CVS commit: pkgsrc/www/py-tornado

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Mar 11 10:09:06 UTC 2026

Modified Files:
        pkgsrc/www/py-tornado: Makefile distinfo

Log Message:
py-tornado: updated to 6.5.5

What's new in Tornado 6.5.5

Security fixes

- ``multipart/form-data`` requests are now limited to 100 parts by default, to prevent a
  denial-of-service attack via very large requests with many parts. This limit is configurable
  via `tornado.httputil.ParseMultipartConfig`. Multipart parsing can also be disabled completely
  if not required for the application. Thanks to [0x-Apollyon](https://github.com/0x-Apollyon) and
  [bekkaze](https://github.com/bekkaze) for reporting this issue.
- The ``domain``, ``path``, and ``samesite`` arguments to `.RequestHandler.set_cookie` are now
  validated for illegal characters, which could be abused to inject other attributes on the cookie.
  Thanks to Dhiral Vyas (Praetorian) for reporting this issue.
- Carriage return characters are no longer accepted in ``multipart/form-data`` headers. Thanks to
  [sergeykochanov](https://github.com/sergeykochanov) for reporting this issue.


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/py-tornado/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/py-tornado/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-tornado/Makefile
diff -u pkgsrc/www/py-tornado/Makefile:1.46 pkgsrc/www/py-tornado/Makefile:1.47
--- pkgsrc/www/py-tornado/Makefile:1.46 Mon Dec 22 09:05:53 2025
+++ pkgsrc/www/py-tornado/Makefile      Wed Mar 11 10:09:06 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.46 2025/12/22 09:05:53 adam Exp $
+# $NetBSD: Makefile,v 1.47 2026/03/11 10:09:06 adam Exp $
 
-DISTNAME=      tornado-6.5.4
+DISTNAME=      tornado-6.5.5
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=t/tornado/}

Index: pkgsrc/www/py-tornado/distinfo
diff -u pkgsrc/www/py-tornado/distinfo:1.34 pkgsrc/www/py-tornado/distinfo:1.35
--- pkgsrc/www/py-tornado/distinfo:1.34 Mon Dec 22 09:05:53 2025
+++ pkgsrc/www/py-tornado/distinfo      Wed Mar 11 10:09:06 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.34 2025/12/22 09:05:53 adam Exp $
+$NetBSD: distinfo,v 1.35 2026/03/11 10:09:06 adam Exp $
 
-BLAKE2s (tornado-6.5.4.tar.gz) = c154a559afde05a2e6fa1f178731b0d45aefb51dc183137ba18fd1e4b25cb015
-SHA512 (tornado-6.5.4.tar.gz) = 29e743a424d948ceed95f5ae1830156cd26344606665061d508f5c6b0ba7902c71bd891081171aaaa498838c7ed9c195d7555e92a60fade09e1464bca4a835cc
-Size (tornado-6.5.4.tar.gz) = 513632 bytes
+BLAKE2s (tornado-6.5.5.tar.gz) = 684a670ae7024e744338b0f9de6c9c9f82d939cec873a3641f7b8d47d0929973
+SHA512 (tornado-6.5.5.tar.gz) = fbf1e4f74920e8d9a17663e75ff39c34dbefefd0e3df692716d01abae0e1747578e0a59c174591f8f03980702f18a0c935105840953cd3f7ef2c200e9f3cf491
+Size (tornado-6.5.5.tar.gz) = 516006 bytes