python/python-tornado6
SHA256
14
0
Fork 0
forked from pool/python-tornado6
Code Pull Requests Activity

Fix changes

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=30
This commit is contained in:
Matej Cepl
2023-05-31 19:15:27 +00:00
committed by Git OBS Bridge
parent 1d12a5645e
commit b4238da8d4
1 changed files with 201 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

446
python-tornado6.changes
View File

@@ -1,255 +1,207 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com> Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com>
* New upstream release 6.3.2 - New upstream release 6.3.2
- Security improvements
What's new in Tornado 6.3.2 - Fixed an open redirect vulnerability in StaticFileHandler
------------ under certain configurations.
- ``tornado.web``
Security improvements - `.RequestHandler.set_cookie` once again accepts capitalized
~~~~~~~~~~~~~~~~~~~~~ keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
- Fixed an open redirect vulnerability in StaticFileHandler under certain be accepted.
configurations. - What's new in Tornado 6.3.0
- The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
What's new in Tornado 6.3.1 cookie prefix for improved security. To use it, add
------------ ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
``tornado.web`` that this feature currently only works when HTTPS is used.
~~~~~~~~~~~~~~~ - `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments blocked.
for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
arguments will be accepted. deprecated in Tornado 6.2, are no longer deprecated.
- WebSockets are now much faster at receiving large messages
split into many fragments.
- General changes
What's new in Tornado 6.3.0 - Python 3.7 is no longer supported; the minimum supported .
------------ Python version is 3.8 Python 3.12 is now supported .
- To avoid spurious deprecation warnings, users of Python
Highlights 3.10 should upgrade to at least version 3.10.9, and users
~~~~~~~~~~ of Python 3.11 should upgrade to at least version 3.11.1.
- Tornado submodules are now imported automatically on
- The new `.Application` setting ``xsrf_cookie_name`` can now be used to demand. This means it is now possible to use a single
take advantage of the ``__Host`` cookie prefix for improved security. ``import tornado`` statement and refer to objects in
To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": submodules such as `tornado.web.RequestHandler`.
{"secure": True}}`` to your `.Application` settings. Note that this feature - Deprecation notices
currently only works when HTTPS is used. - In Tornado 7.0, `tornado.testing.ExpectLog` will match
- `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so ``WARNING`` and above regardless of the current logging
the event loop is no longer blocked. configuration, unless the ``level`` argument is used.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, - `.RequestHandler.get_secure_cookie` is now a deprecated
are no longer deprecated. alias for `.RequestHandler.get_signed_cookie`.
- WebSockets are now much faster at receiving large messages split into many `.RequestHandler.set_secure_cookie` is now a deprecated
fragments. alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is
General changes deprecated. No direct replacement is provided;
~~~~~~~~~~~~~~~ `.RequestHandler.clear_cookie` should be used on individual
- Python 3.7 is no longer supported; the minimum supported Python version is 3.8.
Python 3.12 is now supported.
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade
to at least version 3.10.9, and users of Python 3.11 should upgrade to at least
version 3.11.1.
- Tornado submodules are now imported automatically on demand. This means it is
now possible to use a single ``import tornado`` statement and refer to objects
in submodules such as `tornado.web.RequestHandler`.
Deprecation notices
~~~~~~~~~~~~~~~~~~~
- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING``
and above regardless of the current logging configuration, unless the
``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for
`.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie`
is now a deprecated alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement
is provided; `.RequestHandler.clear_cookie` should be used on individual
cookies. cookies.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was - Calling the `.IOLoop` constructor without a
deprecated in Tornado 6.2, is no longer deprecated. ``make_current`` argument, which was deprecated in Tornado
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, 6.2, is no longer deprecated.
are no longer deprecated. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
- `.AsyncTestCase.get_new_ioloop` is deprecated. deprecated in Tornado 6.2, are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.
