python3-gunicorn: upgrade 25.1.0 -> 25.3.0

Bug Fixes
==========
- HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2
  ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)
- ASGI Chunked EOF Handling: Add finish() method to callback parser to handle
  chunked encoding edge case where connection closes before final CRLF after
  zero-chunk
- HTTP/2 Documentation: Fix http_protocols examples to use comma-separated
  string instead of list syntax (#3561)
- Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC
  9112 (#3556)
- Request Line Limit: Fix --limit-request-line 0 to mean unlimited as
  documented, instead of using default maximum. Works with both Python and fast
  C parser. (#3563)
- uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when
  using gevent or gthread workers with uwsgi protocol behind nginx.
- FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to
  FileWrapper for full PEP 3333 compliance. Previously only supported old-style
  __getitem__ iteration which broke code explicitly using iter() or next().

Security =============
- ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
- Reject duplicate Content-Length headers
- Reject requests with both Content-Length and Transfer-Encoding
- Reject chunked transfer encoding in HTTP/1.0
- Reject stacked chunked encoding
- Validate Transfer-Encoding values
- Strict chunk size validation

Changes ==========
- Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property
  and InvalidChunkExtension validation for bare CR rejection
- ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser
- Docker Images: Update to Python 3.14

New Features ============
- Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and
  limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers
- Requires gunicorn_h1c >= 0.6.0 for http_parser='fast'
- Falls back to Python parser in auto mode if version not met
- Proper HTTP status codes for limit errors (414, 431)

Performance ============
- ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance
- Callback-based parsing with direct bytearray buffer operations
- Use bytearray.find() directly instead of converting to bytes first
- Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs
  O(n))

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/meta-python/recipes-devtools/python/python3-gunicorn_25.1.0.bb b/meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb
index a8b06786ae..cf41feae70 100644
--- a/meta-python/recipes-devtools/python/python3-gunicorn_25.1.0.bb
+++ b/meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb
@@ -3,7 +3,7 @@ SUMMARY = "WSGI HTTP Server for UNIX"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5dc9171ccd8fcbd7827c850148b3ca98"
 
-SRC_URI[sha256sum] = "1426611d959fa77e7de89f8c0f32eed6aa03ee735f98c01efba3e281b1c47616"
+SRC_URI[sha256sum] = "f74e1b2f9f76f6cd1ca01198968bd2dd65830edc24b6e8e4d78de8320e2fe889"
 
 inherit pypi python_setuptools_build_meta ptest