Package: lua-http Version: 0.1-1 Severity: grave Tags: upstream Hi,
lua-http cannot construct legal requests if a non-US locale (or more precisely, anything using comma as decimal separator) is in use. Example: klump:~> cat test.lua os.setlocale('nb_NO.UTF-8') local http_request = require "http.request" local headers, stream = assert(http_request.new_from_uri("http://example.com"):go()) local body = assert(stream:get_body_as_string()) if headers:get ":status" ~= "200" then error(body) end print(body) klump:~> lua5.2 test.lua lua5.2: test.lua:6: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>505 - HTTP Version Not Supported</title> </head> <body> <h1>505 - HTTP Version Not Supported</h1> </body> </html> stack traceback: [C]: in function 'error' test.lua:6: in main chunk [C]: in ? This is because the request it constructs looks like this: GET / HTTP/1,1 host: example.com user-agent: lua-http/0.1 Note the “1,1” in the HTTP version number where it should have been 1.1. This makes the library completely broken for a large swath of Debian's user base; thus the severity. -- System Information: Debian Release: 9.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.2 (SMP w/40 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)