- Update to 6.4.2:

+ Security Improvements:
    * Parsing of the cookie header is now much more efficient. The older
      algorithm sometimes had quadratic performance which allowed for a
      denial-of-service attack in which the server would spend excessive
      CPU time parsing cookies and block the event loop.
      (CVE-2024-52804, bsc#1233668)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-tornado6?expand=0&rev=44

python-tornado6.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Nov 25 03:19:20 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 6.4.2: 
+  + Security Improvements:
+    * Parsing of the cookie header is now much more efficient. The older
+      algorithm sometimes had quadratic performance which allowed for a
+      denial-of-service attack in which the server would spend excessive
+      CPU time parsing cookies and block the event loop.
+      (CVE-2024-52804, bsc#1233668)
+
 -------------------------------------------------------------------
 Wed Jul 31 09:32:23 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 

python-tornado6.spec

@@ -17,9 +17,8 @@
 
 
 %{?sle15_python_module_pythons}
-%define         skip_python2 1
 Name:           python-tornado6
-Version:        6.4.1
+Version:        6.4.2
 Release:        0
 Summary:        Open source version of scalable, non-blocking web server that power FriendFeed
 License:        Apache-2.0
@@ -104,6 +103,6 @@ export TRAVIS=1
 %license LICENSE
 %doc %{_docdir}/%{python_prefix}-tornado6
 %{python_sitearch}/tornado
-%{python_sitearch}/tornado-%{version}*-info
+%{python_sitearch}/tornado-%{version}.dist-info
 
 %changelog

tornado-6.4.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9
-size 500623