``tornado.auth`` - ``tornado.auth``
~~~~~~~~~~~~~~~~ - New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
can now be overridden to get credentials from a source
- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden other than the `.Application` settings.
to get credentials from a source other than the `.Application` settings. - ``tornado.gen``
- `contextvars` now work properly when a ``@gen.coroutine``
``tornado.gen`` calls a native coroutine.
~~~~~~~~~~~~~~~ - ``tornado.options``
- `~.OptionParser.parse_config_file` now recognizes single
- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine. comma-separated strings (in addition to lists of strings)
for options with ``multiple=True``.
``tornado.options`` - ``tornado.web``
~~~~~~~~~~~~~~~~~~~ - New `.Application` setting ``xsrf_cookie_name`` can be used
to change the name of the XSRF cookie. This is most useful
- `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to to take advantage of the ``__Host-`` cookie prefix.
lists of strings) for options with ``multiple=True``. - `.RequestHandler.get_secure_cookie` and
`.RequestHandler.set_secure_cookie` (and related
``tornado.web`` methods and attributes) have been renamed
~~~~~~~~~~~~~~~ to `~.RequestHandler.get_signed_cookie` and
`~.RequestHandler.set_signed_cookie`. This makes it
- New `.Application` setting ``xsrf_cookie_name`` can be used to change the more explicit what kind of security is provided, and
name of the XSRF cookie. This is most useful to take advantage of the avoids confusion with the ``Secure`` cookie attribute
``__Host-`` cookie prefix. and ``__Secure-`` cookie prefix. The old names remain
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` supported as deprecated aliases.
(and related methods and attributes) have been renamed to - `.RequestHandler.clear_cookie` now accepts all keyword
`~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. arguments accepted by `~.RequestHandler.set_cookie`. In
This makes it more explicit what kind of security is provided, and avoids some cases clearing a cookie requires certain arguments to
confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. be passed the same way in which it was set.
The old names remain supported as deprecated aliases. - `.RequestHandler.clear_all_cookies` now accepts
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by additional keyword arguments for the same reason as
`~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain ``clear_cookie``. However, since the requirements for
arguments to be passed the same way in which it was set. additional arguments mean that it cannot reliably clear all
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments cookies, this method is now deprecated.
for the same reason as ``clear_cookie``. However, since the requirements - ``tornado.websocket``
for additional arguments mean that it cannot reliably clear all cookies, - It is now much faster (no longer quadratic) to receive
this method is now deprecated. large messages that have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.
``tornado.websocket`` - ``tornado.wsgi``
~~~~~~~~~~~~~~~~~~~~~ - `.WSGIContainer` now accepts an ``executor`` parameter
which can be used to run the WSGI application on a thread
- It is now much faster (no longer quadratic) to receive large messages that pool.
have been split into many fragments. - What's new in Tornado 6.2.0
- `.websocket_connect` now accepts a ``resolver`` parameter. - Deprecation notice
- Python 3.10 has begun the process of significant changes
``tornado.wsgi`` to the APIs for managing the event loop. Calls to
~~~~~~~~~~~~~~~~ methods such as `asyncio.get_event_loop` may now raise
`DeprecationWarning` if no event loop is running. This
- `.WSGIContainer` now accepts an ``executor`` parameter which can be used has significant impact on the patterns for initializing
to run the WSGI application on a thread pool. applications, and in particular invalidates patterns that
have long been the norm in Tornado's documentation and
actual usage. In the future (with some as-yet-unspecified
future version of Python), the old APIs will be
What's new in Tornado 6.2.0 removed. The new recommended pattern is to start the event
----------- loop with `asyncio.run`. More detailed migration guides
will be coming in the future.
Deprecation notice - The `.IOLoop` constructor is deprecated unless
~~~~~~~~~~~~~~~~~~ the ``make_current=False`` argument is used. Use
`.IOLoop.current` when the loop is already running
- Python 3.10 has begun the process of significant changes to the APIs for
managing the event loop. Calls to methods such as `asyncio.get_event_loop` may
now raise `DeprecationWarning` if no event loop is running. This has
significant impact on the patterns for initializing applications, and in
particular invalidates patterns that have long been the norm in Tornado's
documentation and actual usage. In the future (with some as-yet-unspecified
future version of Python), the old APIs will be removed. The new recommended
pattern is to start the event loop with `asyncio.run`. More detailed migration
guides will be coming in the future.
