- update to 3.10.11:

(bsc#1233446, CVE-2024-52303, bsc#1233447, CVE-2024-52304)
  - Authentication provided by a redirect now takes precedence over
    provided auth when making requests with the client -- by
    :user:`PLPeeters`.
  - Fixed :py:meth:`WebSocketResponse.close()
    <aiohttp.web.WebSocketResponse.close>` to discard non-close
    messages within its timeout window after sending close -- by
    :user:`lenard-mosys`.
  - Fixed a deadlock that could occur while attempting to get a new
    connection slot after a timeout -- by :user:`bdraco`.
  - Fixed the WebSocket flow control calculation undercounting with
    multi-byte data -- by :user:`bdraco`.
  - Fixed incorrect parsing of chunk extensions with the pure Python
    parser -- by :user:`bdraco`.
  - Fixed system routes polluting the middleware cache -- by
    :user:`bdraco`.
  - Improved performance of the connector when a connection can be
    reused -- by :user:`bdraco`.
  - Improved performance of the client request lifecycle when there
    are no cookies -- by :user:`bdraco`.
  - Improved performance of sending client requests when the writer
    can finish synchronously -- by :user:`bdraco`.
  - Improved performance of serializing HTTP headers -- by
    :user:`bdraco`.
  - Passing enable_cleanup_closed to :py:class:`aiohttp.TCPConnector`
    is now ignored on Python 3.12.7+ and 3.13.1+ since the underlying
    bug that caused asyncio to leak SSL connections has been fixed
    upstream -- by :user:`bdraco`.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=138

aiohttp-3.10.10.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0631dd7c9f0822cc61c88586ca76d5b5ada26538097d0f1df510b082bad3411a
-size 7542993

python-aiohttp.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Tue Nov 19 08:50:53 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- update to 3.10.11:
+  (bsc#1233446, CVE-2024-52303, bsc#1233447, CVE-2024-52304)
+  - Authentication provided by a redirect now takes precedence over
+    provided auth when making requests with the client -- by
+    :user:`PLPeeters`.
+  - Fixed :py:meth:`WebSocketResponse.close()
+    <aiohttp.web.WebSocketResponse.close>` to discard non-close
+    messages within its timeout window after sending close -- by
+    :user:`lenard-mosys`.
+  - Fixed a deadlock that could occur while attempting to get a new
+    connection slot after a timeout -- by :user:`bdraco`.
+  - Fixed the WebSocket flow control calculation undercounting with
+    multi-byte data -- by :user:`bdraco`.
+  - Fixed incorrect parsing of chunk extensions with the pure Python
+    parser -- by :user:`bdraco`.
+  - Fixed system routes polluting the middleware cache -- by
+    :user:`bdraco`.
+  - Improved performance of the connector when a connection can be
+    reused -- by :user:`bdraco`.
+  - Improved performance of the client request lifecycle when there
+    are no cookies -- by :user:`bdraco`.
+  - Improved performance of sending client requests when the writer
+    can finish synchronously -- by :user:`bdraco`.
+  - Improved performance of serializing HTTP headers -- by
+    :user:`bdraco`.
+  - Passing enable_cleanup_closed to :py:class:`aiohttp.TCPConnector`
+    is now ignored on Python 3.12.7+ and 3.13.1+ since the underlying
+    bug that caused asyncio to leak SSL connections has been fixed
+    upstream -- by :user:`bdraco`.
+
 -------------------------------------------------------------------
 Tue Oct 22 13:14:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-aiohttp.spec

@@ -19,7 +19,7 @@
 %bcond_with docs
 %{?sle15_python_module_pythons}
 Name:           python-aiohttp
-Version:        3.10.10
+Version:        3.10.11
 Release:        0
 Summary:        Asynchronous HTTP client/server framework
 License:        Apache-2.0
@@ -68,6 +68,7 @@ BuildRequires:  %{python_module gunicorn}
 BuildRequires:  %{python_module pluggy}
 BuildRequires:  %{python_module propcache}
 BuildRequires:  %{python_module pytest >= 6.2.0}
+BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest-mock}
 BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest-xdist}
@@ -141,6 +142,8 @@ donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)"
 rm -v tests/autobahn/test_autobahn.py
 # uses proxy.py which is not maintained anymore
 rm -v tests/test_proxy_functional.py
+# Requires python-pytest-codspeed
+rm -v tests/test_benchmarks_*
 # randomly fails on xdist splits
 single_runs="(test_run_app or test_web_runner)"
 # breaks without threading

test_relax_import_time.patch

@@ -1,16 +1,20 @@
-diff -Nru aiohttp-3.10.9.orig/tests/test_imports.py aiohttp-3.10.9/tests/test_imports.py
---- aiohttp-3.10.9.orig/tests/test_imports.py	2024-10-04 18:47:06.000000000 +0200
-+++ aiohttp-3.10.9/tests/test_imports.py	2024-10-09 09:57:53.705087969 +0200
-@@ -29,7 +29,7 @@
- 
- 
- _TARGET_TIMINGS_BY_PYTHON_VERSION = {
--    "3.12": 250,  # 3.12 is expected to be a bit slower due to performance trade-offs
-+    "3.12": 500,  # 3.12 is expected to be a bit slower due to performance trade-offs
+Index: aiohttp-3.10.11/tests/test_imports.py
+===================================================================
+--- aiohttp-3.10.11.orig/tests/test_imports.py
++++ aiohttp-3.10.11/tests/test_imports.py
+@@ -36,9 +36,9 @@ _TARGET_TIMINGS_BY_PYTHON_VERSION = {
+     "3.12": (
+         # 3.12+ is expected to be a bit slower due to performance trade-offs,
+         # and even slower under pytest-xdist, especially in CI
+-        _XDIST_WORKER_COUNT * 100 * (1 if _IS_CI_ENV else 1.53)
++        _XDIST_WORKER_COUNT * 250 * (1 if _IS_CI_ENV else 1.53)
+         if _IS_XDIST_RUN
+-        else 265
++        else 500
+     ),
  }
- 
- 
-@@ -66,6 +66,6 @@
+ _TARGET_TIMINGS_BY_PYTHON_VERSION["3.13"] = _TARGET_TIMINGS_BY_PYTHON_VERSION["3.12"]
+@@ -78,6 +78,6 @@ def test_import_time(pytester: pytest.Py
              os.environ["PYTHONPATH"] = old_path
  
      expected_time = _TARGET_TIMINGS_BY_PYTHON_VERSION.get(