python/python-tornado6
SHA256
14
0
Fork 0
forked from pool/python-tornado6
Code Pull Requests Activity

Fix changes

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=30
This commit is contained in:
Matej Cepl
2023-05-31 19:15:27 +00:00
committed by Git OBS Bridge
parent 1d12a5645e
commit b4238da8d4
1 changed files with 201 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

450
python-tornado6.changes
View File

@@ -1,255 +1,207 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com> Tue May 30 08:04:10 UTC 2023 - Dan Čermák <dcermak@suse.com>
* New upstream release 6.3.2 - New upstream release 6.3.2
- Security improvements
What's new in Tornado 6.3.2 - Fixed an open redirect vulnerability in StaticFileHandler
------------ under certain configurations.
- ``tornado.web``
Security improvements - `.RequestHandler.set_cookie` once again accepts capitalized
~~~~~~~~~~~~~~~~~~~~~ keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
- Fixed an open redirect vulnerability in StaticFileHandler under certain be accepted.
configurations. - What's new in Tornado 6.3.0
- The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
What's new in Tornado 6.3.1 cookie prefix for improved security. To use it, add
------------ ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
``tornado.web`` that this feature currently only works when HTTPS is used.
~~~~~~~~~~~~~~~ - `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments blocked.
for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
arguments will be accepted. deprecated in Tornado 6.2, are no longer deprecated.
- WebSockets are now much faster at receiving large messages
split into many fragments.
- General changes
What's new in Tornado 6.3.0 - Python 3.7 is no longer supported; the minimum supported .
------------ Python version is 3.8 Python 3.12 is now supported .
- To avoid spurious deprecation warnings, users of Python
Highlights 3.10 should upgrade to at least version 3.10.9, and users
~~~~~~~~~~ of Python 3.11 should upgrade to at least version 3.11.1.
- Tornado submodules are now imported automatically on
- The new `.Application` setting ``xsrf_cookie_name`` can now be used to demand. This means it is now possible to use a single
take advantage of the ``__Host`` cookie prefix for improved security. ``import tornado`` statement and refer to objects in
To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": submodules such as `tornado.web.RequestHandler`.
{"secure": True}}`` to your `.Application` settings. Note that this feature - Deprecation notices
currently only works when HTTPS is used. - In Tornado 7.0, `tornado.testing.ExpectLog` will match
- `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so ``WARNING`` and above regardless of the current logging
the event loop is no longer blocked. configuration, unless the ``level`` argument is used.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, - `.RequestHandler.get_secure_cookie` is now a deprecated
are no longer deprecated. alias for `.RequestHandler.get_signed_cookie`.
- WebSockets are now much faster at receiving large messages split into many `.RequestHandler.set_secure_cookie` is now a deprecated
fragments. alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is
General changes deprecated. No direct replacement is provided;
~~~~~~~~~~~~~~~ `.RequestHandler.clear_cookie` should be used on individual
cookies.
- Python 3.7 is no longer supported; the minimum supported Python version is 3.8. - Calling the `.IOLoop` constructor without a
Python 3.12 is now supported. ``make_current`` argument, which was deprecated in Tornado
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade 6.2, is no longer deprecated.
to at least version 3.10.9, and users of Python 3.11 should upgrade to at least - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
version 3.11.1. deprecated in Tornado 6.2, are no longer deprecated.
- Tornado submodules are now imported automatically on demand. This means it is - `.AsyncTestCase.get_new_ioloop` is deprecated.
now possible to use a single ``import tornado`` statement and refer to objects - ``tornado.auth``
in submodules such as `tornado.web.RequestHandler`. - New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
can now be overridden to get credentials from a source
Deprecation notices other than the `.Application` settings.
