python3-sqlparse: upgrade 0.4.3 -> 0.4.4

- Use python_flit_core instead of setuptools3
- Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4
- Remove CVE-2023-30608.patch since it's now upstream:

[tgamblin@megalith sqlparse]$ git tag --contains c457abd
0.4.4

Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG):

Release 0.4.4 (Apr 18, 2023)
----------------------------

Notable Changes

* IMPORTANT: This release fixes a security vulnerability in the
  parser where a regular expression vulnerable to ReDOS (Regular
  Expression Denial of Service) was used. See the security advisory
  for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
  The vulnerability was discovered by @erik-krogh from GitHub
  Security Lab (GHSL). Thanks for reporting!

Bug Fixes

* Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
  The primary expectation is that IN is treated as a keyword and not as a
  comparison operator. That also follows the definition of reserved keywords
  for the major SQL syntax definitions.
* Fix regular expressions for string parsing.

Other

* sqlparse now uses pyproject.toml instead of setup.cfg (issue685).

Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

1 files changed, 0 insertions, 51 deletions

diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
deleted file mode 100644
index f5526c5b88..0000000000
--- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001
-From: Andi Albrecht <albrecht.andi@gmail.com>
-Date: Mon, 20 Mar 2023 08:33:46 +0100
-Subject: [PATCH] Remove unnecessary parts in regex for bad escaping.
-
-The regex tried to deal with situations where escaping in the
-SQL to be parsed was suspicious.
-
-Upstream-Status: Backport
-CVE: CVE-2023-30608
-
-Reference to upstream patch:
-https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
-
-[AZ: drop changes to CHANGELOG file and adjust context whitespaces]
-Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
-
-Adjust indentation in keywords.py.
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
----
- sqlparse/keywords.py | 4 ++--
- tests/test_split.py  | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
---- sqlparse-0.4.3.orig/sqlparse/keywords.py
-+++ sqlparse-0.4.3/sqlparse/keywords.py
-@@ -72,9 +72,9 @@ SQL_REGEX = {
-         (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])',
-          tokens.Number.Float),
-         (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer),
--        (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single),
-+        (r"'(''|\\'|[^'])*'", tokens.String.Single),
-         # not a real string literal in ANSI SQL:
--        (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol),
-+        (r'"(""|\\"|[^"])*"', tokens.String.Symbol),
-         (r'(""|".*?[^\\]")', tokens.String.Symbol),
-         # sqlite names can be escaped with [square brackets]. left bracket
-         # cannot be preceded by word character or a right bracket --
---- sqlparse-0.4.3.orig/tests/test_split.py
-+++ sqlparse-0.4.3/tests/test_split.py
-@@ -18,8 +18,8 @@ def test_split_semicolon():
- 
- 
- def test_split_backslash():
--    stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';")
--    assert len(stmts) == 3
-+    stmts = sqlparse.parse("select '\'; select '\'';")
-+    assert len(stmts) == 2
- 
- 
- @pytest.mark.parametrize('fn', ['function.sql',