linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb, branch whinlatterMirror of git.openembedded.org/meta-openembeddedhttps://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=whinlatter2024-11-25T16:25:02+00:00python3-tornado: Upgrade 6.4.1 -> 6.4.22024-11-25T16:25:02+00:00Leon Anavileon.anavi@konsulko.com2024-11-25T13:32:03+00:00urn:sha1:0166a17f2488e691d5334f46f5fa8ec93d990ae0
Upgrade to release 6.4.2 which brings security improvements:
Parsing of the cookie header is now much more efficient. The older
algorithm sometimes had quadratic performance which allowed for a
denial-of-service attack in which the server would spend
excessive CPU time parsing cookies and block the event loop.
This change fixes CVE-2024-7592.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-tornado: Switch to python_setuptools_build_meta2024-06-22T04:45:10+00:00Khem Rajraj.khem@gmail.com2024-06-22T04:43:09+00:00urn:sha1:f49e3532ed4decfa071be4819f1a120918ab1f10
Support has been there for few years now [1]
[1] https://github.com/tornadoweb/tornado/commit/e71fb6e616e08838df55dddb494c96a80454f812
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-tornado: Upgrade 6.4 -> 6.4.12024-06-21T02:25:52+00:00Leon Anavileon.anavi@konsulko.com2024-06-19T12:20:18+00:00urn:sha1:fbff6a757db41a13eb09475e495872d349bba480
Upgrade to version 6.4.1:
- Parsing of the Transfer-Encoding header is now stricter.
- Handling of whitespace in headers now matches the RFC more
closely. Only space and tab characters are treated as whitespace
and stripped from the beginning and end of header values.
- tornado.curl_httpclient now prohibits carriage return and
linefeed headers in HTTP headers.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>