|
|
|
|
Changelog for python310-aiohttp-3.9.5-3.1.x86_64.rpm :
* Wed May 29 2024 Markéta Machová - Skip test failing with pytest 8, upstream is on it * https://github.com/aio-libs/aiohttp/issues/8234- Also un-skip some of the no-longer-failing tests * Sat Apr 20 2024 Dirk Müller - update to 3.9.5: * Fixed \"Unclosed client session\" when initialization of :py:class:`~aiohttp.ClientSession` fails * Fixed regression (from :pr:`8280`) with adding Content- Disposition to the form-data part after appending to writer * Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses- from version 3.9.4 * The asynchronous internals now set the underlying causes when assigning exceptions to the future objects * Treated values of Accept-Encoding header as case-insensitive when checking for gzip files * Improved the DNS resolution performance on cache hit * Changed the type annotations to allow dict on :meth:`aiohttp.MultipartWriter.append`, :meth:`aiohttp.MultipartWriter.append_json` and :meth:`aiohttp.MultipartWriter.append_form` -- by :user:`cakemanny` Related issues and pull requests on GitHub: :issue:`7741`. * Ensure websocket transport is closed when client does not close it * Leave websocket transport open if receive times out or is cancelled * Fixed content not being read when an upgrade request was not supported with the pure Python implementation. * Fixed a race condition with incoming connections during server shutdown * Fixed multipart/form-data compliance with RFC 7578 * Fixed blocking I/O in the event loop while processing files in a POST request * Escaped filenames in static view (bsc#1223098, CVE-2024-27306) * Fixed the pure python parser to mark a connection as closing when a response has no length * Upgraded llhttp to 9.2.1, and started rejecting obsolete line folding in Python parser to match * Deprecated content_transfer_encoding parameter in :py:meth:`FormData.add_field() * Added a note about canceling tasks to avoid delaying server shutdown * Mon Mar 04 2024 Ben Greiner - Don\'t test proxy functional: proxy.py is not maintained anymore * Tue Jan 30 2024 John Paul Adrian Glaubitz - Update to version 3.9.3 * Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``) * Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.- from version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829) * Fixed server-side websocket connection leak. * Fixed ``web.FileResponse`` doing blocking I/O in the event loop. * Fixed double compress when compression enabled and compressed file exists in server file responses. * Added runtime type check for ``ClientSession`` ``timeout`` parameter. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Improved validation of paths for static resources requests to the server. * Added support for passing :py:data:`True` to ``ssl`` parameter in ``ClientSession`` while deprecating :py:data:`None`. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Fixed examples of ``fallback_charset_resolver`` function in the :doc:`client_advanced` document. * The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs. * The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately. * Updated :ref:`contributing/Tests coverage ` section to show how we use ``codecov``. * Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite.- Refresh patches for new version * remove-re-assert.patch * Fri Jan 26 2024 Daniel Garcia - Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782 * Fri Dec 22 2023 Ben Greiner - Fix pytest call- Update requirements * Mon Nov 27 2023 Dirk Müller - update to 3.9.1: * Fixed importing aiohttp under PyPy on Windows. * Fixed async concurrency safety in websocket compressor. * Fixed ``ClientResponse.close()`` releasing the connection instead of closing. * Fixed a regression where connection may get closed during upgrade. -- by :user:`Dreamsorcerer` * Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:`Dreamsorcerer` * Sat Nov 25 2023 Dirk Müller - update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082) * Introduced ``AppKey`` for static typing support of ``Application`` storage. * Added a graceful shutdown period which allows pending tasks to complete before the application\'s cleanup is called. * Added `handler_cancellation`_ parameter to cancel web handler on client disconnection. * This (optionally) reintroduces a feature removed in a previous release. * Recommended for those looking for an extra level of protection against denial-of-service attacks. * Added support for setting response header