From 36328f64d90a81329c68deb5ba90c515e811855c Mon Sep 17 00:00:00 2001
From: Marcus Hoffmann <buildroot@bubu1.eu>
Date: Thu, 22 Aug 2024 14:17:09 +0200
Subject: [PATCH] package/python-sqlparse: security bump to version 0.5.1

Changelog:
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-1-jul-15-2024
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-0-apr-13-2024

Version 0.5.0 fixes the following security issue [1]:
Parsing heavily nested list leads to Denial of Service

Build backend switched from flit to hatchling in [2].

[1] https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg
[2] https://github.com/andialbrecht/sqlparse/commit/326a316446c3e091a93950251e3e376ebf0d4127

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65247fcc6a12eb2443ae9861e7cd36b3881a466e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/python-sqlparse/python-sqlparse.hash | 4 ++--
 package/python-sqlparse/python-sqlparse.mk   | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package/python-sqlparse/python-sqlparse.hash b/package/python-sqlparse/python-sqlparse.hash
index 0b7c14d9ae..1fe8429724 100644
--- a/package/python-sqlparse/python-sqlparse.hash
+++ b/package/python-sqlparse/python-sqlparse.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/sqlparse/json
-md5  67798c7a0dae90f263d20e9ecf62c8cd  sqlparse-0.4.4.tar.gz
-sha256  d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c  sqlparse-0.4.4.tar.gz
+md5  969a64f03d7da1144fc74aad390f9db4  sqlparse-0.5.1.tar.gz
+sha256  bb6b4df465655ef332548e24f08e205afc81b9ab86cb1c45657a7ff173a3a00e  sqlparse-0.5.1.tar.gz
 # Locally computed sha256 checksums
 sha256  c1938235b80d39e93138eae89edc3af67e18ecbc40d266529fa57b2dce426310  LICENSE
diff --git a/package/python-sqlparse/python-sqlparse.mk b/package/python-sqlparse/python-sqlparse.mk
index 3f99eb6476..57cef1d672 100644
--- a/package/python-sqlparse/python-sqlparse.mk
+++ b/package/python-sqlparse/python-sqlparse.mk
@@ -4,12 +4,13 @@
 #
 ################################################################################
 
-PYTHON_SQLPARSE_VERSION = 0.4.4
+PYTHON_SQLPARSE_VERSION = 0.5.1
 PYTHON_SQLPARSE_SOURCE = sqlparse-$(PYTHON_SQLPARSE_VERSION).tar.gz
-PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/65/16/10f170ec641ed852611b6c9441b23d10b5702ab5288371feab3d36de2574
-PYTHON_SQLPARSE_SETUP_TYPE = flit
+PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/73/82/dfa23ec2cbed08a801deab02fe7c904bfb00765256b155941d789a338c68
+PYTHON_SQLPARSE_SETUP_TYPE = pep517
 PYTHON_SQLPARSE_LICENSE = BSD-3-Clause
 PYTHON_SQLPARSE_LICENSE_FILES = LICENSE
+PYTHON_SQLPARSE_DEPENDENCIES = host-python-hatchling
 PYTHON_SQLPARSE_CPE_ID_VENDOR = sqlparse_project
 PYTHON_SQLPARSE_CPE_ID_PRODUCT = sqlparse