python-sqlparse
No description set
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.6:Update/python-sqlparse && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| python-sqlparse.changes | 0000010418 10.2 KB | |
| python-sqlparse.spec | 0000002152 2.1 KB | |
| sqlparse-0.4.4.tar.gz | 0000072383 70.7 KB |
Latest Revision
Ruediger Oertel (oertel)
committed
(revision 2)
Update package python-sqlparse from 0.4.2 to 0.4.4 (jsc#PED-7230)
Removed patch on purpose which was never part of this timeline and
was already included in 0.4.4:
* CVE-2023-30608-ReDOS-parser.patch
------------------------------------------------------------------------
Index: python-sqlparse.changes
===================================================================
--- python-sqlparse.changes (revision 2)
+++ python-sqlparse.changes (revision 26b618fa0112012015b7acd7b6ed8d52)
@@ -1,9 +1,43 @@
-------------------------------------------------------------------
-Thu May 25 15:47:23 UTC 2023 - Matej Cepl <mcepl@suse.com>
+Fri Jun 9 11:45:02 UTC 2023 - ecsos <ecsos@opensuse.org>
-- Add CVE-2023-30608-ReDOS-parser.patch fixing bsc#1210617
- (CVE-2023-30608) fixing a regular rexpression that is
- vulnerable to ReDOS (Regular Expression Denial of Service)
+- Add %{?sle15_python_module_pythons}
+
+-------------------------------------------------------------------
+Thu May 25 16:21:05 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Update to 0.4.4:
+ * IMPORTANT: This release fixes a security vulnerability in
+ the parser where a regular expression vulnerable to ReDOS
+ (Regular Expression Denial of Service) was used. See the
+ security advisory for details (CVE-2023-30608, bsc#1210617,
+ https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2)
+ The vulnerability was discovered by @erik-krogh from GitHub
+ Security Lab (GHSL). Thanks for reporting!
+ * Revert a change from 0.4.0 that changed IN to be a comparison
+ (issue694). The primary expectation is that IN is treated as
+ a keyword and not as a comparison operator. That also follows
+ the definition of reserved keywords for the major SQL syntax
+ definitions.
+ * Fix regular expressions for string parsing.
+ * sqlparse now uses pyproject.toml instead of setup.cfg
+ (issue685).
+
+-------------------------------------------------------------------
+Mon Oct 3 16:01:20 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.4.3:
+ * Add support for DIV operator.
+ * Add support for additional SPARK keywords.
+ * Avoid tokens copy.
+ * Add REGEXP as a comparision.
+ * Add DISTINCTROW keyword for MS Access.
+ * Improve parsing of CREATE TABLE AS SELECT.
+ * Fix spelling of INDICATOR keyword.
+ * Fix formatting error in EXTRACT function.
+ * Fix bad parsing of create table statements that use lower case.
+ * Handle backtick as valid quote char.
+ * Allow any unicode character as valid identifier name.
-------------------------------------------------------------------
Fri Oct 1 12:42:17 UTC 2021 - Johannes Grassler <johannes.grassler@suse.com>
Index: python-sqlparse.spec
===================================================================
--- python-sqlparse.spec (revision 2)
+++ python-sqlparse.spec (revision 26b618fa0112012015b7acd7b6ed8d52)
@@ -1,7 +1,7 @@
#
# spec file for package python-sqlparse
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,27 +16,24 @@
#
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
-%define skip_python2 1
+%{?sle15_python_module_pythons}
Name: python-sqlparse
-Version: 0.4.2
+Version: 0.4.4
Release: 0
Summary: Non-validating SQL parser
License: BSD-3-Clause
Group: Development/Languages/Python
URL: https://github.com/andialbrecht/sqlparse
Source: https://files.pythonhosted.org/packages/source/s/sqlparse/sqlparse-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM CVE-2023-30608-ReDOS-parser.patch bsc#1210617 mcepl@suse.com
-# Remove unnecessary parts in regex for bad escaping
-Patch0: CVE-2023-30608-ReDOS-parser.patch
+BuildRequires: %{python_module flit-core}
+BuildRequires: %{python_module pip}
BuildRequires: %{python_module pytest}
-BuildRequires: %{python_module setuptools}
+Bu
Comments 0