~~~~~~~~~~~~~~~~~~~ - ``tornado.gen``
- `contextvars` now work properly when a ``@gen.coroutine``
- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING`` calls a native coroutine.
and above regardless of the current logging configuration, unless the - ``tornado.options``
``level`` argument is used. - `~.OptionParser.parse_config_file` now recognizes single
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for comma-separated strings (in addition to lists of strings)
`.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie` for options with ``multiple=True``.
is now a deprecated alias for `.RequestHandler.set_signed_cookie`. - ``tornado.web``
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement - New `.Application` setting ``xsrf_cookie_name`` can be used
is provided; `.RequestHandler.clear_cookie` should be used on individual to change the name of the XSRF cookie. This is most useful
cookies. to take advantage of the ``__Host-`` cookie prefix.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was - `.RequestHandler.get_secure_cookie` and
deprecated in Tornado 6.2, is no longer deprecated. `.RequestHandler.set_secure_cookie` (and related
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, methods and attributes) have been renamed
are no longer deprecated. to `~.RequestHandler.get_signed_cookie` and
- `.AsyncTestCase.get_new_ioloop` is deprecated. `~.RequestHandler.set_signed_cookie`. This makes it
more explicit what kind of security is provided, and
``tornado.auth`` avoids confusion with the ``Secure`` cookie attribute
~~~~~~~~~~~~~~~~ and ``__Secure-`` cookie prefix. The old names remain
supported as deprecated aliases.
- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden - `.RequestHandler.clear_cookie` now accepts all keyword
to get credentials from a source other than the `.Application` settings. arguments accepted by `~.RequestHandler.set_cookie`. In
some cases clearing a cookie requires certain arguments to
``tornado.gen`` be passed the same way in which it was set.
~~~~~~~~~~~~~~~ - `.RequestHandler.clear_all_cookies` now accepts
additional keyword arguments for the same reason as
- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine. ``clear_cookie``. However, since the requirements for
additional arguments mean that it cannot reliably clear all
``tornado.options`` cookies, this method is now deprecated.
~~~~~~~~~~~~~~~~~~~ - ``tornado.websocket``
- It is now much faster (no longer quadratic) to receive
- `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to large messages that have been split into many fragments.
lists of strings) for options with ``multiple=True``. - `.websocket_connect` now accepts a ``resolver`` parameter.
- ``tornado.wsgi``
``tornado.web`` - `.WSGIContainer` now accepts an ``executor`` parameter
~~~~~~~~~~~~~~~ which can be used to run the WSGI application on a thread
pool.
- New `.Application` setting ``xsrf_cookie_name`` can be used to change the - What's new in Tornado 6.2.0
name of the XSRF cookie. This is most useful to take advantage of the - Deprecation notice
``__Host-`` cookie prefix. - Python 3.10 has begun the process of significant changes
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` to the APIs for managing the event loop. Calls to
(and related methods and attributes) have been renamed to methods such as `asyncio.get_event_loop` may now raise
`~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. `DeprecationWarning` if no event loop is running. This
This makes it more explicit what kind of security is provided, and avoids has significant impact on the patterns for initializing
confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. applications, and in particular invalidates patterns that
The old names remain supported as deprecated aliases. have long been the norm in Tornado's documentation and
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by actual usage. In the future (with some as-yet-unspecified
`~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain future version of Python), the old APIs will be
arguments to be passed the same way in which it was set. removed. The new recommended pattern is to start the event
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments loop with `asyncio.run`. More detailed migration guides
for the same reason as ``clear_cookie``. However, since the requirements will be coming in the future.
for additional arguments mean that it cannot reliably clear all cookies, - The `.IOLoop` constructor is deprecated unless
this method is now deprecated. the ``make_current=False`` argument is used. Use
`.IOLoop.current` when the loop is already running
``tornado.websocket`` instead.
~~~~~~~~~~~~~~~~~~~~~ - `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are
deprecated. Use `unittest.IsolatedAsyncioTestCase`
- It is now much faster (no longer quadratic) to receive large messages that instead.
have been split into many fragments. - Multi-process `.TCPServer.bind`/`.TCPServer.start`
- `.websocket_connect` now accepts a ``resolver`` parameter. is deprecated. See `.TCPServer` docs for supported
alternatives.
``tornado.wsgi`` - `.AnyThreadEventLoopPolicy` is deprecated. This class
~~~~~~~~~~~~~~~~ controls the creation of the "current" event loop so it
will be removed when that concept is no longer supported.
