python/python-tornado6
SHA256
14
0
Fork 0
forked from pool/python-tornado6
Code Pull Requests Activity

Fix changes

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=30
This commit is contained in:
Matej Cepl
2023-05-31 19:15:27 +00:00
committed by Git OBS Bridge
parent 1d12a5645e
commit b4238da8d4
1 changed files with 201 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

432
python-tornado6.changes
View File

@@ -1,255 +1,207 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com> Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com>
* New upstream release 6.3.2 - New upstream release 6.3.2
- Security improvements
What's new in Tornado 6.3.2 - Fixed an open redirect vulnerability in StaticFileHandler
------------ under certain configurations.
- ``tornado.web``
Security improvements - `.RequestHandler.set_cookie` once again accepts capitalized
~~~~~~~~~~~~~~~~~~~~~ keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
- Fixed an open redirect vulnerability in StaticFileHandler under certain be accepted.
configurations. - What's new in Tornado 6.3.0
- The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
What's new in Tornado 6.3.1 cookie prefix for improved security. To use it, add
------------ ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
``tornado.web`` that this feature currently only works when HTTPS is used.
~~~~~~~~~~~~~~~ - `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments blocked.
for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
arguments will be accepted. deprecated in Tornado 6.2, are no longer deprecated.
- WebSockets are now much faster at receiving large messages
split into many fragments.
- General changes
What's new in Tornado 6.3.0 - Python 3.7 is no longer supported; the minimum supported .
------------ Python version is 3.8 Python 3.12 is now supported .
- To avoid spurious deprecation warnings, users of Python
Highlights 3.10 should upgrade to at least version 3.10.9, and users
~~~~~~~~~~ of Python 3.11 should upgrade to at least version 3.11.1.
- Tornado submodules are now imported automatically on
- The new `.Application` setting ``xsrf_cookie_name`` can now be used to demand. This means it is now possible to use a single
take advantage of the ``__Host`` cookie prefix for improved security. ``import tornado`` statement and refer to objects in
To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": submodules such as `tornado.web.RequestHandler`.
{"secure": True}}`` to your `.Application` settings. Note that this feature - Deprecation notices
currently only works when HTTPS is used. - In Tornado 7.0, `tornado.testing.ExpectLog` will match
- `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so ``WARNING`` and above regardless of the current logging
the event loop is no longer blocked. configuration, unless the ``level`` argument is used.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, - `.RequestHandler.get_secure_cookie` is now a deprecated
are no longer deprecated. alias for `.RequestHandler.get_signed_cookie`.
- WebSockets are now much faster at receiving large messages split into many `.RequestHandler.set_secure_cookie` is now a deprecated
fragments. alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is
General changes deprecated. No direct replacement is provided;
~~~~~~~~~~~~~~~ `.RequestHandler.clear_cookie` should be used on individual
- Python 3.7 is no longer supported; the minimum supported Python version is 3.8.
Python 3.12 is now supported.
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade
to at least version 3.10.9, and users of Python 3.11 should upgrade to at least
version 3.11.1.
- Tornado submodules are now imported automatically on demand. This means it is
now possible to use a single ``import tornado`` statement and refer to objects
in submodules such as `tornado.web.RequestHandler`.
Deprecation notices
~~~~~~~~~~~~~~~~~~~
- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING``
and above regardless of the current logging configuration, unless the
``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for
`.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie`
is now a deprecated alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement
is provided; `.RequestHandler.clear_cookie` should be used on individual
cookies. cookies.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was - Calling the `.IOLoop` constructor without a
deprecated in Tornado 6.2, is no longer deprecated. ``make_current`` argument, which was deprecated in Tornado
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, 6.2, is no longer deprecated.
are no longer deprecated. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated. - `.AsyncTestCase.get_new_ioloop` is deprecated.
- ``tornado.auth``
``tornado.auth`` - New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
~~~~~~~~~~~~~~~~ can now be overridden to get credentials from a source
other than the `.Application` settings.
- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden - ``tornado.gen``
to get credentials from a source other than the `.Application` settings. - `contextvars` now work properly when a ``@gen.coroutine``
calls a native coroutine.
``tornado.gen`` - ``tornado.options``
~~~~~~~~~~~~~~~ - `~.OptionParser.parse_config_file` now recognizes single
comma-separated strings (in addition to lists of strings)
- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine. for options with ``multiple=True``.
- ``tornado.web``
``tornado.options`` - New `.Application` setting ``xsrf_cookie_name`` can be used
~~~~~~~~~~~~~~~~~~~ to change the name of the XSRF cookie. This is most useful
to take advantage of the ``__Host-`` cookie prefix.
- `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to - `.RequestHandler.get_secure_cookie` and
lists of strings) for options with ``multiple=True``. `.RequestHandler.set_secure_cookie` (and related
methods and attributes) have been renamed
``tornado.web`` to `~.RequestHandler.get_signed_cookie` and
~~~~~~~~~~~~~~~ `~.RequestHandler.set_signed_cookie`. This makes it
more explicit what kind of security is provided, and
- New `.Application` setting ``xsrf_cookie_name`` can be used to change the avoids confusion with the ``Secure`` cookie attribute
name of the XSRF cookie. This is most useful to take advantage of the and ``__Secure-`` cookie prefix. The old names remain
``__Host-`` cookie prefix. supported as deprecated aliases.
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` - `.RequestHandler.clear_cookie` now accepts all keyword
(and related methods and attributes) have been renamed to arguments accepted by `~.RequestHandler.set_cookie`. In
`~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. some cases clearing a cookie requires certain arguments to
This makes it more explicit what kind of security is provided, and avoids be passed the same way in which it was set.
confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. - `.RequestHandler.clear_all_cookies` now accepts
The old names remain supported as deprecated aliases. additional keyword arguments for the same reason as
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by ``clear_cookie``. However, since the requirements for
`~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain additional arguments mean that it cannot reliably clear all
arguments to be passed the same way in which it was set. cookies, this method is now deprecated.
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments - ``tornado.websocket``
for the same reason as ``clear_cookie``. However, since the requirements - It is now much faster (no longer quadratic) to receive
for additional arguments mean that it cannot reliably clear all cookies, large messages that have been split into many fragments.
this method is now deprecated.
``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~
- It is now much faster (no longer quadratic) to receive large messages that
have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter. - `.websocket_connect` now accepts a ``resolver`` parameter.
- ``tornado.wsgi``
``tornado.wsgi`` - `.WSGIContainer` now accepts an ``executor`` parameter
~~~~~~~~~~~~~~~~ which can be used to run the WSGI application on a thread
pool.
- `.WSGIContainer` now accepts an ``executor`` parameter which can be used - What's new in Tornado 6.2.0
to run the WSGI application on a thread pool. - Deprecation notice
- Python 3.10 has begun the process of significant changes
to the APIs for managing the event loop. Calls to
methods such as `asyncio.get_event_loop` may now raise
What's new in Tornado 6.2.0 `DeprecationWarning` if no event loop is running. This
----------- has significant impact on the patterns for initializing
applications, and in particular invalidates patterns that
Deprecation notice have long been the norm in Tornado's documentation and
~~~~~~~~~~~~~~~~~~ actual usage. In the future (with some as-yet-unspecified
future version of Python), the old APIs will be
- Python 3.10 has begun the process of significant changes to the APIs for removed. The new recommended pattern is to start the event
managing the event loop. Calls to methods such as `asyncio.get_event_loop` may loop with `asyncio.run`. More detailed migration guides
now raise `DeprecationWarning` if no event loop is running. This has will be coming in the future.
significant impact on the patterns for initializing applications, and in - The `.IOLoop` constructor is deprecated unless
particular invalidates patterns that have long been the norm in Tornado's the ``make_current=False`` argument is used. Use
documentation and actual usage. In the future (with some as-yet-unspecified `.IOLoop.current` when the loop is already running
future version of Python), the old APIs will be removed. The new recommended
pattern is to start the event loop with `asyncio.run`. More detailed migration
guides will be coming in the future.
