aboutsummaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-sqlparse
diff options
context:
space:
mode:
authorTrevor Gamblin <tgamblin@baylibre.com>2023-07-25 15:09:43 -0400
committerKhem Raj <raj.khem@gmail.com>2023-07-25 12:46:19 -0700
commit74e70284acb2eb2f2a47a1ab1aa5ee0928d46344 (patch)
tree8c63a764f2cff30cbefaf4095e7691895e312097 /meta-python/recipes-devtools/python/python3-sqlparse
parent7fc427838dde831b2fcea167ab76fc2811d633e0 (diff)
downloadmeta-openembedded-74e70284acb2eb2f2a47a1ab1aa5ee0928d46344.tar.gz
python3-sqlparse: upgrade 0.4.3 -> 0.4.4
- Use python_flit_core instead of setuptools3 - Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4 - Remove CVE-2023-30608.patch since it's now upstream: [tgamblin@megalith sqlparse]$ git tag --contains c457abd 0.4.4 Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG): Release 0.4.4 (Apr 18, 2023) ---------------------------- Notable Changes * IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting! Bug Fixes * Revert a change from 0.4.0 that changed IN to be a comparison (issue694). The primary expectation is that IN is treated as a keyword and not as a comparison operator. That also follows the definition of reserved keywords for the major SQL syntax definitions. * Fix regular expressions for string parsing. Other * sqlparse now uses pyproject.toml instead of setup.cfg (issue685). Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse')
-rw-r--r--meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch80
-rw-r--r--meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch51
2 files changed, 5 insertions, 126 deletions
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
index 94121340d5..0c9f29a6b8 100644
--- a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
@@ -1,4 +1,4 @@
-From 7fd00ab8c1b663052d57e735b6b956d5c92fbaed Mon Sep 17 00:00:00 2001
+From f236a30dc8528b6f114201580f1efdcc1c447d43 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Mon, 9 Mar 2020 13:10:37 +0800
Subject: [PATCH] sqlparse: change shebang to python3
@@ -12,80 +12,10 @@ dropped.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
---
- 0001-sqlparse-change-shebang-to-python3.patch | 51 +++++++++++++++++++
- setup.py | 2 +-
- sqlparse/__main__.py | 2 +-
- sqlparse/cli.py | 2 +-
- 4 files changed, 54 insertions(+), 3 deletions(-)
- create mode 100644 0001-sqlparse-change-shebang-to-python3.patch
+ sqlparse/__main__.py | 2 +-
+ sqlparse/cli.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/0001-sqlparse-change-shebang-to-python3.patch b/0001-sqlparse-change-shebang-to-python3.patch
-new file mode 100644
-index 0000000..ad6c50f
---- /dev/null
-+++ b/0001-sqlparse-change-shebang-to-python3.patch
-@@ -0,0 +1,51 @@
-+From 10c9d3341d64d697f678a64ae707f6bda21565bb Mon Sep 17 00:00:00 2001
-+From: Changqing Li <changqing.li@windriver.com>
-+Date: Mon, 9 Mar 2020 13:10:37 +0800
-+Subject: [PATCH] sqlparse: change shebang to python3
-+
-+Upstream-Status: Pending
-+
-+Don't send upstream since upstream still support python2,
-+we can only make this change after python2 is offcially
-+dropped.
-+
-+Signed-off-by: Changqing Li <changqing.li@windriver.com>
-+---
-+ setup.py | 2 +-
-+ sqlparse/__main__.py | 2 +-
-+ sqlparse/cli.py | 2 +-
-+ 3 files changed, 3 insertions(+), 3 deletions(-)
-+
-+diff --git a/setup.py b/setup.py
-+index 345d0ce..ce3abc3 100644
-+--- a/setup.py
-++++ b/setup.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py
-+index 867d75d..dd0c074 100644
-+--- a/sqlparse/__main__.py
-++++ b/sqlparse/__main__.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+diff --git a/sqlparse/cli.py b/sqlparse/cli.py
-+index 25555a5..8bf050a 100755
-+--- a/sqlparse/cli.py
-++++ b/sqlparse/cli.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+--
-+2.7.4
-+
-diff --git a/setup.py b/setup.py
-index ede0aff..dc6a323 100644
---- a/setup.py
-+++ b/setup.py
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- #
- # Copyright (C) 2009-2020 the sqlparse authors and contributors
- # <see AUTHORS file>
diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py
index 2bf2513..6a3a115 100644
--- a/sqlparse/__main__.py
@@ -107,5 +37,5 @@ index 7a8aacb..9c727e8 100755
# Copyright (C) 2009-2020 the sqlparse authors and contributors
# <see AUTHORS file>
--
-2.17.1
+2.41.0
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
deleted file mode 100644
index f5526c5b88..0000000000
--- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001
-From: Andi Albrecht <albrecht.andi@gmail.com>
-Date: Mon, 20 Mar 2023 08:33:46 +0100
-Subject: [PATCH] Remove unnecessary parts in regex for bad escaping.
-
-The regex tried to deal with situations where escaping in the
-SQL to be parsed was suspicious.
-
-Upstream-Status: Backport
-CVE: CVE-2023-30608
-
-Reference to upstream patch:
-https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
-
-[AZ: drop changes to CHANGELOG file and adjust context whitespaces]
-Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
-
-Adjust indentation in keywords.py.
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
- sqlparse/keywords.py | 4 ++--
- tests/test_split.py | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
---- sqlparse-0.4.3.orig/sqlparse/keywords.py
-+++ sqlparse-0.4.3/sqlparse/keywords.py
-@@ -72,9 +72,9 @@ SQL_REGEX = {
- (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])',
- tokens.Number.Float),
- (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer),
-- (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single),
-+ (r"'(''|\\'|[^'])*'", tokens.String.Single),
- # not a real string literal in ANSI SQL:
-- (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol),
-+ (r'"(""|\\"|[^"])*"', tokens.String.Symbol),
- (r'(""|".*?[^\\]")', tokens.String.Symbol),
- # sqlite names can be escaped with [square brackets]. left bracket
- # cannot be preceded by word character or a right bracket --
---- sqlparse-0.4.3.orig/tests/test_split.py
-+++ sqlparse-0.4.3/tests/test_split.py
-@@ -18,8 +18,8 @@ def test_split_semicolon():
-
-
- def test_split_backslash():
-- stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';")
-- assert len(stmts) == 3
-+ stmts = sqlparse.parse("select '\'; select '\'';")
-+ assert len(stmts) == 2
-
-
- @pytest.mark.parametrize('fn', ['function.sql',