Debian Patches
Status for gunicorn/20.1.0-1+deb11u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-drop-supplemental-groups.patch | Also drop supplemental groups. | Chris Lamb <lamby@debian.org> | no | 2017-03-13 | ||
| 0002-use-system-js-libs.patch | use-system-js-libs | Chris Lamb <lamby@debian.org> | no | 2015-10-30 | ||
| 0003-Don-t-call-chown-2-if-it-would-be-a-no-op.patch | Don't call chown(2) if it would be a no-op. | Chris Lamb <lamby@debian.org> | no | 2016-09-23 | ||
| 0004-Set-supplementary-groups-when-changing-uid.patch | Set supplementary groups when changing uid. Thanks to Filippos Giannakos <philipgian@grnet.gr>. |
Chris Lamb <lamby@debian.org> | no | 2016-10-07 | ||
| 0001-fail-safe-on-unsupported-request-framing.patch | fail-safe on unsupported request framing If we promise wsgi.input_terminated, we better get it right - or not at all. * chunked encoding on HTTP <= 1.1 * chunked not last transfer coding * multiple chinked codings * any unknown codings (yes, this too! because we do not detect unusual syntax that is still chunked) * empty coding (plausibly harmless, but not see in real life anyway - refused, for the moment) |
"Paul J. Dorn" <pajod@users.noreply.github.com> | no | 2023-12-07 | ||
| 0002-RFC-compliant-header-field-chunk-validation.patch | RFC compliant header field+chunk validation * update HEADER_RE and HEADER_VALUE_RE to match the RFCs * update chunk length parsing to disallow 0x prefix and digit-separating underscores. |
Ben Kallus <benjamin.p.kallus.gr@dartmouth.edu> | no | 2023-08-28 | ||
| 0003-Disallow-empty-header-names.patch | Disallow empty header names. | Ben Kallus <benjamin.p.kallus.gr@dartmouth.edu> | no | 2023-12-04 | ||
| 0004-RFC-compliant-request-line-and-header-parsing.patch | RFC compliant request line and header parsing - Unify HEADER_RE and METH_RE - Replace CRLF with SP during obs-fold processing (See RFC 9112 Section 5.2, last paragraph) - Stop stripping header names. - Remove HTAB in OWS in header values that use obs-fold (See RFC 9112 Section 5.2, last paragraph) - Use fullmatch instead of search, which has problems with empty strings. (See GHSA-68xg-gqqm-vgj8) - Split proxy protocol line on space only. (See proxy protocol Section 2.1, bullet 3) - Use fullmatch for method and version (Thank you to Paul Dorn for noticing this.) - Replace calls to str.strip() with str.strip(' \t') - Split request line on SP only. |
Ben Kallus <benjamin.p.kallus.gr@dartmouth.edu> | no | 2023-12-06 | ||
| 0005-pytest-raise-on-malformed-test-fixtures.patch | pytest: raise on malformed test fixtures and unbreak test depending on backslash escape |
"Paul J. Dorn" <pajod@users.noreply.github.com> | no | 2023-12-06 |
All known versions for source package 'gunicorn'
- 23.0.0-1 (sid, trixie)
- 20.1.0-6+deb12u1 (bookworm)
- 20.1.0-1+deb11u1 (bullseye-security)
- 20.1.0-1 (bullseye)