mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
d06649721b
Bug Fixes ========== - HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558) - ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk - HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561) - Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556) - Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563) - uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. - FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. Previously only supported old-style __getitem__ iteration which broke code explicitly using iter() or next(). Security ============= - ASGI Parser Header Validation: Add security checks per RFC 9110/9112: - Reject duplicate Content-Length headers - Reject requests with both Content-Length and Transfer-Encoding - Reject chunked transfer encoding in HTTP/1.0 - Reject stacked chunked encoding - Validate Transfer-Encoding values - Strict chunk size validation Changes ========== - Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection - ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser - Docker Images: Update to Python 3.14 New Features ============ - Fast HTTP Parser (gunicorn_h1c 0.6.0): Integrate new exception types and limit parameters from gunicorn_h1c 0.6.0 for both WSGI and ASGI workers - Requires gunicorn_h1c >= 0.6.0 for http_parser='fast' - Falls back to Python parser in auto mode if version not met - Proper HTTP status codes for limit errors (414, 431) Performance ============ - ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance - Callback-based parsing with direct bytearray buffer operations - Use bytearray.find() directly instead of converting to bytes first - Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n)) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
32 lines
681 B
BlitzBasic
32 lines
681 B
BlitzBasic
SUMMARY = "WSGI HTTP Server for UNIX"
|
|
|
|
LICENSE = "MIT"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=5dc9171ccd8fcbd7827c850148b3ca98"
|
|
|
|
SRC_URI[sha256sum] = "f74e1b2f9f76f6cd1ca01198968bd2dd65830edc24b6e8e4d78de8320e2fe889"
|
|
|
|
inherit pypi python_setuptools_build_meta ptest
|
|
|
|
CVE_PRODUCT = "gunicorn"
|
|
|
|
SRC_URI += " \
|
|
file://run-ptest \
|
|
"
|
|
|
|
# python-misc for wsgiref
|
|
RDEPENDS:${PN}-ptest += " \
|
|
bash \
|
|
python3-eventlet \
|
|
python3-gevent \
|
|
python3-misc \
|
|
python3-pytest \
|
|
python3-unittest-automake-output \
|
|
"
|
|
|
|
do_install_ptest() {
|
|
install -d ${D}${PTEST_PATH}/tests
|
|
cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
|
|
}
|
|
|
|
RDEPENDS:${PN} += "python3-setuptools python3-fcntl"
|