linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-sqlparse, branch scarthgap

python3-sqlparse: Fix CVE-2024-4340

2024-08-03T15:56:05+00:00

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. References: https://nvd.nist.gov/vuln/detail/CVE-2024-4340 Upstream-patch: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 Signed-off-by: Soumya Sambu Signed-off-by: Armin Kuster

python3-sqlparse: switch to pytest --automake

2024-02-17T00:42:36+00:00

* Also replace ${PYTHON_PN} with python3 Signed-off-by: Tim Orling Signed-off-by: Khem Raj

python3-sqlparse: upgrade 0.4.3 -> 0.4.4

2023-07-25T19:46:19+00:00

- Use python_flit_core instead of setuptools3 - Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4 - Remove CVE-2023-30608.patch since it's now upstream: [tgamblin@megalith sqlparse]$ git tag --contains c457abd 0.4.4 Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG): Release 0.4.4 (Apr 18, 2023) ---------------------------- Notable Changes * IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting! Bug Fixes * Revert a change from 0.4.0 that changed IN to be a comparison (issue694). The primary expectation is that IN is treated as a keyword and not as a comparison operator. That also follows the definition of reserved keywords for the major SQL syntax definitions. * Fix regular expressions for string parsing. Other * sqlparse now uses pyproject.toml instead of setup.cfg (issue685). Signed-off-by: Trevor Gamblin Signed-off-by: Khem Raj

python3-sqlparse: fix CVE-2023-30608

2023-06-15T22:04:51+00:00

Backport from commit c457abd5f... upstream. Signed-off-by: Joe Slater Signed-off-by: Khem Raj

python3-sqlparse: Upgrade 0.3.1 -> 0.4.1

2020-10-17T06:11:58+00:00

Upgrade to release 0.4.1: - Just removed a debug print statement - Remove support for end-of-life Python 2.7 and 3.4. Python 3.5+ is now required. - Remaining strings that only consist of whitespaces are not treated as statements anymore. Code that ignored the last element from sqlparse.split() should be updated accordingly since that function now doesn't return an empty string as the last element in some cases. Signed-off-by: Leon Anavi Acked-by: Trevor Gamblin Signed-off-by: Khem Raj

python3-sqlparse: Modify ptest output format

2020-04-27T14:48:46+00:00

Signed-off-by: Zang Ruochen Signed-off-by: Khem Raj

python3-sqlparse: Enable ptest

2020-03-30T18:44:47+00:00

Signed-off-by: Zang Ruochen Signed-off-by: Khem Raj

python3-sqlparse: change shebang to python3

2020-03-09T18:26:36+00:00

we have offcially dropped python2, so it is possible that our code run on python3 only host, so change shebang to python3 to avoid error like: python: command not found Signed-off-by: Changqing Li Signed-off-by: Khem Raj