Sync from SUSE:SLFO:Main python-tornado6 revision bf4ee9851ee7e165de08d6c01642671e

openssl-3.2.patch

@@ -1,13 +0,0 @@
-Index: tornado-6.4/tornado/iostream.py
-===================================================================
---- tornado-6.4.orig/tornado/iostream.py
-+++ tornado-6.4/tornado/iostream.py
-@@ -1374,7 +1374,7 @@ class SSLIOStream(IOStream):
-                 return
-             elif err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
-                 return self.close(exc_info=err)
--            elif err.args[0] == ssl.SSL_ERROR_SSL:
-+            elif err.args[0] in (ssl.SSL_ERROR_SSL, ssl.SSL_ERROR_SYSCALL):
-                 try:
-                     peer = self.socket.getpeername()
-                 except Exception:

python-tornado6.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 6.4.2: 
+  + Security Improvements:
+    * Parsing of the cookie header is now much more efficient. The older
+      algorithm sometimes had quadratic performance which allowed for a
+      denial-of-service attack in which the server would spend excessive
+      CPU time parsing cookies and block the event loop.
+      (CVE-2024-52804, bsc#1233668)
+
+-------------------------------------------------------------------
+Wed Jul 31 09:32:23 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 6.4.1:
+  + Security Improvements:
+    - Parsing of the ``Transfer-Encoding`` header is now stricter.
+      Unexpected transfer-encoding values were previously ignored
+      and treated as the HTTP/1.0 default of read-until-close. This
+      can lead to framing issues with certain proxies. We now treat
+      any unexpected value as an error.
+    - Handling of whitespace in headers now matches the RFC more
+      closely. Only space and tab characters are treated as
+      whitespace and stripped from the beginning and end of header
+      values. Other unicode whitespace characters are now left
+      alone. This could also lead to framing issues with certain
+      proxies.
+    - `tornado.curl_httpclient` now prohibits carriage return and
+      linefeed headers in HTTP headers (matching the behavior of
+      `simple_httpclient`). These characters could be used for
+      header injection or request smuggling if untrusted data were
+      used in headers.
+  + General Changes:
+    - `tornado.iostream`: `SLIOStream` now understands changes to
+      error codes from OpenSSL 3.2. The main result of this change
+      is to reduce the noise in the logs for certain errors.
+    - `tornado.simple_httpclient`: `simple_httpclient` now
+      prohibits carriage return characters in HTTP headers. It had
+      previously prohibited only linefeed characters.
+    - `tornado.testing`: `.AsyncTestCase` subclasses can now be
+      instantiated without being associated with a test method.
+      Improves compatibility with test discovery in Pytest 8.2.
+- Drop  support-pytest-8.2.patch: fixed upstream.
+- Drop openssl-3.2.patch: fixed upstream.
+
+-------------------------------------------------------------------
+Fri May 17 03:37:07 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch support-pytest-8.2.patch:
+  * Support pytest >= 8.2 changes.
+
 -------------------------------------------------------------------
 Thu Jan 11 13:28:34 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 

python-tornado6.spec

@@ -17,9 +17,8 @@
 
 
 %{?sle15_python_module_pythons}
-%define         skip_python2 1
 Name:           python-tornado6
-Version:        6.4
+Version:        6.4.2
 Release:        0
 Summary:        Open source version of scalable, non-blocking web server that power FriendFeed
 License:        Apache-2.0
@@ -28,8 +27,6 @@ Source:         https://files.pythonhosted.org/packages/source/t/tornado/tornado
 Source99:       python-tornado6-rpmlintrc
 # PATCH-FIX-OPENSUSE ignore-resourcewarning-doctests.patch -- ignore resource warnings on OBS
 Patch0:         ignore-resourcewarning-doctests.patch
-# PATCH-FIX-OPENSUSE openssl-3.2.patch gh#tornadoweb/tornado#3355
-Patch1:         openssl-3.2.patch
 BuildRequires:  %{python_module base >= 3.8}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module pip}
@@ -106,6 +103,6 @@ export TRAVIS=1
 %license LICENSE
 %doc %{_docdir}/%{python_prefix}-tornado6
 %{python_sitearch}/tornado
-%{python_sitearch}/tornado-%{version}*-info
+%{python_sitearch}/tornado-%{version}.dist-info
 
 %changelog