[PATCH] Update python-tortoise-orm and deps (security fix)

DoneSubmitted by Lars-Dominik Braun.
Details
2 participants
  • Lars-Dominik Braun
  • Leo Famulari
Owner
unassigned
Severity
normal
L
L
Lars-Dominik Braun wrote on 21 Apr 10:58 +0200
(address . guix-patches@gnu.org)
20200421085813.GB3527@zpidnp36
Hi,
the attached patch series updates python-tortoise-orm and its dependencies.tortoise-orm has received a security fix with version 0.16.6.
Lars
From 0ecef561fc88e52682c67d5112b43ac3d5c495f1 Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:34:30 +0200Subject: [PATCH 1/4] gnu: python-aiosqlite: Update to 0.12.0
* gnu/packages/databases.scm (python-aiosqlite): Update to 0.12.0--- gnu/packages/databases.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Toggle diff (23 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 606594e005..bf5398d87b 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -2743,14 +2743,14 @@ translate the complete SQLite API into Python.") (define-public python-aiosqlite (package (name "python-aiosqlite")- (version "0.11.0")+ (version "0.12.0") (source (origin (method url-fetch) (uri (pypi-uri "aiosqlite" version)) (sha256 (base32- "1f3zdldp9zgrw6qz5fsp3wa5zw73cjf139pj4vf24ryv895320jg"))))+ "1w8248yz85xyzvvh4jaxnc59fqil45aka6h82kn1rcih4rjxbnn1")))) (build-system python-build-system) (native-inputs `(("python-aiounittest" ,python-aiounittest)))-- 2.20.1
From 1a50c8c5c0768f387b4f822d53e48858bf5aa403 Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:35:33 +0200Subject: [PATCH 2/4] gnu: python-pypika: Update to 0.37.1
* gnu/packages/databases.scm (python-pypika): Update to 0.37.1--- gnu/packages/databases.scm | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-)
Toggle diff (31 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex bf5398d87b..b629fc098b 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -3074,14 +3074,17 @@ transforms idiomatic python function calls to well-formed SQL queries.") (define-public python-pypika (package (name "python-pypika")- (version "0.36.0")+ (version "0.37.1") (source- (origin- (method url-fetch)- (uri (pypi-uri "PyPika" version))- (sha256- (base32- "0qzn5vygirg52dlizm6ayzdc5llq8p2krrx0kymr236lrz89wqp8"))))+ (origin (method git-fetch)+ (uri (git-reference+ (url "https://github.com/kayak/pypika.git")+ ;; releases are not tagged in git+ (commit "ff97e3605448bf0ef67f2348ebdb1021f26c7416")))+ (file-name (git-file-name name version))+ (sha256+ (base32+ "08s6limzgjm4k2pw7gzbhx8914phr673dpi66q5s0zniwq6v72rh")))) (build-system python-build-system) (native-inputs `(("python-parameterized" ,python-parameterized)))-- 2.20.1
From 0f0fd13d570b35ef2eecb925eeb3285e03926322 Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:36:29 +0200Subject: [PATCH 3/4] gnu: python-tortoise-orm: Update to 0.16.7
0.16.6, which we skipped, includes a security fix.
