Log message:
py-tornado: updated to 6.4

What's new in Tornado 6.4.0
===========================

Nov 28, 2023
------------

General Changes
~~~~~~~~~~~~~~~

- Python 3.12 is now supported. Older versions of Tornado will work on Python \ 
3.12 but may log
  deprecation warnings.

Deprecation Notices
~~~~~~~~~~~~~~~~~~~

- `.IOLoop.add_callback_from_signal` is suspected to have been broken since \ 
Tornado 5.0 and will be
  removed in version 7.0.  Use `asyncio.loop.add_signal_handler` instead.
- The ``client_secret`` argument to `.OAuth2Mixin.authorize_redirect` is \ 
deprecated and will be
  removed in Tornado 7.0. This argument has never been used and other similar \ 
methods in this module
  don't have it.
- `.TwitterMixin` is deprecated and will be removed in the future.

``tornado.auth``
~~~~~~~~~~~~~~~~

- The ``client_secret`` argument to `.OAuth2Mixin.authorize_redirect` is \ 
deprecated and will be
  removed in Tornado 7.0. This argument has never been used and other similar \ 
methods in this module
  don't have it.
- `.TwitterMixin` is deprecated and will be removed in the future.

``tornado.autoreload``
~~~~~~~~~~~~~~~~~~~~~~

- Autoreload can now be used when the program is run as a directory rather than \ 
a file or module.
- New CLI flag ``--until-success`` re-runs the program on any failure but stops \ 
after the first
  successful run.

``tornado.concurrent``
~~~~~~~~~~~~~~~~~~~~~~

- Fixed reference cycles that could lead to increased memory usage.

``tornado.escape``
~~~~~~~~~~~~~~~~~~

- Several methods in this module now simply pass through to their equivalents in \ 
the standard
  library.

``tornado.gen``
~~~~~~~~~~~~~~~

- This module now holds a strong reference to all running `asyncio.Task` objects \ 
it creates. This
  prevents premature garbage collection which could cause warnings like \ 
"Task was destroyed but it
  is pending!".

``tornado.ioloop``
~~~~~~~~~~~~~~~~~~

- `.IOLoop.add_callback_from_signal` is suspected to have been broken since \ 
Tornado 5.0 and will be
  removed in version 7.0.  Use `asyncio.loop.add_signal_handler` instead.
- The type annotation for `.IOLoop.run_in_executor` has been updated to match \ 
the updated signature
  of `asyncio.loop.run_in_executor`.
- Fixed reference cycles that could lead to increased memory usage.

``tornado.locale``
~~~~~~~~~~~~~~~~~~

- `.format_timestamp` now supports "aware" datetime objects.

``tornado.platform.asyncio``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- The shutdown protocol for `.AddThreadSelectorEventLoop` now requires the use \ 
of `asyncio.run` or
  `asyncio.loop.shutdown_asyncgens` to avoid leaking the thread.
- Introduced `.SelectorThread` class containing the core functionality of
  `.AddThreadSelectorEventLoop`.
- The ``close()`` method of `.AddThreadSelectorEventLoop` is now idempotent.

``tornado.web``
~~~~~~~~~~~~~~~

- `.StaticFileHandler.get_modified_time` now supports "aware" datetime \ 
objects and the default
  implementation now returns aware objects.

``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~

- Unclosed client connections now reliably log a warning. Previously the warning \ 
was dependent on
  garbage collection and whether the ``ping_interval`` option was used.
- The ``subprotocols`` argument to `.WebSocketClientConnection` now defaults to \ 
None instead of an
  empty list (which was mutable and reused)

Log message:
py-tornado: updated to 6.3.3

What's new in Tornado 6.3.3

Security improvements

- The ``Content-Length`` header and ``chunked`` ``Transfer-Encoding`` sizes are \ 
now parsed
  more strictly (according to the relevant RFCs) to avoid potential request-smuggling
  vulnerabilities when deployed behind certain proxies.

Log message:
py-tornado: updated to 6.3.2

What's new in Tornado 6.3.2
===========================

Security improvements

- Fixed an open redirect vulnerability in StaticFileHandler under certain
  configurations.

Log message:
py-tornado: updated to 6.3.1

What's new in Tornado 6.3.1
===========================

Apr 21, 2023
------------

``tornado.web``
~~~~~~~~~~~~~~~

- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments
  for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase
  arguments will be accepted.

What's new in Tornado 6.3.0
===========================

Apr 17, 2023
------------

Highlights
~~~~~~~~~~

- The new `.Application` setting ``xsrf_cookie_name`` can now be used to
  take advantage of the ``__Host`` cookie prefix for improved security.
  To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", \ 
"xsrf_cookie_kwargs":
  {"secure": True}}`` to your `.Application` settings. Note that this \ 
feature
  currently only works when HTTPS is used.
- `.WSGIContainer` now supports running the application in a \ 
``ThreadPoolExecutor`` so
  the event loop is no longer blocked.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- WebSockets are now much faster at receiving large messages split into many
  fragments.

