diff options
author | Trevor Gamblin <tgamblin@baylibre.com> | 2023-07-25 15:09:43 -0400 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2023-07-25 12:46:19 -0700 |
commit | 74e70284acb2eb2f2a47a1ab1aa5ee0928d46344 (patch) | |
tree | 8c63a764f2cff30cbefaf4095e7691895e312097 /meta-python/recipes-devtools | |
parent | 7fc427838dde831b2fcea167ab76fc2811d633e0 (diff) | |
download | meta-openembedded-74e70284acb2eb2f2a47a1ab1aa5ee0928d46344.tar.gz |
python3-sqlparse: upgrade 0.4.3 -> 0.4.4
- Use python_flit_core instead of setuptools3
- Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4
- Remove CVE-2023-30608.patch since it's now upstream:
[tgamblin@megalith sqlparse]$ git tag --contains c457abd
0.4.4
Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG):
Release 0.4.4 (Apr 18, 2023)
----------------------------
Notable Changes
* IMPORTANT: This release fixes a security vulnerability in the
parser where a regular expression vulnerable to ReDOS (Regular
Expression Denial of Service) was used. See the security advisory
for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
Bug Fixes
* Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
The primary expectation is that IN is treated as a keyword and not as a
comparison operator. That also follows the definition of reserved keywords
for the major SQL syntax definitions.
* Fix regular expressions for string parsing.
Other
* sqlparse now uses pyproject.toml instead of setup.cfg (issue685).
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools')
-rw-r--r-- | meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch | 80 | ||||
-rw-r--r-- | meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch | 51 | ||||
-rw-r--r-- | meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb (renamed from meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb) | 5 |
3 files changed, 7 insertions, 129 deletions
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch index 94121340d5..0c9f29a6b8 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch +++ b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch @@ -1,4 +1,4 @@ -From 7fd00ab8c1b663052d57e735b6b956d5c92fbaed Mon Sep 17 00:00:00 2001 +From f236a30dc8528b6f114201580f1efdcc1c447d43 Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Mon, 9 Mar 2020 13:10:37 +0800 Subject: [PATCH] sqlparse: change shebang to python3 @@ -12,80 +12,10 @@ dropped. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> --- - 0001-sqlparse-change-shebang-to-python3.patch | 51 +++++++++++++++++++ - setup.py | 2 +- - sqlparse/__main__.py | 2 +- - sqlparse/cli.py | 2 +- - 4 files changed, 54 insertions(+), 3 deletions(-) - create mode 100644 0001-sqlparse-change-shebang-to-python3.patch + sqlparse/__main__.py | 2 +- + sqlparse/cli.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/0001-sqlparse-change-shebang-to-python3.patch b/0001-sqlparse-change-shebang-to-python3.patch -new file mode 100644 -index 0000000..ad6c50f ---- /dev/null -+++ b/0001-sqlparse-change-shebang-to-python3.patch -@@ -0,0 +1,51 @@ -+From 10c9d3341d64d697f678a64ae707f6bda21565bb Mon Sep 17 00:00:00 2001 -+From: Changqing Li <changqing.li@windriver.com> -+Date: Mon, 9 Mar 2020 13:10:37 +0800 -+Subject: [PATCH] sqlparse: change shebang to python3 -+ -+Upstream-Status: Pending -+ -+Don't send upstream since upstream still support python2, -+we can only make this change after python2 is offcially -+dropped. -+ -+Signed-off-by: Changqing Li <changqing.li@windriver.com> -+--- -+ setup.py | 2 +- -+ sqlparse/__main__.py | 2 +- -+ sqlparse/cli.py | 2 +- -+ 3 files changed, 3 insertions(+), 3 deletions(-) -+ -+diff --git a/setup.py b/setup.py -+index 345d0ce..ce3abc3 100644 -+--- a/setup.py -++++ b/setup.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py -+index 867d75d..dd0c074 100644 -+--- a/sqlparse/__main__.py -++++ b/sqlparse/__main__.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+diff --git a/sqlparse/cli.py b/sqlparse/cli.py -+index 25555a5..8bf050a 100755 -+--- a/sqlparse/cli.py -++++ b/sqlparse/cli.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+-- -+2.7.4 -+ -diff --git a/setup.py b/setup.py -index ede0aff..dc6a323 100644 ---- a/setup.py -+++ b/setup.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # - # Copyright (C) 2009-2020 the sqlparse authors and contributors - # <see AUTHORS file> diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py index 2bf2513..6a3a115 100644 --- a/sqlparse/__main__.py @@ -107,5 +37,5 @@ index 7a8aacb..9c727e8 100755 # Copyright (C) 2009-2020 the sqlparse authors and contributors # <see AUTHORS file> -- -2.17.1 +2.41.0 diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch deleted file mode 100644 index f5526c5b88..0000000000 --- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001 -From: Andi Albrecht <albrecht.andi@gmail.com> -Date: Mon, 20 Mar 2023 08:33:46 +0100 -Subject: [PATCH] Remove unnecessary parts in regex for bad escaping. - -The regex tried to deal with situations where escaping in the -SQL to be parsed was suspicious. - -Upstream-Status: Backport -CVE: CVE-2023-30608 - -Reference to upstream patch: -https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb - -[AZ: drop changes to CHANGELOG file and adjust context whitespaces] -Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> - -Adjust indentation in keywords.py. -Signed-off-by: Joe Slater <joe.slater@windriver.com> ---- - sqlparse/keywords.py | 4 ++-- - tests/test_split.py | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - ---- sqlparse-0.4.3.orig/sqlparse/keywords.py -+++ sqlparse-0.4.3/sqlparse/keywords.py -@@ -72,9 +72,9 @@ SQL_REGEX = { - (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])', - tokens.Number.Float), - (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer), -- (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single), -+ (r"'(''|\\'|[^'])*'", tokens.String.Single), - # not a real string literal in ANSI SQL: -- (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol), -+ (r'"(""|\\"|[^"])*"', tokens.String.Symbol), - (r'(""|".*?[^\\]")', tokens.String.Symbol), - # sqlite names can be escaped with [square brackets]. left bracket - # cannot be preceded by word character or a right bracket -- ---- sqlparse-0.4.3.orig/tests/test_split.py -+++ sqlparse-0.4.3/tests/test_split.py -@@ -18,8 +18,8 @@ def test_split_semicolon(): - - - def test_split_backslash(): -- stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';") -- assert len(stmts) == 3 -+ stmts = sqlparse.parse("select '\'; select '\'';") -+ assert len(stmts) == 2 - - - @pytest.mark.parametrize('fn', ['function.sql', diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb index a402f991f7..e4ac403eb5 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb +++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb @@ -5,16 +5,15 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc" SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \ - file://CVE-2023-30608.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "69ca804846bb114d2ec380e4360a8a340db83f0ccf3afceeb1404df028f57268" +SRC_URI[sha256sum] = "d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c" export BUILD_SYS export HOST_SYS -inherit pypi ptest setuptools3 +inherit pypi ptest python_flit_core RDEPENDS:${PN}-ptest += " \ ${PYTHON_PN}-pytest \ |