- The `.IOLoop` constructor is deprecated unless the ``make_current=False``
argument is used. Use `.IOLoop.current` when the loop is already running
instead. instead.
- `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are deprecated. Use - `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are
`unittest.IsolatedAsyncioTestCase` instead. deprecated. Use `unittest.IsolatedAsyncioTestCase`
- Multi-process `.TCPServer.bind`/`.TCPServer.start` is deprecated. See instead.
`.TCPServer` docs for supported alternatives. - Multi-process `.TCPServer.bind`/`.TCPServer.start`
- `.AnyThreadEventLoopPolicy` is deprecated. This class controls the creation of is deprecated. See `.TCPServer` docs for supported
the "current" event loop so it will be removed when that concept is no longer alternatives.
supported. - `.AnyThreadEventLoopPolicy` is deprecated. This class
- `.IOLoop.make_current` and `.IOLoop.clear_current` are deprecated. In the controls the creation of the "current" event loop so it
future the concept of a "current" event loop as distinct from one that is will be removed when that concept is no longer supported.
currently running will be removed. - `.IOLoop.make_current` and `.IOLoop.clear_current` are
deprecated. In the future the concept of a "current"
- ``TwistedResolver`` and ``CaresResolver`` are deprecated and will be event loop as distinct from one that is currently running
removed in Tornado 7.0. will be removed.
- ``TwistedResolver`` and ``CaresResolver`` are deprecated
General changes and will be removed in Tornado 7.0.
~~~~~~~~~~~~~~~ - General changes
- The minimum supported Python version is now 3.7. - The minimum supported Python version is now 3.7.
- Wheels are now published with the Python stable ABI (``abi3``) for - Wheels are now published with the Python stable ABI
compatibility across versions of Python. (``abi3``) for compatibility across versions of Python.
- SSL certificate verfication and hostname checks are now enabled by default in - SSL certificate verfication and hostname checks are now
more places (primarily in client-side usage of `.SSLIOStream`). enabled by default in more places (primarily in client-side
usage of `.SSLIOStream`).
- Various improvements to type hints throughout the package. - Various improvements to type hints throughout the package.
- CI has moved from Travis and Appveyor to Github Actions. - CI has moved from Travis and Appveyor to Github Actions.
- `tornado.gen`
`tornado.gen` - Fixed a bug in which ``WaitIterator.current_index`` could
~~~~~~~~~~~~~ be incorrect.
- ``tornado.gen.TimeoutError``` is now an alias for
- Fixed a bug in which ``WaitIterator.current_index`` could be incorrect. `asyncio.TimeoutError`.
- ``tornado.gen.TimeoutError``` is now an alias for `asyncio.TimeoutError`. - `tornado.http1connection`
- ``max_body_size`` may now be set to zero to disallow a
`tornado.http1connection` non-empty body.
~~~~~~~~~~~~~~~~~~~~~~~~~ - ``Content-Encoding: gzip`` is now recognized
case-insensitively.
- ``max_body_size`` may now be set to zero to disallow a non-empty body. - `tornado.httpclient`
- ``Content-Encoding: gzip`` is now recognized case-insensitively. - ``curl_httpclient`` now supports non-ASCII (ISO-8859-1)
header values, same as ``simple_httpclient``.
`tornado.httpclient` - `tornado.ioloop`
~~~~~~~~~~~~~~~~~~~~ - `.PeriodicCallback` now understands coroutines and will not
start multiple copies if a previous invocation runs too
- ``curl_httpclient`` now supports non-ASCII (ISO-8859-1) header values, same as long.
``simple_httpclient``. - `.PeriodicCallback` now accepts `datetime.timedelta`
objects in addition to numbers of milliseconds.
`tornado.ioloop` - Avoid logging "Event loop is closed" during
~~~~~~~~~~~~~~~~ shutdown-related race conditions.
