lp-signing

Merge ~pelpsi/lp-signing/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into lp-signing:master

Git
lp:~pelpsi/lp-signing/+git/dependencies
gunicorn-upgrade-HTTP-request-smuggling-vulnerability
Merge into master

Proposed by Simone Pelosi on 2023-03-31

Status:	Superseded
Proposed branch:	~pelpsi/lp-signing/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability
Merge into:	lp-signing:master
Diff against target:	248 lines (+0/-0) 0 files modified
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Launchpad code reviewers		2023-03-31	Pending
Review via email: mp+440156@code.launchpad.net

This proposal has been superseded by a proposal from 2023-03-31.

Commit message

Upgraded gunicorn to fix HTTP request smuggling vulnerability

A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.

Unmerged commits

7a8457f... by Simone Pelosi on 2023-03-31

Upgraded gunicorn to fix HTTP request smuggling vulnerability

A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.

9b4df3b... by Colin Watson on 2023-01-30

Add a rebuilt version of zope.interface

Merged from https://code.launchpad.net/~cjwatson/lp-signing/+git/dependencies/+merge/436372

c26b2ea... by Colin Watson on 2023-01-26

Add a rebuilt version of zope.interface

I'm not exactly sure how this happened, but a fresh bootstrap of
`lp-signing` fails because `pip` doesn't accept the `manylinux2010`
wheel of `zope.interface` that we currently have. I downloaded the
sdist and rebuilt a matching wheel locally:

env/bin/pip download -d ../dependencies --no-binary :all: --no-deps zope.interface==4.7.1
env/bin/pip wheel -w ../dependencies --no-binary :all: --no-deps zope.interface==4.7.1

cce478e... by Colin Watson on 2021-05-25

Add Flask-Storm 1.0.0

Merged from https://code.launchpad.net/~cjwatson/lp-signing/+git/dependencies/+merge/403191

0a604d6... by Colin Watson on 2021-05-24

Add Flask-Storm 1.0.0

db0d5c4... by Thiago F. Pappacena on 2020-05-12

Adding iso8601 package for datetime parsing.

Merged from https://code.launchpad.net/~pappacena/lp-signing/+git/dependencies/+merge/383789

