Message ID | 20230921154809.2460-5-adolf.belka@ipfire.org |
---|---|
State | Accepted |
Commit | 81604feac32145ab352717ac4f256417ec1915e5 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Rs0DP4xnJz3wvD for <patchwork@web04.haj.ipfire.org>; Thu, 21 Sep 2023 15:48:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Rs0DJ6MpRz3qF; Thu, 21 Sep 2023 15:48:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Rs0DJ4ZJhz30Hp; Thu, 21 Sep 2023 15:48:16 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Rs0DF5YrJz2xBH for <development@lists.ipfire.org>; Thu, 21 Sep 2023 15:48:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Rs0DF3yh2zvy; Thu, 21 Sep 2023 15:48:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695311293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AIe+A1pxiTTqnAd5uXaU/NMWizrW+wLnZfaTp4ryUQg=; b=aSIgPY/gDkqWu6kDP1O4eocoJOznwspOqIFV2YyJ253c4y3MXevItt6WgbGQh0bIl5i+Dk H6OY7xVagyGxdLBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695311293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AIe+A1pxiTTqnAd5uXaU/NMWizrW+wLnZfaTp4ryUQg=; b=N/c9yhhfyiCogGRkIYEvdxKj9nbP0TJDysHDKDxcTt+tqXQCf751bWHRy676UgK5nAHh2+ YIMIb331x20jpnLePAYFlCQAqQI+mPNlw4Y9Pl8E9/+cIKuA5AIHOR33QCmV3qH20TtIaV 0ZdPz+Rm1zuhAFYsuinePiFOTZr1IJS1LKpgUGTdLZrZqsYlb1jAuX6wpf+89/cYzMQ1qo aHfg0NTR3MG1DzLZOerkqYcROE0qZQo+JmBwnCKUoH0QUx2t0M2850sF4ViF5NBILhlWBq uBepfpYc92CcKdexW5wRG4GICOPuFB0NmtMzqDM/m9X6ZWi40kZAu1I/wy61mQ== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] python3-tornado: Update to version 6.3.3-1 Date: Thu, 21 Sep 2023 17:48:07 +0200 Message-ID: <20230921154809.2460-5-adolf.belka@ipfire.org> In-Reply-To: <20230921154809.2460-1-adolf.belka@ipfire.org> References: <20230921154809.2460-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
python3-tornado: Update to version 6.3.3-1
|
|
Commit Message
Adolf Belka
Sept. 21, 2023, 3:48 p.m. UTC
- IPFire-3.x
- Update from version 6.2.0-1 to 6.3.3-1
- Changelog
6.3.3
The Content-Length header and chunked Transfer-Encoding sizes are now parsed
more strictly (according to the relevant RFCs) to avoid potential
request-smuggling vulnerabilities when deployed behind certain proxies.
6.3.2
Fixed an open redirect vulnerability in StaticFileHandler under certain
configurations.
6.3.1
RequestHandler.set_cookie once again accepts capitalized keyword arguments
for backwards compatibility. This is deprecated and in Tornado 7.0 only
lowercase arguments will be accepted.
6.3.0
Highlights¶
The new Application setting xsrf_cookie_name can now be used to take
advantage of the __Host cookie prefix for improved security. To use it,
add {"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}} to your Application settings. Note that this feature
currently only works when HTTPS is used.
WSGIContainer now supports running the application in a
ThreadPoolExecutor so the event loop is no longer blocked.
AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado
6.2, are no longer deprecated.
WebSockets are now much faster at receiving large messages split into
many fragments.
General changes¶
Python 3.7 is no longer supported; the minimum supported Python version
is 3.8. Python 3.12 is now supported.
To avoid spurious deprecation warnings, users of Python 3.10 should
upgrade to at least version 3.10.9, and users of Python 3.11 should
upgrade to at least version 3.11.1.
Tornado submodules are now imported automatically on demand. This means
it is now possible to use a single import tornado statement and refer
to objects in submodules such as tornado.web.RequestHandler.
Deprecation notices¶
In Tornado 7.0, tornado.testing.ExpectLog will match WARNING and above
regardless of the current logging configuration, unless the level
argument is used.
RequestHandler.get_secure_cookie is now a deprecated alias for
RequestHandler.get_signed_cookie. RequestHandler.set_secure_cookie is
now a deprecated alias for RequestHandler.set_signed_cookie.
RequestHandler.clear_all_cookies is deprecated. No direct replacement is
provided; RequestHandler.clear_cookie should be used on individual
cookies.
Calling the IOLoop constructor without a make_current argument, which
was deprecated in Tornado 6.2, is no longer deprecated.
AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado
6.2, are no longer deprecated.
AsyncTestCase.get_new_ioloop is deprecated.
tornado.auth¶
New method GoogleOAuth2Mixin.get_google_oauth_settings can now be
overridden to get credentials from a source other than the Application
settings.
tornado.gen¶
contextvars now work properly when a @gen.coroutine calls a native
coroutine.
tornado.options¶
parse_config_file now recognizes single comma-separated strings (in
addition to lists of strings) for options with multiple=True.
tornado.web¶
New Application setting xsrf_cookie_name can be used to change the name
of the XSRF cookie. This is most useful to take advantage of the
__Host- cookie prefix.
RequestHandler.get_secure_cookie and RequestHandler.set_secure_cookie
(and related methods and attributes) have been renamed to
get_signed_cookie and set_signed_cookie. This makes it more explicit
what kind of security is provided, and avoids confusion with the
Secure cookie attribute and __Secure- cookie prefix. The old names
remain supported as deprecated aliases.
RequestHandler.clear_cookie now accepts all keyword arguments accepted
by set_cookie. In some cases clearing a cookie requires certain
arguments to be passed the same way in which it was set.
RequestHandler.clear_all_cookies now accepts additional keyword
arguments for the same reason as clear_cookie. However, since the
requirements for additional arguments mean that it cannot reliably
clear all cookies, this method is now deprecated.
tornado.websocket¶
It is now much faster (no longer quadratic) to receive large messages
that have been split into many fragments.
websocket_connect now accepts a resolver parameter.
tornado.wsgi¶
WSGIContainer now accepts an executor parameter which can be used to
run the WSGI application on a thread pool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
python3-tornado/python3-tornado.nm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python3-tornado/python3-tornado.nm b/python3-tornado/python3-tornado.nm index f47647f3b..6a145966a 100644 --- a/python3-tornado/python3-tornado.nm +++ b/python3-tornado/python3-tornado.nm @@ -4,7 +4,7 @@ ############################################################################### name = python3-tornado -version = 6.2.0 +version = 6.3.3 release = 1 thisapp = tornado-%{version}