- `.WSGIContainer` now accepts an ``executor`` parameter which can be used - `.IOLoop.make_current` and `.IOLoop.clear_current` are
to run the WSGI application on a thread pool. deprecated. In the future the concept of a "current"
event loop as distinct from one that is currently running
will be removed.
- ``TwistedResolver`` and ``CaresResolver`` are deprecated
What's new in Tornado 6.2.0 and will be removed in Tornado 7.0.
----------- - General changes
- The minimum supported Python version is now 3.7.
Deprecation notice - Wheels are now published with the Python stable ABI
~~~~~~~~~~~~~~~~~~ (``abi3``) for compatibility across versions of Python.
- SSL certificate verfication and hostname checks are now
- Python 3.10 has begun the process of significant changes to the APIs for enabled by default in more places (primarily in client-side
managing the event loop. Calls to methods such as `asyncio.get_event_loop` may usage of `.SSLIOStream`).
now raise `DeprecationWarning` if no event loop is running. This has - Various improvements to type hints throughout the package.
significant impact on the patterns for initializing applications, and in - CI has moved from Travis and Appveyor to Github Actions.
particular invalidates patterns that have long been the norm in Tornado's - `tornado.gen`
documentation and actual usage. In the future (with some as-yet-unspecified - Fixed a bug in which ``WaitIterator.current_index`` could
future version of Python), the old APIs will be removed. The new recommended be incorrect.
pattern is to start the event loop with `asyncio.run`. More detailed migration - ``tornado.gen.TimeoutError``` is now an alias for
guides will be coming in the future. `asyncio.TimeoutError`.
- `tornado.http1connection`
- The `.IOLoop` constructor is deprecated unless the ``make_current=False`` - ``max_body_size`` may now be set to zero to disallow a
argument is used. Use `.IOLoop.current` when the loop is already running non-empty body.
instead. - ``Content-Encoding: gzip`` is now recognized
- `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are deprecated. Use case-insensitively.
`unittest.IsolatedAsyncioTestCase` instead. - `tornado.httpclient`
- Multi-process `.TCPServer.bind`/`.TCPServer.start` is deprecated. See - ``curl_httpclient`` now supports non-ASCII (ISO-8859-1)
`.TCPServer` docs for supported alternatives. header values, same as ``simple_httpclient``.
- `.AnyThreadEventLoopPolicy` is deprecated. This class controls the creation of - `tornado.ioloop`
the "current" event loop so it will be removed when that concept is no longer - `.PeriodicCallback` now understands coroutines and will not
supported. start multiple copies if a previous invocation runs too
- `.IOLoop.make_current` and `.IOLoop.clear_current` are deprecated. In the long.
future the concept of a "current" event loop as distinct from one that is - `.PeriodicCallback` now accepts `datetime.timedelta`
currently running will be removed. objects in addition to numbers of milliseconds.
- Avoid logging "Event loop is closed" during
- ``TwistedResolver`` and ``CaresResolver`` are deprecated and will be shutdown-related race conditions.
removed in Tornado 7.0. - Tornado no longer calls `logging.basicConfig` when starting
an IOLoop; this has been unnecessary since Python 3.2 added
General changes a logger of last resort.
~~~~~~~~~~~~~~~ - The `.IOLoop` constructor now accepts an ``asyncio_loop``
keyword argument to initialize with a specfied asyncio
- The minimum supported Python version is now 3.7. event loop.
- Wheels are now published with the Python stable ABI (``abi3``) for - It is now possible to construct an `.IOLoop` on one thread
compatibility across versions of Python. (with ``make_current=False``) and start it on a different
- SSL certificate verfication and hostname checks are now enabled by default in thread.
more places (primarily in client-side usage of `.SSLIOStream`). - `tornado.iostream`
- Various improvements to type hints throughout the package. - `.SSLIOStream` now supports reading more than 2GB at a
- CI has moved from Travis and Appveyor to Github Actions. time.
- ``IOStream.write`` now supports typed `memoryview` objects.
`tornado.gen` - `tornado.locale`
~~~~~~~~~~~~~ - `.load_gettext_translations` no longer logs errors when
language directories exist but do not contain the expected
- Fixed a bug in which ``WaitIterator.current_index`` could be incorrect. file.