d44e852... by Thiago F. Pappacena on 2020-05-12

Adding iso8601-0.1.12 dependency

1782ea9... by Colin Watson on 2019-12-11

Initial commit

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Simone Pelosi

1	diff --git a/Click-7.0-py2.py3-none-any.whl b/Click-7.0-py2.py3-none-any.whl
2	new file mode 100644
3	index 0000000..284d6aa
4	Binary files /dev/null and b/Click-7.0-py2.py3-none-any.whl differ
5	diff --git a/Flask-1.0.2-py2.py3-none-any.whl b/Flask-1.0.2-py2.py3-none-any.whl
6	new file mode 100644
7	index 0000000..bd2786c
8	Binary files /dev/null and b/Flask-1.0.2-py2.py3-none-any.whl differ
9	diff --git a/Flask_Storm-0.2.0-py2.py3-none-any.whl b/Flask_Storm-0.2.0-py2.py3-none-any.whl
10	new file mode 100644
11	index 0000000..0843cbb
12	Binary files /dev/null and b/Flask_Storm-0.2.0-py2.py3-none-any.whl differ
13	diff --git a/Flask_Storm-1.0.0-py2.py3-none-any.whl b/Flask_Storm-1.0.0-py2.py3-none-any.whl
14	new file mode 100644
15	index 0000000..4d11f93
16	Binary files /dev/null and b/Flask_Storm-1.0.0-py2.py3-none-any.whl differ
17	diff --git a/Jinja2-2.10-py2.py3-none-any.whl b/Jinja2-2.10-py2.py3-none-any.whl
18	new file mode 100644
19	index 0000000..7bc4e35
20	Binary files /dev/null and b/Jinja2-2.10-py2.py3-none-any.whl differ
21	diff --git a/MarkupSafe-1.1.0-cp36-cp36m-manylinux1_x86_64.whl b/MarkupSafe-1.1.0-cp36-cp36m-manylinux1_x86_64.whl
22	new file mode 100644
23	index 0000000..c8d604e
24	Binary files /dev/null and b/MarkupSafe-1.1.0-cp36-cp36m-manylinux1_x86_64.whl differ
25	diff --git a/PyNaCl-1.3.0-cp34-abi3-manylinux1_x86_64.whl b/PyNaCl-1.3.0-cp34-abi3-manylinux1_x86_64.whl
26	new file mode 100644
27	index 0000000..13b196e
28	Binary files /dev/null and b/PyNaCl-1.3.0-cp34-abi3-manylinux1_x86_64.whl differ
29	diff --git a/PyYAML-3.13-cp36-cp36m-linux_x86_64.whl b/PyYAML-3.13-cp36-cp36m-linux_x86_64.whl
30	new file mode 100644
31	index 0000000..16f2f0a
32	Binary files /dev/null and b/PyYAML-3.13-cp36-cp36m-linux_x86_64.whl differ
33	diff --git a/Werkzeug-0.14.1-py2.py3-none-any.whl b/Werkzeug-0.14.1-py2.py3-none-any.whl
34	new file mode 100644
35	index 0000000..865d524
36	Binary files /dev/null and b/Werkzeug-0.14.1-py2.py3-none-any.whl differ
37	diff --git a/acceptable-0.21-py2.py3-none-any.whl b/acceptable-0.21-py2.py3-none-any.whl
38	new file mode 100644
39	index 0000000..91639a7
40	Binary files /dev/null and b/acceptable-0.21-py2.py3-none-any.whl differ
41	diff --git a/argparse-1.4.0-py2.py3-none-any.whl b/argparse-1.4.0-py2.py3-none-any.whl
42	new file mode 100644
43	index 0000000..dfef51d
44	Binary files /dev/null and b/argparse-1.4.0-py2.py3-none-any.whl differ
45	diff --git a/blinker-1.4-cp36-none-any.whl b/blinker-1.4-cp36-none-any.whl
46	new file mode 100644
47	index 0000000..f48a094
48	Binary files /dev/null and b/blinker-1.4-cp36-none-any.whl differ
49	diff --git a/certifi-2019.11.28-py2.py3-none-any.whl b/certifi-2019.11.28-py2.py3-none-any.whl
50	new file mode 100644
51	index 0000000..1ab6713
52	Binary files /dev/null and b/certifi-2019.11.28-py2.py3-none-any.whl differ
53	diff --git a/cffi-1.13.2-cp36-cp36m-manylinux1_x86_64.whl b/cffi-1.13.2-cp36-cp36m-manylinux1_x86_64.whl
54	new file mode 100644
55	index 0000000..b48e6cd
56	Binary files /dev/null and b/cffi-1.13.2-cp36-cp36m-manylinux1_x86_64.whl differ
57	diff --git a/chardet-3.0.4-py2.py3-none-any.whl b/chardet-3.0.4-py2.py3-none-any.whl
58	new file mode 100644
59	index 0000000..d276977
60	Binary files /dev/null and b/chardet-3.0.4-py2.py3-none-any.whl differ
