From patchwork Thu Sep 21 15:48:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7241 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Rs0DP4xnJz3wvD for ; Thu, 21 Sep 2023 15:48:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Rs0DJ6MpRz3qF; Thu, 21 Sep 2023 15:48:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Rs0DJ4ZJhz30Hp; Thu, 21 Sep 2023 15:48:16 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Rs0DF5YrJz2xBH for ; Thu, 21 Sep 2023 15:48:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Rs0DF3yh2zvy; Thu, 21 Sep 2023 15:48:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695311293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AIe+A1pxiTTqnAd5uXaU/NMWizrW+wLnZfaTp4ryUQg=; b=aSIgPY/gDkqWu6kDP1O4eocoJOznwspOqIFV2YyJ253c4y3MXevItt6WgbGQh0bIl5i+Dk H6OY7xVagyGxdLBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695311293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AIe+A1pxiTTqnAd5uXaU/NMWizrW+wLnZfaTp4ryUQg=; b=N/c9yhhfyiCogGRkIYEvdxKj9nbP0TJDysHDKDxcTt+tqXQCf751bWHRy676UgK5nAHh2+ YIMIb331x20jpnLePAYFlCQAqQI+mPNlw4Y9Pl8E9/+cIKuA5AIHOR33QCmV3qH20TtIaV 0ZdPz+Rm1zuhAFYsuinePiFOTZr1IJS1LKpgUGTdLZrZqsYlb1jAuX6wpf+89/cYzMQ1qo aHfg0NTR3MG1DzLZOerkqYcROE0qZQo+JmBwnCKUoH0QUx2t0M2850sF4ViF5NBILhlWBq uBepfpYc92CcKdexW5wRG4GICOPuFB0NmtMzqDM/m9X6ZWi40kZAu1I/wy61mQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] python3-tornado: Update to version 6.3.3-1 Date: Thu, 21 Sep 2023 17:48:07 +0200 Message-ID: <20230921154809.2460-5-adolf.belka@ipfire.org> In-Reply-To: <20230921154809.2460-1-adolf.belka@ipfire.org> References: <20230921154809.2460-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - IPFire-3.x - Update from version 6.2.0-1 to 6.3.3-1 - Changelog 6.3.3 The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according to the relevant RFCs) to avoid potential request-smuggling vulnerabilities when deployed behind certain proxies. 6.3.2 Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. 6.3.1 RequestHandler.set_cookie once again accepts capitalized keyword arguments for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase arguments will be accepted. 6.3.0 Highlights¶ The new Application setting xsrf_cookie_name can now be used to take advantage of the __Host cookie prefix for improved security. To use it, add {"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}} to your Application settings. Note that this feature currently only works when HTTPS is used. WSGIContainer now supports running the application in a ThreadPoolExecutor so the event loop is no longer blocked. AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado 6.2, are no longer deprecated. WebSockets are now much faster at receiving large messages split into many fragments. General changes¶ Python 3.7 is no longer supported; the minimum supported Python version is 3.8. Python 3.12 is now supported. To avoid spurious deprecation warnings, users of Python 3.10 should upgrade to at least version 3.10.9, and users of Python 3.11 should upgrade to at least version 3.11.1. Tornado submodules are now imported automatically on demand. This means it is now possible to use a single import tornado statement and refer to objects in submodules such as tornado.web.RequestHandler. Deprecation notices¶ In Tornado 7.0, tornado.testing.ExpectLog will match WARNING and above regardless of the current logging configuration, unless the level argument is used. RequestHandler.get_secure_cookie is now a deprecated alias for RequestHandler.get_signed_cookie. RequestHandler.set_secure_cookie is now a deprecated alias for RequestHandler.set_signed_cookie. RequestHandler.clear_all_cookies is deprecated. No direct replacement is provided; RequestHandler.clear_cookie should be used on individual cookies. Calling the IOLoop constructor without a make_current argument, which was deprecated in Tornado 6.2, is no longer deprecated. AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado 6.2, are no longer deprecated. AsyncTestCase.get_new_ioloop is deprecated. tornado.auth¶ New method GoogleOAuth2Mixin.get_google_oauth_settings can now be overridden to get credentials from a source other than the Application settings. tornado.gen¶ contextvars now work properly when a @gen.coroutine calls a native coroutine. tornado.options¶ parse_config_file now recognizes single comma-separated strings (in addition to lists of strings) for options with multiple=True. tornado.web¶ New Application setting xsrf_cookie_name can be used to change the name of the XSRF cookie. This is most useful to take advantage of the __Host- cookie prefix. RequestHandler.get_secure_cookie and RequestHandler.set_secure_cookie (and related methods and attributes) have been renamed to get_signed_cookie and set_signed_cookie. This makes it more explicit what kind of security is provided, and avoids confusion with the Secure cookie attribute and __Secure- cookie prefix. The old names remain supported as deprecated aliases. RequestHandler.clear_cookie now accepts all keyword arguments accepted by set_cookie. In some cases clearing a cookie requires certain arguments to be passed the same way in which it was set. RequestHandler.clear_all_cookies now accepts additional keyword arguments for the same reason as clear_cookie. However, since the requirements for additional arguments mean that it cannot reliably clear all cookies, this method is now deprecated. tornado.websocket¶ It is now much faster (no longer quadratic) to receive large messages that have been split into many fragments. websocket_connect now accepts a resolver parameter. tornado.wsgi¶ WSGIContainer now accepts an executor parameter which can be used to run the WSGI application on a thread pool. Signed-off-by: Adolf Belka --- python3-tornado/python3-tornado.nm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python3-tornado/python3-tornado.nm b/python3-tornado/python3-tornado.nm index f47647f3b..6a145966a 100644 --- a/python3-tornado/python3-tornado.nm +++ b/python3-tornado/python3-tornado.nm @@ -4,7 +4,7 @@ ############################################################################### name = python3-tornado -version = 6.2.0 +version = 6.3.3 release = 1 thisapp = tornado-%{version}