* gnu/packages/databases.scm (python-tortoise-orm)[source]: Update to 0.16.7[propagated-inputs] Propagate ciso8601, which is required in setup.py--- gnu/packages/databases.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
Toggle diff (35 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex b629fc098b..503b11e6fe 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -2197,24 +2197,24 @@ can autogenerate peewee models using @code{pwiz}, a model generator.") (define-public python-tortoise-orm (package (name "python-tortoise-orm")- (version "0.16.3")+ (version "0.16.7") (source (origin (method url-fetch) (uri (pypi-uri "tortoise-orm" version)) (sha256 (base32- "01hbvfyxs2qd1mjc96aipwsdxxhydw8ww686r4gsf87bl6f98dvz"))))+ "0wr7p4v0b16ypm9fcpwpl99kf491m6w3jkd13xcsgq13fy73fbqc")))) (build-system python-build-system) ;; Disable tests for now. They pull in a lot of dependencies. (arguments `(#:tests? #f)) (native-inputs- `(("python-ciso8601" ,python-ciso8601)- ("python-asynctest" ,python-asynctest)+ `(("python-asynctest" ,python-asynctest) ("python-nose2" ,python-nose2))) (propagated-inputs `(("python-aiosqlite" ,python-aiosqlite) ("python-pypika" ,python-pypika)+ ("python-ciso8601" ,python-ciso8601) ("python-typing-extensions" ,python-typing-extensions))) (home-page-- 2.20.1
From e625bb6dba074871af6f311fceb2322f9b8084f3 Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:48:56 +0200Subject: [PATCH 4/4] gnu: python-pypika: Update to 0.37.2
* gnu/packages/databases.scm (python-pypika): Update to 0.37.2--- gnu/packages/databases.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
Toggle diff (27 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 503b11e6fe..08a1e1b4ad 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -3074,17 +3074,17 @@ transforms idiomatic python function calls to well-formed SQL queries.") (define-public python-pypika (package (name "python-pypika")- (version "0.37.1")+ (version "0.37.2") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/kayak/pypika.git") ;; releases are not tagged in git- (commit "ff97e3605448bf0ef67f2348ebdb1021f26c7416")))+ (commit "baef001dd2362661311b6e2f949d2be4de5c23c8"))) (file-name (git-file-name name version)) (sha256 (base32- "08s6limzgjm4k2pw7gzbhx8914phr673dpi66q5s0zniwq6v72rh"))))+ "089z1c778q1fwhzsc88ws8j5gm2hgxknibabn4wpax8rz2bfs3ck")))) (build-system python-build-system) (native-inputs `(("python-parameterized" ,python-parameterized)))-- 2.20.1
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEyk+M9DfXR4/aBV/UQhN3ARo3hEYFAl6etaEACgkQQhN3ARo3hEZAIgv+K27BUVP+E3B/Mh4GXWLlk6wgUJMR1UqlJm5QC2tpZdJiQ6kSMaWUEIyCs+1cWTSfeH0blIG8ZavrRnsh9DmJEth41V9zpZPqCV37ic9YOU5aPMpbDxj2jQxnJXQs++9pw3tHl4rbByR603q2tGRbqGQdw60u5qHF8cVhzJ6lNjkFedwDfHxHcPrRoeXP9pouv4/Yvl4v8bk/WLsTQObRg8Hnf5c33o+91kt1oBPZq9AGFS8jB0EcraXnEc8oIfzhyG3zLhAdyxbfFHN0ab3g4KYZ69g7a1uXV1nOrUM7x/JrKrowsJPPat6K5D/eHVqeeFiIF6js4ZXscbDBIFCXCJkRqGpJCzpaw2TocBNjYotielIP+DYe8LAjGm+fLXPVT/IAfLWKxAzoqz0Bpx/g8zOZpP24wdSzwGqSK+sWU2OLfGX/eq98KUNeNQQhSZZRYAZgXm9JLHn2HIg8aA9pnrPgFat1xOBVkuBNvCnsCNzGmReHK61OKSlJTl8k6dQJ=AOIX-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 21 Apr 18:32 +0200
(name . Lars-Dominik Braun)(address . ldb@leibniz-psychology.org)(address . 40742@debbugs.gnu.org)
20200421163207.GA20354@jasmine.lan
On Tue, Apr 21, 2020 at 10:58:13AM +0200, Lars-Dominik Braun wrote:
Toggle quote (5 lines)> Hi,> > the attached patch series updates python-tortoise-orm and its dependencies.> tortoise-orm has received a security fix with version 0.16.6.
Okay,
Toggle quote (5 lines)> Subject: [PATCH 1/4] gnu: python-aiosqlite: Update to 0.12.0> Subject: [PATCH 2/4] gnu: python-pypika: Update to 0.37.1> Subject: [PATCH 3/4] gnu: python-tortoise-orm: Update to 0.16.7> Subject: [PATCH 4/4] gnu: python-pypika: Update to 0.37.2
Can we skip patch 2? Or combine it with patch 4?