61	diff --git a/coverage-4.5.4-cp36-cp36m-manylinux1_x86_64.whl b/coverage-4.5.4-cp36-cp36m-manylinux1_x86_64.whl
62	new file mode 100644
63	index 0000000..d6da01c
64	Binary files /dev/null and b/coverage-4.5.4-cp36-cp36m-manylinux1_x86_64.whl differ
65	diff --git a/cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl b/cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl
66	new file mode 100644
67	index 0000000..886a3f0
68	Binary files /dev/null and b/cryptography-2.8-cp34-abi3-manylinux2010_x86_64.whl differ
69	diff --git a/entrypoints-0.3-py2.py3-none-any.whl b/entrypoints-0.3-py2.py3-none-any.whl
70	new file mode 100644
71	index 0000000..fbd579d
72	Binary files /dev/null and b/entrypoints-0.3-py2.py3-none-any.whl differ
73	diff --git a/extras-1.0.0-py2.py3-none-any.whl b/extras-1.0.0-py2.py3-none-any.whl
74	new file mode 100644
75	index 0000000..8f31ed7
76	Binary files /dev/null and b/extras-1.0.0-py2.py3-none-any.whl differ
77	diff --git a/fakesleep-0.1-cp36-none-any.whl b/fakesleep-0.1-cp36-none-any.whl
78	new file mode 100644
79	index 0000000..236e4c2
80	Binary files /dev/null and b/fakesleep-0.1-cp36-none-any.whl differ
81	diff --git a/fixtures-3.0.0-py2.py3-none-any.whl b/fixtures-3.0.0-py2.py3-none-any.whl
82	new file mode 100644
83	index 0000000..e34655b
84	Binary files /dev/null and b/fixtures-3.0.0-py2.py3-none-any.whl differ
85	diff --git a/flake8-3.7.9-py2.py3-none-any.whl b/flake8-3.7.9-py2.py3-none-any.whl
86	new file mode 100644
87	index 0000000..285885f
88	Binary files /dev/null and b/flake8-3.7.9-py2.py3-none-any.whl differ
89	diff --git a/future-0.16.0-cp36-none-any.whl b/future-0.16.0-cp36-none-any.whl
90	new file mode 100644
91	index 0000000..9982e88
92	Binary files /dev/null and b/future-0.16.0-cp36-none-any.whl differ
93	diff --git a/gunicorn-19.9.0-py2.py3-none-any.whl b/gunicorn-19.9.0-py2.py3-none-any.whl
94	new file mode 100644
95	index 0000000..aaa29f4
96	Binary files /dev/null and b/gunicorn-19.9.0-py2.py3-none-any.whl differ
97	diff --git a/gunicorn-20.1.0.tar.gz b/gunicorn-20.1.0.tar.gz
98	new file mode 100644
99	index 0000000..b5da493
100	Binary files /dev/null and b/gunicorn-20.1.0.tar.gz differ
101	diff --git a/idna-2.8-py2.py3-none-any.whl b/idna-2.8-py2.py3-none-any.whl
102	new file mode 100644
103	index 0000000..95cb228
104	Binary files /dev/null and b/idna-2.8-py2.py3-none-any.whl differ
105	diff --git a/iso8601-0.1.12.tar.gz b/iso8601-0.1.12.tar.gz
106	new file mode 100644
107	index 0000000..ef9f015
108	Binary files /dev/null and b/iso8601-0.1.12.tar.gz differ
109	diff --git a/itsdangerous-1.1.0-py2.py3-none-any.whl b/itsdangerous-1.1.0-py2.py3-none-any.whl
110	new file mode 100644
111	index 0000000..fa8532d
112	Binary files /dev/null and b/itsdangerous-1.1.0-py2.py3-none-any.whl differ
113	diff --git a/jsonschema-2.6.0-py2.py3-none-any.whl b/jsonschema-2.6.0-py2.py3-none-any.whl
114	new file mode 100644
115	index 0000000..b237c6c
116	Binary files /dev/null and b/jsonschema-2.6.0-py2.py3-none-any.whl differ
117	diff --git a/lazr.enum-1.2-cp36-none-any.whl b/lazr.enum-1.2-cp36-none-any.whl
118	new file mode 100644
119	index 0000000..81cfbcf
120	Binary files /dev/null and b/lazr.enum-1.2-cp36-none-any.whl differ
121	diff --git a/lazr_postgresql-0.0.4-py2.py3-none-any.whl b/lazr_postgresql-0.0.4-py2.py3-none-any.whl
122	new file mode 100644
123	index 0000000..2982b8e
124	Binary files /dev/null and b/lazr_postgresql-0.0.4-py2.py3-none-any.whl differ