- ``tornado.gen.TimeoutError``` is now an alias for `asyncio.TimeoutError`. - `tornado.netutil`
- `.is_valid_ip` no longer raises exceptions when the input
`tornado.http1connection` is too long.
~~~~~~~~~~~~~~~~~~~~~~~~~ - The default resolver now uses the same methods (and thread
pool) as `asyncio`.
- ``max_body_size`` may now be set to zero to disallow a non-empty body. - `tornado.tcpserver`
- ``Content-Encoding: gzip`` is now recognized case-insensitively. - `.TCPServer.listen` now supports more arguments to pass
through to `.netutil.bind_sockets`.
`tornado.httpclient` - `tornado.testing`
~~~~~~~~~~~~~~~~~~~~ - `.bind_unused_port` now takes an optional ``address``
argument.
- ``curl_httpclient`` now supports non-ASCII (ISO-8859-1) header values, same as - Wrapped test methods now include the ``__wrapped__``
``simple_httpclient``. attribute.
- `tornado.web`
`tornado.ioloop` - When using a custom `.StaticFileHandler` subclass, the
~~~~~~~~~~~~~~~~ ``reset()`` method is now called on this subclass instead
of the base class.
- `.PeriodicCallback` now understands coroutines and will not start multiple - Improved handling of the ``Accept-Language`` header.
copies if a previous invocation runs too long. - `.Application.listen` now supports more arguments to pass
- `.PeriodicCallback` now accepts `datetime.timedelta` objects in addition to through to `.netutil.bind_sockets`.
numbers of milliseconds. - `tornado.websocket`
- Avoid logging "Event loop is closed" during shutdown-related race conditions. - `.WebSocketClientConnection.write_message` now
- Tornado no longer calls `logging.basicConfig` when starting an IOLoop; this accepts `dict` arguments for consistency with
has been unnecessary since Python 3.2 added a logger of last resort. `.WebSocketHandler.write_message`.
- The `.IOLoop` constructor now accepts an ``asyncio_loop`` keyword argument to - `.WebSocketClientConnection.write_message` now raises
initialize with a specfied asyncio event loop. an exception as documented if the connection is already
- It is now possible to construct an `.IOLoop` on one thread (with closed.
``make_current=False``) and start it on a different thread. - Gave rpmlint a hug
- Remove upstreamed ignore-py310-deprecation-warnings.patch
`tornado.iostream`
~~~~~~~~~~~~~~~~~~
- `.SSLIOStream` now supports reading more than 2GB at a time.
- ``IOStream.write`` now supports typed `memoryview` objects.
`tornado.locale`
~~~~~~~~~~~~~~~~
- `.load_gettext_translations` no longer logs errors when language directories
exist but do not contain the expected file.
`tornado.netutil`
~~~~~~~~~~~~~~~~~
- `.is_valid_ip` no longer raises exceptions when the input is too long.
- The default resolver now uses the same methods (and thread pool) as `asyncio`.
`tornado.tcpserver`
~~~~~~~~~~~~~~~~~~~
- `.TCPServer.listen` now supports more arguments to pass through to
`.netutil.bind_sockets`.
`tornado.testing`
~~~~~~~~~~~~~~~~~
- `.bind_unused_port` now takes an optional ``address`` argument.
- Wrapped test methods now include the ``__wrapped__`` attribute.
`tornado.web`
~~~~~~~~~~~~~
- When using a custom `.StaticFileHandler` subclass, the ``reset()`` method is
now called on this subclass instead of the base class.
- Improved handling of the ``Accept-Language`` header.
- `.Application.listen` now supports more arguments to pass through to
`.netutil.bind_sockets`.
`tornado.websocket`
~~~~~~~~~~~~~~~~~~~
- `.WebSocketClientConnection.write_message` now accepts `dict` arguments for
consistency with `.WebSocketHandler.write_message`.
- `.WebSocketClientConnection.write_message` now raises an exception as
documented if the connection is already closed.
* Gave rpmlint a hug
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com> Fri Apr 21 12:37:44 UTC 2023 - Dirk Müller <dmueller@suse.com>