From d06649721b32f78fc5cd644f9a662231d5090bdf Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Thu, 2 Apr 2026 10:13:42 +0800 Subject: python3-gunicorn: upgrade 25.1.0 -> 25.3.0 Bug Fixes ========== - HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558) - ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk - HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561) - Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556) - Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563) - uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. - FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. Previously only supported old-style __getitem__ iteration which broke code explicitly using iter() or next(). Security ============= - ASGI Parser Header Validation: Add security checks per RFC 9110/9112: - Reject duplicate Content-Length headers - Reject requests with both Content-Length and Transfer-Encoding - Reject chunked transfer encoding in HTTP/1.0 - Reject stacked chunked encoding - Validate Transfer-Encoding values - Strict chunk size validation Changes ========== - Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection - ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser - Docker Images: Update to Python 3.14 New Features ============ - Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers - Requires gunicorn_h1c >= 0.6.0 for http_parser='fast' - Falls back to Python parser in auto mode if version not met - Proper HTTP status codes for limit errors (414, 431) Performance ============ - ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance - Callback-based parsing with direct bytearray buffer operations - Use bytearray.find() directly instead of converting to bytes first - Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n)) Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- .../python/python3-gunicorn_25.3.0.bb | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb (limited to 'meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb') diff --git a/meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb b/meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb new file mode 100644 index 0000000000..cf41feae70 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-gunicorn_25.3.0.bb @@ -0,0 +1,31 @@ +SUMMARY = "WSGI HTTP Server for UNIX" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5dc9171ccd8fcbd7827c850148b3ca98" + +SRC_URI[sha256sum] = "f74e1b2f9f76f6cd1ca01198968bd2dd65830edc24b6e8e4d78de8320e2fe889" + +inherit pypi python_setuptools_build_meta ptest + +CVE_PRODUCT = "gunicorn" + +SRC_URI += " \ + file://run-ptest \ +" + +# python-misc for wsgiref +RDEPENDS:${PN}-ptest += " \ + bash \ + python3-eventlet \ + python3-gevent \ + python3-misc \ + python3-pytest \ + python3-unittest-automake-output \ +" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ +} + +RDEPENDS:${PN} += "python3-setuptools python3-fcntl" -- cgit v1.2.3-54-g00ecf