NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-sqlparse: security bump to version 0.5.1

Browse Source 
Changelog:
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-1-jul-15-2024
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-0-apr-13-2024

Version 0.5.0 fixes the following security issue [1]:
Parsing heavily nested list leads to Denial of Service

Build backend switched from flit to hatchling in [2].

[1] https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg
[2] 326a316446

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65247fcc6a12eb2443ae9861e7cd36b3881a466e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Marcus Hoffmann 2024-08-22 14:17:09 +02:00 committed by Peter Korsgaard
parent 9425e2f723
commit 36328f64d9
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-sqlparse/python-sqlparse.hash
View File

@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/sqlparse/json
md5 67798c7a0dae90f263d20e9ecf62c8cd sqlparse-0.4.4.tar.gz
sha256 d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c sqlparse-0.4.4.tar.gz
md5 969a64f03d7da1144fc74aad390f9db4 sqlparse-0.5.1.tar.gz
sha256 bb6b4df465655ef332548e24f08e205afc81b9ab86cb1c45657a7ff173a3a00e sqlparse-0.5.1.tar.gz
# Locally computed sha256 checksums
sha256 c1938235b80d39e93138eae89edc3af67e18ecbc40d266529fa57b2dce426310 LICENSE

7
package/python-sqlparse/python-sqlparse.mk
View File

@ -4,12 +4,13 @@
#
################################################################################
PYTHON_SQLPARSE_VERSION = 0.4.4
PYTHON_SQLPARSE_VERSION = 0.5.1
PYTHON_SQLPARSE_SOURCE = sqlparse-$(PYTHON_SQLPARSE_VERSION).tar.gz
PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/65/16/10f170ec641ed852611b6c9441b23d10b5702ab5288371feab3d36de2574
PYTHON_SQLPARSE_SETUP_TYPE = flit
PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/73/82/dfa23ec2cbed08a801deab02fe7c904bfb00765256b155941d789a338c68
PYTHON_SQLPARSE_SETUP_TYPE = pep517
PYTHON_SQLPARSE_LICENSE = BSD-3-Clause
PYTHON_SQLPARSE_LICENSE_FILES = LICENSE
PYTHON_SQLPARSE_DEPENDENCIES = host-python-hatchling
PYTHON_SQLPARSE_CPE_ID_VENDOR = sqlparse_project
PYTHON_SQLPARSE_CPE_ID_PRODUCT = sqlparse