OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=263

sqlite3.changes

@@ -1,17 +1,7 @@
 -------------------------------------------------------------------
-Sat Apr  3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+Tue Apr  6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>
 
-- SQLite 3.35.4:
+- Sync Factory to SLE-12 and SLE-15.
-  * Fix a defect in the query planner optimization
-  * Fix a defect in the new RETURNING syntax
-  * Fix the new RETURNING feature so that it raises an error if one
-    of the terms in the RETURNING clause references a unknown
-    table, instead of silently ignoring that error
-  * Fix an assertion associated with aggregate function processing
-    that was incorrectly triggered by the push-down optimization
-
--------------------------------------------------------------------
-Thu Apr  1 10:27:58 UTC 2021 - Reinhard Max <max@suse.com>
 
 - The following CVEs have been fixed in upstream releases up to
   this point, but were not mentioned in the chane log so far:
@@ -56,6 +46,38 @@ Thu Apr  1 10:27:58 UTC 2021 - Reinhard Max <max@suse.com>
     vulnerability
   * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
     collation-sequence names
+  * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query
+    optimizer may cause a buffer overflow and application crash via
+    a crafted SQL statement.
+  * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the
+    rtreenode() function when handling invalid rtree tables.
+  * bsc#1132045, CVE-2017-10989: getNodeSize function in
+    ext/rtree/rtree.c issues
+  * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability
+
+- Fix build on SLE-12 and remove the following patches from there
+  which are all upstream:
+  * sqlite3-CVE-2017-10989.patch
+  * sqlite3-CVE-2017-2518.patch,
+  * sqlite3-CVE-2018-20346.patch,
+  * sqlite3-CVE-2018-8740.patch,
+  * sqlite3-CVE-2019-16168.patch (bsc#1019518),
+  * sqlite3-CVE-2019-8457.patch,
+  * sqlite3-journal-file.patch,
+  * sqlite3-xFetch-null.patch (bsc#1025034),
+  * sqlite3-CVE-2016-6153.patch
+
+-------------------------------------------------------------------
+Sat Apr  3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- SQLite 3.35.4:
+  * Fix a defect in the query planner optimization
+  * Fix a defect in the new RETURNING syntax
+  * Fix the new RETURNING feature so that it raises an error if one
+    of the terms in the RETURNING clause references a unknown
+    table, instead of silently ignoring that error
+  * Fix an assertion associated with aggregate function processing
+    that was incorrectly triggered by the push-down optimization
 
 -------------------------------------------------------------------
 Sat Mar 27 11:52:17 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
@@ -1320,6 +1342,11 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com
     analyzed.
   * sqlite3_memory_alarm() no-op.
 
+-------------------------------------------------------------------
+Tue Aug 11 09:20:25 UTC 2015 - max@suse.com
+- Submit Factory package to SLE12-SP1 to enable the unlock notify
+  API (fate#317928).
+
 -------------------------------------------------------------------
 Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com
 

sqlite3.spec

@@ -35,7 +35,14 @@ BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  tcl-devel
 BuildRequires:  unzip
+%if 0%{suse_version} < 1500
+# As of 2021 we still need to be able to compile this on SLE-12
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  zlib-devel
+%global make_build make
+%else
 BuildRequires:  pkgconfig(zlib)
+%endif
 Provides:       %{oname} = %{version}
 Obsoletes:      %{oname} < %{version}
 %if %{with icu}