diff --git a/python-tornado6.changes b/python-tornado6.changes index db60ae6..923e9f7 100644 --- a/python-tornado6.changes +++ b/python-tornado6.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik + +- Update to 6.4.2: + + Security Improvements: + * Parsing of the cookie header is now much more efficient. The older + algorithm sometimes had quadratic performance which allowed for a + denial-of-service attack in which the server would spend excessive + CPU time parsing cookies and block the event loop. + (CVE-2024-52804, bsc#1233668) + ------------------------------------------------------------------- Wed Jul 31 09:32:23 UTC 2024 - Dominique Leuenberger diff --git a/python-tornado6.spec b/python-tornado6.spec index d2a6125..20425e7 100644 --- a/python-tornado6.spec +++ b/python-tornado6.spec @@ -17,9 +17,8 @@ %{?sle15_python_module_pythons} -%define skip_python2 1 Name: python-tornado6 -Version: 6.4.1 +Version: 6.4.2 Release: 0 Summary: Open source version of scalable, non-blocking web server that power FriendFeed License: Apache-2.0 @@ -104,6 +103,6 @@ export TRAVIS=1 %license LICENSE %doc %{_docdir}/%{python_prefix}-tornado6 %{python_sitearch}/tornado -%{python_sitearch}/tornado-%{version}*-info +%{python_sitearch}/tornado-%{version}.dist-info %changelog diff --git a/tornado-6.4.1.tar.gz b/tornado-6.4.1.tar.gz deleted file mode 100644 index 1f7aea0..0000000 --- a/tornado-6.4.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9 -size 500623 diff --git a/tornado-6.4.2.tar.gz b/tornado-6.4.2.tar.gz new file mode 100644 index 0000000..913eb6c --- /dev/null +++ b/tornado-6.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b +size 501135