From patchwork Tue Jul 25 19:09:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27916 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D74F6EB64DD for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-ua1-f43.google.com (mail-ua1-f43.google.com [209.85.222.43]) by mx.groups.io with SMTP id smtpd.web11.28960.1690312190715557742 for ; Tue, 25 Jul 2023 12:09:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=o8/mOqVy; spf=pass (domain: baylibre.com, ip: 209.85.222.43, mailfrom: tgamblin@baylibre.com) Received: by mail-ua1-f43.google.com with SMTP id a1e0cc1a2514c-794cddcab71so1762680241.1 for ; Tue, 25 Jul 2023 12:09:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312189; x=1690916989; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=G9BLXxuniUKTeNQxBXJSx/RIGar+2FIBZSjUOQLqRsI=; b=o8/mOqVycasLb7gcWjPafPg3SXFp2A7FjWUHzMQlbMbwF7YEDmhN7ccDlvmADF9UG4 k2cGA0WyoGuXyeCbJUSnChpt2SGz8JI9H6oIRBMfyvYV1vRVzjR0oPvLY1bfauzdzrUQ TY38GT0HKcCkuVTmcRfqAM+9smnIRRU3xy+KAzpLu4zQ+5/8NCPXUBd3KCUz7geV1fCz Ei2XwDARcuSXBnEMyOu2faU9RFHqp/qgRflv2abI02D/Avp93O0Mc0J8VTE2caiXfKja 6sKjKDoYOrDMjXzFRIMaTv/7njTOxaazNcxVdvm1LXPh78LfZeT/BqilReHNznpnIXgt mx2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312189; x=1690916989; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=G9BLXxuniUKTeNQxBXJSx/RIGar+2FIBZSjUOQLqRsI=; b=W3RvoHH5YcfNBdzNUYikryg89Z4fEDlyOXEIKIsaoDi2jxivgJCQoAhkMt+u9cR/bp fTrE2hrSGQpMyjzgUh7iN5CScTFBQUeT9CyzqBzkwLq9pKyfPwJ31fW+X+RV8fFcTdae gIoALc9uiTWSRVoJ9KFAj6JPtwuYKSLN20/MJdElJ0q2C3a07CMK2qsdwiMSJ75wqAMA T4C6BI+VgDGwPdVl6WaCA3pJ9uYECC+2DFt6QjpRmlqJwUFnQHbkaF8De9tteaDLkONV EwOEYvSmfs95rHD6VtT6Pt2o6t3NiIToZuF/5Z4yJ7JEzTiDEVBGLmMZ6KpfJJF06Lg4 RgBw== X-Gm-Message-State: ABy/qLaGeVeUR1kVRiTtt4SI1rDlRI5cJkv1NqGYmbaFNXCk6XCFjIoe 74uXMKCBvsy2v2IiLI7AVRtu4F/OKQYzYYPBBOw= X-Google-Smtp-Source: APBJJlE6LfGM0ESy0BSlEhRqLvoahlfhVOuD9ns5vsZeEQAgQ5eCOZwyvmXXdW8opP16w1CcOz6evA== X-Received: by 2002:a67:ee57:0:b0:445:1977:be45 with SMTP id g23-20020a67ee57000000b004451977be45mr5252534vsp.33.1690312189384; Tue, 25 Jul 2023 12:09:49 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:49 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 1/7] python3-fastjsonschema: upgrade 2.16.3 -> 2.18.0 Date: Tue, 25 Jul 2023 15:09:37 -0400 Message-ID: <20230725190947.660933-1-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104018 Changelog (https://github.com/horejsek/python-fastjsonschema/blob/master/CHANGELOG.txt): === 2.18.0 (2023-07-22) * Improved error message for required props - only missing are reported * Fixed support of boolean schema in if-then-else application === 2.17.1 (2023-05-22) * Fixed tests in sdist === 2.17.0 (2023-05-21) * Added support for Decimals * Added tests in sdist Signed-off-by: Trevor Gamblin --- ...astjsonschema_2.16.3.bb => python3-fastjsonschema_2.18.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-fastjsonschema_2.16.3.bb => python3-fastjsonschema_2.18.0.bb} (94%) diff --git a/meta-python/recipes-devtools/python/python3-fastjsonschema_2.16.3.bb b/meta-python/recipes-devtools/python/python3-fastjsonschema_2.18.0.bb similarity index 94% rename from meta-python/recipes-devtools/python/python3-fastjsonschema_2.16.3.bb rename to meta-python/recipes-devtools/python/python3-fastjsonschema_2.18.0.bb index 689fe51a33..e0be7b6160 100644 --- a/meta-python/recipes-devtools/python/python3-fastjsonschema_2.16.3.bb +++ b/meta-python/recipes-devtools/python/python3-fastjsonschema_2.18.0.bb @@ -6,7 +6,7 @@ HOMEPAGE = "https://github.com/seznam/python-fastjsonschema" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=18950e8362b69c0c617b42b8bd8e7532" -SRCREV = "4f11540d2e8f7c0aeae1230cdbc65a99f1b277c4" +SRCREV = "756540088687cda351390f687b92e602feaa7dc6" PYPI_SRC_URI = "git://github.com/horejsek/python-fastjsonschema;protocol=https;branch=master" SRC_URI += "file://run-ptest" From patchwork Tue Jul 25 19:09:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27921 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3149C04E69 for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) by mx.groups.io with SMTP id smtpd.web11.28961.1690312190933356572 for ; Tue, 25 Jul 2023 12:09:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=Q68L7wYQ; spf=pass (domain: baylibre.com, ip: 209.85.167.172, mailfrom: tgamblin@baylibre.com) Received: by mail-oi1-f172.google.com with SMTP id 5614622812f47-3a3e1152c23so4105250b6e.2 for ; Tue, 25 Jul 2023 12:09:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312190; x=1690916990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qfBPUGIUuD3lhneoGevFLl41JD2pWEwpE+2o5OTTvJM=; b=Q68L7wYQ7xHi83/H9iarufu72pz0v7j5OGp1HjnznqADzbpdFZ1ky70nAZpPC+y52Q PnJhxEV8qS9eoz+VDREMO18KyFhs6XpGHxQVqKIrmQVXB4bvFORSaNmxtl/dYp38yE5j MgIF5Bojk1iYQrkQR5YjHMspPb+yUXjrskKskYHxS2jxp+k1bdgIMXUX8+fM9XEPIKzg UXkhAhDsNpHS62KpBL2gdcfUJtTUYnCadr5g4WaabCYRjVwjhE8Sk0IVXUMP3wxylZJW 3+jenW1u85/JwgWQQqetAtwwuVRJnBhpE5mMFaM9T7qzvK7QvIDd3QwSdPX/5TfH/zOs +pTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312190; x=1690916990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qfBPUGIUuD3lhneoGevFLl41JD2pWEwpE+2o5OTTvJM=; b=Cgg/fm7I300HJT9QG+Fph3HcC/OugXm+t7T5hOG48FggTrdUNMCOKMSpCCFbojXQyN uDPlwTuhcT3eBmn+n/9Zr6iOcrRqJYowgyiziIJkuSShJEMptUFRuaJ0HgNU1nJya4v5 p6pjBwEzGyfhLOKOE0eMzPSJhXKbbDLQa49v+EYIqtKxCXCnt/+P8uFi7Qiz4358Pp/F BwORSIvRldq064x760Rv6upQU3bkfYd5FRI7URgfVOZ7xY3/+dvkiHJ1eprjl1oNgC5T mXrnAAb9NQAPU2YziCuA8xviyGaetjS3Zp9PaHzF7LeALF2O5pdTt6uOjkaaJwHpSS5w f2fQ== X-Gm-Message-State: ABy/qLbFtfeRj5hrsmV1BcM2UuEHcybqgqqqAVPmvcxdIquuJL139Tkk RVVmGbG4RasWIQeyE2K3fIgpJUhxzhPLfZwq/Ho= X-Google-Smtp-Source: APBJJlFByFPnCXC5z5HUvwZMDxI1Fkg/E6oRN9MJ0rpaVNp77I0UFBVFTV0vzLw4KDk9JgVESuqx6w== X-Received: by 2002:a05:6808:1598:b0:3a1:e3ee:742a with SMTP id t24-20020a056808159800b003a1e3ee742amr18631458oiw.8.1690312190069; Tue, 25 Jul 2023 12:09:50 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:49 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 2/7] python3-jsonpatch: upgrade 1.32 -> 1.33 Date: Tue, 25 Jul 2023 15:09:38 -0400 Message-ID: <20230725190947.660933-2-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104019 Update-License: Change name from COPYING to LICENSE No changelog provided. Commit log: 0b05203 (tag: v1.33) bump version to 1.33 45cfe90 Switch to GitHub actions (#144) 33562b0 Update license text to match official 3-clause-BSD (#142) a76f742 feat(jsondiff): Add support for preserving Unicode characters (#145) 714df3c docs: fix simple typo, raies -> raise (#135) e0b3a9b Merge pull request #134 from Ventilateur/b/fix-invalid-remove-index 46eef55 remove unused import db194f8 fix invalid remove index a652648 Merge pull request #132 from JulienPalard/mdk/TypeError c9bfb91 FIX: TypeError when one forgot to put its operation in a list. Signed-off-by: Trevor Gamblin --- .../{python3-jsonpatch_1.32.bb => python3-jsonpatch_1.33.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-python/recipes-devtools/python/{python3-jsonpatch_1.32.bb => python3-jsonpatch_1.33.bb} (65%) diff --git a/meta-python/recipes-devtools/python/python3-jsonpatch_1.32.bb b/meta-python/recipes-devtools/python/python3-jsonpatch_1.33.bb similarity index 65% rename from meta-python/recipes-devtools/python/python3-jsonpatch_1.32.bb rename to meta-python/recipes-devtools/python/python3-jsonpatch_1.33.bb index 2a653cce88..3d6deb2a61 100644 --- a/meta-python/recipes-devtools/python/python3-jsonpatch_1.32.bb +++ b/meta-python/recipes-devtools/python/python3-jsonpatch_1.33.bb @@ -1,11 +1,11 @@ SUMMARY = "Appling JSON patches in Python 2.6+ and 3.x" HOMEPAGE = "https://github.com/stefankoegl/python-json-patch" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=32b15c843b7a329130f4e266a281ebb3" +LIC_FILES_CHKSUM = "file://LICENSE;md5=4f81c84f9a053e31fe9402a2a4e78864" inherit pypi setuptools3 -SRC_URI[sha256sum] = "b6ddfe6c3db30d81a96aaeceb6baf916094ffa23d7dd5fa2c13e13f8b6e600c2" +SRC_URI[sha256sum] = "9fcd4009c41e6d12348b4a0ff2563ba56a2923a7dfee731d004e212e1ee5030c" RDEPENDS:${PN} += " \ ${PYTHON_PN}-json \ From patchwork Tue Jul 25 19:09:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27922 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC067C00528 for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com [209.85.222.182]) by mx.groups.io with SMTP id smtpd.web11.28962.1690312191990696181 for ; Tue, 25 Jul 2023 12:09:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=f786Y7y3; spf=pass (domain: baylibre.com, ip: 209.85.222.182, mailfrom: tgamblin@baylibre.com) Received: by mail-qk1-f182.google.com with SMTP id af79cd13be357-76ae0784e0bso11413285a.0 for ; Tue, 25 Jul 2023 12:09:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312191; x=1690916991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PmPTglJyM6bQ/4y4SbWw9dJsKHFcOtEOqOKypFp32e4=; b=f786Y7y32O75+g6i5LqomU8qO5Z8Ph+vfphz82E6DKbHkMN5t6xSu/PWUlKsTOzJqt vUu5PFMpchQuJZcI9+YNPyAiGeCIm0zVICPyYdUSuLMWQPws3Ak7c1vzOe8o3m10FRKy H7CZyEB3+aJDygu0eaa9qFF7AW9ID2avmyA87BAWyPB5/4XGH3l3GKVdH3cKjcP/FK1s hBWb2MkzxWXlZ3gF2HxrZzMabzkNkAWaF9uUYvVB1JmGwKX9f1DI4ShPwKPlwD5WL0Z0 ZRY5ZPMxDykOlzPlGvx2UbW0EiZpTtefXU+eaVd9wPHiTCoroyyxYkRjoXeyXQDhq/H+ p/aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312191; x=1690916991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PmPTglJyM6bQ/4y4SbWw9dJsKHFcOtEOqOKypFp32e4=; b=G4HFuRRfSlUXkGRVGKL4roXugluJVNixclzJo9h6qI0nQzx+Z/T5o/yvhKLiwLpG2X jQH8dYGPzmhMvaVu8LbyhRJOC5izqKvXPr/2vs+GKWPyxyL+RnQxpr92CRImuwKq71/8 iaV8zydz+3nV1BjX6Y4c9ZhsNXzDkDl1SsdfXZq8b6HjS+JWu/GJkMGVNix5iToYXc4N XDnrmEajcLnlDs1IsQU8YAdYM+znmYApSvti5Ax9I2+md3aijJcsLQJThjPcObU6HWhb W33FMQspWPQhctC8a2vld+fCzXOzw1LTA49M9uExhARtt7LfKxhv5J9j/YhSZTenU7da f+yg== X-Gm-Message-State: ABy/qLY3MRKukixMzpscMo52eZOuvNXKocV/WkEMGb5CMxJ8xK8Igquw kVNo0aAIZ1yknPLPPuoTcPZvKtUGBhKNHqyiams= X-Google-Smtp-Source: APBJJlENLAsK5p+r+DAlQ7+V5/+17fGb30dlVHvtyB9yqlekqrxKaj37e5HBZYNTQMoaw7IY+FQ0nQ== X-Received: by 2002:a05:620a:f10:b0:765:890b:7586 with SMTP id v16-20020a05620a0f1000b00765890b7586mr3492230qkl.29.1690312190757; Tue, 25 Jul 2023 12:09:50 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:50 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 3/7] python3-m2crypto: upgrade 0.38.0 -> 0.39.0 Date: Tue, 25 Jul 2023 15:09:39 -0400 Message-ID: <20230725190947.660933-3-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104020 Remove the CVE-2020-25657 patch, as it is fixed in 0.39.0: [tgamblin@megalith m2crypto]$ git log --oneline --grep="CVE-2020-25657" 84c5395 Mitigate the Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657) [tgamblin@megalith m2crypto]$ git tag --contains 84c53958def0f510e92119fca14d74f94215827a 0.39.0 Changelog (https://gitlab.com/m2crypto/m2crypto/-/blob/master/CHANGES?ref_type=heads): 0.39.0 - 2023-01-31 ------------------- - SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE COMPLETELY REMOVED IN THE NEXT RELEASE. - Remove dependency on parameterized and use unittest.subTest instead. - Upgrade embedded six.py module to 1.16.0 (really tiny inconsequential changes). - Make tests working on MacOS again (test_bio_membuf: Use fork) - Use OpenSSL_version_num() instead of unrealiable parsing of .h file. - Mitigate the Bleichenbacher timing attacks in the RSA decryption API (CVE-2020-25657) - Add functionality to extract EC key from public key + Update tests - Worked around compatibility issues with OpenSSL 3.