Contains fixes for CVE-2025-61911 and CVE-2025-61912
Changelog:
Security fixes:
- CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
escaping.
- CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
ldap.dn.escape_dn_chars to \00 per RFC 4514.
Fixes:
- ReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR
and TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection
issues especially during server restarts
- Fixed syncrepl.py to use named constants instead of raw decimal values
for result types
- Fixed error handling in SearchNoOpMixIn to prevent a undefined variable error
Tests:
- Added comprehensive reconnection test cases including concurrent operation
handling and server restart scenarios
Doc:
- Updated installation docs and fixed various documentation typos
- Added ReadTheDocs configuration file
Infrastructure:
- Add testing and document support for Python 3.13
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9eabbca905)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Contains a fix for CVE-2024-6221 (related patch dropped) and CVE-2024-1681
Changelog:
4.0.1:
- Fix Read the Docs builds
- Update extension.py to clean request.path before logging it
- Update CI to include Python 3.12 and flask 3.0.3
4.0.2:
- Bump requests from 2.31.0 to 2.32.0 in /docs
- Backwards Compatible Fix for CVE-2024-6221
- Add unit tests for Private-Network
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit fbe5524dc8)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Changelog:
=============
Enhancements
---------------
* Add support for Python 3.14.
* Add type annotations to top-level API functions and include py.typed marker
for PEP 561 compliance, enabling type checking with mypy and other tools
* Add pre-commit hook support. sqlparse can now be used as a pre-commit hook
to automatically format SQL files. The CLI now supports multiple files and
an '--in-place' flag for in-place editing
* Add 'ATTACH' and 'DETACH' to PostgreSQL keywords
* Add 'INTERSECT' to close keywords in WHERE clause
* Support 'REGEXP BINARY' comparison operator
Bug Fixes
----------
* Add additional protection against denial of service attacks when parsing
very large lists of tuples. This enhances the existing recursion protections
with configurable limits for token processing to prevent DoS through
algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100,
MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None)
if needed for legitimate large SQL statements.
* Remove shebang from cli.py and remove executable flag
* Fix strip_comments not removing all comments when input contains only
comments
* Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END
blocks
* Fix splitting on semicolons inside BEGIN...END blocks
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 705abb20c1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
nativesdk-python3-icontract is needed for the dependency tree :
`-> nativesdk-python3-pylddwrap
`-> nativesdk-python3-checksec-py
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
nativesdk-python3-asttokens is needed for the dependency tree :
`-> nativesdk-python3-icontract
`-> nativesdk-python3-pylddwrap
`-> nativesdk-python3-checksec-py
Cc: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Acked-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to version 3.0.1:
- Fixed compilation error in `type_caster_enum_type` when casting
pointer-to-enum types. Added pointer overload to handle
dereferencing before enum conversion.
- Implement binary version of `make_index_sequence` to reduce
template depth requirements for functions with many parameters.
- Subinterpreter-specific exception handling code was removed to
resolve segfaults.
- Fixed issue that caused ``PYBIND11_MODULE`` code to run again if
the module was re-imported after being deleted from
``sys.modules``.
- Prevent concurrent creation of sub-interpreters as a workaround
for stdlib concurrency issues in Python 3.12.
- Fixed potential crash when using `cpp_function` objects with
sub-interpreters.
- Fixed non-entrant check in `implicitly_convertible()`.
- Support C++20 on platforms that have older c++ runtimes.
- Fix compilation with clang on msys2.
- Avoid `nullptr` dereference warning with GCC 13.3.0 and python
3.11.13.
- Fix potential warning about number of threads being too large.
- Fix gcc 11.4+ warning about serial compilation using CMake.
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 0.17.1:
- Fix missing visibility
- Fix incorrect paging computations that occurred when only a
subset of formats was enabled.
- Fix include issue with the COFF format
This work was sponsored by GOVCERT.LU.
License-Update: Update years
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
They need a cert infrastructure to execute.
Mutual TLS authentication requires client/server certificates
and a proper PKI setup that doesn't exist in the minimal qemu ptest
environment. These are integration tests that need real
certificate infrastructure.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 12.0.0:
- Fix issue with forward references in parent TypedDict classes
- Exclude fields with exclude_if from JSON Schema required fields
- Revert URL percent-encoding of credentials in the build() method
of the AnyUrl and Dsn types
- Add type inference for IP address types
- Avoid getting default values from defaultdict
- Fix issue with field serializers on nested typed dictionaries
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release python3-pydantic:
- Fix issue with forward references in parent TypedDict classes
- Exclude fields with exclude_if from JSON Schema required fields
- Revert URL percent-encoding of credentials in the build() method
of the AnyUrl and Dsn types
- Add type inference for IP address types
- Avoid getting default values from defaultdict
- Fix issue with field serializers on nested typed dictionaries
- Add more pydantic-core builds for the three-threaded version of
Python 3.14
This work was sponsored by GOVCERT.LU
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 2.41.5:
- Correct invalid serialization of date/datetime/time/timedelta
by pulling downcast checks up
- Avoid getting default values from defaultdict
- ci: add more 3.14t builds, delete duplicate linux aarch64 build
- JsonValue: Deduplicate keys before populating Dict
- Fix: only percent-encode characters in the userinfo encode set
- Bump jiter from 0.11.0 to 0.11.1
- Bump regex from 1.11.3 to 1.12.2
- Bump percent-encoding from 2.3.1 to 2.3.2
- Fix issue with field_serializers on nested typed dicts
- Clean up GC traversal for some top-level types
- Add type inference for serializing ip address types
- Revert url credential encoding (to be reintroduced as an option
in future)
- optimizations in URL implementation
This work was sponsored by GOVCERT.LU.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It has pyproject.toml asking for setuptools.build.meta backend
Fixes
QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
pytest 8.4+ is strict about asyncio [1]
however pyzmq is not yet fully ready, and installs its own
pytest.ini, add this to ptests package
Fixes the failures e.g.
async def functions are not natively supported.
You need to install a suitable plugin for your async framework, for example:
- anyio
- pytest-asyncio
- pytest-tornasync
- pytest-trio
- pytest-twisted
FAIL: tests/test_auth.py:TestAsyncioAuthentication.test_deny
[1] https://github.com/pytest-dev/pytest/issues/11372
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Gyorgy Sarvari
Peter Marko
Liu Yiding
Leon Anavi
Wang Mingyu
Ankur Tyagi
Yoann Congal
Khem Raj