diff --git a/sqlite3.changes b/sqlite3.changes index 8e84e03..c8a1060 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,17 +1,7 @@ ------------------------------------------------------------------- -Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger +Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max -- SQLite 3.35.4: - * Fix a defect in the query planner optimization - * Fix a defect in the new RETURNING syntax - * Fix the new RETURNING feature so that it raises an error if one - of the terms in the RETURNING clause references a unknown - table, instead of silently ignoring that error - * Fix an assertion associated with aggregate function processing - that was incorrectly triggered by the push-down optimization - -------------------------------------------------------------------- -Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max +- Sync Factory to SLE-12 and SLE-15. - The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the chane log so far: @@ -56,6 +46,38 @@ Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names + * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query + optimizer may cause a buffer overflow and application crash via + a crafted SQL statement. + * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the + rtreenode() function when handling invalid rtree tables. + * bsc#1132045, CVE-2017-10989: getNodeSize function in + ext/rtree/rtree.c issues + * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability + +- Fix build on SLE-12 and remove the following patches from there + which are all upstream: + * sqlite3-CVE-2017-10989.patch + * sqlite3-CVE-2017-2518.patch, + * sqlite3-CVE-2018-20346.patch, + * sqlite3-CVE-2018-8740.patch, + * sqlite3-CVE-2019-16168.patch (bsc#1019518), + * sqlite3-CVE-2019-8457.patch, + * sqlite3-journal-file.patch, + * sqlite3-xFetch-null.patch (bsc#1025034), + * sqlite3-CVE-2016-6153.patch + +------------------------------------------------------------------- +Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger + +- SQLite 3.35.4: + * Fix a defect in the query planner optimization + * Fix a defect in the new RETURNING syntax + * Fix the new RETURNING feature so that it raises an error if one + of the terms in the RETURNING clause references a unknown + table, instead of silently ignoring that error + * Fix an assertion associated with aggregate function processing + that was incorrectly triggered by the push-down optimization ------------------------------------------------------------------- Sat Mar 27 11:52:17 UTC 2021 - Andreas Stieger @@ -1320,6 +1342,11 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com analyzed. * sqlite3_memory_alarm() no-op. +------------------------------------------------------------------- +Tue Aug 11 09:20:25 UTC 2015 - max@suse.com +- Submit Factory package to SLE12-SP1 to enable the unlock notify + API (fate#317928). + ------------------------------------------------------------------- Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com diff --git a/sqlite3.spec b/sqlite3.spec index 1b1076c..bc16fa9 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -35,7 +35,14 @@ BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: tcl-devel BuildRequires: unzip +%if 0%{suse_version} < 1500 +# As of 2021 we still need to be able to compile this on SLE-12 +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: zlib-devel +%global make_build make +%else BuildRequires: pkgconfig(zlib) +%endif Provides: %{oname} = %{version} Obsoletes: %{oname} < %{version} %if %{with icu}