Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-aiohttp for openSUSE:Factory checked in at 2026-01-09 17:03:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-aiohttp (Old) and /work/SRC/openSUSE:Factory/.python-aiohttp.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-aiohttp" Fri Jan 9 17:03:10 2026 rev:63 rq:1326279 version:3.13.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-aiohttp/python-aiohttp.changes 2025-11-17 12:08:47.668861037 +0100 +++ /work/SRC/openSUSE:Factory/.python-aiohttp.new.1928/python-aiohttp.changes 2026-01-09 17:03:43.656535023 +0100 @@ -1,0 +2,34 @@ +Fri Jan 9 01:40:14 UTC 2026 - Steve Kowalik <[email protected]> + +- Update to 3.13.3: + * Security + + Brotli and brotlicffi minimum version is now 1.2. Decompression now has + a default maximum output size of 32MiB per decompress call + (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg) + + Check for ASCII in header values + (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2) + + Forbid non-ASCII decimals in the Range header + (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8) + + Reject static URLs that traverse outside static root + (bsc#1256020, CVE-2025-69226, GHSA-54jq-c3m8-4m76) + + Raise exceptions when processing a POST body + (bsc#1256021, CVE-2025-69227, GHSA-jj3x-wxrx-4x23) + + Enforce client_max_size over entire multipart form + (bsc#1256022, CVE-2025-69228, GHSA-6jhg-hg63-jvvf) + + Pause reading of chunks when it reaches a high water mark + (bsc#1256023, CVE-2025-69229, GHSA-g84x-mcqj-x9qq) + + Log only once per Cookie header + (bsc#1256024, CVE-2025-69230, GHSA-fh55-r93g-j68g) + * Bug fixes + + Fixed proxy authorization headers not being passed when reusing a + connection, which caused 407 (Proxy authentication required) errors + + Fixed multipart reading failing when encountering an empty body part + + Fixed a case where the parser wasn't raising an exception for a + websocket continuation frame when there was no initial frame in context + * Miscellaneous internal changes + + Optimized web server performance when access logging is disabled by + reducing time syscalls + + Added regression test for cached logging status +- Refreshed patch fix-vendoring.patch + +------------------------------------------------------------------- Old: ---- aiohttp-3.13.2.tar.gz New: ---- aiohttp-3.13.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-aiohttp.spec ++++++ --- /var/tmp/diff_new_pack.ORXEAN/_old 2026-01-09 17:03:46.484652351 +0100 +++ /var/tmp/diff_new_pack.ORXEAN/_new 2026-01-09 17:03:46.500653015 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-aiohttp # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %bcond_with docs %{?sle15_python_module_pythons} Name: python-aiohttp -Version: 3.13.2 +Version: 3.13.3 Release: 0 Summary: Asynchronous HTTP client/server framework License: Apache-2.0 @@ -42,7 +42,7 @@ Requires: (python-charset-normalizer >= 2.0 with python-charset-normalizer < 4) Requires: (python-multidict >= 4.5 with python-multidict < 7) Requires: (python-yarl >= 1.17.0 with python-yarl < 2) -Recommends: python-Brotli +Recommends: python-Brotli >= 1.2 Recommends: python-aiodns Recommends: python-cChardet Suggests: %{name}-doc @@ -65,7 +65,7 @@ BuildRequires: %{python_module yarl >= 1.17.0 with %python-yarl < 2} # /SECTION # SECTION test requirements -BuildRequires: %{python_module Brotli} +BuildRequires: %{python_module Brotli >= 1.2} BuildRequires: %{python_module blockbuster} BuildRequires: %{python_module freezegun} BuildRequires: %{python_module gunicorn} ++++++ aiohttp-3.13.2.tar.gz -> aiohttp-3.13.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-aiohttp/aiohttp-3.13.2.tar.gz /work/SRC/openSUSE:Factory/.python-aiohttp.new.1928/aiohttp-3.13.3.tar.gz differ: char 5, line 1 ++++++ fix-vendoring.patch ++++++ --- /var/tmp/diff_new_pack.ORXEAN/_old 2026-01-09 17:03:47.044675585 +0100 +++ /var/tmp/diff_new_pack.ORXEAN/_new 2026-01-09 17:03:47.052675917 +0100 @@ -1,6 +1,8 @@ ---- a/Makefile.orig 2025-10-16 13:56:38.297077787 +0200 -+++ b/Makefile 2025-10-16 13:59:43.532929894 +0200 -@@ -47,10 +47,8 @@ +Index: aiohttp-3.13.3/Makefile +=================================================================== +--- aiohttp-3.13.3.orig/Makefile ++++ aiohttp-3.13.3/Makefile +@@ -47,10 +47,8 @@ endif .SECONDARY: $(call to-hash,$(ALLS)) .update-pip: @@ -11,7 +13,7 @@ @touch .install-cython aiohttp/_find_header.c: $(call to-hash,aiohttp/hdrs.py ./tools/gen.py) -@@ -85,7 +83,6 @@ +@@ -85,7 +83,6 @@ cythonize: .install-cython $(PYXS:.pyx=. cythonize-nodeps: $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c .install-deps: .install-cython $(PYXS:.pyx=.c) aiohttp/_websocket/reader_c.c $(call to-hash,$(CYS) $(REQS)) @@ -19,7 +21,7 @@ @touch .install-deps .PHONY: lint -@@ -100,7 +97,6 @@ +@@ -100,7 +97,6 @@ mypy: mypy .develop: .install-deps generate-llhttp $(call to-hash,$(PYS) $(CYS) $(CS)) @@ -27,7 +29,7 @@ @touch .develop .PHONY: test -@@ -110,12 +106,12 @@ +@@ -110,12 +106,12 @@ test: .develop .PHONY: vtest vtest: .develop @pytest -s -v @@ -42,7 +44,7 @@ define run_tests_in_docker -@@ -151,7 +147,7 @@ +@@ -151,7 +147,7 @@ clean: @rm -rf build @rm -rf cover @make -C docs clean @@ -51,7 +53,7 @@ @rm -f aiohttp/*.so @rm -f aiohttp/*.pyd @rm -f aiohttp/*.html -@@ -182,7 +178,6 @@ +@@ -182,7 +178,6 @@ doc-spelling: .PHONY: install install: .update-pip @@ -59,14 +61,16 @@ .PHONY: install-dev install-dev: .develop -@@ -190,4 +185,4 @@ +@@ -190,4 +185,4 @@ install-dev: .develop .PHONY: sync-direct-runtime-deps sync-direct-runtime-deps: - @echo Updating 'requirements/runtime-deps.in' from 'setup.cfg'... >&2 + @echo Updating 'requirements/runtime-deps.in' from 'pyproject.toml'... >&2 - @python requirements/sync-direct-runtime-deps.py + python3 requirements/sync-direct-runtime-deps.py ---- a/tools/gen.py.orig 2025-10-16 14:00:10.257485651 +0200 -+++ a/tools/gen.py 2025-10-16 14:00:18.604659234 +0200 +Index: aiohttp-3.13.3/tools/gen.py +=================================================================== +--- aiohttp-3.13.3.orig/tools/gen.py ++++ aiohttp-3.13.3/tools/gen.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python3
