1 files changed, 48 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch
new file mode 100644
index 0000000000..670904071a
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch
@@ -0,0 +1,48 @@
+From b4a39d9850969b4e1d6940d32094ee0b42a2cf03 Mon Sep 17 00:00:00 2001
+From: Andi Albrecht <albrecht.andi@gmail.com>
+Date: Sat, 13 Apr 2024 13:59:00 +0200
+Subject: [PATCH] Raise SQLParseError instead of RecursionError.
+CVE: CVE-2024-4340
+Upstream-Status: Backport [https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03]
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ sqlparse/sql.py | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+diff --git a/sqlparse/sql.py b/sqlparse/sql.py
+index 1ccfbdb..2090621 100644
+--- a/sqlparse/sql.py
+++ b/sqlparse/sql.py
+@@ -10,6 +10,7 @@
+ import re
+ from sqlparse import tokens as T
+from sqlparse.exceptions import SQLParseError
+ from sqlparse.utils import imt, remove_quotes
+@@ -209,11 +210,14 @@ class TokenList(Token):
+         This method is recursively called for all child tokens.
+         """
+-        for token in self.tokens:
+-            if token.is_group:
+-                yield from token.flatten()
+-            else:
+-                yield token
+        try:
+            for token in self.tokens:
+                if token.is_group:
+                    yield from token.flatten()
+                else:
+                    yield token
+        except RecursionError as err:
+            raise SQLParseError('Maximum recursion depth exceeded') from err
+     def get_sublists(self):
+         for token in self.tokens:
+--
+2.25.1

diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch new file mode 100644 index 0000000000..670904071a --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2024-4340.patch
@@ -0,0 +1,48 @@
	1	From b4a39d9850969b4e1d6940d32094ee0b42a2cf03 Mon Sep 17 00:00:00 2001
	2	From: Andi Albrecht <albrecht.andi@gmail.com>
	3	Date: Sat, 13 Apr 2024 13:59:00 +0200
	4	Subject: [PATCH] Raise SQLParseError instead of RecursionError.
	5
	6	CVE: CVE-2024-4340
	7
	8	Upstream-Status: Backport [https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03]
	9
	10	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	11	---
	12	sqlparse/sql.py \| 14 +++++++++-----
	13	1 file changed, 9 insertions(+), 5 deletions(-)
	14
	15	diff --git a/sqlparse/sql.py b/sqlparse/sql.py
	16	index 1ccfbdb..2090621 100644
	17	--- a/sqlparse/sql.py
	18	+++ b/sqlparse/sql.py
	19	@@ -10,6 +10,7 @@
	20	import re
	21
	22	from sqlparse import tokens as T
	23	+from sqlparse.exceptions import SQLParseError
	24	from sqlparse.utils import imt, remove_quotes
	25
	26
	27	@@ -209,11 +210,14 @@ class TokenList(Token):
	28
	29	This method is recursively called for all child tokens.
	30	"""
	31	- for token in self.tokens:
	32	- if token.is_group:
	33	- yield from token.flatten()
	34	- else:
	35	- yield token
	36	+ try:
	37	+ for token in self.tokens:
	38	+ if token.is_group:
	39	+ yield from token.flatten()
	40	+ else:
	41	+ yield token
	42	+ except RecursionError as err:
	43	+ raise SQLParseError('Maximum recursion depth exceeded') from err
	44
	45	def get_sublists(self):
	46	for token in self.tokens:
	47	--
	48	2.25.1