From fb01b257d1611ba3bee57fe0ee10fd3389ca8e49d4d6597843f4bc1d271dec43 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Tue, 19 Nov 2024 09:18:59 +0000
Subject: [PATCH] - update to 3.10.11:   (bsc#1233446, CVE-2024-52303,
 bsc#1233447, CVE-2024-52304)   - Authentication provided by a redirect now
 takes precedence over     provided auth when making requests with the client
 -- by     :user:`PLPeeters`.   - Fixed :py:meth:`WebSocketResponse.close()   
  <aiohttp.web.WebSocketResponse.close>` to discard non-close     messages
 within its timeout window after sending close -- by     :user:`lenard-mosys`.
   - Fixed a deadlock that could occur while attempting to get a new    
 connection slot after a timeout -- by :user:`bdraco`.   - Fixed the WebSocket
 flow control calculation undercounting with     multi-byte data -- by
 :user:`bdraco`.   - Fixed incorrect parsing of chunk extensions with the pure
 Python     parser -- by :user:`bdraco`.   - Fixed system routes polluting the
 middleware cache -- by     :user:`bdraco`.   - Improved performance of the
 connector when a connection can be     reused -- by :user:`bdraco`.   -
 Improved performance of the client request lifecycle when there     are no
 cookies -- by :user:`bdraco`.   - Improved performance of sending client
 requests when the writer     can finish synchronously -- by :user:`bdraco`.  
 - Improved performance of serializing HTTP headers -- by     :user:`bdraco`. 
  - Passing enable_cleanup_closed to :py:class:`aiohttp.TCPConnector`     is
 now ignored on Python 3.12.7+ and 3.13.1+ since the underlying     bug that
 caused asyncio to leak SSL connections has been fixed     upstream -- by
 :user:`bdraco`.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=138
---
 aiohttp-3.10.10.tar.gz       |  3 ---
 aiohttp-3.10.11.tar.gz       |  3 +++
 python-aiohttp.changes       | 33 +++++++++++++++++++++++++++++++++
 python-aiohttp.spec          |  5 ++++-
 test_relax_import_time.patch | 28 ++++++++++++++++------------
 5 files changed, 56 insertions(+), 16 deletions(-)
 delete mode 100644 aiohttp-3.10.10.tar.gz
 create mode 100644 aiohttp-3.10.11.tar.gz

diff --git a/aiohttp-3.10.10.tar.gz b/aiohttp-3.10.10.tar.gz
deleted file mode 100644
index ea8d180..0000000
--- a/aiohttp-3.10.10.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0631dd7c9f0822cc61c88586ca76d5b5ada26538097d0f1df510b082bad3411a
-size 7542993
diff --git a/aiohttp-3.10.11.tar.gz b/aiohttp-3.10.11.tar.gz
new file mode 100644
index 0000000..3fbfbaa
--- /dev/null
+++ b/aiohttp-3.10.11.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9dc2b8f3dcab2e39e0fa309c8da50c3b55e6f34ab25f1a71d3288f24924d33a7
+size 7551886
diff --git a/python-aiohttp.changes b/python-aiohttp.changes
index 8cf5c57..0a179aa 100644
--- a/python-aiohttp.changes
+++ b/python-aiohttp.changes
@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Tue Nov 19 08:50:53 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- update to 3.10.11:
+  (bsc#1233446, CVE-2024-52303, bsc#1233447, CVE-2024-52304)
+  - Authentication provided by a redirect now takes precedence over
+    provided auth when making requests with the client -- by
+    :user:`PLPeeters`.
+  - Fixed :py:meth:`WebSocketResponse.close()
+    <aiohttp.web.WebSocketResponse.close>` to discard non-close
+    messages within its timeout window after sending close -- by
+    :user:`lenard-mosys`.
+  - Fixed a deadlock that could occur while attempting to get a new
+    connection slot after a timeout -- by :user:`bdraco`.
+  - Fixed the WebSocket flow control calculation undercounting with
+    multi-byte data -- by :user:`bdraco`.
+  - Fixed incorrect parsing of chunk extensions with the pure Python
+    parser -- by :user:`bdraco`.
+  - Fixed system routes polluting the middleware cache -- by
+    :user:`bdraco`.
+  - Improved performance of the connector when a connection can be
+    reused -- by :user:`bdraco`.
+  - Improved performance of the client request lifecycle when there
+    are no cookies -- by :user:`bdraco`.
+  - Improved performance of sending client requests when the writer
+    can finish synchronously -- by :user:`bdraco`.
+  - Improved performance of serializing HTTP headers -- by
+    :user:`bdraco`.
+  - Passing enable_cleanup_closed to :py:class:`aiohttp.TCPConnector`
+    is now ignored on Python 3.12.7+ and 3.13.1+ since the underlying
+    bug that caused asyncio to leak SSL connections has been fixed
+    upstream -- by :user:`bdraco`.
+
 -------------------------------------------------------------------
 Tue Oct 22 13:14:05 UTC 2024 - Dirk Müller <dmueller@suse.com>
 