* - Support for Twisted has been deprecated (they have their own SSL support anyway). - Generate TAP while testing. - Stop using GitHub for testing. - Accept a small deviation from time in the testsuite (for systems with non-standard HZ kernel parameter). - Use the default BIO.__del__ rather tha overriding in BIO.File (avoid a memleak). - Resolve "X509_Name.as_der() method from X509.py -> class X509_Name caused segmentation fault" Signed-off-by: Trevor Gamblin --- .../python3-m2crypto/CVE-2020-25657.patch | 176 ------------------ ...o_0.38.0.bb => python3-m2crypto_0.39.0.bb} | 3 +- 2 files changed, 1 insertion(+), 178 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch rename meta-python/recipes-devtools/python/{python3-m2crypto_0.38.0.bb => python3-m2crypto_0.39.0.bb} (92%) diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch deleted file mode 100644 index 38ecd7a276..0000000000 --- a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch +++ /dev/null @@ -1,176 +0,0 @@ -Backport patch to fix CVE-2020-25657. - -Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958] - -Signed-off-by: Kai Kang - -From 84c53958def0f510e92119fca14d74f94215827a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= -Date: Tue, 28 Jun 2022 21:17:01 +0200 -Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA - decryption API (CVE-2020-25657) - -Fixes #282 ---- - src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- - src/SWIG/_rsa.i | 20 ++++++++++++-------- - tests/test_rsa.py | 15 +++++++-------- - 3 files changed, 31 insertions(+), 24 deletions(-) - -diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c -index aba9eb6d..a9f30da9 100644 ---- a/src/SWIG/_m2crypto_wrap.c -+++ b/src/SWIG/_m2crypto_wrap.c -@@ -7040,9 +7040,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7070,9 +7071,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7097,9 +7099,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -7124,9 +7127,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i -index bc714e01..1377b8be 100644 ---- a/src/SWIG/_rsa.i -+++ b/src/SWIG/_rsa.i -@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); -@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { - tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, - (unsigned char *)tbuf, rsa, padding); - if (tlen == -1) { -- m2_PyErr_Msg(_rsa_err); -+ ERR_clear_error(); -+ PyErr_Clear(); - PyMem_Free(tbuf); -- return NULL; -+ Py_RETURN_NONE; - } - ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); - -diff --git a/tests/test_rsa.py b/tests/test_rsa.py -index 7bb3af75..5e75d681 100644 ---- a/tests/test_rsa.py -+++ b/tests/test_rsa.py -@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): - # The other paddings. - for padding in self.s_padding_nok: - p = getattr(RSA, padding) -- with self.assertRaises(RSA.RSAError): -- priv.private_encrypt(self.data, p) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with self.assertRaises(RSA.RSAError): -+ priv.private_encrypt(self.data, p) - # Type-check the data to be encrypted. - with self.assertRaises(TypeError): - priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) -@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): - self.assertEqual(ptxt, self.data) - - # no_padding -- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -- priv.public_encrypt(self.data, RSA.no_padding) -+ # Exception disabled as a part of mitigation against CVE-2020-25657 -+ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): -+ priv.public_encrypt(self.data, RSA.no_padding) - - # Type-check the data to be encrypted. -+ # Exception disabled as a part of mitigation against CVE-2020-25657 - with self.assertRaises(TypeError): - priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) - -@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): - b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 - with self.assertRaises(RSA.RSAError): - setattr(rsa, 'e', '\000\000\000\003\001\000\001') -- with self.assertRaises(RSA.RSAError): -- rsa.private_encrypt(1) -- with self.assertRaises(RSA.RSAError): -- rsa.private_decrypt(1) - assert rsa.check_key() - - def test_loadpub_bad(self): --- -GitLab - diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb similarity index 92% rename from meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb rename to meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb index 40e3bfb316..3a4a700bf7 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.39.0.bb @@ -10,9 +10,8 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ file://cross-compile-platform.patch \ file://avoid-host-contamination.patch \ file://0001-setup.py-address-openssl-3.x-build-issue.patch \ - file://CVE-2020-25657.patch \ " -SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb" +SRC_URI[sha256sum] = "24c0f471358b8b19ad4c8aa9da12e868030b65c1fdb3279d006df60c9501338a" PYPI_PACKAGE = "M2Crypto" inherit pypi siteinfo setuptools3 From patchwork Tue Jul 25 19:09:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27919 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6C9BC0015E for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) by mx.groups.io with SMTP id smtpd.web10.28857.1690312192381171042 for ; Tue, 25 Jul 2023 12:09:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=s+F5Rn93; spf=pass (domain: baylibre.com, ip: 209.85.167.182, mailfrom: tgamblin@baylibre.com) Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3a37909a64eso3727718b6e.1 for ; Tue, 25 Jul 2023 12:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312191; x=1690916991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=x0JKfxtlMCKfzBuwMJA0oRHUqKtk/+AIqVHLrtsK/8E=; b=s+F5Rn93InvD4EdQCCmEI/B15gljNFMzP9cbemjk3m35DH2UA3XO5FBnqE3XOUZXCG