- The `.IOLoop` constructor is deprecated unless the ``make_current=False``
argument is used. Use `.IOLoop.current` when the loop is already running
instead. instead.
- `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are deprecated. Use - `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are
`unittest.IsolatedAsyncioTestCase` instead. deprecated. Use `unittest.IsolatedAsyncioTestCase`
- Multi-process `.TCPServer.bind`/`.TCPServer.start` is deprecated. See instead.
`.TCPServer` docs for supported alternatives. - Multi-process `.TCPServer.bind`/`.TCPServer.start`
- `.AnyThreadEventLoopPolicy` is deprecated. This class controls the creation of is deprecated. See `.TCPServer` docs for supported
the "current" event loop so it will be removed when that concept is no longer alternatives.
supported. - `.AnyThreadEventLoopPolicy` is deprecated. This class
- `.IOLoop.make_current` and `.IOLoop.clear_current` are deprecated. In the controls the creation of the "current" event loop so it
future the concept of a "current" event loop as distinct from one that is will be removed when that concept is no longer supported.
currently running will be removed. - `.IOLoop.make_current` and `.IOLoop.clear_current` are
deprecated. In the future the concept of a "current"
- ``TwistedResolver`` and ``CaresResolver`` are deprecated and will be event loop as distinct from one that is currently running
removed in Tornado 7.0. will be removed.
- ``TwistedResolver`` and ``CaresResolver`` are deprecated
General changes and will be removed in Tornado 7.0.
~~~~~~~~~~~~~~~ - General changes
- The minimum supported Python version is now 3.7.
- The minimum supported Python version is now 3.7. - Wheels are now published with the Python stable ABI
- Wheels are now published with the Python stable ABI (``abi3``) for (``abi3``) for compatibility across versions of Python.
compatibility across versions of Python. - SSL certificate verfication and hostname checks are now
- SSL certificate verfication and hostname checks are now enabled by default in enabled by default in more places (primarily in client-side
more places (primarily in client-side usage of `.SSLIOStream`). usage of `.SSLIOStream`).
- Various improvements to type hints throughout the package. - Various improvements to type hints throughout the package.
- CI has moved from Travis and Appveyor to Github Actions. - CI has moved from Travis and Appveyor to Github Actions.
- `tornado.gen`
`tornado.gen` - Fixed a bug in which ``WaitIterator.current_index`` could
~~~~~~~~~~~~~ be incorrect.
- ``tornado.gen.TimeoutError``` is now an alias for
- Fixed a bug in which ``WaitIterator.current_index`` could be incorrect. `asyncio.TimeoutError`.
- ``tornado.gen.TimeoutError``` is now an alias for `asyncio.TimeoutError`. - `tornado.http1connection`
- ``max_body_size`` may now be set to zero to disallow a
`tornado.http1connection` non-empty body.
~~~~~~~~~~~~~~~~~~~~~~~~~ - ``Content-Encoding: gzip`` is now recognized
case-insensitively.
- ``max_body_size`` may now be set to zero to disallow a non-empty body. - `tornado.httpclient`
- ``Content-Encoding: gzip`` is now recognized case-insensitively. - ``curl_httpclient`` now supports non-ASCII (ISO-8859-1)
header values, same as ``simple_httpclient``.
`tornado.httpclient` - `tornado.ioloop`
~~~~~~~~~~~~~~~~~~~~ - `.PeriodicCallback` now understands coroutines and will not
start multiple copies if a previous invocation runs too
- ``curl_httpclient`` now supports non-ASCII (ISO-8859-1) header values, same as long.
``simple_httpclient``. - `.PeriodicCallback` now accepts `datetime.timedelta`
objects in addition to numbers of milliseconds.
`tornado.ioloop` - Avoid logging "Event loop is closed" during
~~~~~~~~~~~~~~~~ shutdown-related race conditions.
