python3-sqlparse: upgrade 0.4.3 -> 0.4.4

- Use python_flit_core instead of setuptools3 - Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4 - Remove CVE-2023-30608.patch since it's now upstream: [tgamblin@megalith sqlparse]$ git tag --contains c457abd 0.4.4 Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG): Release 0.4.4 (Apr 18, 2023) ---------------------------- Notable Changes * IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting! Bug Fixes * Revert a change from 0.4.0 that changed IN to be a comparison (issue694). The primary expectation is that IN is treated as a keyword and not as a comparison operator. That also follows the definition of reserved keywords for the major SQL syntax definitions. * Fix regular expressions for string parsing. Other * sqlparse now uses pyproject.toml instead of setup.cfg (issue685). Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-13 03:41:43 +00:00 · 2023-07-25 15:09:43 -04:00
parent 7fc427838d
commit 74e70284ac
3 changed files with 7 additions and 129 deletions
--- a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
@@ -1,4 +1,4 @@
-From 7fd00ab8c1b663052d57e735b6b956d5c92fbaed Mon Sep 17 00:00:00 2001
+From f236a30dc8528b6f114201580f1efdcc1c447d43 Mon Sep 17 00:00:00 2001
 From: Changqing Li <changqing.li@windriver.com>
 Date: Mon, 9 Mar 2020 13:10:37 +0800
 Subject: [PATCH] sqlparse: change shebang to python3
@@ -12,80 +12,10 @@ dropped.
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
 Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
 ---
- 0001-sqlparse-change-shebang-to-python3.patch | 51 +++++++++++++++++++
- setup.py                                      |  2 +-
- sqlparse/__main__.py                          |  2 +-
- sqlparse/cli.py                               |  2 +-
- 4 files changed, 54 insertions(+), 3 deletions(-)
- create mode 100644 0001-sqlparse-change-shebang-to-python3.patch
+ sqlparse/__main__.py | 2 +-
+ sqlparse/cli.py      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)

-diff --git a/0001-sqlparse-change-shebang-to-python3.patch b/0001-sqlparse-change-shebang-to-python3.patch
-new file mode 100644
-index 0000000..ad6c50f
--- /dev/null
-+++ b/0001-sqlparse-change-shebang-to-python3.patch
-@@ -0,0 +1,51 @@
-+From 10c9d3341d64d697f678a64ae707f6bda21565bb Mon Sep 17 00:00:00 2001
-+From: Changqing Li <changqing.li@windriver.com>
-+Date: Mon, 9 Mar 2020 13:10:37 +0800
-+Subject: [PATCH] sqlparse: change shebang to python3
-+
-+Upstream-Status: Pending
-+
-+Don't send upstream since upstream still support python2,
-+we can only make this change after python2 is offcially
-+dropped.
-+
-+Signed-off-by: Changqing Li <changqing.li@windriver.com>
-+---
-+ setup.py             | 2 +-
-+ sqlparse/__main__.py | 2 +-
-+ sqlparse/cli.py      | 2 +-
-+ 3 files changed, 3 insertions(+), 3 deletions(-)
-+
-+diff --git a/setup.py b/setup.py
-+index 345d0ce..ce3abc3 100644
-+--- a/setup.py
-++++ b/setup.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py
-+index 867d75d..dd0c074 100644
-+--- a/sqlparse/__main__.py
-++++ b/sqlparse/__main__.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+diff --git a/sqlparse/cli.py b/sqlparse/cli.py
-+index 25555a5..8bf050a 100755
-+--- a/sqlparse/cli.py
-++++ b/sqlparse/cli.py
-+@@ -1,4 +1,4 @@
-+-#!/usr/bin/env python
-++#!/usr/bin/env python3
-+ # -*- coding: utf-8 -*-
-+ #
-+ # Copyright (C) 2009-2018 the sqlparse authors and contributors
-+-- 
-+2.7.4
-+
-diff --git a/setup.py b/setup.py
-index ede0aff..dc6a323 100644
--- a/setup.py
-+++ b/setup.py
-@@ -1,4 +1,4 @@
-#!/usr/bin/env python
-+#!/usr/bin/env python3
- #
- # Copyright (C) 2009-2020 the sqlparse authors and contributors
- # <see AUTHORS file>
 diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py
 index 2bf2513..6a3a115 100644
 --- a/sqlparse/__main__.py
@@ -107,5 +37,5 @@ index 7a8aacb..9c727e8 100755
 # Copyright (C) 2009-2020 the sqlparse authors and contributors
 # <see AUTHORS file>
 -- 
-2.17.1
+2.41.0

--- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
+++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch
@@ -1,51 +0,0 @@
-From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001
-From: Andi Albrecht <albrecht.andi@gmail.com>
-Date: Mon, 20 Mar 2023 08:33:46 +0100
-Subject: [PATCH] Remove unnecessary parts in regex for bad escaping.
-
-The regex tried to deal with situations where escaping in the
-SQL to be parsed was suspicious.
-
-Upstream-Status: Backport
-CVE: CVE-2023-30608
-
-Reference to upstream patch:
-https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
-
-[AZ: drop changes to CHANGELOG file and adjust context whitespaces]
-Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com>
-
-Adjust indentation in keywords.py.
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
---
- sqlparse/keywords.py | 4 ++--
- tests/test_split.py  | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
--- sqlparse-0.4.3.orig/sqlparse/keywords.py
-+++ sqlparse-0.4.3/sqlparse/keywords.py
-@@ -72,9 +72,9 @@ SQL_REGEX = {
-         (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])',
-          tokens.Number.Float),
-         (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer),
-        (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single),
-+        (r"'(''|\\'|[^'])*'", tokens.String.Single),
-         # not a real string literal in ANSI SQL:
-        (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol),
-+        (r'"(""|\\"|[^"])*"', tokens.String.Symbol),
-         (r'(""|".*?[^\\]")', tokens.String.Symbol),
-         # sqlite names can be escaped with [square brackets]. left bracket
-         # cannot be preceded by word character or a right bracket --
--- sqlparse-0.4.3.orig/tests/test_split.py
-+++ sqlparse-0.4.3/tests/test_split.py
-@@ -18,8 +18,8 @@ def test_split_semicolon():
- 
- 
- def test_split_backslash():
-    stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';")
-    assert len(stmts) == 3
-+    stmts = sqlparse.parse("select '\'; select '\'';")
-+    assert len(stmts) == 2
- 
- 
- @pytest.mark.parametrize('fn', ['function.sql',