PMr/BZ/cTVJDjdUFKBeDvGhQwX2VHEZWA8sU/wosK8v27ycW0DuLVCw5Mt/IQZG7ROka IznkuS9rEt8NFOt49w4ELTHexqOpRh//NiNtJI1IptEy2pSDhDuKSEnJPh/qFQmYMfZB mILi7D1SNw+zUsJCyXrpzVp/bQMBN2p+cOXHTPzELEt2xZC8/M2j+WBzQjSpn01836CZ qEkOvm2wquWh8B05CmIZFH8qCX29WGpMbKnUJvY6IgsVp1T750E7gBXdY1SlqtP0+n43 ukKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312191; x=1690916991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x0JKfxtlMCKfzBuwMJA0oRHUqKtk/+AIqVHLrtsK/8E=; b=GAuc5aAr0EIo72BuDHzTPk+/eZadGUIQkU581SOCxIg95tkc2ks9tua23PZw6i55iy 03gKaE9eiLk2i+15MjYr3ueg4dQjx9mWeXoXfECz7l0hmlGX3oGJhP4XuA7kAhu5hOER mkgPcWz0gslikae3To6vbTDpfR+h4NaRer260nCwWkoZsRIxboAL8BtvztfM53Vic+EC HLC0yJae+QqWugGQ5KprfrV3tUz389x+Dyd9Dajkgb1PbK5oqay7HdlfD00EJ1f5R7E/ 9+kFtlVDe9Ag6T4d80hYxBSeNWwLdAUxfvdZgul1JYbAP7CJdrDETGR74z48pbrVMc9L UFEg== X-Gm-Message-State: ABy/qLaXY66PQOyKYRBGI/D9Pls5uZRXH+W+bSyMoKik2TXQra6q8Urm Dl6EQXxSftigioKJZ0BXyZdrNRVzhwGWk2LtAKM= X-Google-Smtp-Source: APBJJlEWOYcDolGNTYZ8HVqaGOO/YNmSsKxSGxYqfAxfzEIUwfM6sV4dqeAZ39EDyK49y0bx/WIFOA== X-Received: by 2002:a05:6808:1784:b0:3a3:b98a:d7b3 with SMTP id bg4-20020a056808178400b003a3b98ad7b3mr17388386oib.15.1690312191535; Tue, 25 Jul 2023 12:09:51 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:51 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 4/7] python3-matplotlib: upgrade 3.6.3 -> 3.7.2 Date: Tue, 25 Jul 2023 15:09:40 -0400 Message-ID: <20230725190947.660933-4-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104021 - Adjust target lines in setup.py for LIC_FILES_CHKSUM, since the content of interest has moved (but not changed) - Tweak matplotlib-disable-download.patch to apply on 3.7.2 - Remove backported patch since it's in 3.7.2: [tgamblin@megalith matplotlib]$ git log --oneline --grep="removed RandomNumberGenerator class" 601d92a885 removed RandomNumberGenerator class, included , replaced random_shuffle with shuffle and used mersenne twister engine to generate uniform random bit generator for the shuffle. [tgamblin@megalith matplotlib]$ git tag --contains 601d92a885 v3.7.0 v3.7.0rc1 v3.7.1 v3.7.2 Changelog: https://github.com/matplotlib/matplotlib/releases Signed-off-by: Trevor Gamblin --- ...mberGenerator-class-included-random-.patch | 59 ------------------- .../matplotlib-disable-download.patch | 28 ++++----- ...b_3.6.3.bb => python3-matplotlib_3.7.2.bb} | 7 ++- 3 files changed, 18 insertions(+), 76 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-matplotlib/0001-removed-RandomNumberGenerator-class-included-random-.patch rename meta-python/recipes-devtools/python/{python3-matplotlib_3.6.3.bb => python3-matplotlib_3.7.2.bb} (90%) diff --git a/meta-python/recipes-devtools/python/python3-matplotlib/0001-removed-RandomNumberGenerator-class-included-random-.patch b/meta-python/recipes-devtools/python/python3-matplotlib/0001-removed-RandomNumberGenerator-class-included-random-.patch deleted file mode 100644 index 1f9b8cdeaf..0000000000 --- a/meta-python/recipes-devtools/python/python3-matplotlib/0001-removed-RandomNumberGenerator-class-included-random-.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 3eb9987b02cc10b93e09219ddc86aa6be5f10177 Mon Sep 17 00:00:00 2001 -From: tybeller -Date: Fri, 30 Sep 2022 16:13:41 -0400 -Subject: [PATCH] removed RandomNumberGenerator class, included , - replaced random_shuffle with shuffle and used mersenne twister engine to - generate uniform random bit generator for the shuffle. - -Upstream-Status: Backport [https://github.com/matplotlib/matplotlib/commit/601d92a8850] -Signed-off-by: Khem Raj ---- - src/tri/_tri.cpp | 20 ++++---------------- - 1 file changed, 4 insertions(+), 16 deletions(-) - -diff --git a/src/tri/_tri.cpp b/src/tri/_tri.cpp -index b7a87783de..6e639eea44 100644 ---- a/src/tri/_tri.cpp -+++ b/src/tri/_tri.cpp -@@ -12,6 +12,7 @@ - - #include - #include -+#include - - - TriEdge::TriEdge() -@@ -1465,8 +1466,8 @@ TrapezoidMapTriFinder::initialize() - _tree->assert_valid(false); - - // Randomly shuffle all edges other than first 2. -- RandomNumberGenerator rng(1234); -- std::random_shuffle(_edges.begin()+2, _edges.end(), rng); -+ std::mt19937 rng(1234); -+ std::shuffle(_edges.begin()+2, _edges.end(), rng); - - // Add edges, one at a time, to tree. - size_t nedges = _edges.size(); -@@ -2055,17 +2056,4 @@ TrapezoidMapTriFinder::Trapezoid::set_upper_right(Trapezoid* upper_right_) - upper_right = upper_right_; - if (upper_right != 0) - upper_right->upper_left = this; --} -- -- -- --RandomNumberGenerator::RandomNumberGenerator(unsigned long seed) -- : _m(21870), _a(1291), _c(4621), _seed(seed % _m) --{} -- --unsigned long --RandomNumberGenerator::operator()(unsigned long max_value) --{ -- _seed = (_seed*_a + _c) % _m; -- return (_seed*max_value) / _m; --} -+} -\ No newline at end of file --- -2.39.0 - diff --git a/meta-python/recipes-devtools/python/python3-matplotlib/matplotlib-disable-download.patch b/meta-python/recipes-devtools/python/python3-matplotlib/matplotlib-disable-download.patch index 899cac624a..aea8f62ea7 100644 --- a/meta-python/recipes-devtools/python/python3-matplotlib/matplotlib-disable-download.patch +++ b/meta-python/recipes-devtools/python/python3-matplotlib/matplotlib-disable-download.patch @@ -4,19 +4,17 @@ Upstream-Status: Inappropriate [disable feature] Signed-off-by: Mark Hatle +Update patch to fit on 3.7.2. + +Signed-off-by: Trevor Gamblin + +diff --git a/setup.py b/setup.py +index 0bea13fa6f..f39d8fc871 100644 --- a/setup.py +++ b/setup.py -@@ -303,7 +303,6 @@ setup( # Finally, pass this all along t - setup_requires=[ - "certifi>=2020.06.20", - "numpy>=1.19", -- "setuptools_scm>=7", - ], - install_requires=[ - "contourpy>=1.0.1", -@@ -315,13 +314,7 @@ setup( # Finally, pass this all along t +@@ -327,13 +327,7 @@ setup( # Finally, pass this all along to setuptools to do the heavy lifting. "pillow>=6.2.0", - "pyparsing>=2.2.1", + "pyparsing>=2.3.1,<3.1", "python-dateutil>=2.7", - ] + ( - # Installing from a git checkout that is not producing a wheel. @@ -26,12 +24,14 @@ Signed-off-by: Mark Hatle - ) else [] - ), + ], - use_scm_version={ - "version_scheme": "release-branch-semver", - "local_scheme": "node-and-date", + extras_require={ + ':python_version<"3.10"': [ + "importlib-resources>=3.2.0", +diff --git a/setupext.py b/setupext.py +index a898d642d6..474172ff8f 100644 --- a/setupext.py +++ b/setupext.py -@@ -65,40 +65,7 @@ def get_from_cache_or_download(url, sha) +@@ -66,40 +66,7 @@ def get_from_cache_or_download(url, sha): BytesIO The file loaded into memory. """ diff --git a/meta-python/recipes-devtools/python/python3-matplotlib_3.6.3.bb b/meta-python/recipes-devtools/python/python3-matplotlib_3.7.2.bb similarity index 90% rename from meta-python/recipes-devtools/python/python3-matplotlib_3.6.3.bb rename to meta-python/recipes-devtools/python/python3-matplotlib_3.7.2.bb index fa0a78d6a9..72c369100a 100644 --- a/meta-python/recipes-devtools/python/python3-matplotlib_3.6.3.bb +++ b/meta-python/recipes-devtools/python/python3-matplotlib_3.7.2.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://github.com/matplotlib/matplotlib" SECTION = "devel/python" LICENSE = "PSF-2.0" LIC_FILES_CHKSUM = "\ - file://setup.py;beginline=283;endline=283;md5=20e7ab4d2b2b1395a0e4ab800181eb96 \ + file://setup.py;beginline=293;endline=293;md5=20e7ab4d2b2b1395a0e4ab800181eb96 \ file://LICENSE/LICENSE;md5=afec61498aa5f0c45936687da9a53d74 \ " @@ -20,15 +20,16 @@ DEPENDS = "\ python3-pytz-native \ python3-certifi-native \ python3-setuptools-scm-native \ + python3-pybind11-native \ " -SRC_URI[sha256sum] = "1f4d69707b1677560cd952544ee4962f68ff07952fb9069ff8c12b56353cb8c9" +SRC_URI[sha256sum] = "a8cdb91dddb04436bd2f098b8fdf4b81352e68cf4d2c6756fcc414791076569b" inherit pypi setuptools3 pkgconfig # Stop the component from attempting to download when it detects a missing # dependency SRC_URI += "file://matplotlib-disable-download.patch \ - file://0001-removed-RandomNumberGenerator-class-included-random-.patch" +" # This python module requires a full copy of freetype-2.6.1 SRC_URI += "https://downloads.sourceforge.net/project/freetype/freetype2/2.6.1/freetype-2.6.1.tar.gz;name=freetype;subdir=matplotlib-${PV}/build" From patchwork Tue Jul 25 19:09:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27918 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E74CBC04A6A for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-vs1-f44.google.com (mail-vs1-f44.google.com [209.85.217.44]) by mx.groups.io with SMTP id smtpd.web11.28964.1690312193369534691 for ; Tue, 25 Jul 2023 12:09:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=oE+J18yR; spf=pass (domain: baylibre.com, ip: 209.85.217.44, mailfrom: tgamblin@baylibre.com) Received: by mail-vs1-f44.google.com with SMTP id ada2fe7eead31-440bb9bad3cso2065317137.0 for ; Tue, 25 Jul 2023 12:09:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312192; x=1690916992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gJhGqsj/skYMmyG0B0OTXupV2ChtaDSFWJjBullVk3k=; b=oE+J18yRLUFisyTh8cYy4I5KljCG2RWZV2s5W5Fdkr1G4Bl80UrJxfViHWTxzNCNs7 5E9BrOsUhu70Dv6+rhySV1SR1KdKqXEOiYZyHPAWWrgqNmTwF+3Cxd7QyLnzJ52+HAoV znjBdVfVGMKrg0bhErLT/JcbMYcuvAqqKQHmijLe2Lx66m+7b9G6sr/BNgfRtJYgINax LKj/dEPg8y4Bv5BED7MVAMdRrUqwvv+hSU1xLivb9siKYfKrVUGI+WsIvUQm/HcBWp85 tgyMplVX/XkUUgs2WOezd6iQHyDXB35v4UWgU03UCqJ/ZkLeNao+/dwhpkzO4VktUpwx CmMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312192; x=1690916992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gJhGqsj/skYMmyG0B0OTXupV2ChtaDSFWJjBullVk3k=; b=UfP2w7vOru6IuN0YB5ehWTI7jut16c11VP/0NedQX4oQvDpZuBcfo9VYJHophsbpsh bswSnQzMUZVgkZ3ZazOpbWQceU5R0NWr6rPjFbNWjLjPqp7CPo21NPSvyAT3ctyZlwlJ 53J5DmuF9OOBCgeEDjs4YQkeOjSGqdLMAlfTKf5MgFxtEau6lm+Y/nrHrzwNjmilk9I6 6loqHEFXrYkHN0Xjr9G8hKs5Xw31jVbr/FfPtEH+S5TvfVkCKsBZLUcqHJkNoYjrZ6Kb +rdjaLhvHN48vc5h6LVZKxi+iOmtjNhp+7rVbJh8+FCVR5S4OeN2CaEgEDELLF3jPsM9 IslQ== X-Gm-Message-State: ABy/qLb4rQ5dT+kM6w5czHnYLeEKPGUd/ZBMTRdlX7a1JYpQNlu4HHV+ bccdHUVFGRXXMPIiUjIqv0unheyjvJsW1iA1HgY= X-Google-Smtp-Source: APBJJlF6ASbP9AWPo9TuR5H2Vx/omDI6BDRx/KlKtW3KYuiMZuH5xWlOaRIp8W6DQpLLFVitZuz44A== X-Received: by 2002:a67:e8d0:0:b0:443:853c:bd51 with SMTP id y16-20020a67e8d0000000b00443853cbd51mr4675865vsn.29.1690312192192; Tue, 25 Jul 2023 12:09:52 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:51 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 5/7] python3-pyaudio: upgrade 0.2.11 -> 0.2.13 Date: Tue, 25 Jul 2023 15:09:41 -0400 Message-ID: <20230725190947.660933-5-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104022 License-Update: Move to LICENSE.txt Changelog: 2022-12-26 Hubert Pham PyAudio 0.2.13 * Move pyaudio.Stream to pyaudio.PyAudio.Stream. The pyaudio.Stream class is now pyaudio.PyAudio.Stream, nested under the existing pyaudio.PyAudio class. This should not affect existing code, as directly accessing the module-level pyaudio.Stream class has always been unsupported (use PyAudio.open instead). Accessing pyaudio.Stream directly is deprecated and will raise a DeprecationWarning. * Deprecate PaMacCoreStreamInfo's get_channel_map() and get_flags() methods. Use the channel_map and flags properties, respectively, instead. Also deprecates internal method _get_host_api_stream_object. Calling deprecated methods will raise a DeprecationWarning. * Package PyAudio as an actual package (directory). Previously, the library deployed a single pyaudio.py file and a C extension module to the root of site-packages. Now, the library deploys a Python package. * Add default shared library path for Homebrew installations on Apple Silicon. * Refactor and cleanup. - Refactor C extension for better maintainability. - Add more unit tests. - Update and modernize examples directory. - Improve C and python style conformance, plus many cosmetic updates. 