parameters ``max_line_size`` and ``max_field_size``. * Added ``auto_decompress`` parameter to ``ClientSession.request`` to override ``ClientSession._auto_decompress``. * Changed ``raise_for_status`` to allow a coroutine. * Added client brotli compression support (optional with runtime check). * Added ``client_max_size`` to ``BaseRequest.clone()`` to allow overriding the request body size. -- :user:`anesabml`. * Added a middleware type alias ``aiohttp.typedefs.Middleware``. * Exported ``HTTPMove`` which can be used to catch any redirection request that has a location -- :user:`dreamsorcerer`. * Changed the ``path`` parameter in ``web.run_app()`` to accept a ``pathlib.Path`` object. * Performance: Skipped filtering ``CookieJar`` when the jar is empty or all cookies have expired. * Performance: Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``. * Performance: Used timestamp instead of ``datetime`` to achieve faster cookie expiration in ``CookieJar``. * Added support for passing a custom server name parameter to HTTPS connection. * Added support for using Basic Auth credentials from :file:`.netrc` file when making HTTP requests with the * :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is set to ``True``. -- by :user:`yuvipanda`. * Turned access log into no-op when the logger is disabled. * Added typing information to ``RawResponseMessage``. -- by :user:`Gobot1234` * Removed ``async-timeout`` for Python 3.11+ (replaced with ``asyncio.timeout()`` on newer releases). * Added support for ``brotlicffi`` as an alternative to ``brotli`` (fixing Brotli support on PyPy). * Added ``WebSocketResponse.get_extra_info()`` to access a protocol transport\'s extra info. * Allow ``link`` argument to be set to None/empty in HTTP 451 exception. * Fixed client timeout not working when incoming data is always available without waiting. -- by :user:`Dreamsorcerer`. * Fixed ``readuntil`` to work with a delimiter of more than one character. * Added ``__repr__`` to ``EmptyStreamReader`` to avoid ``AttributeError``. * Fixed bug when using ``TCPConnector`` with ``ttl_dns_cache=0``. * Fixed response returned from expect handler being thrown away. -- by :user:`Dreamsorcerer` * Avoided raising ``UnicodeDecodeError`` in multipart and in HTTP headers parsing. * Changed ``sock_read`` timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:`dtrifiro` * Fixed missing query in tracing method URLs when using ``yarl`` 1.9+. * Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a ``DeprecationWarning`` on Python 3.12. * Fixed ``EmptyStreamReader.iter_chunks()`` never ending. * Fixed a rare ``RuntimeError: await wasn\'t used with future`` exception. * Fixed issue with insufficient HTTP method and version validation. * Added check to validate that absolute URIs have schemes. * Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates. * Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator. * Fixed Python HTTP parser not treating 204/304/1xx as an empty body. * Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3. * Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:`Dreamsorcerer` * Edge Case Handling for ResponseParser for missing reason value. * Fixed ``ClientWebSocketResponse.close_code`` being erroneously set to ``None`` when there are concurrent async tasks receiving data and closing the connection. * Added HTTP method validation. * Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:`Dreamsorcerer` * Performance: Fixed increase in latency with small messages from websocket compression changes. * Improved Documentation * Fixed the `ClientResponse.release`\'s type in the doc. Changed from `comethod` to `method`. * Added information on behavior of base_url parameter in `ClientSession`. * Completed ``trust_env`` parameter description to honor ``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env. * Dropped Python 3.6 support. * Dropped Python 3.7 support. -- by :user:`Dreamsorcerer` * Removed support for abandoned ``tokio`` event loop. * Made ``print`` argument in ``run_app()`` optional. * Improved performance of ``ceil_timeout`` in some cases. * Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:`Dreamsorcerer` * Improved import time by replacing ``http.server`` with ``http.HTTPStatus``. * Fixed annotation of ``ssl`` parameter to disallow ``True``.