pool/python-tornado6
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Commit Graph

  • b2373358e3 Accepting request 1323582 from devel:languages:python factory Dominique Leuenberger 2025-12-20 20:45:03 +00:00
  • 46a9d0e6f7 - Update to 6.5.4 * The in operator for HTTPHeaders was incorrectly case-sensitive, causing lookups to fail for headers with different casing than the original header name. This was a regression in version 6.5.3 and has been fixed to restore the intended case-insensitive behavior from version 6.5.2 and earlier. - Update to 6.5.3 (bsc#1254903, bsc#1254905, bsc#1254904) * Fixed a denial-of-service vulnerability involving quadratic computation when parsing multipart/form-data request bodies. CVE-2025-67726 Thanks to Finder16 for reporting this issue. * Fixed a denial-of-service vulnerability involving quadratic computation when parsing repeated HTTP headers. CVE-2025-67725. Thanks to Finder16 for reporting this issue. * Fixed a header injection and XSS vulnerability involving the reason argument to .RequestHandler.set_status and tornado.web.HTTPError. CVE-2025-67724. Thanks to Finder16 and Cheshire1225 for reporting this issue. * Several demo applications bundled with the Tornado repo (blog, chat, facebook) had an open redirect vulnerability which has been fixed. This is not covered by a CVE or security advisory since the demo applications are not included as a part of the Tornado package when installed, but developers who have copied code from these demos may which to review their own applications for open redirects. Thanks to J1vvoo for reporting this issue. * he s3server demo application contained some path traversal vulnerabilities. Since this demo application was not demonstrating any interesting aspects of Tornado, it has been deleted rather than being fixed. Thanks to J1vvoo for reporting this issue. - Update to 6.5.2 * Fixed a bug that resulted in WebSocket pings not being sent at the configured interval. * Improved logging for invalid Host headers. This was previously logged as an uncaught exception with a stack trace, now it is simply a 400 response (logged as a warning in the access log). * Restored the host argument to .HTTPServerRequest. This argument is deprecated and will be removed in the future, but its removal with no warning in 6.5.0 was a mistake. * Removed a debugging print statement that was left in the code. * Improved type hints for gen.multi. - Update to 6.5.1 * Fixed a bug in multipart/form-data parsing that could incorrectly reject filenames containing characters above U+00FF (i.e. most characters outside the Latin alphabet). Steve Kowalik 2025-12-18 23:48:04 +00:00
  • 2c7120df89 - Add security patches: slfo-main nkrapp 2025-12-16 11:41:50 +01:00
  • 0f652cd6b1 - Add security patches: slfo-1.2 nkrapp 2025-12-16 11:41:50 +01:00
  • 8f0aed5840 Accepting request 1277990 from devel:languages:python Ana Guerrero 2025-05-23 12:27:19 +00:00
  • d509d3561b - Update to 6.5.0 (CVE-2025-47287, bsc#1243268): * Security Improvements: - Previously, malformed multipart-form-data requests could log multiple warnings and constitute a denial-of-service attack. Now an exception is raised at the first error, so there is only one log message per request. This fixes CVE-2025-47287. * General Changes: - Python 3.14 is now supported. Older versions of Tornado will work on Python 3.14 but may log deprecation warnings. - The free-threading mode of Python 3.13 is now supported on an experimental basis. Prebuilt wheels are not yet available for this configuration, but it can be built from source. - The minimum supported Python version is 3.9. * Deprecation Notices: - Support for obs-fold continuation lines in HTTP headers is deprecated and will be removed in Tornado 7.0, as is the use of carriage returns without line feeds as header separators. - The callback argument to websocket_connect is deprecated and will be removed in Tornado 7.0. Note that on_message_callback is not deprecated. - The log_message and args attributes of tornado.web.HTTPError are deprecated. Use the new get_message method instead. Daniel Garcia 2025-05-16 09:31:51 +00:00