2022-07-18 Hubert Pham PyAudio 0.2.12 - Modernize build process for Microsoft Windows, using the native toolchain. Setuptool setup.py and INSTALL instructions are more streamlined. Building from Cygwin/MinGW is no longer supported nor tested. Thanks to Sean Zimmermann for the patches and general help! - Change default frames per buffer size to paFramesPerBufferUnspecified. Previously, pyaudio.py set a default frames per buffer size of 1024, which can lead to dropped frames on some systems. Now, by default, PortAudio selects the buffer size based on host and latency requirements. Thanks to Jason Hihn for the suggestion! - Minor fixes and refactoring for compatibility with Python 3.7+. Updates include: * Remove call to deprecated PyEval_InitThreads() for Python 3.7+ * Use Py_ssize_t types in appropriate places (for Python 3.10+). * Remove the min macro to ease compilation for Windows. - Use the locale's preferred encoding to decode device names. Thanks to Eiichi Takamori for the patch! - Unit tests: add skipIf decorators to skip tests that require hardware. Set the PYAUDIO_SKIP_HW_TESTS environment variable to disable tests that require sound hardware, useful for (automated) test environments without access to audio devices. Thanks to Matěj Cepl for the suggestion and patch! - Documentation, examples, and unit tests: various fixes. * Add more unit tests and repair a few that test the GIL on macOS. * Remove examples/error.py, which is redundant with tests/error_tests.py. * Fix type documentation of return value types in docstrings. Thanks to Vasily Zakharov for pointing out the return-value type errors! - Modernize packaging: add LICENSE.txt, pyproject.toml, and classifiers. Signed-off-by: Trevor Gamblin --- ...{python3-pyaudio_0.2.11.bb => python3-pyaudio_0.2.13.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta-python/recipes-devtools/python/{python3-pyaudio_0.2.11.bb => python3-pyaudio_0.2.13.bb} (53%) diff --git a/meta-python/recipes-devtools/python/python3-pyaudio_0.2.11.bb b/meta-python/recipes-devtools/python/python3-pyaudio_0.2.13.bb similarity index 53% rename from meta-python/recipes-devtools/python/python3-pyaudio_0.2.11.bb rename to meta-python/recipes-devtools/python/python3-pyaudio_0.2.13.bb index 802ca35100..dbeed9c2d8 100644 --- a/meta-python/recipes-devtools/python/python3-pyaudio_0.2.11.bb +++ b/meta-python/recipes-devtools/python/python3-pyaudio_0.2.13.bb @@ -1,12 +1,12 @@ SUMMARY = "PyAudio provides Python bindings for PortAudio, the cross-platform audio I/O library" SECTION = "devel/python" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://README;md5=288793c2b9b05bd67abbd2a8f5d144f7" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=7c3152b432b96d6dc4a1cb35397da9ec" PYPI_PACKAGE = "PyAudio" -SRC_URI[md5sum] = "7e4c88139284033f67b4336c74eda3b8" -SRC_URI[sha256sum] = "93bfde30e0b64e63a46f2fd77e85c41fd51182a4a3413d9edfaf9ffaa26efb74" +SRC_URI[md5sum] = "41199ffd2abbdaf1ce6b88cf8af48cc5" +SRC_URI[sha256sum] = "26bccc81e4243d1c0ff5487e6b481de6329fcd65c79365c267cef38f363a2b56" inherit pypi setuptools3 From patchwork Tue Jul 25 19:09:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27920 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB0F4C41513 for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-oa1-f52.google.com (mail-oa1-f52.google.com [209.85.160.52]) by mx.groups.io with SMTP id smtpd.web11.28965.1690312193708048495 for ; Tue, 25 Jul 2023 12:09:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=PF67JaLH; spf=pass (domain: baylibre.com, ip: 209.85.160.52, mailfrom: tgamblin@baylibre.com) Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-1a1fa977667so4468935fac.1 for ; Tue, 25 Jul 2023 12:09:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312193; x=1690916993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+ID8RFX2xzU8tj/JrxdmxP+o6KUgYRgDErEWtQnXejg=; b=PF67JaLHwNZTWjGv0DX/HK2nElrhgqzoPHdLCnYBhEB2f2G3o8/EQX5ws1LOv/UCod X1azZnO6aL+Z3mIeciiijZGRgcJAI9MPOaCFMyv1Hwiy7QeT1GQDFhHArOuhS2Q1uf7O 6Ne4SUyskZrh4gxLcFvOG4zEb0SSa02jYFaznu2O2kwEPQ4jNIiFnR02AAuk6MN6JLqW 6uki9UNGweKU8OdyO1afVMjrk+4/01dR+Vz7OrE3gAg+kZkIXWS1CdvAfzzvaAIQrxC6 0XXygev46CUIimM54sdJSNhrNWoDTrZjZxgRB5LP3cLlpjGO5EZ4mqNNEvlA5f6EpMah mHmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312193; x=1690916993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+ID8RFX2xzU8tj/JrxdmxP+o6KUgYRgDErEWtQnXejg=; b=a7YjmEhjX1A8dFLz1GAMZ7geXE1WlyFTUbxtlcedrntqlGpOrkA+s33GKy8Pq4iSmK MasghgqoOnOUraDVAIX/5X6NMp6TJw1EJxZgDKQAzg9ZLPojsUd6Rxjf3hi89ieLAeIb fEc+WLsGZEZjpCpFhEyYrcBLyqM3U/Ot9lzIWe4zJtKvfXneonsehL98htyxYzLyGKAx yDx6/tPnjJBeWBGwlDiRi/A+fzxehK/A49LwyNYnNA4ewbuR/mSWZ9YBZGZOAn6vtLS0 AKBWIW3v7xtVQNuxpUAzYgxatmec0kzkWWlkC5OVnvKKN5Vdof4G4OHCtouwejVLbfQg JsEA== X-Gm-Message-State: ABy/qLZueFdduTur18F2Q455RjXl5ZnuNqmJhaCDofa+eq6P2TONlBj1 DZJ/PY3fIcqoOw6cR3bCV/JRXWuPErPxQQ3eq8E= X-Google-Smtp-Source: APBJJlFxx9OOWV2k0MUXne+cKcCcyMmv8WlrVWpl8fprteQqNnu/ew81cfbE/iAO4PC026oysxXi7A== X-Received: by 2002:a05:6870:b681:b0:1b3:8cfb:78c5 with SMTP id cy1-20020a056870b68100b001b38cfb78c5mr15066992oab.34.1690312192818; Tue, 25 Jul 2023 12:09:52 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:52 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 6/7] python3-pybind11: upgrade 2.10.3 -> 2.11.1 Date: Tue, 25 Jul 2023 15:09:42 -0400 Message-ID: <20230725190947.660933-6-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104023 Changelog: https://github.com/pybind/pybind11/releases Signed-off-by: Trevor Gamblin --- .../{python3-pybind11_2.10.3.bb => python3-pybind11_2.11.1.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-pybind11_2.10.3.bb => python3-pybind11_2.11.1.bb} (92%) diff --git a/meta-python/recipes-devtools/python/python3-pybind11_2.10.3.bb b/meta-python/recipes-devtools/python/python3-pybind11_2.11.1.bb similarity index 92% rename from meta-python/recipes-devtools/python/python3-pybind11_2.10.3.bb rename to meta-python/recipes-devtools/python/python3-pybind11_2.11.1.bb index bb604982d0..d51dd905a5 100644 --- a/meta-python/recipes-devtools/python/python3-pybind11_2.10.3.bb +++ b/meta-python/recipes-devtools/python/python3-pybind11_2.11.1.bb @@ -7,7 +7,7 @@ DEPENDS = "boost" SRC_URI = "git://github.com/pybind/pybind11.git;branch=stable;protocol=https" -SRCREV = "0bd8896a4010f2d91b2340570c24fa08606ec406" +SRCREV = "8a099e44b3d5f85b20f05828d919d2332a8de841" S = "${WORKDIR}/git" From patchwork Tue Jul 25 19:09:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Trevor Gamblin X-Patchwork-Id: 27917 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8DA1C001DF for ; Tue, 25 Jul 2023 19:09:55 +0000 (UTC) Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43]) by mx.groups.io with SMTP id smtpd.web11.28967.1690312194548357421 for ; Tue, 25 Jul 2023 12:09:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@baylibre-com.20221208.gappssmtp.com header.s=20221208 header.b=uTp727Yl; spf=pass (domain: baylibre.com, ip: 209.85.219.43, mailfrom: tgamblin@baylibre.com) Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-63cebd0a7c5so15785476d6.3 for ; Tue, 25 Jul 2023 12:09:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=baylibre-com.20221208.gappssmtp.com; s=20221208; t=1690312193; x=1690916993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EHPnQAZzyCFVdzUdF5aN8conJR700DUp5stvEtYPQlU=; b=uTp727YlSoUH+g02UOt0+jZU2byQZRD1dB285PwPadA1at++UTfNGkknKXgZkSZYsA UGFHU992/D7KkL5HVgRsOzHc1ut7zGkKGfXoqiBQuLT+TT9xmUzWCScCnLg1dHfrTVbj CtHmYbMMstuVzWZZSFsxTWK3SePsbLV88F3Ydl3xzNO31prxvVnSX9nBSkW1Yn5TkOIQ yyxS1EdjbzckpiBpH+GTcOpmLYEtOzrrS31VHOGFCvjYg4mLWySPLemwzkd1pnjnDS+c PMjOrwGSVo3SAQ6hY1E20jVkIhFxEXJHG/J0hX7z9hLLUMxVxE9C/kGjzO5lb0PG/Dj8 vyIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690312193; x=1690916993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EHPnQAZzyCFVdzUdF5aN8conJR700DUp5stvEtYPQlU=; b=Pkb2HSgEKHT0v0iXMdFHUwRWIP4R/knvbs6ygruxNBVMdgqMQbJ9y2hKppkSYPUkcE viQfB0Xr2/50A4zhWF+FLB3AVKRFCaxZe624Z1v/gwLT5UTGPCtVeMuDrc29sWYsCQgO Q0+fEZlZkCRLztd8h9YPpvi+7a2EiCxPI9fk3JtmJh9CcwjgHCz2E4Y5M3KLboRetCNQ xokxptYj7GE1srIeKiaLwzFbJHfpzG9ioSBy91M1K9u/SwlP7QXmYf7Ce9K29Nwr3eZN GbQtaJILbd44KllpUSj5pCKLx2WZasOOgATpCFFMgva0j4HfDMemIo/LbRKsKzww4PHe fW2A== X-Gm-Message-State: ABy/qLY87IwXZeEGZ51aztm/SUrmOju6RyfRGBswFHT//tkWvaQ5mVUH 7z2AvBFwSQ8Nsu1NYQCWqw/ON57NIsN3S0+HY/A= X-Google-Smtp-Source: APBJJlGTmP6vdswftOl9fOWpJwEs7VY9OhZiZ71WXQvQMTQ7IGIHHD+UWP2oAnoa7kaWzHWBX/iijg== X-Received: by 2002:a05:6214:a6f:b0:63c:6d0d:fd3b with SMTP id ef15-20020a0562140a6f00b0063c6d0dfd3bmr3251741qvb.62.1690312193378; Tue, 25 Jul 2023 12:09:53 -0700 (PDT) Received: from megalith.cgocable.net ([2001:1970:5b1f:ab00:fc4e:ec42:7e5d:48dd]) by smtp.gmail.com with ESMTPSA id z9-20020a0cf249000000b005ef81cc63ccsm4526109qvl.117.2023.07.25.12.09.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jul 2023 12:09:53 -0700 (PDT) From: Trevor Gamblin To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 7/7] python3-sqlparse: upgrade 0.4.3 -> 0.4.4 Date: Tue, 25 Jul 2023 15:09:43 -0400 Message-ID: <20230725190947.660933-7-tgamblin@baylibre.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230725190947.660933-1-tgamblin@baylibre.com> References: <20230725190947.660933-1-tgamblin@baylibre.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 25 Jul 2023 19:09:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/104024 - Use python_flit_core instead of setuptools3 - Modify 0001-sqlparse-change-shebang-to-python3.patch to apply on 0.4.4 - Remove CVE-2023-30608.patch since it's now upstream: [tgamblin@megalith sqlparse]$ git tag --contains c457abd 0.4.4 Changelog (https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG): Release 0.4.4 (Apr 18, 2023) ---------------------------- Notable Changes * IMPORTANT: This release fixes a security vulnerability in the parser where a regular expression vulnerable to ReDOS (Regular Expression Denial of Service) was used. See the security advisory for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 The vulnerability was discovered by @erik-krogh from GitHub Security Lab (GHSL). Thanks for reporting! Bug Fixes * Revert a change from 0.4.0 that changed IN to be a comparison (issue694). The primary expectation is that IN is treated as a keyword and not as a comparison operator. That also follows the definition of reserved keywords for the major SQL syntax definitions. * Fix regular expressions for string parsing. Other * sqlparse now uses pyproject.toml instead of setup.cfg (issue685). Signed-off-by: Trevor Gamblin --- ...1-sqlparse-change-shebang-to-python3.patch | 80 ++----------------- .../python3-sqlparse/CVE-2023-30608.patch | 51 ------------ ...rse_0.4.3.bb => python3-sqlparse_0.4.4.bb} | 5 +- 3 files changed, 7 insertions(+), 129 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch rename meta-python/recipes-devtools/python/{python3-sqlparse_0.4.3.bb => python3-sqlparse_0.4.4.bb} (78%) diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch index 94121340d5..0c9f29a6b8 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch +++ b/meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch @@ -1,4 +1,4 @@ -From 7fd00ab8c1b663052d57e735b6b956d5c92fbaed Mon Sep 17 00:00:00 2001 +From f236a30dc8528b6f114201580f1efdcc1c447d43 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Mon, 9 Mar 2020 13:10:37 +0800 Subject: [PATCH] sqlparse: change shebang to python3 @@ -12,80 +12,10 @@ dropped. Signed-off-by: Changqing Li Signed-off-by: Leon Anavi --- - 0001-sqlparse-change-shebang-to-python3.patch | 51 +++++++++++++++++++ - setup.py | 2 +- - sqlparse/__main__.py | 2 +- - sqlparse/cli.py | 2 +- - 4 files changed, 54 insertions(+), 3 deletions(-) - create mode 100644 0001-sqlparse-change-shebang-to-python3.patch + sqlparse/__main__.py | 2 +- + sqlparse/cli.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/0001-sqlparse-change-shebang-to-python3.patch b/0001-sqlparse-change-shebang-to-python3.patch -new file mode 100644 -index 0000000..ad6c50f ---- /dev/null -+++ b/0001-sqlparse-change-shebang-to-python3.patch -@@ -0,0 +1,51 @@ -+From 10c9d3341d64d697f678a64ae707f6bda21565bb Mon Sep 17 00:00:00 2001 -+From: Changqing Li -+Date: Mon, 9 Mar 2020 13:10:37 +0800 -+Subject: [PATCH] sqlparse: change shebang to python3 -+ -+Upstream-Status: Pending -+ -+Don't send upstream since upstream still support python2, -+we can only make this change after python2 is offcially -+dropped. -+ -+Signed-off-by: Changqing Li -+--- -+ setup.py | 2 +- -+ sqlparse/__main__.py | 2 +- -+ sqlparse/cli.py | 2 +- -+ 3 files changed, 3 insertions(+), 3 deletions(-) -+ -+diff --git a/setup.py b/setup.py -+index 345d0ce..ce3abc3 100644 -+--- a/setup.py -++++ b/setup.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py -+index 867d75d..dd0c074 100644 -+--- a/sqlparse/__main__.py -++++ b/sqlparse/__main__.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+diff --git a/sqlparse/cli.py b/sqlparse/cli.py -+index 25555a5..8bf050a 100755 -+--- a/sqlparse/cli.py -++++ b/sqlparse/cli.py -+@@ -1,4 +1,4 @@ -+-#!/usr/bin/env python -++#!/usr/bin/env python3 -+ # -*- coding: utf-8 -*- -+ # -+ # Copyright (C) 2009-2018 the sqlparse authors and contributors -+-- -+2.7.4 -+ -diff --git a/setup.py b/setup.py -index ede0aff..dc6a323 100644 ---- a/setup.py -+++ b/setup.py -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python3 - # - # Copyright (C) 2009-2020 the sqlparse authors and contributors - # diff --git a/sqlparse/__main__.py b/sqlparse/__main__.py index 2bf2513..6a3a115 100644 --- a/sqlparse/__main__.py @@ -107,5 +37,5 @@ index 7a8aacb..9c727e8 100755 # Copyright (C) 2009-2020 the sqlparse authors and contributors # -- -2.17.1 +2.41.0 diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch deleted file mode 100644 index f5526c5b88..0000000000 --- a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c457abd5f097dd13fb21543381e7cfafe7d31cfb Mon Sep 17 00:00:00 2001 -From: Andi Albrecht -Date: Mon, 20 Mar 2023 08:33:46 +0100 -Subject: [PATCH] Remove unnecessary parts in regex for bad escaping. - -The regex tried to deal with situations where escaping in the -SQL to be parsed was suspicious. - -Upstream-Status: Backport -CVE: CVE-2023-30608 - -Reference to upstream patch: -https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb - -[AZ: drop changes to CHANGELOG file and adjust context whitespaces] -Signed-off-by: Adrian Zaharia - -Adjust indentation in keywords.py. -Signed-off-by: Joe Slater ---- - sqlparse/keywords.py | 4 ++-- - tests/test_split.py | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - ---- sqlparse-0.4.3.orig/sqlparse/keywords.py -+++ sqlparse-0.4.3/sqlparse/keywords.py -@@ -72,9 +72,9 @@ SQL_REGEX = { - (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])', - tokens.Number.Float), - (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer), -- (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single), -+ (r"'(''|\\'|[^'])*'", tokens.String.Single), - # not a real string literal in ANSI SQL: -- (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol), -+ (r'"(""|\\"|[^"])*"', tokens.String.Symbol), - (r'(""|".*?[^\\]")', tokens.String.Symbol), - # sqlite names can be escaped with [square brackets]. left bracket - # cannot be preceded by word character or a right bracket -- ---- sqlparse-0.4.3.orig/tests/test_split.py -+++ sqlparse-0.4.3/tests/test_split.py -@@ -18,8 +18,8 @@ def test_split_semicolon(): - - - def test_split_backslash(): -- stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';") -- assert len(stmts) == 3 -+ stmts = sqlparse.parse("select '\'; select '\'';") -+ assert len(stmts) == 2 - - - @pytest.mark.parametrize('fn', ['function.sql', diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb similarity index 78% rename from meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb rename to meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb index a402f991f7..e4ac403eb5 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.3.bb +++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.4.bb @@ -5,16 +5,15 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc" SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \ - file://CVE-2023-30608.patch \ file://run-ptest \ " -SRC_URI[sha256sum] = "69ca804846bb114d2ec380e4360a8a340db83f0ccf3afceeb1404df028f57268" +SRC_URI[sha256sum] = "d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c" export BUILD_SYS export HOST_SYS -inherit pypi ptest setuptools3 +inherit pypi ptest python_flit_core RDEPENDS:${PN}-ptest += " \ ${PYTHON_PN}-pytest \