- drop Update-update_query-calls-to-work-with-latest-yarl.patch (upstream) * Tue Nov 07 2023 Dirk Müller - update to 3.8.6 (bsc#1217181, CVE-2023-47627): * Security bugfixes * Upgraded the vendored copy of llhttp_ to v9.1.3 * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- pjjw-qhg8-p2p9. * Updated Python parser to comply with RFCs 9110/9112 * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- gfw2-4jvh-wgfg. * Added ``fallback_charset_resolver`` parameter in ``ClientSession`` to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use `fallback_charset_resolver * Enabled lenient response parsing for more flexible parsing in the client * Fixed ``PermissionError`` when ``.netrc`` is unreadable due to permissions. * Fixed output of parsing errors * Fixed ``GunicornWebWorker`` max_requests_jitter not working. * Fixed sorting in ``filter_cookies`` to use cookie with longest path. * Fixed display of ``BadStatusLine`` messages from llhttp_. * Sat Oct 14 2023 Matej Cepl - Add remove-re-assert.patch, we really don’t need beautifuly presented exceptions for our testing; remove re-assert BR. * Mon Sep 11 2023 Dirk Müller - switch from unmaintained brotlipy to Brotli * Fri Aug 18 2023 Martin Schreiner - Remove py3109-compat.patch, no longer required. The current spec builds successfully on Python 3.9, 3.10 and 3.11.- Update to 3.8.5: * Upgraded the vendored copy of llhttp to v8.1.1. More information here: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w * Added information to C parser exceptions to show which character caused the error. * Fixed a transport is None error. * Wed Apr 26 2023 Daniel Garcia - Add Update-update_query-calls-to-work-with-latest-yarl.patch to fix problems with latest python-yarl- Delete aiohttp-pr7057-bump-charset-normalizer.patch not needed anymore- Update to 3.8.4: * Fixed incorrectly overwriting cookies with the same name and domain, but different path. (#6638) * Fixed ConnectionResetError not being raised after client disconnection in SSL environments. (#7180) * Sun Apr 23 2023 Matej Cepl - Move documentation into the main package for SLE15 * Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68) * Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional. * Thu Mar 16 2023 Daniel Garcia - Disable DeprecationWarning to avoid error with the latest setuptools and pkg_resources deprecation * Mon Dec 26 2022 Ben Greiner - Don\'t assume python3 to be present for d:l:p:backports/15.4_py39- Requires pytest 6.2.0 when pytest.TempPathFactory was introduced. * Mon Dec 12 2022 Daniel Garcia - Update py3109-compat.patch to work with python <= 3.10.8 too. * Mon Dec 12 2022 Daniel Garcia - Add py3109-compat.patch to make tests compatible with python 3.10.9. These tests are not present anymore in upstream master version so this patch could be removed in future releases. * Mon Nov 07 2022 Ben Greiner - Drop ignore-pytest-deprecationwarning.patch- Add aiohttp-pr7057-bump-charset-normalizer.patch * gh#aio-libs/aiohttp#7057 * Sync requirement with rpm specs * Tue Oct 04 2022 Dirk Müller - skip more tests * Sat Sep 24 2022 Dirk Müller - update to 3.8.3: * Increased the upper boundary of the :doc:`multidict:index` dependency to allow for the version 6 -- by :user:`hugovk`. * Added support for registering :rfc:`OPTIONS <9110#OPTIONS>` HTTP method handlers via :py:class:`~aiohttp.web.RouteTableDef`. * Started supporting :rfc:`authority-form <9112#authority-form>` and :rfc:`absolute-form <9112#absolute-form>` URLs on the server-side. * Fixed Python 3.11 incompatibilities by using Cython 0.29.25. * Extended the ``sock`` argument typing declaration of the :py:func:`~aiohttp.web.run_app` function as optionally accepting iterables. * Fixed a regression where :py:exc:`~asyncio.CancelledError` occurs on client disconnection. * Started exporting :py:class:`~aiohttp.web.PrefixedSubAppResource` under :py:mod:`aiohttp.web` -- by :user:`Dreamsorcerer`. * Dropped the :class:`object` type possibility from the :py:attr:`aiohttp.ClientSession.timeout` property return type declaration. * Wed May 04 2022 John Paul Adrian Glaubitz - Update in SLE-15 (bsc#1197831) * Sun Mar 27 2022 Ben Greiner - Add ignore-pytest-deprecationwarning.patch * gh#aio-libs/aiohttp#6663 * Sat Dec 11 2021 Ben Greiner - Update to version 3.8.1 * Bugfixes * Fix the error in handling the return value of getaddrinfo. getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family. It will cause a index out of range error in aiohttp. For example, if user compile CPython with --disable-ipv6 option but his system enable the ipv6. [#5901] * Do not install \"examples\" as a top-level package. #6189 * Restored ability to connect IPv6-only host. #6195 * Remove