttp -Werror + + # _find_headers generator creates _headers.pyi as well + aiohttp/%.c: aiohttp/%.pyx $(call to-hash,$(CYS)) aiohttp/_find_header.c +- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror ++ cython -3 -o $@ $< -I aiohttp -Werror + + aiohttp/_websocket/%.c: aiohttp/_websocket/%.pyx $(call to-hash,$(CYS)) +- cython -3 -X freethreading_compatible=True -o $@ $< -I aiohttp -Werror ++ cython -3 -o $@ $< -I aiohttp -Werror + + vendor/llhttp/node_modules: vendor/llhttp/package.json + cd vendor/llhttp; npm ci diff --git a/remove-zlib-ng-test-dep.patch b/remove-zlib-ng-test-dep.patch new file mode 100644 index 0000000..0e0e2aa --- /dev/null +++ b/remove-zlib-ng-test-dep.patch @@ -0,0 +1,13 @@ +Index: aiohttp-3.13.3/tests/conftest.py +=================================================================== +--- aiohttp-3.13.3.orig/tests/conftest.py ++++ aiohttp-3.13.3/tests/conftest.py +@@ -381,7 +381,7 @@ def unused_port_socket() -> Generator[so + s.close() + + +-@pytest.fixture(params=["zlib", "zlib_ng.zlib_ng", "isal.isal_zlib"]) ++@pytest.fixture(params=["zlib"]) + def parametrize_zlib_backend( + request: pytest.FixtureRequest, + ) -> Generator[None, None, None]: diff --git a/vendor-llhttp.tar.gz b/vendor-llhttp.tar.gz new file mode 100644 index 0000000..774800f --- /dev/null +++ b/vendor-llhttp.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:09618375df741263c1c6b4ba7d601e8ede0147579e435f0bea95e9595f44b831 +size 19740617