diff --git a/python-aiohttp.spec b/python-aiohttp.spec
index 8d4ef20..0e58451 100644
--- a/python-aiohttp.spec
+++ b/python-aiohttp.spec
@@ -19,7 +19,7 @@
 %bcond_with docs
 %{?sle15_python_module_pythons}
 Name:           python-aiohttp
-Version:        3.10.10
+Version:        3.10.11
 Release:        0
 Summary:        Asynchronous HTTP client/server framework
 License:        Apache-2.0
@@ -68,6 +68,7 @@ BuildRequires:  %{python_module gunicorn}
 BuildRequires:  %{python_module pluggy}
 BuildRequires:  %{python_module propcache}
 BuildRequires:  %{python_module pytest >= 6.2.0}
+BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest-mock}
 BuildRequires:  %{python_module pytest-timeout}
 BuildRequires:  %{python_module pytest-xdist}
@@ -141,6 +142,8 @@ donttest+=" or (test_pytest_plugin and test_aiohttp_plugin)"
 rm -v tests/autobahn/test_autobahn.py
 # uses proxy.py which is not maintained anymore
 rm -v tests/test_proxy_functional.py
+# Requires python-pytest-codspeed
+rm -v tests/test_benchmarks_*
 # randomly fails on xdist splits
 single_runs="(test_run_app or test_web_runner)"
 # breaks without threading
diff --git a/test_relax_import_time.patch b/test_relax_import_time.patch
index 19218ca..cfc612b 100644
--- a/test_relax_import_time.patch
+++ b/test_relax_import_time.patch
@@ -1,16 +1,20 @@
-diff -Nru aiohttp-3.10.9.orig/tests/test_imports.py aiohttp-3.10.9/tests/test_imports.py
---- aiohttp-3.10.9.orig/tests/test_imports.py	2024-10-04 18:47:06.000000000 +0200
-+++ aiohttp-3.10.9/tests/test_imports.py	2024-10-09 09:57:53.705087969 +0200
-@@ -29,7 +29,7 @@
- 
- 
- _TARGET_TIMINGS_BY_PYTHON_VERSION = {
--    "3.12": 250,  # 3.12 is expected to be a bit slower due to performance trade-offs
-+    "3.12": 500,  # 3.12 is expected to be a bit slower due to performance trade-offs
+Index: aiohttp-3.10.11/tests/test_imports.py
+===================================================================
+--- aiohttp-3.10.11.orig/tests/test_imports.py
++++ aiohttp-3.10.11/tests/test_imports.py
+@@ -36,9 +36,9 @@ _TARGET_TIMINGS_BY_PYTHON_VERSION = {
+     "3.12": (
+         # 3.12+ is expected to be a bit slower due to performance trade-offs,
+         # and even slower under pytest-xdist, especially in CI
+-        _XDIST_WORKER_COUNT * 100 * (1 if _IS_CI_ENV else 1.53)
++        _XDIST_WORKER_COUNT * 250 * (1 if _IS_CI_ENV else 1.53)
+         if _IS_XDIST_RUN
+-        else 265
++        else 500
+     ),
  }
- 
- 
-@@ -66,6 +66,6 @@
+ _TARGET_TIMINGS_BY_PYTHON_VERSION["3.13"] = _TARGET_TIMINGS_BY_PYTHON_VERSION["3.12"]
+@@ -78,6 +78,6 @@ def test_import_time(pytester: pytest.Py
              os.environ["PYTHONPATH"] = old_path
  
      expected_time = _TARGET_TIMINGS_BY_PYTHON_VERSION.get(