From 324a41fa9fa679a19a7a1e389ec4dc802bf031d8a8bcd20245cfbb8ecca7951c Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Sat, 20 Jun 2020 11:26:28 +0000
Subject: [PATCH] Accepting request 816144 from
 home:AndreasStieger:branches:server:database

SQLite 3.32.3
    CVE-2020-13871 boo#1172646

OBS-URL: https://build.opensuse.org/request/show/816144
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=248
---
 sqlite-doc-3320200.zip |  3 ---
 sqlite-doc-3320300.zip |  3 +++
 sqlite-src-3320200.zip |  3 ---
 sqlite-src-3320300.zip |  3 +++
 sqlite3.changes        | 18 ++++++++++++++++++
 sqlite3.spec           | 20 ++++++++++----------
 6 files changed, 34 insertions(+), 16 deletions(-)
 delete mode 100644 sqlite-doc-3320200.zip
 create mode 100644 sqlite-doc-3320300.zip
 delete mode 100644 sqlite-src-3320200.zip
 create mode 100644 sqlite-src-3320300.zip

diff --git a/sqlite-doc-3320200.zip b/sqlite-doc-3320200.zip
deleted file mode 100644
index ff68d63..0000000
--- a/sqlite-doc-3320200.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4355a8e835b1b67e6d555ee383c904aab6912b3298f3ee7380246a3428760701
-size 9766769
diff --git a/sqlite-doc-3320300.zip b/sqlite-doc-3320300.zip
new file mode 100644
index 0000000..3a7872f
--- /dev/null
+++ b/sqlite-doc-3320300.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:36920536daf7f8b19c2e646dc79db62e13cc1a992f562ba9a11fa7c191f24a4e
+size 9772933
diff --git a/sqlite-src-3320200.zip b/sqlite-src-3320200.zip
deleted file mode 100644
index 267ba4a..0000000
--- a/sqlite-src-3320200.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e027dd65738eb03fa87d79075a0ec2db2d2c7ad8ebca9ad2a0e96e6612d210cb
-size 12525765
diff --git a/sqlite-src-3320300.zip b/sqlite-src-3320300.zip
new file mode 100644
index 0000000..a1931fb
--- /dev/null
+++ b/sqlite-src-3320300.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9312f0865d3692384d466048f746d18f88e7ffd1758b77d4f07904e03ed5f5b9
+size 12461750
diff --git a/sqlite3.changes b/sqlite3.changes
index 5753408..a93a96c 100644
--- a/sqlite3.changes
+++ b/sqlite3.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sat Jun 20 11:11:01 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- SQLite 3.32.3:
+  * Fix Heap Buffer Overflow in multiSelectOrderBy
+  * Fix Assertion `flags3==pIn3->flags' failed
+  * Fix Assertion `pExpr->pAggInfo==pAggInfo' failed
+  * Fix Segfault in sqlite3Select 
+  * Fix Use after free in resetAccumulator
+    CVE-2020-13871 boo#1172646
+
 -------------------------------------------------------------------
 Fri Jun  5 12:57:51 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
 
@@ -29,6 +40,13 @@ Sun May 24 06:03:29 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
   * Add code for the UINT collating sequence as an optional
     loadable extension
   * multiple enhancements to the CLI
+  * CVE-2020-13434 boo#1172115: integer overflow in
+    sqlite3_str_vappendf
+  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
+  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
+    to one of its shadow tables
+  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
+    crafted matchinfo() query
 - drop upstreamed patches:
   * 04885763c4cd00cb-s390-compatibility.patch
   * b20503aaf5b6595a-adapt-FTS-tests-for-big-endian.patch
diff --git a/sqlite3.spec b/sqlite3.spec
index f2ce25c..738b501 100644
--- a/sqlite3.spec
+++ b/sqlite3.spec
@@ -16,23 +16,20 @@
 #
 
 
-%bcond_with icu
 %define oname sqlite
-%define tarversion 3320200
+%define tarversion 3320300
+%bcond_with icu
 Name:           sqlite3
-Version:        3.32.2
+Version:        3.32.3
 Release:        0
 Summary:        Embeddable SQL Database Engine
 License:        SUSE-Public-Domain
 Group:          Productivity/Databases/Servers
-URL:            http://www.sqlite.org/
+URL:            https://www.sqlite.org/
 Source0:        http://www.sqlite.org/2020/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        http://www.sqlite.org/2020/sqlite-doc-%{tarversion}.zip
 BuildRequires:  automake
-%if %{with icu}
-BuildRequires:  libicu-devel
-%endif
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
@@ -41,6 +38,9 @@ BuildRequires:  unzip
 BuildRequires:  pkgconfig(zlib)
 Provides:       %{oname} = %{version}
 Obsoletes:      %{oname} < %{version}
+%if %{with icu}
+BuildRequires:  libicu-devel
+%endif
 
 %description
 SQLite is a C library that implements an embeddable SQL database
@@ -144,11 +144,11 @@ export CFLAGS="%{optflags} \
   --enable-json1 \
   --enable-update-limit \
   --enable-rtree
-make %{?_smp_mflags} sqlite3.c
-make %{?_smp_mflags}
+%make_build sqlite3.c
+%make_build
 
 %check
-make %{?_smp_mflags} test
+%make_build test
 
 %install
 %make_install