diff options
| author | Trevor Gamblin <tgamblin@baylibre.com> | 2023-07-25 15:09:43 -0400 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-07-25 12:46:19 -0700 |
| commit | 74e70284acb2eb2f2a47a1ab1aa5ee0928d46344 (patch) | |
| tree | 8c63a764f2cff30cbefaf4095e7691895e312097 /meta-python/recipes-devtools/python/python3-sqlparse | |
| parent | 7fc427838dde831b2fcea167ab76fc2811d633e0 (diff) | |
| download | meta-openembedded-74e70284acb2eb2f2a47a1ab1aa5ee0928d46344.tar.gz | |
python3-sqlparse: upgrade 0.4.3 -> 0.4.4
- Use python_flit_core instead of setuptools3
- Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4
- Remove CVE-2023-30608.patch since it's now upstream:
[tgamblin@megalith sqlparse]$ git tag --contains c457abd
0.4.4
Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG):
Release 0.4.4 (Apr 18, 2023)
----------------------------
Notable Changes
* IMPORTANT: This release fixes a security vulnerability in the
parser where a regular expression vulnerable to ReDOS (Regular
Expression Denial of Service) was used. See the security advisory
for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
The vulnerability was discovered by @erik-krogh from GitHub
Security Lab (GHSL). Thanks for reporting!
Bug Fixes
* Revert a change from 0.4.0 that changed IN to be a comparison (issue694).
The primary expectation is that IN is treated as a keyword and not as a
comparison operator. That also follows the definition of reserved keywords
for the major SQL syntax definitions.
* Fix regular expressions for string parsing.
Other
* sqlparse now uses pyproject.toml instead of setup.cfg (issue685).
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch | 80 | ||||
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch | 51 |
2 files changed, 5 insertions, 126 deletions
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch index 94121340d5..0c9f29a6b8 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch +++ b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 7fd00ab8c1b663052d57e735b6b956d5c92fbaed Mon Sep 17 00:00:00 2001 | 1 | From f236a30dc8528b6f114201580f1efdcc1c447d43 Mon Sep 17 00:00:00 2001 |
| 2 | From: Changqing Li <changqing.li@windriver.com> | 2 | From: Changqing Li <changqing.li@windriver.com> |
| 3 | Date: Mon, 9 Mar 2020 13:10:37 +0800 | 3 | Date: Mon, 9 Mar 2020 13:10:37 +0800 |
| 4 | Subject: [PATCH] sqlparse: change shebang to python3 | 4 | Subject: [PATCH] sqlparse: change shebang to python3 |
| @@ -12,80 +12,10 @@ dropped. | |||
| 12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | 12 | Signed-off-by: Changqing Li <changqing.li@windriver.com> |
| 13 | Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> | 13 | Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> |
| 14 | --- | 14 | --- |
| 15 | 0001-sqlparse-change-shebang-to-python3.patch | 51 +++++++++++++++++++ | 15 | sqlparse/__main__.py | 2 +- |
| 16 | setup.py | 2 +- | 16 | sqlparse/cli.py | 2 +- |
| 17 | sqlparse/__main__.py | 2 +- | 17 | 2 files changed, 2 insertions(+), 2 deletions(-) |
| 18 | sqlparse/cli.py | 2 +- | ||
| 19 | 4 files changed, 54 insertions(+), 3 deletions(-) | ||
| 20 | create mode 100644 0001-sqlparse-change-shebang-to-python3.patch | ||
| 21 | 18 | ||
| 22 | diff --git a/0001-sqlparse-change-shebang-to-python3.patch b/0001-sqlparse-change-shebang-to-python3.patch | ||
| 23 | new file mode 100644 | ||
| 24 | index 0000000..ad6c50f | ||
| 25 | --- /dev/null | ||
| 26 | +++ b/0001-sqlparse-change-shebang-to-python3.patch | ||
| 27 | @@ -0,0 +1,51 @@ | ||
| 28 | +From 10c9d3341d64d697f678a64ae707f6bda21565bb Mon Sep 17 00:00:00 2001 | ||
| 29 | +From: Changqing Li <changqing.li@windriver.com> | ||
| 30 | +Date: Mon, 9 Mar 2020 13:10:37 +0800 | ||
| 31 | +Subject: [PATCH] sqlparse: change shebang to python3 | ||
| 32 | + | ||
| 33 | +Upstream-Status: Pending | ||
| 34 | + | ||
| 35 | +Don't send upstream since upstream still support python2, | ||
| 36 | +we can only make this change after python2 is offcially | ||
| 37 | +dropped. | ||
| 38 | + | ||
| 39 | +Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
| 40 | +--- | ||
| 41 | + setup.py | 2 +- | ||
| 42 | + sqlparse/__main__.py | 2 +- | ||
| 43 | + sqlparse/cli.py | 2 +- | ||
| 44 | + 3 files changed, 3 insertions(+), 3 deletions(-) | ||
| 45 | + | ||
| 46 | +diff --git a/setup.py b/setup.py | ||
| 47 | +index 345d0ce..ce3abc3 100644 | ||
| 48 | +--- a/setup.py | ||
| 49 | ++++ b/setup.py | ||
| 50 | +@@ -1,4 +1,4 @@ | ||
| 51 | +-#!/usr/bin/env python | ||
| 52 | ++#!/usr/bin/env python3 | ||
| 53 | + # -*- coding: utf-8 -*- | ||