- Tornado no longer calls `logging.basicConfig` when starting
- `.PeriodicCallback` now understands coroutines and will not start multiple an IOLoop; this has been unnecessary since Python 3.2 added
copies if a previous invocation runs too long. a logger of last resort.
- `.PeriodicCallback` now accepts `datetime.timedelta` objects in addition to - The `.IOLoop` constructor now accepts an ``asyncio_loop``
numbers of milliseconds. keyword argument to initialize with a specfied asyncio
- Avoid logging "Event loop is closed" during shutdown-related race conditions. event loop.
- Tornado no longer calls `logging.basicConfig` when starting an IOLoop; this - It is now possible to construct an `.IOLoop` on one thread
has been unnecessary since Python 3.2 added a logger of last resort. (with ``make_current=False``) and start it on a different
- The `.IOLoop` constructor now accepts an ``asyncio_loop`` keyword argument to thread.
initialize with a specfied asyncio event loop. - `tornado.iostream`
- It is now possible to construct an `.IOLoop` on one thread (with - `.SSLIOStream` now supports reading more than 2GB at a
``make_current=False``) and start it on a different thread. time.
`tornado.iostream`
~~~~~~~~~~~~~~~~~~
- `.SSLIOStream` now supports reading more than 2GB at a time.
- ``IOStream.write`` now supports typed `memoryview` objects. - ``IOStream.write`` now supports typed `memoryview` objects.
- `tornado.locale`
`tornado.locale` - `.load_gettext_translations` no longer logs errors when
~~~~~~~~~~~~~~~~ language directories exist but do not contain the expected
file.
- `.load_gettext_translations` no longer logs errors when language directories - `tornado.netutil`
exist but do not contain the expected file. - `.is_valid_ip` no longer raises exceptions when the input
is too long.
`tornado.netutil` - The default resolver now uses the same methods (and thread
~~~~~~~~~~~~~~~~~ pool) as `asyncio`.
- `tornado.tcpserver`
- `.is_valid_ip` no longer raises exceptions when the input is too long. - `.TCPServer.listen` now supports more arguments to pass
- The default resolver now uses the same methods (and thread pool) as `asyncio`. through to `.netutil.bind_sockets`.
- `tornado.testing`
`tornado.tcpserver` - `.bind_unused_port` now takes an optional ``address``
~~~~~~~~~~~~~~~~~~~ argument.
- Wrapped test methods now include the ``__wrapped__``
- `.TCPServer.listen` now supports more arguments to pass through to attribute.
`.netutil.bind_sockets`. - `tornado.web`
- When using a custom `.StaticFileHandler` subclass, the
`tornado.testing` ``reset()`` method is now called on this subclass instead
~~~~~~~~~~~~~~~~~ of the base class.
- `.bind_unused_port` now takes an optional ``address`` argument.
- Wrapped test methods now include the ``__wrapped__`` attribute.
`tornado.web`
~~~~~~~~~~~~~
- When using a custom `.StaticFileHandler` subclass, the ``reset()`` method is
now called on this subclass instead of the base class.
- Improved handling of the ``Accept-Language`` header. - Improved handling of the ``Accept-Language`` header.
- `.Application.listen` now supports more arguments to pass through to - `.Application.listen` now supports more arguments to pass
`.netutil.bind_sockets`. through to `.netutil.bind_sockets`.
- `tornado.websocket`
`tornado.websocket` - `.WebSocketClientConnection.write_message` now
~~~~~~~~~~~~~~~~~~~ accepts `dict` arguments for consistency with
`.WebSocketHandler.write_message`.
- `.WebSocketClientConnection.write_message` now accepts `dict` arguments for - `.WebSocketClientConnection.write_message` now raises
consistency with `.WebSocketHandler.write_message`. an exception as documented if the connection is already
- `.WebSocketClientConnection.write_message` now raises an exception as closed.
documented if the connection is already closed. - Gave rpmlint a hug
- Remove upstreamed ignore-py310-deprecation-warnings.patch
* Gave rpmlint a hug
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com> Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com>