forked from pool/python-aiohttp
- Update to 3.13.3:
* Security
+ Brotli and brotlicffi minimum version is now 1.2. Decompression now has
a default maximum output size of 32MiB per decompress call
(bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
+ Check for ASCII in header values
(bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
+ Forbid non-ASCII decimals in the Range header
(bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
+ Reject static URLs that traverse outside static root
(bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76)
+ Raise exceptions when processing a POST body
(bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23)
+ Enforce client_max_size over entire multipart form
(bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf)
+ Pause reading of chunks when it reaches a high water mark
(bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq)
+ Log only once per Cookie header
(bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g)
* Bug fixes
+ Fixed proxy authorization headers not being passed when reusing a
connection, which caused 407 (Proxy authentication required) errors
+ Fixed multipart reading failing when encountering an empty body part
+ Fixed a case where the parser wasn't raising an exception for a
websocket continuation frame when there was no initial frame in context
* Miscellaneous internal changes
+ Optimized web server performance when access logging is disabled by
reducing time syscalls
+ Added regression test for cached logging status
- Refreshed patches fix-vendoring.patch
- Add patch remove-freethreading-cython-option.patch:
* Drop newer Cython command line option.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package python-aiohttp
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2026 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -19,24 +19,32 @@
|
||||
%bcond_with docs
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-aiohttp
|
||||
Version: 3.11.16
|
||||
Version: 3.13.3
|
||||
Release: 0
|
||||
Summary: Asynchronous HTTP client/server framework
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/aio-libs/aiohttp
|
||||
Source: https://files.pythonhosted.org/packages/source/a/aiohttp/aiohttp-%{version}.tar.gz
|
||||
# llhttp vendor tar ball manually created based on git submodule via:
|
||||
# - yarn
|
||||
# - make generate
|
||||
# - tar cfvz vendor-llhttp.tar.gz vendor/
|
||||
Source2: vendor-llhttp.tar.gz
|
||||
Patch0: test_no_warnings_fix.patch
|
||||
Requires: python-aiohappyeyeballs >= 2.3.0
|
||||
Requires: python-aiosignal >= 1.1.2
|
||||
# PATCH-FIX-OPENSUSE remove-zlib-ng-test-dep.patch
|
||||
Patch2: remove-zlib-ng-test-dep.patch
|
||||
# PATCH-FIX-OPENSUSE fix-vendoring.patch
|
||||
Patch3: fix-vendoring.patch
|
||||
# PATCH-FIX-SLE Remove incompatible Cython command line argument
|
||||
Patch4: remove-freethreading-cython-option.patch
|
||||
Requires: python-aiohappyeyeballs >= 2.5.0
|
||||
Requires: python-aiosignal >= 1.4
|
||||
Requires: python-attrs >= 17.3.0
|
||||
Requires: python-frozenlist >= 1.1.1
|
||||
%if 0%{?python_version_nodots} < 311
|
||||
Requires: (python-async_timeout >= 4.0 with python-async_timeout < 5)
|
||||
%endif
|
||||
Requires: (python-charset-normalizer >= 2.0 with python-charset-normalizer < 4)
|
||||
Requires: (python-multidict >= 4.5 with python-multidict < 7)
|
||||
Requires: (python-yarl >= 1.17.0 with python-yarl < 2)
|
||||
Recommends: python-Brotli
|
||||
Recommends: python-Brotli >= 1.2
|
||||
Recommends: python-aiodns