- Tornado no longer calls `logging.basicConfig` when starting
- `.PeriodicCallback` now understands coroutines and will not start multiple an IOLoop; this has been unnecessary since Python 3.2 added
copies if a previous invocation runs too long. a logger of last resort.
- `.PeriodicCallback` now accepts `datetime.timedelta` objects in addition to - The `.IOLoop` constructor now accepts an ``asyncio_loop``
numbers of milliseconds. keyword argument to initialize with a specfied asyncio
- Avoid logging "Event loop is closed" during shutdown-related race conditions. event loop.
- Tornado no longer calls `logging.basicConfig` when starting an IOLoop; this - It is now possible to construct an `.IOLoop` on one thread
has been unnecessary since Python 3.2 added a logger of last resort. (with ``make_current=False``) and start it on a different
- The `.IOLoop` constructor now accepts an ``asyncio_loop`` keyword argument to thread.
initialize with a specfied asyncio event loop. - `tornado.iostream`
- It is now possible to construct an `.IOLoop` on one thread (with - `.SSLIOStream` now supports reading more than 2GB at a
``make_current=False``) and start it on a different thread. time.
- ``IOStream.write`` now supports typed `memoryview` objects.
`tornado.iostream` - `tornado.locale`
~~~~~~~~~~~~~~~~~~ - `.load_gettext_translations` no longer logs errors when
language directories exist but do not contain the expected
- `.SSLIOStream` now supports reading more than 2GB at a time. file.
- ``IOStream.write`` now supports typed `memoryview` objects. - `tornado.netutil`
- `.is_valid_ip` no longer raises exceptions when the input
`tornado.locale` is too long.
~~~~~~~~~~~~~~~~ - The default resolver now uses the same methods (and thread
pool) as `asyncio`.
- `.load_gettext_translations` no longer logs errors when language directories - `tornado.tcpserver`
exist but do not contain the expected file. - `.TCPServer.listen` now supports more arguments to pass
through to `.netutil.bind_sockets`.
`tornado.netutil` - `tornado.testing`
~~~~~~~~~~~~~~~~~ - `.bind_unused_port` now takes an optional ``address``
argument.
- `.is_valid_ip` no longer raises exceptions when the input is too long. - Wrapped test methods now include the ``__wrapped__``
- The default resolver now uses the same methods (and thread pool) as `asyncio`. attribute.
- `tornado.web`
`tornado.tcpserver` - When using a custom `.StaticFileHandler` subclass, the
~~~~~~~~~~~~~~~~~~~ ``reset()`` method is now called on this subclass instead
of the base class.
- `.TCPServer.listen` now supports more arguments to pass through to - Improved handling of the ``Accept-Language`` header.
`.netutil.bind_sockets`. - `.Application.listen` now supports more arguments to pass
through to `.netutil.bind_sockets`.
`tornado.testing` - `tornado.websocket`
~~~~~~~~~~~~~~~~~ - `.WebSocketClientConnection.write_message` now
accepts `dict` arguments for consistency with
- `.bind_unused_port` now takes an optional ``address`` argument. `.WebSocketHandler.write_message`.
- Wrapped test methods now include the ``__wrapped__`` attribute. - `.WebSocketClientConnection.write_message` now raises
an exception as documented if the connection is already
`tornado.web` closed.
~~~~~~~~~~~~~ - Gave rpmlint a hug
- Remove upstreamed ignore-py310-deprecation-warnings.patch
- When using a custom `.StaticFileHandler` subclass, the ``reset()`` method is
now called on this subclass instead of the base class.
- Improved handling of the ``Accept-Language`` header.
- `.Application.listen` now supports more arguments to pass through to
`.netutil.bind_sockets`.
`tornado.websocket`
~~~~~~~~~~~~~~~~~~~
- `.WebSocketClientConnection.write_message` now accepts `dict` arguments for
consistency with `.WebSocketHandler.write_message`.
- `.WebSocketClientConnection.write_message` now raises an exception as
documented if the connection is already closed.
* Gave rpmlint a hug
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com> Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com>