Signal from __all__, replace aiohttp.Signal with aiosignal.Signal in docs #6201 * Made chunked encoding HTTP header check stricter. #6305 * Improved Documentation * update quick starter demo codes. #6240 * Added an explanation of how tiny timeouts affect performance to the client reference document. #6274 * Add flake8-docstrings to flake8 configuration, enable subset of checks. #6276 * Added information on running complex applications with additional tasks/processes -- :user:`Dreamsorcerer`. #6278- Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641) * Features * Added a GunicornWebWorker feature for extending the aiohttp server configuration by allowing the \'wsgi\' coroutine to return web.AppRunner object. #2988 * Switch from http-parser to llhttp #3561 * Use Brotli instead of brotlipy #3803 * Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. [#3828] * Make access log use local time with timezone #3853 * Implemented readuntil in StreamResponse #4054 * FileResponse now supports ETag. #4594 * Add a request handler type alias aiohttp.typedefs.Handler. [#4686] * AioHTTPTestCase is more async friendly now. * For people who use unittest and are used to use :py:exc:`~unittest.TestCase` it will be easier to write new test cases like the sync version of the :py:exc:`~unittest.TestCase` class, without using the decorator AATTunittest_run_loop, just async def test_ *. The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase. #4700 * Add validation of HTTP header keys and values to prevent header injection. #4818 * Add predicate to AbstractCookieJar.clear. Add AbstractCookieJar.clear_domain to clean all domain and subdomains cookies only. #4942 * Add keepalive_timeout parameter to web.run_app. #5094 * Tracing for client sent headers #5105 * Make type hints for http parser stricter #5267 * Add final declarations for constants. #5275 * Switch to external frozenlist and aiosignal libraries. #5293 * Don\'t send secure cookies by insecure transports. * By default, the transport is secure if https or wss scheme is used. Use CookieJar(treat_as_secure_origin=\"http://127.0.0.1\") to override the default security checker. #5571 * Always create a new event loop in aiohttp.web.run_app(). This adds better compatibility with asyncio.run() or if trying to run multiple apps in sequence. #5572 * Add aiohttp.pytest_plugin.AiohttpClient for static typing of pytest plugin. #5585 * Added a socket_factory argument to BaseTestServer. #5844 * Add compression strategy parameter to enable_compression method. #5909 * Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:`Hanaasagi`. [#5927] * Switched chardet to charset-normalizer for guessing the HTTP payload body encoding -- :user:`Ousret`. #5930 * Added optional auto_decompress argument for HttpRequestParser [#5957] * Added support for HTTPS proxies to the extent CPython\'s :py:mod:`asyncio` supports it -- by :user:`bmbouter`, :user:`jborean93` and :user:`webknjaz`. #5992 * Added base_url parameter to the initializer of :class:`~aiohttp.ClientSession`. #6013 * Add Trove classifier and create binary wheels for 3.10. -- :user:`hugovk`. #6079 * Started shipping platform-specific wheels with the musl tag targeting typical Alpine Linux runtimes — :user:`asvetlov`. [#6139] * Started shipping platform-specific arm64 wheels for Apple Silicon — :user:`asvetlov`. #6139 * Bugfixes * Modify _drain_helper() to handle concurrent await resp.write(...) or ws.send_json(...) calls without race-condition. #2934 * Started using MultiLoopChildWatcher when it\'s available under POSIX while setting up the test I/O loop. #3450 * Only encode content-disposition filename parameter using percent-encoding. Other parameters are encoded to quoted-string or RFC2231 extended parameter value. #4012 * Fixed HTTP client requests to honor no_proxy environment variables. #4431 * Fix supporting WebSockets proxies configured via environment variables. #4648 * Change return type on URLDispatcher to UrlMappingMatchInfo to improve type annotations. #4748 * Ensure a cleanup context is cleaned up even when an exception occurs during startup. #4799 * Added a new exception type for Unix socket client errors which provides a more useful error message. #4984 * Remove Transfer-Encoding and Content-Type headers for 204 in StreamResponse #5106 * Only depend on typing_extensions for Python <3.8 #5107 * Add ABNORMAL_CLOSURE and BAD_GATEWAY to WSCloseCode #5192 * Fix cookies disappearing from HTTPExceptions. #5233 * StaticResource prefixes no longer