From aecd9fe7c9ef1b0bd5aade93666e55406d7f19e1dd57231dc48281ccc1a09762 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Fri, 16 May 2025 09:31:51 +0000
Subject: [PATCH] - Update to 6.5.0 (CVE-2025-47287, bsc#1243268):   * Security
 Improvements:     - Previously, malformed multipart-form-data requests could
 log       multiple warnings and constitute a denial-of-service attack. Now   
    an exception is raised at the first error, so there is only one       log
 message per request. This fixes CVE-2025-47287.   * General Changes:     -
 Python 3.14 is now supported. Older versions of Tornado will       work on
 Python 3.14 but may log deprecation warnings.     - The free-threading mode
 of Python 3.13 is now supported on an       experimental basis. Prebuilt
 wheels are not yet available for       this configuration, but it can be
 built from source.     - The minimum supported Python version is 3.9.   *
 Deprecation Notices:     - Support for obs-fold continuation lines in HTTP
 headers is       deprecated and will be removed in Tornado 7.0, as is the use
 of       carriage returns without line feeds as header separators.     - The
 callback argument to websocket_connect is deprecated and       will be
 removed in Tornado 7.0. Note that on_message_callback is       not
 deprecated.     - The log_message and args attributes of
 tornado.web.HTTPError are       deprecated. Use the new get_message method
 instead.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=46
---
 python-tornado6.changes | 26 ++++++++++++++++++++++++++
 python-tornado6.spec    |  4 ++--
 tornado-6.4.2.tar.gz    |  3 ---
 tornado-6.5.tar.gz      |  3 +++
 4 files changed, 31 insertions(+), 5 deletions(-)
 delete mode 100644 tornado-6.4.2.tar.gz
 create mode 100644 tornado-6.5.tar.gz

diff --git a/python-tornado6.changes b/python-tornado6.changes
index 923e9f7..b89fa4f 100644
--- a/python-tornado6.changes
+++ b/python-tornado6.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri May 16 09:23:08 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 6.5.0 (CVE-2025-47287, bsc#1243268):
+  * Security Improvements:
+    - Previously, malformed multipart-form-data requests could log
+      multiple warnings and constitute a denial-of-service attack. Now
+      an exception is raised at the first error, so there is only one
+      log message per request. This fixes CVE-2025-47287.
+  * General Changes:
+    - Python 3.14 is now supported. Older versions of Tornado will
+      work on Python 3.14 but may log deprecation warnings.
+    - The free-threading mode of Python 3.13 is now supported on an
+      experimental basis. Prebuilt wheels are not yet available for
+      this configuration, but it can be built from source.
+    - The minimum supported Python version is 3.9.
+  * Deprecation Notices:
+    - Support for obs-fold continuation lines in HTTP headers is
+      deprecated and will be removed in Tornado 7.0, as is the use of
+      carriage returns without line feeds as header separators.
+    - The callback argument to websocket_connect is deprecated and
+      will be removed in Tornado 7.0. Note that on_message_callback is
+      not deprecated.
+    - The log_message and args attributes of tornado.web.HTTPError are
+      deprecated. Use the new get_message method instead.
+
 -------------------------------------------------------------------
 Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-tornado6.spec b/python-tornado6.spec
index 20425e7..0648beb 100644
--- a/python-tornado6.spec
+++ b/python-tornado6.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-tornado6
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-tornado6
-Version:        6.4.2
+Version:        6.5
 Release:        0
 Summary:        Open source version of scalable, non-blocking web server that power FriendFeed
 License:        Apache-2.0
diff --git a/tornado-6.4.2.tar.gz b/tornado-6.4.2.tar.gz
deleted file mode 100644
index 913eb6c..0000000
--- a/tornado-6.4.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b
-size 501135
diff --git a/tornado-6.5.tar.gz b/tornado-6.5.tar.gz
new file mode 100644
index 0000000..ea35ab3
--- /dev/null
+++ b/tornado-6.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c70c0a26d5b2d85440e4debd14a8d0b463a0cf35d92d3af05f5f1ffa8675c826
+size 508968