125	diff --git a/linecache2-1.0.0-py2.py3-none-any.whl b/linecache2-1.0.0-py2.py3-none-any.whl
126	new file mode 100644
127	index 0000000..06a8743
128	Binary files /dev/null and b/linecache2-1.0.0-py2.py3-none-any.whl differ
129	diff --git a/mccabe-0.6.1-py2.py3-none-any.whl b/mccabe-0.6.1-py2.py3-none-any.whl
130	new file mode 100644
131	index 0000000..2ffd042
132	Binary files /dev/null and b/mccabe-0.6.1-py2.py3-none-any.whl differ
133	diff --git a/pbr-5.4.4-py2.py3-none-any.whl b/pbr-5.4.4-py2.py3-none-any.whl
134	new file mode 100644
135	index 0000000..13e8aaf
136	Binary files /dev/null and b/pbr-5.4.4-py2.py3-none-any.whl differ
137	diff --git a/pip-19.0.2-py2.py3-none-any.whl b/pip-19.0.2-py2.py3-none-any.whl
138	new file mode 100644
139	index 0000000..0d4d0aa
140	Binary files /dev/null and b/pip-19.0.2-py2.py3-none-any.whl differ
141	diff --git a/psycopg2-2.7.7-cp36-cp36m-manylinux1_x86_64.whl b/psycopg2-2.7.7-cp36-cp36m-manylinux1_x86_64.whl
142	new file mode 100644
143	index 0000000..679b045
144	Binary files /dev/null and b/psycopg2-2.7.7-cp36-cp36m-manylinux1_x86_64.whl differ
145	diff --git a/pycodestyle-2.5.0-py2.py3-none-any.whl b/pycodestyle-2.5.0-py2.py3-none-any.whl
146	new file mode 100644
147	index 0000000..130af71
148	Binary files /dev/null and b/pycodestyle-2.5.0-py2.py3-none-any.whl differ
149	diff --git a/pycparser-2.19-py2.py3-none-any.whl b/pycparser-2.19-py2.py3-none-any.whl
150	new file mode 100644
151	index 0000000..118e6c6
152	Binary files /dev/null and b/pycparser-2.19-py2.py3-none-any.whl differ
153	diff --git a/pyflakes-2.1.1-py2.py3-none-any.whl b/pyflakes-2.1.1-py2.py3-none-any.whl
154	new file mode 100644
155	index 0000000..dc0386e
156	Binary files /dev/null and b/pyflakes-2.1.1-py2.py3-none-any.whl differ
157	diff --git a/python_mimeparse-1.6.0-py2.py3-none-any.whl b/python_mimeparse-1.6.0-py2.py3-none-any.whl
158	new file mode 100644
159	index 0000000..e8ec9e1
160	Binary files /dev/null and b/python_mimeparse-1.6.0-py2.py3-none-any.whl differ
161	diff --git a/pytz-2019.3-py2.py3-none-any.whl b/pytz-2019.3-py2.py3-none-any.whl
162	new file mode 100644
163	index 0000000..427074b
164	Binary files /dev/null and b/pytz-2019.3-py2.py3-none-any.whl differ
165	diff --git a/raven-6.10.0-py2.py3-none-any.whl b/raven-6.10.0-py2.py3-none-any.whl
166	new file mode 100644
167	index 0000000..b1a97a4
168	Binary files /dev/null and b/raven-6.10.0-py2.py3-none-any.whl differ
169	diff --git a/requests-2.22.0-py2.py3-none-any.whl b/requests-2.22.0-py2.py3-none-any.whl
170	new file mode 100644
171	index 0000000..6cc9f19
172	Binary files /dev/null and b/requests-2.22.0-py2.py3-none-any.whl differ
173	diff --git a/requests_mock-1.7.0-py2.py3-none-any.whl b/requests_mock-1.7.0-py2.py3-none-any.whl
174	new file mode 100644
175	index 0000000..aadddf8
176	Binary files /dev/null and b/requests_mock-1.7.0-py2.py3-none-any.whl differ
177	diff --git a/setuptools-42.0.2-py2.py3-none-any.whl b/setuptools-42.0.2-py2.py3-none-any.whl
178	new file mode 100644
179	index 0000000..bc642d4
180	Binary files /dev/null and b/setuptools-42.0.2-py2.py3-none-any.whl differ
181	diff --git a/six-1.13.0-py2.py3-none-any.whl b/six-1.13.0-py2.py3-none-any.whl
182	new file mode 100644
183	index 0000000..4aa0182
184	Binary files /dev/null and b/six-1.13.0-py2.py3-none-any.whl differ
185	diff --git a/sqlparse-0.2.4-py2.py3-none-any.whl b/sqlparse-0.2.4-py2.py3-none-any.whl
186	new file mode 100644
187	index 0000000..1a55b62
