From 88d34e2eff5338527d920894f9b680f132aef937c8dd7f4c617690b9c282b130 Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Thu, 5 Jan 2023 08:30:09 +0000
Subject: [PATCH] Accepting request 1045679 from
 home:AndreasStieger:branches:server:database

sqlite3 3.40.1

OBS-URL: https://build.opensuse.org/request/show/1045679
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=303
---
 sqlite-CVE-2022-46908.patch | 56 -------------------------------------
 sqlite-doc-3400000.zip      |  3 --
 sqlite-doc-3400100.zip      |  3 ++
 sqlite-src-3400000.zip      |  3 --
 sqlite-src-3400100.zip      |  3 ++
 sqlite3.changes             | 13 +++++++++
 sqlite3.spec                |  6 ++--
 7 files changed, 21 insertions(+), 66 deletions(-)
 delete mode 100644 sqlite-CVE-2022-46908.patch
 delete mode 100644 sqlite-doc-3400000.zip
 create mode 100644 sqlite-doc-3400100.zip
 delete mode 100644 sqlite-src-3400000.zip
 create mode 100644 sqlite-src-3400100.zip

diff --git a/sqlite-CVE-2022-46908.patch b/sqlite-CVE-2022-46908.patch
deleted file mode 100644
index 719fcb0..0000000
--- a/sqlite-CVE-2022-46908.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Index: src/shell.c.in
-==================================================================
---- src/shell.c.in
-+++ src/shell.c.in
-@@ -1878,11 +1878,11 @@
-     "readfile",
-     "writefile",
-     "zipfile",
-     "zipfile_cds",
-   };
--  UNUSED_PARAMETER(zA2);
-+  UNUSED_PARAMETER(zA1);
-   UNUSED_PARAMETER(zA3);
-   UNUSED_PARAMETER(zA4);
-   switch( op ){
-     case SQLITE_ATTACH: {
- #ifndef SQLITE_SHELL_FIDDLE
-@@ -1893,11 +1893,11 @@
-       break;
-     }
-     case SQLITE_FUNCTION: {
-       int i;
-       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
--        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
-+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
-           failIfSafeMode(p, "cannot use the %s() function in safe mode",
-                          azProhibitedFunctions[i]);
-         }
-       }
-       break;
-
-Index: test/shell2.test
-==================================================================
---- test/shell2.test
-+++ test/shell2.test
-@@ -188,7 +188,19 @@
-   catchcmd ":memory:" {
-  SELECT 'unclosed;}
- } {1 {Parse error near line 2: unrecognized token: "'unclosed;"
-   SELECT 'unclosed;
-          ^--- error here}}
-+
-+# Verify that safe mode rejects certain UDFs
-+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
-+do_test shell2-1.4.8 {
-+  catchcmd "-safe :memory:" {
-+ SELECT edit('DoNotCare');}
-+} {1 {line 2: cannot use the edit() function in safe mode}}
-+do_test shell2-1.4.9 {
-+  catchcmd "-safe :memory:" {
-+ SELECT writefile('DoNotCare', x'');}
-+} {1 {line 2: cannot use the writefile() function in safe mode}}
-+
- 
- finish_test
-
diff --git a/sqlite-doc-3400000.zip b/sqlite-doc-3400000.zip
deleted file mode 100644
index 07ef409..0000000
--- a/sqlite-doc-3400000.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1adc16f71e920963913597d5d0da4fd90aef24a43779e7f75d86e47442f08dad
-size 10921883
diff --git a/sqlite-doc-3400100.zip b/sqlite-doc-3400100.zip
new file mode 100644
index 0000000..e65d4e4
--- /dev/null
+++ b/sqlite-doc-3400100.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:72abaa381459740cfb41f19646f18a5154f93591d34f7eeb3c4f5dc7ae363a29
+size 10934836
diff --git a/sqlite-src-3400000.zip b/sqlite-src-3400000.zip
deleted file mode 100644
index 9352121..0000000
--- a/sqlite-src-3400000.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:48550828142051293e179ffc6a8520f6fbfd82e1cdca78b93792f766cc89b8e2
-size 13723231
diff --git a/sqlite-src-3400100.zip b/sqlite-src-3400100.zip
new file mode 100644
index 0000000..ac47b0c
--- /dev/null
+++ b/sqlite-src-3400100.zip
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5064126aa50db20c35578b612b56c3129425c0506ed4d1610efa4a0f01bdf8d0
+size 13725560
diff --git a/sqlite3.changes b/sqlite3.changes
index 4e14d3d..cbbf976 100644
--- a/sqlite3.changes
+++ b/sqlite3.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Dec 28 21:37:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 3.40.1:
+  * Fix the --safe command-line option to the CLI such that it
+    correctly disallows the use of SQL functions like writefile()
+    that can cause harmful side-effects.
+    (previously patched, drop sqlite-CVE-2022-46908.patch)
+  * Fix a potential infinite loop in the memsys5 alternative memory
+    allocator. This bug was introduced by a performance
+    optimization in version 3.39.0.
+  * Various other obscure fixes. 
+
 -------------------------------------------------------------------
 Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <max@suse.com>
 
diff --git a/sqlite3.spec b/sqlite3.spec
index 1cc82dc..fef1681 100644
--- a/sqlite3.spec
+++ b/sqlite3.spec
@@ -17,11 +17,11 @@
 
 
 %define oname sqlite
-%define tarversion 3400000
+%define tarversion 3400100
 %bcond_with icu
 %bcond_without check
 Name:           sqlite3
-Version:        3.40.0
+Version:        3.40.1
 Release:        0
 Summary:        Embeddable SQL Database Engine
 License:        SUSE-Public-Domain
@@ -31,7 +31,6 @@ Source0:        https://www.sqlite.org/2022/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip
 Patch0:         sqlite-src-3390000-func7-pg-181.patch
-Patch1:         sqlite-CVE-2022-46908.patch
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -130,7 +129,6 @@ other documentation found on sqlite.org. The files can be found in
 %prep
 %setup -q -n sqlite-src-%{tarversion} -a2
 %patch0 -p1
-%patch1
 
 rm -v sqlite-doc-%{tarversion}/releaselog/current.html
 ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html