CVS commit: pkgsrc/www/py-tornado

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-tornado
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Thu, 28 May 2026 11:51:53 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu May 28 11:51:53 UTC 2026

Modified Files:
        pkgsrc/www/py-tornado: Makefile distinfo

Log Message:
py-tornado: updated to 6.5.6

6.5.6

Security fixes

SimpleAsyncHTTPClient now strips the Authorization and Cookie headers from the request when following a redirect to a different origin. This matches the default behavior of CurlAsyncHTTPClient. 
Applications that need different behavior here can set follow_redirects=False and handle redirects manually. Thanks to [Yannick Wang](https://github.com/noobone123) for being first to report this 
issue, as well as additional reporters [Kai Aizen](https://github.com/SnailSploit), [HunSec](https://github.com/0xHunSec), and [Thai Son Dinh](https://github.com/sondt99).
SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size of the response, rather than the compressed size. This prevents a denial-of-service attack via a very large compressed 
response. Thanks to [Yuichiro Kedashiro](https://github.com/yuui25) for reporting this issue.
Fixed a bug in the C extension that could have read up to three bytes past the end of an input array. Thanks to [Thai Son Dinh](https://github.com/sondt99) for reporting this issue.
OpenIDMixin has improved parsing for the check_authentication response. Thanks to [Yannick Wang](https://github.com/noobone123) for reporting this issue.

Bug fixes

CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding deprecation warnings with recent versions of pycurl.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/py-tornado/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/py-tornado/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-tornado/Makefile
diff -u pkgsrc/www/py-tornado/Makefile:1.47 pkgsrc/www/py-tornado/Makefile:1.48
--- pkgsrc/www/py-tornado/Makefile:1.47 Wed Mar 11 10:09:06 2026
+++ pkgsrc/www/py-tornado/Makefile      Thu May 28 11:51:53 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.47 2026/03/11 10:09:06 adam Exp $
+# $NetBSD: Makefile,v 1.48 2026/05/28 11:51:53 adam Exp $
 
-DISTNAME=      tornado-6.5.5
+DISTNAME=      tornado-6.5.6
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=t/tornado/}

Index: pkgsrc/www/py-tornado/distinfo
diff -u pkgsrc/www/py-tornado/distinfo:1.35 pkgsrc/www/py-tornado/distinfo:1.36
--- pkgsrc/www/py-tornado/distinfo:1.35 Wed Mar 11 10:09:06 2026
+++ pkgsrc/www/py-tornado/distinfo      Thu May 28 11:51:53 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.35 2026/03/11 10:09:06 adam Exp $
+$NetBSD: distinfo,v 1.36 2026/05/28 11:51:53 adam Exp $
 
-BLAKE2s (tornado-6.5.5.tar.gz) = 684a670ae7024e744338b0f9de6c9c9f82d939cec873a3641f7b8d47d0929973
-SHA512 (tornado-6.5.5.tar.gz) = fbf1e4f74920e8d9a17663e75ff39c34dbefefd0e3df692716d01abae0e1747578e0a59c174591f8f03980702f18a0c935105840953cd3f7ef2c200e9f3cf491
-Size (tornado-6.5.5.tar.gz) = 516006 bytes
+BLAKE2s (tornado-6.5.6.tar.gz) = 90451f63dd9805a810c9c861b33ce43000d73fca5973a84a4cf51c6ad49fa913
+SHA512 (tornado-6.5.6.tar.gz) = 7618d73a0bab94f91624ad9279368e0f4ec87de6139cfc9c0efff491eeced4d57310422754c629e5ea58a3c86902f8916ebe0f0989d509c56333680ac6a2bb03
+Size (tornado-6.5.6.tar.gz) = 518139 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/textproc/py-sphinx-issues
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/textproc/py-sphinx-issues
Indexes:

Home | Main Index | Thread Index | Old Index