[pkgsrc/trunk]: pkgsrc/www/py-tornado Updated to version 3.2.1

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/py-tornado Updated to version 3.2.1
From: imil <imil%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 15:50:28 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/fae2bdeba6b9
branches:  trunk
changeset: 634262:fae2bdeba6b9
user:      imil <imil%pkgsrc.org@localhost>
date:      Tue May 13 13:20:58 2014 +0000

description:
Updated to version 3.2.1

Security fixes

    The signed-value format used by RequestHandler.set_secure_cookie and
    RequestHandler.get_secure_cookie has changed to be more secure. This is a
    disruptive change. The secure_cookie functions take new version parameters
    to support transitions between cookie formats.
    The new cookie format fixes a vulnerability that may be present in
    applications that use multiple cookies where the name of one cookie is a
    prefix of the name of another.
    To minimize disruption, cookies in the older format will be accepted by
    default until they expire. Applications that may be vulnerable can reject
    all cookies in the older format by passing min_version=2 to
    RequestHandler.get_secure_cookie.
    Thanks to Joost Pol of Certified Secure for reporting this issue.

Backwards-compatibility notes

    Signed cookies issued by RequestHandler.set_secure_cookie in Tornado 3.2.1
    cannot be read by older releases. If you need to run 3.2.1 in parallel with
    older releases, you can pass version=1 to RequestHandler.set_secure_cookie
    to issue cookies that are backwards-compatible (but have a known weakness,
    so this option should only be used for a transitional period).

Other changes

    The C extension used to speed up the websocket module now compiles
    correctly on Windows with MSVC and 64-bit mode. The fallback to the
    pure-Python alternative now works correctly on Mac OS X machines with no C
    compiler installed.

diffstat:

 www/py-tornado/Makefile |  4 ++--
 www/py-tornado/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (25 lines):

diff -r 27da0b1bf223 -r fae2bdeba6b9 www/py-tornado/Makefile
--- a/www/py-tornado/Makefile   Tue May 13 12:34:54 2014 +0000
+++ b/www/py-tornado/Makefile   Tue May 13 13:20:58 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2014/01/27 19:58:50 wiz Exp $
+# $NetBSD: Makefile,v 1.5 2014/05/13 13:20:58 imil Exp $
 
-DISTNAME=      tornado-3.2
+DISTNAME=      tornado-3.2.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www
 MASTER_SITES=  http://pypi.python.org/packages/source/t/tornado/
diff -r 27da0b1bf223 -r fae2bdeba6b9 www/py-tornado/distinfo
--- a/www/py-tornado/distinfo   Tue May 13 12:34:54 2014 +0000
+++ b/www/py-tornado/distinfo   Tue May 13 13:20:58 2014 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.3 2014/01/27 19:58:33 wiz Exp $
+$NetBSD: distinfo,v 1.4 2014/05/13 13:20:58 imil Exp $
 
-SHA1 (tornado-3.2.tar.gz) = c3bba1d2ec92139450da22377bb1a620a51d2e1a
-RMD160 (tornado-3.2.tar.gz) = 84b79d15b9a6750ae757a8e59feb94403016cbab
-Size (tornado-3.2.tar.gz) = 400403 bytes
+SHA1 (tornado-3.2.1.tar.gz) = ac94eb6202283b410d9c2a996e02a17711bf4231
+RMD160 (tornado-3.2.1.tar.gz) = 81016e74a17ee2aea40432128569693ced17b616
+Size (tornado-3.2.1.tar.gz) = 403419 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/ruby-railties32 Update devel/ruby-railties32 to ...
Next by Date: [pkgsrc/trunk]: pkgsrc/lang/gcc44 Add a comment to patches/patch-ac
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/ruby-railties32 Update devel/ruby-railties32 to ...
Next by Thread: [pkgsrc/trunk]: pkgsrc/lang/gcc44 Add a comment to patches/patch-ac
Indexes:

Home | Main Index | Thread Index | Old Index