match URLs with a non-folder prefix. For example routes.static(\'/foo\', \'/foo\') no longer matches the URL /foobar. Previously, this would attempt to load the file /foo/ar. #5250 * Acquire the connection before running traces to prevent race condition. #5259 * Add missing slots to `_RequestContextManager and _WSRequestContextManager #5329 * Ensure sending a zero byte file does not throw an exception (round 2) #5380 * Set \"text/plain\" when data is an empty string in client requests. #5392 * Stop automatically releasing the ClientResponse object on calls to the ok property for the failed requests. #5403 * Include query parameters from params keyword argument in tracing URL. #5432 * Fix annotations #5466 * Fixed the multipart POST requests processing to always release file descriptors for the tempfile.Temporaryfile-created _io.BufferedRandom instances of files sent within multipart request bodies via HTTP POST requests -- by :user:`webknjaz`. [#5494] * Fix 0 being incorrectly treated as an immediate timeout. #5527 * Fixes failing tests when an environment variable _proxy is set. #5554 * Replace deprecated app handler design in tests/autobahn/server.py with call to web.run_app; replace deprecated aiohttp.ws_connect calls in tests/autobahn/client.py with aiohttp.ClienSession.ws_connect. #5606 * Fixed test for HTTPUnauthorized that access the text argument. This is not used in any part of the code, so it\'s removed now. [#5657] * Remove incorrect default from docs #5727 * Remove external test dependency to http://httpbin.org #5840 * Don\'t cancel current task when entering a cancelled timer. [#5853] * Added params keyword argument to ClientSession.ws_connect. -- :user:`hoh`. #5868 * Uses :py:class:`~asyncio.ThreadedChildWatcher` under POSIX to allow setting up test loop in non-main thread. #5877 * Fix the error in handling the return value of getaddrinfo. getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family. It will cause a index out of range error in aiohttp. For example, if user compile CPython with --disable-ipv6 option but his system enable the ipv6. [#5901] * Removed the deprecated loop argument from the asyncio.sleep/gather calls #5905 * Return None from request.if_modified_since, request.if_unmodified_since, request.if_range and response.last_modified when corresponding http date headers are invalid. #5925 * Fix resetting SIGCHLD signals in Gunicorn aiohttp Worker to fix subprocesses that capture output having an incorrect returncode. #6130 * Raise 400: Content-Length can\'t be present with Transfer-Encoding if both Content-Length and Transfer-Encoding are sent by peer by both C and Python implementations #6182 * Improved Documentation * Refactored OpenAPI/Swagger aiohttp addons, added aio-openapi [#5326] * Fixed docs on request cookies type, so it matches what is actually used in the code (a read-only dictionary-like object). [#5725] * Documented that the HTTP client Authorization header is removed on redirects to a different host or protocol. #5850- Drop patches * backport_fix_for_setting_cookies.patch * remove_deprecated_loop_argument.patch * stdlib-typing_extensions.patch * unbundle-http-parser.patch -- replaced by llhttp, nothing else than the bundled llhttp available.- Disable building the docs (no sphinxcontrib-towncrier) * Wed Nov 24 2021 Steve Kowalik - Drop python39-failures.patch, no longer required. * Wed Nov 17 2021 Steve Kowalik - Update python39-failures.patch to only fire with Python 3.9.7. * Fri Sep 10 2021 Matej Cepl - Restore python39-failures.patch, which is actually still needed. * Thu Sep 09 2021 Matej Cepl - Remove python39-failures.patch and replace it with actual fix of the issue in remove_deprecated_loop_argument.patch.- Add backport_fix_for_setting_cookies.patch for backport of fixes from 3.8 branch. * Wed Sep 08 2021 Matej Cepl - Add python39-failures.patch to fix test problems with Python 3.9.7+ (gh#aio-libs/aiohttp#5991). * Tue Jun 08 2021 Matej Cepl - Remove pytest-asyncio dependency which is actually harmful (gh#aio-libs/aiohttp#5787). * Thu May 13 2021 Matej Cepl - Add stdlib-typing_extensions.patch to avoid necessity for BR python-typing_extensions (gh#aio-libs/aiohttp#5374). * Sun Feb 28 2021 Michael Ströder - Update to 3.7.4 (bsc#1184745, CVE-2021-21330): * obsoletes CVE-2021-21330.patch in older dists * Fixes https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg * Mon Feb 08 2021 John Paul Adrian Glaubitz - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
|
|
|