L
L
Lars-Dominik Braun wrote on 24 Apr 08:50 +0200
(name . Leo Famulari)(address . leo@famulari.name)(address . 40742@debbugs.gnu.org)
20200424065056.GA3265@zpidnp36
Hi,
Toggle quote (1 lines)> Can we skip patch 2? Or combine it with patch 4?
sorry for the delay. I squashed them and got upstream to upload tags to git.Updated patchset attached to this email.
Lars
From 0ecef561fc88e52682c67d5112b43ac3d5c495f1 Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:34:30 +0200Subject: [PATCH 1/3] gnu: python-aiosqlite: Update to 0.12.0
* gnu/packages/databases.scm (python-aiosqlite): Update to 0.12.0--- gnu/packages/databases.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Toggle diff (23 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 606594e005..bf5398d87b 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -2743,14 +2743,14 @@ translate the complete SQLite API into Python.") (define-public python-aiosqlite (package (name "python-aiosqlite")- (version "0.11.0")+ (version "0.12.0") (source (origin (method url-fetch) (uri (pypi-uri "aiosqlite" version)) (sha256 (base32- "1f3zdldp9zgrw6qz5fsp3wa5zw73cjf139pj4vf24ryv895320jg"))))+ "1w8248yz85xyzvvh4jaxnc59fqil45aka6h82kn1rcih4rjxbnn1")))) (build-system python-build-system) (native-inputs `(("python-aiounittest" ,python-aiounittest)))-- 2.20.1
From 1fb2c59a405cc9117753e86ae29be270a64f0cab Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:35:33 +0200Subject: [PATCH 2/3] gnu: python-pypika: Update to 0.37.2
* gnu/packages/databases.scm (python-pypika): Update to 0.37.2--- gnu/packages/databases.scm | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
Toggle diff (30 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex bf5398d87b..57a5128e9e 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -3074,14 +3074,16 @@ transforms idiomatic python function calls to well-formed SQL queries.") (define-public python-pypika (package (name "python-pypika")- (version "0.36.0")+ (version "0.37.2") (source- (origin- (method url-fetch)- (uri (pypi-uri "PyPika" version))- (sha256- (base32- "0qzn5vygirg52dlizm6ayzdc5llq8p2krrx0kymr236lrz89wqp8"))))+ (origin (method git-fetch)+ (uri (git-reference+ (url "https://github.com/kayak/pypika.git")+ (commit (string-append "v" version))))+ (file-name (git-file-name name version))+ (sha256+ (base32+ "089z1c778q1fwhzsc88ws8j5gm2hgxknibabn4wpax8rz2bfs3ck")))) (build-system python-build-system) (native-inputs `(("python-parameterized" ,python-parameterized)))-- 2.20.1
From 0cb47c30c36c5e49c666da32d0c234b3120bb0fe Mon Sep 17 00:00:00 2001From: Lars-Dominik Braun <ldb@leibniz-psychology.org>Date: Tue, 21 Apr 2020 10:36:29 +0200Subject: [PATCH 3/3] gnu: python-tortoise-orm: Update to 0.16.7
0.16.6, which we skipped, includes a security fix.
