[meta-python,4/5] python3-tornado: Upgrade 6.4.1 -> 6.4.2

Message ID	20241125133204.31594-4-leon.anavi@konsulko.com
State	New
Headers	show Return-Path: <leon.anavi@konsulko.com> ip: 209.85.221.47, mailfrom: leon.anavi@konsulko.com) From: Leon Anavi <leon.anavi@konsulko.com> To: openembedded-devel@lists.openembedded.org Cc: Leon Anavi <leon.anavi@konsulko.com> Subject: [meta-python][PATCH 4/5] python3-tornado: Upgrade 6.4.1 -> 6.4.2 Date: Mon, 25 Nov 2024 15:32:03 +0200 Message-Id: <20241125133204.31594-4-leon.anavi@konsulko.com> In-Reply-To: <20241125133204.31594-1-leon.anavi@konsulko.com> References: <20241125133204.31594-1-leon.anavi@konsulko.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-python,1/5] python3-typeguard: Upgrade 4.3.0 -> 4.4.1 \| expand [meta-python,1/5] python3-typeguard: Upgrade 4.3.0 -> 4.4.1 [meta-python,2/5] python3-zeroconf: Upgrade 0.136.0 -> 0.136.2 [meta-python,3/5] python3-cloudpickle: Upgrade 3.0.0 -> 3.1.0 [meta-python,4/5] python3-tornado: Upgrade 6.4.1 -> 6.4.2 [meta-python,5/5] python3-fsspec: Upgrade 2024.9.0 -> 2024.10.0

Message ID

20241125133204.31594-4-leon.anavi@konsulko.com

State

New

Headers

From: Leon Anavi <leon.anavi@konsulko.com>
To: openembedded-devel@lists.openembedded.org
Cc: Leon Anavi <leon.anavi@konsulko.com>
Subject: [meta-python][PATCH 4/5] python3-tornado: Upgrade 6.4.1 -> 6.4.2
Date: Mon, 25 Nov 2024 15:32:03 +0200
Message-Id: <20241125133204.31594-4-leon.anavi@konsulko.com>
In-Reply-To: <20241125133204.31594-1-leon.anavi@konsulko.com>
References: <20241125133204.31594-1-leon.anavi@konsulko.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-python,1/5] python3-typeguard: Upgrade 4.3.0 -> 4.4.1 | expand

Commit Message

Leon Anavi Nov. 25, 2024, 1:32 p.m. UTC

Upgrade to release 6.4.2 which brings security improvements:

Parsing of the cookie header is now much more efficient. The older
algorithm sometimes had quadratic performance which allowed for a
denial-of-service attack in which the server would spend
excessive CPU time parsing cookies and block the event loop.
This change fixes CVE-2024-7592.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
---
 .../{python3-tornado_6.4.1.bb => python3-tornado_6.4.2.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-tornado_6.4.1.bb => python3-tornado_6.4.2.bb} (93%)

diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
similarity index 93%
rename from meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb
rename to meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
index b8f6752f28..751f32913a 100644
--- a/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb
+++ b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
@@ -6,7 +6,7 @@  HOMEPAGE = "http://www.tornadoweb.org/en/stable/"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRC_URI[sha256sum] = "92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9"
+SRC_URI[sha256sum] = "92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b"
 
 inherit pypi python_setuptools_build_meta

[meta-python,4/5] python3-tornado: Upgrade 6.4.1 -> 6.4.2

Commit Message

Patch