|
||||
Recommends: python-cChardet
|
||||
Suggests: %{name}-doc
|
||||
@@ -50,9 +58,8 @@ BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
# /SECTION
|
||||
# SECTION install requirements
|
||||
BuildRequires: %{python_module aiohappyeyeballs >= 2.3.0}
|
||||
BuildRequires: %{python_module aiosignal >= 1.1.2}
|
||||
BuildRequires: %{python_module async_timeout >= 4.0 with %python-async_timeout < 5}
|
||||
BuildRequires: %{python_module aiohappyeyeballs >= 2.5.0}
|
||||
BuildRequires: %{python_module aiosignal >= 1.4}
|
||||
BuildRequires: %{python_module attrs >= 17.3.0}
|
||||
BuildRequires: %{python_module charset-normalizer >= 2.0 with %python-charset-normalizer < 4}
|
||||
BuildRequires: %{python_module frozenlist >= 1.1.1}
|
||||
@@ -60,8 +67,8 @@ BuildRequires: %{python_module multidict >= 4.5 with %python-multidict < 7}
|
||||
BuildRequires: %{python_module yarl >= 1.17.0 with %python-yarl < 2}
|
||||
# /SECTION
|
||||
# SECTION test requirements
|
||||
BuildRequires: %{python_module aiodns}
|
||||
BuildRequires: %{python_module Brotli}
|
||||
BuildRequires: %{python_module Brotli >= 1.2}
|
||||
BuildRequires: %{python_module blockbuster}
|
||||
BuildRequires: %{python_module freezegun}
|
||||
BuildRequires: %{python_module gunicorn}
|
||||
BuildRequires: %{python_module pluggy}
|
||||
@@ -108,6 +115,11 @@ HTML documentation on the API and examples for %{name}.
|
||||
# don't check coverage
|
||||
sed -i '/--cov/d' setup.cfg
|
||||
|
||||
# vendored llhttp
|
||||
tar xfv %{S:2}
|
||||
# prepare cython files manually for now
|
||||
make cythonize
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags}"
|
||||
%pyproject_wheel
|
||||
@@ -127,15 +139,15 @@ rm -r %{buildroot}%{$python_sitearch}/aiohttp/.hash
|
||||
|
||||
%check
|
||||
donttest="test_aiohttp_request_coroutine or test_mark_formdata_as_processed or test_aiohttp_plugin_async or test_secure_https_proxy_absolute_path"
|
||||
# # no name resolution
|
||||
# donttest+=" or test_client_session_timeout_zero"
|
||||
# # flaky
|
||||
# donttest+=" or test_https_proxy_unsupported_tls_in_tls"
|
||||
# donttest+=" or test_shutdown_handler_cancellation_suppressed"
|
||||
# raises not expected "ConnectionResetError" with openssl 3.2 and python < 3.11
|
||||
donttest+=" or test_tcp_connector_raise_connector_ssl_error[pyloop]"
|
||||
# # fails with pytest 8 https://github.com/aio-libs/aiohttp/issues/8234
|
||||
# donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)"
|
||||
# https://github.com/aio-libs/aiohttp/issues/11113
|
||||
donttest+=" or test_tcp_connector_ssl_shutdown_timeout"
|
||||
# most probably https://github.com/cbornet/blockbuster/issues/47
|
||||
donttest+=" or (test_cookie_jar and (heap or expire)) or test_treat_as_secure_origin_init"
|
||||
# broken with idna 3.11 https://github.com/aio-libs/aiohttp/pull/11638
|
||||
donttest+=" or test_invalid_idna"
|
||||
|
||||
# requires python-on-whales
|
||||
rm -v tests/autobahn/test_autobahn.py
|
||||
@@ -149,8 +161,7 @@ single_runs="(test_run_app or test_web_runner)"
|
||||
# breaks without threading
|
||||
single_runs+=" and not test_shutdown_handler_cancellation_suppressed"
|
||||
test -d aiohttp && mv aiohttp aiohttp.bkp
|
||||
%pytest_arch %{?jobs: -n %jobs} tests -k "not ($donttest or ${single_runs})"
|
||||
%pytest_arch tests -k "${single_runs}"
|
||||
%pytest_arch tests -n 4 -k "not ($donttest or skip_blockbuster)"
|
||||
|
||||
%files %{python_files}
|
||||
%license LICENSE.txt
|
||||
|
||||
Reference in New Issue
Block a user