Accepting request 1324374 from security

OBS-URL: https://build.opensuse.org/request/show/1324374
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlmap?expand=0&rev=27

fix_shebang.patch

@@ -8,33 +8,33 @@ Only in sqlmap-1.5.ori/extra/runcmd/src/runcmd: stdafx.cpp
 Only in sqlmap-1.5/extra/runcmd/src/runcmd: stdafx.cpp.txt
 Only in sqlmap-1.5.ori/extra/runcmd/src/runcmd: stdafx.h
 Only in sqlmap-1.5/extra/runcmd/src/runcmd: stdafx.h.txt
-Index: sqlmap-1.8.8/extra/shutils/autocompletion.sh
+Index: sqlmap-1.9.6/extra/shutils/autocompletion.sh
 ===================================================================
---- sqlmap-1.8.8.orig/extra/shutils/autocompletion.sh
-+++ sqlmap-1.8.8/extra/shutils/autocompletion.sh
+--- sqlmap-1.9.6.orig/extra/shutils/autocompletion.sh
++++ sqlmap-1.9.6/extra/shutils/autocompletion.sh
 @@ -1,4 +1,4 @@
 -#/usr/bin/env bash
 +#!/usr/bin/bash
  
  # source ./extra/shutils/autocompletion.sh
  
-Index: sqlmap-1.8.8/sqlmapapi.py
+Index: sqlmap-1.9.6/sqlmapapi.py
 ===================================================================
---- sqlmap-1.8.8.orig/sqlmapapi.py
-+++ sqlmap-1.8.8/sqlmapapi.py
+--- sqlmap-1.9.6.orig/sqlmapapi.py
++++ sqlmap-1.9.6/sqlmapapi.py
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env python
 +#!/usr/bin/python3
  
  """
- Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
-Index: sqlmap-1.8.8/sqlmap.py
+ Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)
+Index: sqlmap-1.9.6/sqlmap.py
 ===================================================================
---- sqlmap-1.8.8.orig/sqlmap.py
-+++ sqlmap-1.8.8/sqlmap.py
+--- sqlmap-1.9.6.orig/sqlmap.py
++++ sqlmap-1.9.6/sqlmap.py
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env python
 +#!/usr/bin/python3
  
  """
- Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
+ Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

sqlmap-1.8.8.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3bab3fbe9903b5c335202a7bcfc52bfd05c66634dd9f19b8d5bfaefcc98c1fdf
-size 7249385

sqlmap-1.9.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c0d825644222c147c044a9215642515f760f047d690329bbf806dd89e873b68a
+size 7220025

sqlmap.changes

@@ -1,3 +1,82 @@
+-------------------------------------------------------------------
+Sat Dec 13 15:02:00 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.12:
+  * Fix bug in 302 redirect (issue #5985)
+
+-------------------------------------------------------------------
+Sat Nov  8 10:13:01 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.11:
+  * Minor bug fix
+
+-------------------------------------------------------------------
+Tue Oct  7 19:01:51 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.10:
+  * update of user-agents
+  * fix typos in README
+
+-------------------------------------------------------------------
+Sat Sep 13 14:56:13 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.9:
+  * Minor update of common outputs
+
+-------------------------------------------------------------------
+Sun Aug 10 15:05:38 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.8:
+  * Fixes #5936 (Unhandled exception)
+  * Minor update of fingerprinting payloads
+
+-------------------------------------------------------------------
+Sat Jun 14 15:46:35 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.6:
+  * Fixed #5908
+    Running sqlmap with --headers and -H parameters gives us different
+    output albeit same header values are provided
+
+-------------------------------------------------------------------
+Sat May 17 07:37:57 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.5:
+  * Minor update of fingerprint data for MySQL
+
+-------------------------------------------------------------------
+Sat Apr  5 14:37:26 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9.4:
+  * Minor improvement for _linux_wav_play
+  * Minor improvement to Set-Cookie detection
+  * Minor update of fingerprinting methods
+  * Implement experimental --http2
+  * Minor update (adding support for silent mode)
+  * Update of six third-party library
+  * Minor update for the automatic reporting
+  * Fix #5885 (unhandled exception)
+  * Fix #5881 (Add luanginxmore tamper script)
+  * Fix #5857 (Parameters "--csrf-method“ and "--csrf-data" are ignored)
+
+-------------------------------------------------------------------
+Sat Jan  4 17:21:22 UTC 2025 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.9:
+  * Implements --disable-hashing (#5827)
+  * fixed #5828 Clickhouse - Unable to retrieve tables
+  * update of checksums
+
+-------------------------------------------------------------------
+Wed Nov 27 15:56:23 UTC 2024 - Andrea Manzini <andrea.manzini@suse.com>
+
+- update to 1.8.11:
+  * fixed #5772, #5761 unhandled exception
+  * fixed #5763 Can not perform sql blind injection again latest dvwa
+  * fixed #5798 Some bugs with common tables and columns check
+  * fixed #5767 direct connection to oracle database not working
+  * update translations
+
 -------------------------------------------------------------------
 Mon Sep  2 15:16:10 UTC 2024 - Andrea Manzini <andrea.manzini@suse.com>
 

sqlmap.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sqlmap
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           sqlmap
-Version:        1.8.8
+Version:        1.9.12
 Release:        0
 Summary:        Automatic SQL injection and database takeover tool
 License:        GPL-2.0-or-later