  • da9e76faa6 Accepting request 1226139 from devel:languages:python Ana Guerrero 2024-11-26 19:55:22 +00:00
  • c3ee285ce0 - Update to 6.4.2: + Security Improvements: * Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. (CVE-2024-52804, bsc#1233668) Steve Kowalik 2024-11-25 03:21:09 +00:00
  • a009a9b49d Accepting request 1190823 from devel:languages:python Dominique Leuenberger 2024-08-02 15:26:09 +00:00
  • 37b092df83 Accepting request 1190624 from home:dimstar:Factory Matej Cepl 2024-07-31 21:55:58 +00:00
  • 81000c3e06 Accepting request 1174712 from devel:languages:python Ana Guerrero 2024-05-20 16:09:27 +00:00
  • a11320e89a - Add patch support-pytest-8.2.patch: * Support pytest >= 8.2 changes. Steve Kowalik 2024-05-17 03:37:55 +00:00
  • dc9a103e25 Accepting request 1138133 from devel:languages:python Ana Guerrero 2024-01-12 22:44:36 +00:00
  • a616e76829 - Add patch openssl-3.2.patch gh#tornadoweb/tornado#3355 Daniel Garcia 2024-01-11 13:38:53 +00:00
  • f8f002f82d Accepting request 1136473 from devel:languages:python Dominique Leuenberger 2024-01-05 21:59:41 +00:00
  • 108259eb7b - update to 6.4: * https://www.tornadoweb.org/en/stable/releases/v6.4.0.html * Python 3.12 is now supported. - drop py312-datetime.patch (upstream) * The Content-Length header and chunked Transfer-Encoding sizes are now parsed more strictly (according to the relevant RFCs) to avoid potential request-smuggling vulnerabilities when * Do not test multi-line headers. - require python-backports.ssl_hostname only on python 2.x or 3.2. * This release fixes a path traversal vulnerability in StaticFileHandler, in which files whose names started with the static_path directory * SSLIOStream.connect and IOStream.start_tls now * Certificate validation will now use the system CA root certificates instead of certifi when possible (i.e. Python 2.7.9+ or 3.4+). * The default SSL configuration has become stricter, using ssl.create_default_context where available on the client side. (On the server side, applications are encouraged to migrate from * The deprecated classes in the tornado.auth module, GoogleMixin, + See more release details at - added python3 package Dirk Mueller 2024-01-03 10:28:18 +00:00
  • 440d8d0f16 Accepting request 1112880 from devel:languages:python Ana Guerrero 2023-09-26 20:00:21 +00:00
  • 4b07d776a9 Accepting request 1112758 from home:mcalabkova:branches:devel:languages:python:312 Matej Cepl 2023-09-21 16:50:37 +00:00
  • 28c4b9947b Accepting request 1102687 from devel:languages:python Dominique Leuenberger 2023-08-07 13:29:00 +00:00
  • 4e1961348e - New upstream release 6.3.2 (bsc#1211741, CVE-2023-28370) Dirk Mueller 2023-08-07 11:21:42 +00:00
  • e074e45d19 Accepting request 1090058 from devel:languages:python Dominique Leuenberger 2023-06-02 22:06:34 +00:00
  • b4238da8d4 Fix changes Matej Cepl 2023-05-31 19:15:27 +00:00
  • 1d12a5645e Clean up the SPEC file Matej Cepl 2023-05-30 13:57:47 +00:00
  • d7a748ab7f Accepting request 1089804 from home:dancermak:branches:devel:languages:python Matej Cepl 2023-05-30 13:41:07 +00:00
  • 680cae9655 Accepting request 1081738 from devel:languages:python Dominique Leuenberger 2023-04-22 19:58:20 +00:00
