Log message:
lang/python and a number of python packages: re-do atomic64.mk issue.

Evidently, python 3.13 brought in the need to support 64-bit atomics.
This means that python extension packages built with C needs to
use mk/atomic64.mk to make -latomic available on the required 32-bit
ports.  Sadly, there is no reliable way to detect in the .mk files
whether the package is using C (or C++), so this change adds an
unconditional include of mk/atomic64.mk when the python version is
equal to or larger than 3.13 for packages using egg.mk or wheel.mk.

This undoes the individual package Makefile inclusions of mk/atomic64.mk
that I've added over the last few days.

Log message:
www/py-tornado: use atomic64.mk to fix build on macppc w/python3.13.

Log message:
py-tornado: updated to 6.4.2

What's new in Tornado 6.4.2

Security Improvements

- Parsing of the cookie header is now much more efficient. The older algorithm \ 
sometimes had
  quadratic performance which allowed for a denial-of-service attack in which \ 
the server would spend
  excessive CPU time parsing cookies and block the event loop. This change fixes \ 
CVE-2024-7592.

Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays

Log message:
py-tornado: updated to 6.4

What's new in Tornado 6.4.0
===========================

Nov 28, 2023
------------

General Changes
~~~~~~~~~~~~~~~

- Python 3.12 is now supported. Older versions of Tornado will work on Python \ 
3.12 but may log
  deprecation warnings.

Deprecation Notices
~~~~~~~~~~~~~~~~~~~

- `.IOLoop.add_callback_from_signal` is suspected to have been broken since \ 
Tornado 5.0 and will be
  removed in version 7.0.  Use `asyncio.loop.add_signal_handler` instead.
- The ``client_secret`` argument to `.OAuth2Mixin.authorize_redirect` is \ 
deprecated and will be
  removed in Tornado 7.0. This argument has never been used and other similar \ 
methods in this module
  don't have it.
- `.TwitterMixin` is deprecated and will be removed in the future.

``tornado.auth``
~~~~~~~~~~~~~~~~

- The ``client_secret`` argument to `.OAuth2Mixin.authorize_redirect` is \ 
deprecated and will be
  removed in Tornado 7.0. This argument has never been used and other similar \ 
methods in this module
  don't have it.
- `.TwitterMixin` is deprecated and will be removed in the future.

``tornado.autoreload``
~~~~~~~~~~~~~~~~~~~~~~

- Autoreload can now be used when the program is run as a directory rather than \ 
a file or module.
- New CLI flag ``--until-success`` re-runs the program on any failure but stops \ 
after the first
  successful run.

``tornado.concurrent``
~~~~~~~~~~~~~~~~~~~~~~

- Fixed reference cycles that could lead to increased memory usage.

``tornado.escape``
~~~~~~~~~~~~~~~~~~

- Several methods in this module now simply pass through to their equivalents in \ 
the standard
  library.

``tornado.gen``
~~~~~~~~~~~~~~~

- This module now holds a strong reference to all running `asyncio.Task` objects \ 
it creates. This
  prevents premature garbage collection which could cause warnings like \ 
"Task was destroyed but it
  is pending!".

``tornado.ioloop``
~~~~~~~~~~~~~~~~~~

- `.IOLoop.add_callback_from_signal` is suspected to have been broken since \ 
Tornado 5.0 and will be
  removed in version 7.0.  Use `asyncio.loop.add_signal_handler` instead.
- The type annotation for `.IOLoop.run_in_executor` has been updated to match \ 
the updated signature
  of `asyncio.loop.run_in_executor`.
- Fixed reference cycles that could lead to increased memory usage.

``tornado.locale``
~~~~~~~~~~~~~~~~~~

- `.format_timestamp` now supports "aware" datetime objects.

``tornado.platform.asyncio``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- The shutdown protocol for `.AddThreadSelectorEventLoop` now requires the use \ 
of `asyncio.run` or
  `asyncio.loop.shutdown_asyncgens` to avoid leaking the thread.
- Introduced `.SelectorThread` class containing the core functionality of
  `.AddThreadSelectorEventLoop`.
- The ``close()`` method of `.AddThreadSelectorEventLoop` is now idempotent.

``tornado.web``
~~~~~~~~~~~~~~~

- `.StaticFileHandler.get_modified_time` now supports "aware" datetime \ 
objects and the default
  implementation now returns aware objects.

``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~

- Unclosed client connections now reliably log a warning. Previously the warning \ 
was dependent on
  garbage collection and whether the ``ping_interval`` option was used.
- The ``subprotocols`` argument to `.WebSocketClientConnection` now defaults to \ 
None instead of an
  empty list (which was mutable and reused)

Log message:
py-tornado: updated to 6.3.3

What's new in Tornado 6.3.3

Security improvements

- The ``Content-Length`` header and ``chunked`` ``Transfer-Encoding`` sizes are \ 
now parsed
  more strictly (according to the relevant RFCs) to avoid potential request-smuggling
  vulnerabilities when deployed behind certain proxies.

Log message:
py-tornado: updated to 6.3.2

What's new in Tornado 6.3.2
===========================

Security improvements

- Fixed an open redirect vulnerability in StaticFileHandler under certain
  configurations.

Log message:
py-tornado: updated to 6.3.1

What's new in Tornado 6.3.1
===========================

Apr 21, 2023
------------

``tornado.web``
~~~~~~~~~~~~~~~

- `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments
  for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase
  arguments will be accepted.

What's new in Tornado 6.3.0
===========================

Apr 17, 2023
------------

Highlights
~~~~~~~~~~

- The new `.Application` setting ``xsrf_cookie_name`` can now be used to
  take advantage of the ``__Host`` cookie prefix for improved security.
  To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", \ 
"xsrf_cookie_kwargs":
  {"secure": True}}`` to your `.Application` settings. Note that this \ 
feature
  currently only works when HTTPS is used.
- `.WSGIContainer` now supports running the application in a \ 
``ThreadPoolExecutor`` so
  the event loop is no longer blocked.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- WebSockets are now much faster at receiving large messages split into many
  fragments.

General changes
~~~~~~~~~~~~~~~

- Python 3.7 is no longer supported; the minimum supported Python version is 3.8.
  Python 3.12 is now supported.
- To avoid spurious deprecation warnings, users of Python 3.10 should upgrade
  to at least version 3.10.9, and users of Python 3.11 should upgrade to at least
  version 3.11.1.
- Tornado submodules are now imported automatically on demand. This means it is
  now possible to use a single ``import tornado`` statement and refer to objects
  in submodules such as `tornado.web.RequestHandler`.

Deprecation notices
~~~~~~~~~~~~~~~~~~~

- In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING``
  and above regardless of the current logging configuration, unless the
  ``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated alias for
  `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie`
  is now a deprecated alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement
  is provided; `.RequestHandler.clear_cookie` should be used on individual
  cookies.
- Calling the `.IOLoop` constructor without a ``make_current`` argument, which was
  deprecated in Tornado 6.2, is no longer deprecated.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2,
  are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.

``tornado.auth``
~~~~~~~~~~~~~~~~

- New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden
  to get credentials from a source other than the `.Application` settings.

``tornado.gen``
~~~~~~~~~~~~~~~

- `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine.

``tornado.options``
~~~~~~~~~~~~~~~~~~~

- `~.OptionParser.parse_config_file` now recognizes single comma-separated \ 
strings (in addition to
  lists of strings) for options with ``multiple=True``.

``tornado.web``
~~~~~~~~~~~~~~~

- New `.Application` setting ``xsrf_cookie_name`` can be used to change the
  name of the XSRF cookie. This is most useful to take advantage of the
  ``__Host-`` cookie prefix.
- `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie`
  (and related methods and attributes) have been renamed to
  `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`.
  This makes it more explicit what kind of security is provided, and avoids
  confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix.
  The old names remain supported as deprecated aliases.
- `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by
  `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain
  arguments to be passed the same way in which it was set.
- `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments
  for the same reason as ``clear_cookie``. However, since the requirements
  for additional arguments mean that it cannot reliably clear all cookies,
  this method is now deprecated.

``tornado.websocket``
~~~~~~~~~~~~~~~~~~~~~

- It is now much faster (no longer quadratic) to receive large messages that
  have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.

``tornado.wsgi``
~~~~~~~~~~~~~~~~

- `.WSGIContainer` now accepts an ``executor`` parameter which can be used
  to run the WSGI application on a thread pool.