| 54 | + # | ||
| 55 | + # Copyright (C) 2009-2018 the sqlparse authors and contributors | ||
| 56 | +diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py | ||
| 57 | +index 867d75d..dd0c074 100644 | ||
| 58 | +--- a/sqlparse/__main__.py | ||
| 59 | ++++ b/sqlparse/__main__.py | ||
| 60 | +@@ -1,4 +1,4 @@ | ||
| 61 | +-#!/usr/bin/env python | ||
| 62 | ++#!/usr/bin/env python3 | ||
| 63 | + # -*- coding: utf-8 -*- | ||
| 64 | + # | ||
| 65 | + # Copyright (C) 2009-2018 the sqlparse authors and contributors | ||
| 66 | +diff --git a/sqlparse/cli.py b/sqlparse/cli.py | ||
| 67 | +index 25555a5..8bf050a 100755 | ||
| 68 | +--- a/sqlparse/cli.py | ||
| 69 | ++++ b/sqlparse/cli.py | ||
| 70 | +@@ -1,4 +1,4 @@ | ||
| 71 | +-#!/usr/bin/env python | ||
| 72 | ++#!/usr/bin/env python3 | ||
| 73 | + # -*- coding: utf-8 -*- | ||
| 74 | + # | ||
| 75 | + # Copyright (C) 2009-2018 the sqlparse authors and contributors | ||
| 76 | +-- | ||
| 77 | +2.7.4 | ||
| 78 | + | ||
| 79 | diff --git a/setup.py b/setup.py | ||
| 80 | index ede0aff..dc6a323 100644 | ||
| 81 | --- a/setup.py | ||
| 82 | +++ b/setup.py | ||
| 83 | @@ -1,4 +1,4 @@ | ||
| 84 | -#!/usr/bin/env python | ||
| 85 | +#!/usr/bin/env python3 | ||
| 86 | # | ||
| 87 | # Copyright (C) 2009-2020 the sqlparse authors and contributors | ||
| 88 | # <see AUTHORS file> | ||
| 89 | diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py | 19 | diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py |
| 90 | index 2bf2513..6a3a115 100644 | 20 | index 2bf2513..6a3a115 100644 |
| 91 | --- a/sqlparse/__main__.py | 21 | --- a/sqlparse/__main__.py |
| @@ -107,5 +37,5 @@ index 7a8aacb..9c727e8 100755 | |||
| 107 | # Copyright (C) 2009-2020 the sqlparse authors and contributors | 37 | # Copyright (C) 2009-2020 the sqlparse authors and contributors |
| 108 | # <see AUTHORS file> | 38 | # <see AUTHORS file> |
| 109 | -- | 39 | -- |
| 110 | 2.17.1 | 40 | 2.41.0 |
| 111 | 41 | ||
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch deleted file mode 100644 index f5526c5b88..0000000000 --- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch +++ /dev/null | |||
| @@ -1,51 +0,0 @@ | |||
| 1 | From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andi Albrecht <albrecht.andi@gmail.com> | ||
| 3 | Date: Mon, 20 Mar 2023 08:33:46 +0100 | ||
| 4 | Subject: [PATCH] Remove unnecessary parts in regex for bad escaping. | ||
| 5 | |||
| 6 | The regex tried to deal with situations where escaping in the | ||
| 7 | SQL to be parsed was suspicious. | ||
| 8 | |||
| 9 | Upstream-Status: Backport | ||
| 10 | CVE: CVE-2023-30608 | ||
| 11 | |||
| 12 | Reference to upstream patch: | ||
| 13 | https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb | ||
| 14 | |||
| 15 | [AZ: drop changes to CHANGELOG file and adjust context whitespaces] | ||
| 16 | Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> | ||
| 17 | |||
| 18 | Adjust indentation in keywords.py. | ||
| 19 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
| 20 | --- | ||
| 21 | sqlparse/keywords.py | 4 ++-- | ||
| 22 | tests/test_split.py | 4 ++-- | ||
| 23 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
| 24 | |||
| 25 | --- sqlparse-0.4.3.orig/sqlparse/keywords.py | ||
| 26 | +++ sqlparse-0.4.3/sqlparse/keywords.py | ||
| 27 | @@ -72,9 +72,9 @@ SQL_REGEX = { | ||
| 28 | (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])', | ||
| 29 | tokens.Number.Float), | ||
| 30 | (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer), | ||
| 31 | - (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single), | ||
| 32 | + (r"'(''|\\'|[^'])*'", tokens.String.Single), | ||
| 33 | # not a real string literal in ANSI SQL: | ||
| 34 | - (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol), | ||
| 35 | + (r'"(""|\\"|[^"])*"', tokens.String.Symbol), | ||
| 36 | (r'(""|".*?[^\\]")', tokens.String.Symbol), | ||
| 37 | # sqlite names can be escaped with [square brackets]. left bracket | ||
| 38 | # cannot be preceded by word character or a right bracket -- | ||
| 39 | --- sqlparse-0.4.3.orig/tests/test_split.py | ||
| 40 | +++ sqlparse-0.4.3/tests/test_split.py | ||
| 41 | @@ -18,8 +18,8 @@ def test_split_semicolon(): | ||
| 42 | |||
| 43 | |||
| 44 | def test_split_backslash(): | ||
| 45 | - stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';") | ||
| 46 | - assert len(stmts) == 3 | ||
| 47 | + stmts = sqlparse.parse("select '\'; select '\'';") | ||
| 48 | + assert len(stmts) == 2 | ||
| 49 | |||
| 50 | |||
| 51 | @pytest.mark.parametrize('fn', ['function.sql', | ||