General changes
~~~~~~~~~~~~~~~

- Python 3.7 is no longer supported; the minimum supported Python version is 3.8.
  Python 3.12 is now supported.
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade
  to at least version 3.10.9, and users of Python 3.11 should upgrade to at least
  version 3.11.1.
- Tornado submodules are now imported automatically on demand. This means it is
  now possible to use a single ``import tornado`` statement and refer to objects
  in submodules such as `tornado.web.RequestHandler`.

Deprecation notices
~~~~~~~~~~~~~~~~~~~

- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING``
  and above regardless of the current logging configuration, unless the
  ``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for
  `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie`
  is now a deprecated alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement
  is provided; `.RequestHandler.clear_cookie` should be used on individual
  cookies.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was
  deprecated in Tornado 6.2, is no longer deprecated.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.

``tornado.auth``
~~~~~~~~~~~~~~~~

- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden
  to get credentials from a source other than the `.Application` settings.

``tornado.gen``
~~~~~~~~~~~~~~~

- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine.

``tornado.options``
~~~~~~~~~~~~~~~~~~~

- `~.OptionParser.parse_config_file` now recognizes single comma-separated \ 
strings (in addition to
  lists of strings) for options with ``multiple=True``.

``tornado.web``
~~~~~~~~~~~~~~~

- New `.Application` setting ``xsrf_cookie_name`` can be used to change the
  name of the XSRF cookie. This is most useful to take advantage of the
  ``__Host-`` cookie prefix.
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie`
  (and related methods and attributes) have been renamed to
  `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`.
  This makes it more explicit what kind of security is provided, and avoids
  confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix.
  The old names remain supported as deprecated aliases.
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by
  `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain
  arguments to be passed the same way in which it was set.
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments
  for the same reason as ``clear_cookie``. However, since the requirements
  for additional arguments mean that it cannot reliably clear all cookies,
  this method is now deprecated.

``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~

- It is now much faster (no longer quadratic) to receive large messages that
  have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.

``tornado.wsgi``
~~~~~~~~~~~~~~~~

- `.WSGIContainer` now accepts an ``executor`` parameter which can be used
  to run the WSGI application on a thread pool.

Log message:
py-tornado: updated to 6.2

What's new in Tornado 6.2.0
===========================

Jul 3, 2022
-----------

Deprecation notice
~~~~~~~~~~~~~~~~~~

- Python 3.10 has begun the process of significant changes to the APIs for
  managing the event loop. Calls to methods such as `asyncio.get_event_loop` may
  now raise `DeprecationWarning` if no event loop is running. This has
  significant impact on the patterns for initializing applications, and in
  particular invalidates patterns that have long been the norm in Tornado's
  documentation and actual usage. In the future (with some as-yet-unspecified
  future version of Python), the old APIs will be removed. The new recommended
  pattern is to start the event loop with `asyncio.run`. More detailed migration
  guides will be coming in the future.

  - The `.IOLoop` constructor is deprecated unless the ``make_current=False``
    argument is used. Use `.IOLoop.current` when the loop is already running
    instead.
  - `.AsyncTestCase` (and `.AsyncHTTPTestCase`) are deprecated. Use
    `unittest.IsolatedAsyncioTestCase` instead.
  - Multi-process `.TCPServer.bind`/`.TCPServer.start` is deprecated. See
    `.TCPServer` docs for supported alternatives.
  - `.AnyThreadEventLoopPolicy` is deprecated. This class controls the creation of
    the "current" event loop so it will be removed when that concept \ 
is no longer
    supported.
  - `.IOLoop.make_current` and `.IOLoop.clear_current` are deprecated. In the
    future the concept of a "current" event loop as distinct from one \ 
that is
    currently running will be removed.

- ``TwistedResolver`` and ``CaresResolver`` are deprecated and will be
  removed in Tornado 7.0.

General changes
~~~~~~~~~~~~~~~

- The minimum supported Python version is now 3.7.
- Wheels are now published with the Python stable ABI (``abi3``) for
  compatibility across versions of Python.
- SSL certificate verfication and hostname checks are now enabled by default in
  more places (primarily in client-side usage of `.SSLIOStream`).
- Various improvements to type hints throughout the package.
- CI has moved from Travis and Appveyor to Github Actions.

`tornado.gen`
~~~~~~~~~~~~~

- Fixed a bug in which ``WaitIterator.current_index`` could be incorrect.
- ``tornado.gen.TimeoutError``` is now an alias for `asyncio.TimeoutError`.

`tornado.http1connection`
~~~~~~~~~~~~~~~~~~~~~~~~~

- ``max_body_size`` may now be set to zero to disallow a non-empty body.
- ``Content-Encoding: gzip`` is now recognized case-insensitively.

`tornado.httpclient`
~~~~~~~~~~~~~~~~~~~~

- ``curl_httpclient`` now supports non-ASCII (ISO-8859-1) header values, same as
  ``simple_httpclient``.

