diff --git a/python-sqlparse.changes b/python-sqlparse.changes index 70adbcc..0830b57 100644 --- a/python-sqlparse.changes +++ b/python-sqlparse.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Thu May 25 16:21:05 UTC 2023 - Matej Cepl + +- Update to 0.4.4: + * IMPORTANT: This release fixes a security vulnerability in + the parser where a regular expression vulnerable to ReDOS + (Regular Expression Denial of Service) was used. See the + security advisory for details (CVE-2023-30608, bsc#1210617, + https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2) + The vulnerability was discovered by @erik-krogh from GitHub + Security Lab (GHSL). Thanks for reporting! + * Revert a change from 0.4.0 that changed IN to be a comparison + (issue694). The primary expectation is that IN is treated as + a keyword and not as a comparison operator. That also follows + the definition of reserved keywords for the major SQL syntax + definitions. + * Fix regular expressions for string parsing. + * sqlparse now uses pyproject.toml instead of setup.cfg + (issue685). + ------------------------------------------------------------------- Mon Oct 3 16:01:20 UTC 2022 - Dirk Müller diff --git a/python-sqlparse.spec b/python-sqlparse.spec index ebc81c4..9a4e27c 100644 --- a/python-sqlparse.spec +++ b/python-sqlparse.spec @@ -1,7 +1,7 @@ # # spec file for package python-sqlparse # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,24 +16,24 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-sqlparse -Version: 0.4.3 +Version: 0.4.4 Release: 0 Summary: Non-validating SQL parser License: BSD-3-Clause Group: Development/Languages/Python URL: https://github.com/andialbrecht/sqlparse Source: https://files.pythonhosted.org/packages/source/s/sqlparse/sqlparse-%{version}.tar.gz +BuildRequires: %{python_module flit-core} +BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} -BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros Requires(post): update-alternatives Requires(postun):update-alternatives BuildArch: noarch - %python_subpackages %description @@ -43,12 +43,13 @@ parsing, splitting and formatting SQL statements. %prep %setup -q -n sqlparse-%{version} sed -i -e '1{\,^#!%{_bindir}/env python,d}' sqlparse/__main__.py sqlparse/cli.py +chmod -x sqlparse/cli.py %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_clone -a %{buildroot}%{_bindir}/sqlformat %python_expand %fdupes %{buildroot}%{$python_sitelib} @@ -65,6 +66,7 @@ sed -i -e '1{\,^#!%{_bindir}/env python,d}' sqlparse/__main__.py sqlparse/cli.py %doc AUTHORS README.rst %license LICENSE %python_alternative %{_bindir}/sqlformat -%{python_sitelib}/* +%{python_sitelib}/sqlparse +%{python_sitelib}/sqlparse-%{version}*-info %changelog diff --git a/sqlparse-0.4.3.tar.gz b/sqlparse-0.4.3.tar.gz deleted file mode 100644 index b88b0b8..0000000 --- a/sqlparse-0.4.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:69ca804846bb114d2ec380e4360a8a340db83f0ccf3afceeb1404df028f57268 -size 70771 diff --git a/sqlparse-0.4.4.tar.gz b/sqlparse-0.4.4.tar.gz new file mode 100644 index 0000000..c27a7af --- /dev/null +++ b/sqlparse-0.4.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c +size 72383