py-tornado: updated to 6.5.5
What's new in Tornado 6.5.5
Security fixes
- ``multipart/form-data`` requests are now limited to 100 parts by default, to prevent a
denial-of-service attack via very large requests with many parts. This limit is configurable
via `tornado.httputil.ParseMultipartConfig`. Multipart parsing can also be disabled completely
if not required for the application. Thanks to [0x-Apollyon](https://github.com/0x-Apollyon) and
[bekkaze](https://github.com/bekkaze) for reporting this issue.
- The ``domain``, ``path``, and ``samesite`` arguments to `.RequestHandler.set_cookie` are now
validated for illegal characters, which could be abused to inject other attributes on the cookie.
Thanks to Dhiral Vyas (Praetorian) for reporting this issue.
- Carriage return characters are no longer accepted in ``multipart/form-data`` headers. Thanks to
[sergeykochanov](https://github.com/sergeykochanov) for reporting this issue.
[RISCV]Lower one active interleaved load to normal segmented load (#185602)
There’s an optimization for deinterleave loads in
`RISCVTargetLowering::PerformDAGCombine`.
We can generate a normal segmented load and
let DAGCombine optimize it into vlse.
py-setuptools: updated to 82.0.1
82.0.1
Bugfixes
Fix the loading of launcher manifest.xml file.
Replaced deprecated json.__version__ with fixture in tests.
Improved Documentation
Add advice about how to improve predictability when installing sdists.
configd: change https://github.com/opnsense/core/commit/c8cd5565ec135a0111497fde2e20e3cb79324f0d seemed to have uncovered another issue when it comes to file generation, as each call generates a new tempfile, we're now keeping a lot of them.
In order to fix this behavoir, only generate the filename and reuse it when serving cached commands, which was the intention from the beginning.
[NVPTX][clang] Ensure CLZ(0) is defined on NVPTX (#185630)
CUDA semantics specify that clz(0) = bitwidth, so clang should emit clz
/ ctz intrinsics for NVPTX with zero-is-poison = false.