`tornado.ioloop`
~~~~~~~~~~~~~~~~

- `.PeriodicCallback` now understands coroutines and will not start multiple
  copies if a previous invocation runs too long.
- `.PeriodicCallback` now accepts `datetime.timedelta` objects in addition to
  numbers of milliseconds.
- Avoid logging "Event loop is closed" during shutdown-related race \ 
conditions.
- Tornado no longer calls `logging.basicConfig` when starting an IOLoop; this
  has been unnecessary since Python 3.2 added a logger of last resort.
- The `.IOLoop` constructor now accepts an ``asyncio_loop`` keyword argument to
  initialize with a specfied asyncio event loop.
- It is now possible to construct an `.IOLoop` on one thread (with
  ``make_current=False``) and start it on a different thread.

`tornado.iostream`
~~~~~~~~~~~~~~~~~~

- `.SSLIOStream` now supports reading more than 2GB at a time.
- ``IOStream.write`` now supports typed `memoryview` objects.

`tornado.locale`
~~~~~~~~~~~~~~~~

- `.load_gettext_translations` no longer logs errors when language directories
  exist but do not contain the expected file.

`tornado.netutil`
~~~~~~~~~~~~~~~~~

- `.is_valid_ip` no longer raises exceptions when the input is too long.
- The default resolver now uses the same methods (and thread pool) as `asyncio`.

`tornado.tcpserver`
~~~~~~~~~~~~~~~~~~~

- `.TCPServer.listen` now supports more arguments to pass through to
  `.netutil.bind_sockets`.

`tornado.testing`
~~~~~~~~~~~~~~~~~

- `.bind_unused_port` now takes an optional ``address`` argument.
- Wrapped test methods now include the ``__wrapped__`` attribute.

`tornado.web`
~~~~~~~~~~~~~

- When using a custom `.StaticFileHandler` subclass, the ``reset()`` method is
  now called on this subclass instead of the base class.
- Improved handling of the ``Accept-Language`` header.
- `.Application.listen` now supports more arguments to pass through to
  `.netutil.bind_sockets`.

`tornado.websocket`
~~~~~~~~~~~~~~~~~~~

- `.WebSocketClientConnection.write_message` now accepts `dict` arguments for
  consistency with `.WebSocketHandler.write_message`.
- `.WebSocketClientConnection.write_message` now raises an exception as
  documented if the connection is already closed.

Log message:
py-tornado: updated to 6.1

What’s new in Tornado 6.1.0

Oct 30, 2020

Deprecation notice

This is the last release of Tornado to support Python 3.5. Future versions will \ 
require Python 3.6 or newer.
General changes

Windows support has been improved. Tornado is now compatible with the proactor \ 
event loop (which became the default in Python 3.8) by automatically falling \ 
back to running a selector in a second thread. This means that it is no longer \ 
necessary to explicitly configure a selector event loop, although doing so may \ 
improve performance. This does not change the fact that Tornado is significantly \ 
less scalable on Windows than on other platforms.
Binary wheels are now provided for Windows, MacOS, and Linux (amd64 and arm64).
tornado.gen

coroutine now has better support for the Python 3.7+ contextvars module. In \ 
particular, the ContextVar.reset method is now supported.
tornado.http1connection

HEAD requests to handlers that used chunked encoding no longer produce malformed \ 
output.
Certain kinds of malformed gzip data no longer cause an infinite loop.
tornado.httpclient

Setting decompress_response=False now works correctly with curl_httpclient.
Mixing requests with and without proxies works correctly in curl_httpclient \ 
(assuming the version of pycurl is recent enough).
A default User-Agent of Tornado/$VERSION is now used if the user_agent parameter \ 
is not specified.
After a 303 redirect, tornado.simple_httpclient always uses GET. Previously this \ 
would use GET if the original request was a POST and would otherwise reuse the \ 
original request method. For curl_httpclient, the behavior depends on the \ 
version of libcurl (with the most recent versions using GET after 303 regardless \ 
of the original method).
Setting request_timeout and/or connect_timeout to zero is now supported to \ 
disable the timeout.
tornado.httputil

Header parsing is now faster.
parse_body_arguments now accepts incompletely-escaped non-ASCII inputs.
tornado.iostream

ssl.CertificateError during the SSL handshake is now handled correctly.
Reads that are resolved while the stream is closing are now handled correctly.
tornado.log

When colored logging is enabled, logging.CRITICAL messages are now recognized \ 
and colored magenta.
tornado.netutil

EADDRNOTAVAIL is now ignored when binding to localhost with IPv6. This error is \ 
common in docker.
tornado.platform.asyncio

AnyThreadEventLoopPolicy now also configures a selector event loop for these \ 
threads (the proactor event loop only works on the main thread)
tornado.platform.auto

The set_close_exec function has been removed.
tornado.testing

ExpectLog now has a level argument to ensure that the given log level is enabled.
tornado.web

RedirectHandler.get now accepts keyword arguments.
When sending 304 responses, more headers (including Allow) are now preserved.
reverse_url correctly handles escaped characters in the regex route.
Default Etag headers are now generated with SHA-512 instead of MD5.
tornado.websocket

The ping_interval timer is now stopped when the connection is closed.
websocket_connect now raises an error when it encounters a redirect instead of \ 
hanging.

For older versions look here: https://www.tornadoweb.org/en/stable/releases.html

Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS

Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz