c2de954f37
Accepting request 1277990 from devel:languages:python
Ana Guerrero2025-05-23 12:27:19 +00:00
8f0aed5840
Accepting request 1277990 from devel:languages:python
Ana Guerrero2025-05-23 12:27:19 +00:00
7566355212
- Update to 6.5.0 (CVE-2025-47287, bsc#1243268): * Security Improvements: - Previously, malformed multipart-form-data requests could log multiple warnings and constitute a denial-of-service attack. Now an exception is raised at the first error, so there is only one log message per request. This fixes CVE-2025-47287. * General Changes: - Python 3.14 is now supported. Older versions of Tornado will work on Python 3.14 but may log deprecation warnings. - The free-threading mode of Python 3.13 is now supported on an experimental basis. Prebuilt wheels are not yet available for this configuration, but it can be built from source. - The minimum supported Python version is 3.9. * Deprecation Notices: - Support for obs-fold continuation lines in HTTP headers is deprecated and will be removed in Tornado 7.0, as is the use of carriage returns without line feeds as header separators. - The callback argument to websocket_connect is deprecated and will be removed in Tornado 7.0. Note that on_message_callback is not deprecated. - The log_message and args attributes of tornado.web.HTTPError are deprecated. Use the new get_message method instead.
Daniel Garcia2025-05-16 09:31:51 +00:00
d509d3561b
- Update to 6.5.0 (CVE-2025-47287, bsc#1243268): * Security Improvements: - Previously, malformed multipart-form-data requests could log multiple warnings and constitute a denial-of-service attack. Now an exception is raised at the first error, so there is only one log message per request. This fixes CVE-2025-47287. * General Changes: - Python 3.14 is now supported. Older versions of Tornado will work on Python 3.14 but may log deprecation warnings. - The free-threading mode of Python 3.13 is now supported on an experimental basis. Prebuilt wheels are not yet available for this configuration, but it can be built from source. - The minimum supported Python version is 3.9. * Deprecation Notices: - Support for obs-fold continuation lines in HTTP headers is deprecated and will be removed in Tornado 7.0, as is the use of carriage returns without line feeds as header separators. - The callback argument to websocket_connect is deprecated and will be removed in Tornado 7.0. Note that on_message_callback is not deprecated. - The log_message and args attributes of tornado.web.HTTPError are deprecated. Use the new get_message method instead.
Daniel Garcia2025-05-16 09:31:51 +00:00
b0a5d4395f
Accepting request 1226139 from devel:languages:python
Ana Guerrero2024-11-26 19:55:22 +00:00
da9e76faa6
Accepting request 1226139 from devel:languages:python
Ana Guerrero2024-11-26 19:55:22 +00:00
7d9d27074a
- Update to 6.4.2: + Security Improvements: * Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. (CVE-2024-52804, bsc#1233668)
Steve Kowalik2024-11-25 03:21:09 +00:00
c3ee285ce0
- Update to 6.4.2: + Security Improvements: * Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. (CVE-2024-52804, bsc#1233668)
Steve Kowalik2024-11-25 03:21:09 +00:00
b7784f5315
- update to 6.4: * https://www.tornadoweb.org/en/stable/releases/v6.4.0.html * Python 3.12 is now supported. - drop py312-datetime.patch (upstream) * The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according to the relevant RFCs) to avoid potential request-smuggling vulnerabilities when * Do not test multi-line headers. - require python-backports.ssl_hostname only on python 2.x or 3.2. * This release fixes a path traversal vulnerability in StaticFileHandler, in which files whose names started with the static_path directory * SSLIOStream.connect and IOStream.start_tls now * Certificate validation will now use the system CA root certificates instead of certifi when possible (i.e. Python 2.7.9+ or 3.4+). * The default SSL configuration has become stricter, using ssl.create_default_context where available on the client side. (On the server side, applications are encouraged to migrate from * The deprecated classes in the tornado.auth module, GoogleMixin, + See more release details at - added python3 package
Dirk Mueller2024-01-03 10:28:18 +00:00
108259eb7b
- update to 6.4: * https://www.tornadoweb.org/en/stable/releases/v6.4.0.html * Python 3.12 is now supported. - drop py312-datetime.patch (upstream) * The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according to the relevant RFCs) to avoid potential request-smuggling vulnerabilities when * Do not test multi-line headers. - require python-backports.ssl_hostname only on python 2.x or 3.2. * This release fixes a path traversal vulnerability in StaticFileHandler, in which files whose names started with the static_path directory * SSLIOStream.connect and IOStream.start_tls now * Certificate validation will now use the system CA root certificates instead of certifi when possible (i.e. Python 2.7.9+ or 3.4+). * The default SSL configuration has become stricter, using ssl.create_default_context where available on the client side. (On the server side, applications are encouraged to migrate from * The deprecated classes in the tornado.auth module, GoogleMixin, + See more release details at - added python3 package
Dirk Mueller2024-01-03 10:28:18 +00:00
b5eb8f7e8c
Accepting request 1112880 from devel:languages:python
Ana Guerrero2023-09-26 20:00:21 +00:00
440d8d0f16
Accepting request 1112880 from devel:languages:python
Ana Guerrero2023-09-26 20:00:21 +00:00
26179675c8
Accepting request 1112758 from home:mcalabkova:branches:devel:languages:python:312
Matej Cepl2023-09-21 16:50:37 +00:00
4b07d776a9
Accepting request 1112758 from home:mcalabkova:branches:devel:languages:python:312
Matej Cepl2023-09-21 16:50:37 +00:00
ca19d772a3
- Add ignore-resourcewarning-doctests.patch to ignore ResourceWarnings when running doctests. - Use %autopatch macro instead of specific patch number macros
Steve Kowalik2019-11-18 04:02:23 +00:00
444c98fdb2
- Add ignore-resourcewarning-doctests.patch to ignore ResourceWarnings when running doctests. - Use %autopatch macro instead of specific patch number macros
Steve Kowalik2019-11-18 04:02:23 +00:00
6c27602f11
- Define TRAVIS to disable unreliable tests
Tomáš Chvátal
2019-11-08 15:02:44 +00:00
ffd7e28fa4
- Define TRAVIS to disable unreliable tests
Tomáš Chvátal
2019-11-08 15:02:44 +00:00
2b4a8ee0c8
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
Matej Cepl2019-10-14 14:46:09 +00:00
9882b6bd8b
- Per discussion with RM switch back to python-tornado<version> system with python-tornado standing in as a metapkg
Tomáš Chvátal
2019-10-01 13:30:32 +00:00
58645cf8ce
- Per discussion with RM switch back to python-tornado<version> system with python-tornado standing in as a metapkg
Tomáš Chvátal
2019-10-01 13:30:32 +00:00
Dominique Leuenberger
Steve Kowalik
nkrapp
Ana Guerrero
Daniel Garcia
Matej Cepl
Dirk Mueller
Markéta Machová
Tomáš Chvátal