Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2025-01-23T00:29:37+00:00 2025-01-23T00:29:37+00:00 Soumya Sambu soumya.sambu@windriver.com 2025-01-20T04:32:33+00:00 urn:sha1:de8681b4a2a101b99dd2c48d89a7de2ccd9a961f Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4340 Upstream-patch: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2023-06-17T17:50:19+00:00 Narpat Mali narpat.mali@windriver.com 2023-05-31T15:23:13+00:00 urn:sha1:420acd8735dd5d3bd0751928b65b87b94ede2b0c sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue. Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2020-10-17T06:11:58+00:00 Leon Anavi leon.anavi@konsulko.com 2020-10-13T11:46:52+00:00 urn:sha1:3ae56a340a8fbb3803cddf7955b15a461a62e1f9 Upgrade to release 0.4.1: - Just removed a debug print statement - Remove support for end-of-life Python 2.7 and 3.4. Python 3.5+ is now required. - Remaining strings that only consist of whitespaces are not treated as statements anymore. Code that ignored the last element from sqlparse.split() should be updated accordingly since that function now doesn't return an empty string as the last element in some cases. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-04-27T14:48:46+00:00 zangrc zangrc.fnst@cn.fujitsu.com 2020-04-26T07:21:59+00:00 urn:sha1:1efe4446eb4dbdb0ae5de7709b3577185c2d01cd Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-03-30T18:44:47+00:00 Zang Ruochen zangrc.fnst@cn.fujitsu.com 2020-03-30T05:56:14+00:00 urn:sha1:ac867f6fa6273ca3361cc6b5b07ca23ef6d25ae6 Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-03-09T18:26:36+00:00 Changqing Li changqing.li@windriver.com 2020-03-09T06:04:28+00:00 urn:sha1:41eb6e1a61ee416714149918489af975eba3dba6 we have offcially dropped python2, so it is possible that our code run on python3 only host, so change shebang to python3 to avoid error like: python: command not found Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>