diff options
Diffstat (limited to 'meta-openembedded/meta-python')
-rw-r--r-- | meta-openembedded/meta-python/recipes-devtools/python/python3-appdirs/run-ptest | 2 | ||||
-rw-r--r-- | meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb (renamed from meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.7.bb) | 2 | ||||
-rw-r--r-- | meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch | 51 | ||||
-rw-r--r-- | meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb | 1 |
4 files changed, 54 insertions, 2 deletions
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-appdirs/run-ptest b/meta-openembedded/meta-python/recipes-devtools/python/python3-appdirs/run-ptest index 5287f3e035..b63c4de0d9 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-appdirs/run-ptest +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-appdirs/run-ptest @@ -1,3 +1,3 @@ #!/bin/sh -pytest | sed -e 's/\[100%\]//g' | sed -e 's/\.\.F/: FAIL/g' | sed -e 's/\.\.\./: PASS/g' +pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}' diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.7.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb index be806eefaa..b1474cf054 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.1.7.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-django_4.2.1.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "44f714b81c5f190d9d2ddad01a532fe502fa01c4cb8faf1d081f4264ed15dcd8" +SRC_URI[sha256sum] = "7efa6b1f781a6119a10ac94b4794ded90db8accbe7802281cd26f8664ffed59c" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch new file mode 100644 index 0000000000..f5526c5b88 --- /dev/null +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch @@ -0,0 +1,51 @@ +From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001 +From: Andi Albrecht <albrecht.andi@gmail.com> +Date: Mon, 20 Mar 2023 08:33:46 +0100 +Subject: [PATCH] Remove unnecessary parts in regex for bad escaping. + +The regex tried to deal with situations where escaping in the +SQL to be parsed was suspicious. + +Upstream-Status: Backport +CVE: CVE-2023-30608 + +Reference to upstream patch: +https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb + +[AZ: drop changes to CHANGELOG file and adjust context whitespaces] +Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> + +Adjust indentation in keywords.py. +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + sqlparse/keywords.py | 4 ++-- + tests/test_split.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- sqlparse-0.4.3.orig/sqlparse/keywords.py ++++ sqlparse-0.4.3/sqlparse/keywords.py +@@ -72,9 +72,9 @@ SQL_REGEX = { + (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])', + tokens.Number.Float), + (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer), +- (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single), ++ (r"'(''|\\'|[^'])*'", tokens.String.Single), + # not a real string literal in ANSI SQL: +- (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol), ++ (r'"(""|\\"|[^"])*"', tokens.String.Symbol), + (r'(""|".*?[^\\]")', tokens.String.Symbol), + # sqlite names can be escaped with [square brackets]. left bracket + # cannot be preceded by word character or a right bracket -- +--- sqlparse-0.4.3.orig/tests/test_split.py ++++ sqlparse-0.4.3/tests/test_split.py +@@ -18,8 +18,8 @@ def test_split_semicolon(): + + + def test_split_backslash(): +- stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';") +- assert len(stmts) == 3 ++ stmts = sqlparse.parse("select '\'; select '\'';") ++ assert len(stmts) == 2 + + + @pytest.mark.parametrize('fn', ['function.sql', diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb index c952c71d0b..a402f991f7 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb @@ -5,6 +5,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc" SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \ + file://CVE-2023-30608.patch \ file://run-ptest \ " |