SLFO-pool/python-tornado6
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main python-tornado6 revision bf4ee9851ee7e165de08d6c01642671e

Browse Source
This commit is contained in:
Adrian Schröter 2024-12-13 12:31:47 +01:00
parent 754da810aa
commit 8a079a06e9
5 changed files with 56 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openssl-3.2.patch
View File

@ -1,13 +0,0 @@
Index: tornado-6.4/tornado/iostream.py
===================================================================
--- tornado-6.4.orig/tornado/iostream.py
+++ tornado-6.4/tornado/iostream.py
@@ -1374,7 +1374,7 @@ class SSLIOStream(IOStream):
return
elif err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
return self.close(exc_info=err)
- elif err.args[0] == ssl.SSL_ERROR_SSL:
+ elif err.args[0] in (ssl.SSL_ERROR_SSL, ssl.SSL_ERROR_SYSCALL):
try:
peer = self.socket.getpeername()
except Exception:

51
python-tornado6.changes
View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 6.4.2:
+ Security Improvements:
* Parsing of the cookie header is now much more efficient. The older
algorithm sometimes had quadratic performance which allowed for a
denial-of-service attack in which the server would spend excessive
CPU time parsing cookies and block the event loop.
(CVE-2024-52804, bsc#1233668)
-------------------------------------------------------------------
Wed Jul 31 09:32:23 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 6.4.1:
+ Security Improvements:
- Parsing of the ``Transfer-Encoding`` header is now stricter.
Unexpected transfer-encoding values were previously ignored
and treated as the HTTP/1.0 default of read-until-close. This
can lead to framing issues with certain proxies. We now treat
any unexpected value as an error.
- Handling of whitespace in headers now matches the RFC more
closely. Only space and tab characters are treated as
whitespace and stripped from the beginning and end of header
values. Other unicode whitespace characters are now left
alone. This could also lead to framing issues with certain
proxies.
- `tornado.curl_httpclient` now prohibits carriage return and
linefeed headers in HTTP headers (matching the behavior of
`simple_httpclient`). These characters could be used for
header injection or request smuggling if untrusted data were
used in headers.
+ General Changes:
- `tornado.iostream`: `SLIOStream` now understands changes to
error codes from OpenSSL 3.2. The main result of this change
is to reduce the noise in the logs for certain errors.
- `tornado.simple_httpclient`: `simple_httpclient` now
prohibits carriage return characters in HTTP headers. It had
previously prohibited only linefeed characters.
- `tornado.testing`: `.AsyncTestCase` subclasses can now be
instantiated without being associated with a test method.
Improves compatibility with test discovery in Pytest 8.2.
- Drop support-pytest-8.2.patch: fixed upstream.
- Drop openssl-3.2.patch: fixed upstream.
-------------------------------------------------------------------
Fri May 17 03:37:07 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
- Add patch support-pytest-8.2.patch:
* Support pytest >= 8.2 changes.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 11 13:28:34 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com> Thu Jan 11 13:28:34 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

7
python-tornado6.spec
View File

@ -17,9 +17,8 @@
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
%define skip_python2 1
Name: python-tornado6 Name: python-tornado6
Version: 6.4 Version: 6.4.2
Release: 0 Release: 0
Summary: Open source version of scalable, non-blocking web server that power FriendFeed Summary: Open source version of scalable, non-blocking web server that power FriendFeed
License: Apache-2.0 License: Apache-2.0
@ -28,8 +27,6 @@ Source: https://files.pythonhosted.org/packages/source/t/tornado/tornado
Source99: python-tornado6-rpmlintrc Source99: python-tornado6-rpmlintrc
# PATCH-FIX-OPENSUSE ignore-resourcewarning-doctests.patch -- ignore resource warnings on OBS # PATCH-FIX-OPENSUSE ignore-resourcewarning-doctests.patch -- ignore resource warnings on OBS
Patch0: ignore-resourcewarning-doctests.patch Patch0: ignore-resourcewarning-doctests.patch
# PATCH-FIX-OPENSUSE openssl-3.2.patch gh#tornadoweb/tornado#3355
Patch1: openssl-3.2.patch
BuildRequires: %{python_module base >= 3.8} BuildRequires: %{python_module base >= 3.8}
BuildRequires: %{python_module devel} BuildRequires: %{python_module devel}
BuildRequires: %{python_module pip} BuildRequires: %{python_module pip}
@ -106,6 +103,6 @@ export TRAVIS=1
%license LICENSE %license LICENSE
%doc %{_docdir}/%{python_prefix}-tornado6 %doc %{_docdir}/%{python_prefix}-tornado6
%{python_sitearch}/tornado %{python_sitearch}/tornado
%{python_sitearch}/tornado-%{version}*-info %{python_sitearch}/tornado-%{version}.dist-info
%changelog %changelog

BIN
tornado-6.4.2.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
tornado-6.4.tar.gz (Stored with Git LFS)
View File

Binary file not shown.