188	Binary files /dev/null and b/sqlparse-0.2.4-py2.py3-none-any.whl differ
189	diff --git a/statsd-3.3.0-py2.py3-none-any.whl b/statsd-3.3.0-py2.py3-none-any.whl
190	new file mode 100644
191	index 0000000..a8a4c34
192	Binary files /dev/null and b/statsd-3.3.0-py2.py3-none-any.whl differ
193	diff --git a/storm-0.22-cp36-cp36m-linux_x86_64.whl b/storm-0.22-cp36-cp36m-linux_x86_64.whl
194	new file mode 100644
195	index 0000000..bce73a8
196	Binary files /dev/null and b/storm-0.22-cp36-cp36m-linux_x86_64.whl differ
197	diff --git a/systemfixtures-0.6.7-py2.py3-none-any.whl b/systemfixtures-0.6.7-py2.py3-none-any.whl
198	new file mode 100644
199	index 0000000..a183ae6
200	Binary files /dev/null and b/systemfixtures-0.6.7-py2.py3-none-any.whl differ
201	diff --git a/talisker-0.11.1-py3-none-any.whl b/talisker-0.11.1-py3-none-any.whl
202	new file mode 100644
203	index 0000000..1a67988
204	Binary files /dev/null and b/talisker-0.11.1-py3-none-any.whl differ
205	diff --git a/testresources-2.0.1-py2.py3-none-any.whl b/testresources-2.0.1-py2.py3-none-any.whl
206	new file mode 100644
207	index 0000000..923c512
208	Binary files /dev/null and b/testresources-2.0.1-py2.py3-none-any.whl differ
209	diff --git a/testtools-2.3.0-py2.py3-none-any.whl b/testtools-2.3.0-py2.py3-none-any.whl
210	new file mode 100644
211	index 0000000..fbfa7f5
212	Binary files /dev/null and b/testtools-2.3.0-py2.py3-none-any.whl differ
213	diff --git a/traceback2-1.4.0-py2.py3-none-any.whl b/traceback2-1.4.0-py2.py3-none-any.whl
214	new file mode 100644
215	index 0000000..c3638d3
216	Binary files /dev/null and b/traceback2-1.4.0-py2.py3-none-any.whl differ
217	diff --git a/unittest2-1.1.0-py2.py3-none-any.whl b/unittest2-1.1.0-py2.py3-none-any.whl
218	new file mode 100644
219	index 0000000..00bca37
220	Binary files /dev/null and b/unittest2-1.1.0-py2.py3-none-any.whl differ
221	diff --git a/urllib3-1.25.7-py2.py3-none-any.whl b/urllib3-1.25.7-py2.py3-none-any.whl
222	new file mode 100644
223	index 0000000..2791683
224	Binary files /dev/null and b/urllib3-1.25.7-py2.py3-none-any.whl differ
225	diff --git a/wheel-0.33.1-py2.py3-none-any.whl b/wheel-0.33.1-py2.py3-none-any.whl
226	new file mode 100644
227	index 0000000..676d746
228	Binary files /dev/null and b/wheel-0.33.1-py2.py3-none-any.whl differ
229	diff --git a/zope.event-4.4-py2.py3-none-any.whl b/zope.event-4.4-py2.py3-none-any.whl
230	new file mode 100644
231	index 0000000..ead3325
232	Binary files /dev/null and b/zope.event-4.4-py2.py3-none-any.whl differ
233	diff --git a/zope.interface-4.7.1-cp36-cp36m-linux_x86_64.whl b/zope.interface-4.7.1-cp36-cp36m-linux_x86_64.whl
234	new file mode 100644
235	index 0000000..4319c2b
236	Binary files /dev/null and b/zope.interface-4.7.1-cp36-cp36m-linux_x86_64.whl differ
237	diff --git a/zope.interface-4.7.1-cp36-cp36m-manylinux2010_x86_64.whl b/zope.interface-4.7.1-cp36-cp36m-manylinux2010_x86_64.whl
238	new file mode 100644
239	index 0000000..d59fe45
240	Binary files /dev/null and b/zope.interface-4.7.1-cp36-cp36m-manylinux2010_x86_64.whl differ
241	diff --git a/zope.interface-4.7.1.tar.gz b/zope.interface-4.7.1.tar.gz
242	new file mode 100644
243	index 0000000..5cf25c7
244	Binary files /dev/null and b/zope.interface-4.7.1.tar.gz differ
245	diff --git a/zope.schema-4.9.3-py2.py3-none-any.whl b/zope.schema-4.9.3-py2.py3-none-any.whl
246	new file mode 100644
247	index 0000000..09f55cd
248	Binary files /dev/null and b/zope.schema-4.9.3-py2.py3-none-any.whl differ