mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-01 13:58:06 +00:00
cffdfd0d69
Passing a heavily nested list to sqlparse.parse() leads to a Denial
of Service due to RecursionError.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-4340
Upstream-patch:
b4a39d9850
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
31 lines
792 B
BlitzBasic
31 lines
792 B
BlitzBasic
DESCRIPTION = "Non-validating SQL parser module"
|
|
HOMEPAGE = "http://pypi.python.org/pypi/sqlparse"
|
|
SECTION = "devel/python"
|
|
LICENSE = "BSD-3-Clause"
|
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc"
|
|
|
|
SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \
|
|
file://CVE-2024-4340.patch \
|
|
file://run-ptest \
|
|
"
|
|
|
|
SRC_URI[sha256sum] = "d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c"
|
|
|
|
export BUILD_SYS
|
|
export HOST_SYS
|
|
|
|
inherit pypi ptest python_flit_core
|
|
|
|
RDEPENDS:${PN}-ptest += " \
|
|
python3-pytest \
|
|
python3-unittest-automake-output \
|
|
python3-unixadmin \
|
|
"
|
|
|
|
do_install_ptest() {
|
|
install -d ${D}${PTEST_PATH}/tests
|
|
cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/
|
|
}
|
|
|
|
BBCLASSEXTEND = "native nativesdk"
|