Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/python-sqlparse: security bump to version 0.5.1
@ 2024-08-22 12:17 Marcus Hoffmann via buildroot
  2024-08-23 17:34 ` Thomas Petazzoni via buildroot
  2024-09-18 16:11 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Marcus Hoffmann via buildroot @ 2024-08-22 12:17 UTC (permalink / raw)
  To: buildroot; +Cc: James Hilliard, Asaf Kahlon

Changelog:
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-1-jul-15-2024
* https://sqlparse.readthedocs.io/en/latest/changes.html#release-0-5-0-apr-13-2024

Version 0.5.0 fixes the following security issue [1]:
Parsing heavily nested list leads to Denial of Service

Build backend switched from flit to hatchling in [2].

[1] https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phgg
[2] https://github.com/andialbrecht/sqlparse/commit/326a316446c3e091a93950251e3e376ebf0d4127

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
 package/python-sqlparse/python-sqlparse.hash | 4 ++--
 package/python-sqlparse/python-sqlparse.mk   | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package/python-sqlparse/python-sqlparse.hash b/package/python-sqlparse/python-sqlparse.hash
index 0b7c14d9ae..1fe8429724 100644
--- a/package/python-sqlparse/python-sqlparse.hash
+++ b/package/python-sqlparse/python-sqlparse.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/sqlparse/json
-md5  67798c7a0dae90f263d20e9ecf62c8cd  sqlparse-0.4.4.tar.gz
-sha256  d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c  sqlparse-0.4.4.tar.gz
+md5  969a64f03d7da1144fc74aad390f9db4  sqlparse-0.5.1.tar.gz
+sha256  bb6b4df465655ef332548e24f08e205afc81b9ab86cb1c45657a7ff173a3a00e  sqlparse-0.5.1.tar.gz
 # Locally computed sha256 checksums
 sha256  c1938235b80d39e93138eae89edc3af67e18ecbc40d266529fa57b2dce426310  LICENSE
diff --git a/package/python-sqlparse/python-sqlparse.mk b/package/python-sqlparse/python-sqlparse.mk
index 3f99eb6476..57cef1d672 100644
--- a/package/python-sqlparse/python-sqlparse.mk
+++ b/package/python-sqlparse/python-sqlparse.mk
@@ -4,12 +4,13 @@
 #
 ################################################################################
 
-PYTHON_SQLPARSE_VERSION = 0.4.4
+PYTHON_SQLPARSE_VERSION = 0.5.1
 PYTHON_SQLPARSE_SOURCE = sqlparse-$(PYTHON_SQLPARSE_VERSION).tar.gz
-PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/65/16/10f170ec641ed852611b6c9441b23d10b5702ab5288371feab3d36de2574
-PYTHON_SQLPARSE_SETUP_TYPE = flit
+PYTHON_SQLPARSE_SITE = https://files.pythonhosted.org/packages/73/82/dfa23ec2cbed08a801deab02fe7c904bfb00765256b155941d789a338c68
+PYTHON_SQLPARSE_SETUP_TYPE = pep517
 PYTHON_SQLPARSE_LICENSE = BSD-3-Clause
 PYTHON_SQLPARSE_LICENSE_FILES = LICENSE
+PYTHON_SQLPARSE_DEPENDENCIES = host-python-hatchling
 PYTHON_SQLPARSE_CPE_ID_VENDOR = sqlparse_project
 PYTHON_SQLPARSE_CPE_ID_PRODUCT = sqlparse
 
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-09-18 16:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-22 12:17 [Buildroot] [PATCH] package/python-sqlparse: security bump to version 0.5.1 Marcus Hoffmann via buildroot
2024-08-23 17:34 ` Thomas Petazzoni via buildroot
2024-09-18 16:11 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox