From 24f5b1039c5805071bac3b2092e5f4af8d0e5cd3 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Fri, 15 May 2026 13:57:44 +0300 Subject: [PATCH] python-pymysql: update to 1.1.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Security fix: - Fix Cursor.callproc() to escape procedure name, preventing SQL injection when calling a procedure with a string received from an untrusted source - NOTICE: Backward compatibility change - procedure names like "dbname.funcname" are now backtick-quoted: ``CALL \`dbname.funcname\` `` Other changes: - CI: use ubuntu-slim, add dependabot for GitHub Actions - Bump GitHub Actions (checkout v4→v6, setup-python v5→v6, codecov v5→v6) - Add publish.yml workflow (copied from psf/requests) - Upgrade dependencies: cryptography>=46.0.7, PyNaCl>=1.6.2 - Drop Python 3.8, require Python 3.9+ Changelog: https://github.com/PyMySQL/PyMySQL/releases/tag/v1.1.3 NOTE: added test.sh for basic validation. Signed-off-by: Alexandru Ardelean --- lang/python/pymysql/test.sh | 51 +++++++++++++++++++++++++++ lang/python/python-packaging/Makefile | 4 +-- 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 lang/python/pymysql/test.sh diff --git a/lang/python/pymysql/test.sh b/lang/python/pymysql/test.sh new file mode 100644 index 0000000000..22e89fce11 --- /dev/null +++ b/lang/python/pymysql/test.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +[ "$1" = python3-pymysql ] || exit 0 + +python3 -c ' +import pymysql + +# Verify version +assert pymysql.__version__ + +# Verify core exports +assert hasattr(pymysql, "connect") +assert hasattr(pymysql, "connections") +assert hasattr(pymysql, "cursors") + +# Verify cursor types are importable +from pymysql.cursors import Cursor, DictCursor, SSCursor, SSDictCursor + +# Verify exception classes are importable +from pymysql import ( + err, + MySQLError, + OperationalError, + InterfaceError, + DatabaseError, + IntegrityError, + DataError, +) + +# Verify connections.Connection class exists +from pymysql import connections +assert connections.Connection is not None + +# Verify callable cursor classes +assert callable(Cursor) +assert callable(DictCursor) +assert callable(SSCursor) +assert callable(SSDictCursor) + +# Verify constants module +import pymysql.constants as constants +assert hasattr(constants, "CR") +assert hasattr(constants, "ER") + +# Verify _escape function exists (used internally for queries) +from pymysql.converters import escape_string, escape_dict +assert callable(escape_string) +assert callable(escape_dict) + +print("pymysql OK") +' diff --git a/lang/python/python-packaging/Makefile b/lang/python/python-packaging/Makefile index ffd4f3458d..2464ecae5e 100644 --- a/lang/python/python-packaging/Makefile +++ b/lang/python/python-packaging/Makefile @@ -7,11 +7,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-packaging -PKG_VERSION:=26.0 +PKG_VERSION:=26.2 PKG_RELEASE:=2 PYPI_NAME:=packaging -PKG_HASH:=00243ae351a257117b6a241061796684b084ed1c516a08c48a3f7e147a9d80b4 +PKG_HASH:=ff452ff5a3e828ce110190feff1178bb1f2ea2281fa2075aadb987c2fb221661 PKG_MAINTAINER:=Alexandru Ardelean PKG_LICENSE:=Apache-2.0 BSD-2-Clause