  • 4f13b9c1bf Accepting request 1081668 from home:dirkmueller:acdc:as_python3_module Dirk Mueller 2023-04-21 13:31:11 +00:00
  • b9af869d41 Clean up SPEC file Matej Cepl 2023-02-10 22:21:19 +00:00
  • 5a8e6d5dde Accepting request 999454 from devel:languages:python Dominique Leuenberger 2022-08-28 11:12:11 +00:00
  • 58feea819f - update to 6.2: * https://www.tornadoweb.org/en/stable/releases/v6.2.0.html - drop remove-multiheader-http-test.patch (upstream) Dirk Mueller 2022-08-19 16:30:50 +00:00
  • 71a2812e4f Accepting request 973568 from devel:languages:python Dominique Leuenberger 2022-04-29 22:44:27 +00:00
  • 578faf51ea - Add patch remove-multiheader-http-test.patch: * Do not test multi-line headers. Steve Kowalik 2022-04-28 07:17:34 +00:00
  • e26517be59 Accepting request 940021 from devel:languages:python Dominique Leuenberger 2021-12-13 19:41:47 +00:00
  • eeb3dbbabd Accepting request 939930 from home:bnavigator:branches:devel:languages:python Dirk Mueller 2021-12-11 23:57:18 +00:00
  • 1ae9d06e7c Accepting request 910351 from devel:languages:python Dominique Leuenberger 2021-08-06 20:44:31 +00:00
  • 08cc04f4d3 Accepting request 910321 from home:bnavigator:branches:devel:languages:python Matej Cepl 2021-08-05 15:36:07 +00:00
  • d19502ca00 Accepting request 870435 from devel:languages:python Dominique Leuenberger 2021-02-15 22:10:17 +00:00
  • a359431735 Accepting request 870424 from home:bnavigator:branches:devel:languages:python Markéta Machová 2021-02-09 09:42:17 +00:00
  • 891d9f45e1 - Adds back patches: * python-tornado6-httpclient-test.patch * skip-failing-tests.patch * tornado-testsuite_timeout.patch Matej Cepl 2021-02-08 16:30:50 +00:00
  • d10f9ef2bf - Revert back to 6.0.4 for incompatibility with python-distributed. Matej Cepl 2021-02-07 12:56:34 +00:00
  • 5e1dd37bfb Accepting request 868432 from devel:languages:python Dominique Leuenberger 2021-02-04 19:22:58 +00:00
  • e99de4e2d1 Accepting request 868396 from home:bnavigator:branches:devel:languages:python Dirk Mueller 2021-02-01 17:34:14 +00:00
  • dd1f66e82d Accepting request 800447 from devel:languages:python Dominique Leuenberger 2020-05-08 21:00:40 +00:00
  • cd0da1faa3 Accepting request 800438 from home:pmonrealgonzalez:branches:devel:languages:python Tomáš Chvátal 2020-05-05 18:06:11 +00:00
  • ed55724a09 Accepting request 783780 from devel:languages:python Dominique Leuenberger 2020-03-26 23:19:53 +00:00
  • 7636501f08 Accepting request 783774 from home:pgajdos:python Tomáš Chvátal 2020-03-11 11:21:53 +00:00
  • 218ec0c5e2 Accepting request 749161 from devel:languages:python Dominique Leuenberger 2019-11-22 09:25:33 +00:00
  • 444c98fdb2 - Add ignore-resourcewarning-doctests.patch to ignore ResourceWarnings when running doctests. - Use %autopatch macro instead of specific patch number macros Steve Kowalik 2019-11-18 04:02:23 +00:00
  • ffd7e28fa4 - Define TRAVIS to disable unreliable tests Tomáš Chvátal 2019-11-08 15:02:44 +00:00
  • cef319f125 - Replace %fdupes -s with plain %fdupes; hardlinks are better. Matej Cepl 2019-10-14 14:46:09 +00:00
  • 9a501a531a Accepting request 737143 from devel:languages:python Dominique Leuenberger 2019-11-07 22:12:21 +00:00
  • f0c8cba7cc Accepting request 737135 from home:dimstar:Factory Dominique Leuenberger 2019-10-10 14:13:25 +00:00
  • 58645cf8ce - Per discussion with RM switch back to python-tornado<version> system with python-tornado standing in as a metapkg Tomáš Chvátal 2019-10-01 13:30:32 +00:00
  • 9e9667542f osc copypac from project:devel:languages:python package:python-tornado revision:115, using expand Tomáš Chvátal 2019-10-01 13:26:17 +00:00