* gnu/packages/databases.scm (python-tortoise-orm)[source]: Update to 0.16.7[propagated-inputs] Propagate ciso8601, which is required in setup.py--- gnu/packages/databases.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
Toggle diff (35 lines)diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scmindex 57a5128e9e..23b8f14c54 100644--- a/gnu/packages/databases.scm+++ b/gnu/packages/databases.scm@@ -2197,24 +2197,24 @@ can autogenerate peewee models using @code{pwiz}, a model generator.") (define-public python-tortoise-orm (package (name "python-tortoise-orm")- (version "0.16.3")+ (version "0.16.7") (source (origin (method url-fetch) (uri (pypi-uri "tortoise-orm" version)) (sha256 (base32- "01hbvfyxs2qd1mjc96aipwsdxxhydw8ww686r4gsf87bl6f98dvz"))))+ "0wr7p4v0b16ypm9fcpwpl99kf491m6w3jkd13xcsgq13fy73fbqc")))) (build-system python-build-system) ;; Disable tests for now. They pull in a lot of dependencies. (arguments `(#:tests? #f)) (native-inputs- `(("python-ciso8601" ,python-ciso8601)- ("python-asynctest" ,python-asynctest)+ `(("python-asynctest" ,python-asynctest) ("python-nose2" ,python-nose2))) (propagated-inputs `(("python-aiosqlite" ,python-aiosqlite) ("python-pypika" ,python-pypika)+ ("python-ciso8601" ,python-ciso8601) ("python-typing-extensions" ,python-typing-extensions))) (home-page-- 2.20.1
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEEyk+M9DfXR4/aBV/UQhN3ARo3hEYFAl6ijEwACgkQQhN3ARo3hEaGIQv8DVobF4iVkdHFLEb4zhZcA6IeTKI7IkXwirxITczkY80VrSrTzGZQZT7DVKFdQwmr2POgu6O2FEWcojFfZE4x6A6fqPbncDmGGq0/xJQFJvX4GJLOnQhjUbSZ4UHFETl6NDDPh9JvBoB5j1MmGHsqBCPkqBj+ftgvv0uLB/7T7a0CyjucnzerRNE7s7jfnPd7PTotldZ5QURTi06dN3nd8zHzVVQCTz3IAkqjwg8UCkPccmJg7xTX2JaMWl2Rz/dYh1Joy2cRdNXqQpG7IGoM5trPdknYWQmu8Y0XLJeIgCZrVnLIugf+m3gt3Q2TgVxTT82PzqscaXuhT1dDbl9Cydg9Hw73nwXEnDgUfjAKLDTxTs+SiN3oz1M4j37p86CrgNbZ7uVmAkzHKrGbWy7QL54XgUpe3kk6J7XnlVoKrXptPQrHgvJIdp2B0J/75zk0Ast9Gvuhb19mC/8OdypxN6z8vnhTNPmy38kzbmjEbBpVIkuSGYmsXQW8J8eMSxtG=kZMK-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 29 Apr 21:12 +0200
(name . Lars-Dominik Braun)(address . ldb@leibniz-psychology.org)(address . 40742-done@debbugs.gnu.org)
20200429191245.GA28764@jasmine.lan
On Fri, Apr 24, 2020 at 08:50:56AM +0200, Lars-Dominik Braun wrote:
Toggle quote (6 lines)> Hi,> > > Can we skip patch 2? Or combine it with patch 4?> sorry for the delay. I squashed them and got upstream to upload tags to git.> Updated patchset attached to this email.
Thanks! Pushed as b9d96ed77343e3f158f7ee1c758270bf4f059a74
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl6p0a0ACgkQJkb6MLrKfwjFMRAA0RehhJ1hIFDmriisIME6Qgws9DM2+qMgeCHLQHhNUT+D8ShxxBKLw1Px39jK1NlOMG7tknI46psSMcayCL+gRKTYLM80vYxbiKqpDvMICqLq/ek90b9wrH2Y13eXWebFLpGcCFgFQzc4FR3BOt/vz/KpvyUYxDON1WfYZlQ9p/3Kgz5AOuWEJFJ2GN9iQLj96ugllijY6bS/KLRo3c7LNd3RVZKwA59RbYfp9rTYkZaSkPwNLDnOkuDPBqUlcFkuL2D8Dv2OO4i+dubrVX9JgX55bny/NbU1Xn5KATWeh+jyvaCxgYdhpz30kJtaa5dGXQ3wcgSqNsLp0IyZia+A08pwXbaLc2xisyvwTPskTYre6aov5Lly83YYc7AdafIOKhbpgbDIqnDEbwqJln51/4rwhY35riWlI7nNLbaxboKTHSeaJGpHfkgfkjls7pSjOmKArNbJq11GDW/uH+PdhZq7nrC1FTUNpHdWbJ0onBCoC4SClrw0wqspgpnwMJxlPt/kPvo5Y9m2n2udCHKTahGo2mfmyxEdF0RHw1nZIM/2Fiq1CcNaJHMitFxusqyPPwFmS3cX6wA6cjfO21LWhDa286VnKCqxNbRqnVdLsxbrMuOdJY8E6ZkXJozDDBKo7fcrGQAQaaGjw8A25JmBFUR80iHV3dVEqyJ80RGoTEo==oaSj-----END PGP SIGNATURE-----

Closed
?