Accepting request 1056142 from server:database
OBS-URL: https://build.opensuse.org/request/show/1056142 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=141
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
e075a7838e
@ -1,56 +0,0 @@
|
|||||||
Index: src/shell.c.in
|
|
||||||
==================================================================
|
|
||||||
--- src/shell.c.in
|
|
||||||
+++ src/shell.c.in
|
|
||||||
@@ -1878,11 +1878,11 @@
|
|
||||||
"readfile",
|
|
||||||
"writefile",
|
|
||||||
"zipfile",
|
|
||||||
"zipfile_cds",
|
|
||||||
};
|
|
||||||
- UNUSED_PARAMETER(zA2);
|
|
||||||
+ UNUSED_PARAMETER(zA1);
|
|
||||||
UNUSED_PARAMETER(zA3);
|
|
||||||
UNUSED_PARAMETER(zA4);
|
|
||||||
switch( op ){
|
|
||||||
case SQLITE_ATTACH: {
|
|
||||||
#ifndef SQLITE_SHELL_FIDDLE
|
|
||||||
@@ -1893,11 +1893,11 @@
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case SQLITE_FUNCTION: {
|
|
||||||
int i;
|
|
||||||
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
|
|
||||||
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
|
|
||||||
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
|
|
||||||
failIfSafeMode(p, "cannot use the %s() function in safe mode",
|
|
||||||
azProhibitedFunctions[i]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
Index: test/shell2.test
|
|
||||||
==================================================================
|
|
||||||
--- test/shell2.test
|
|
||||||
+++ test/shell2.test
|
|
||||||
@@ -188,7 +188,19 @@
|
|
||||||
catchcmd ":memory:" {
|
|
||||||
SELECT 'unclosed;}
|
|
||||||
} {1 {Parse error near line 2: unrecognized token: "'unclosed;"
|
|
||||||
SELECT 'unclosed;
|
|
||||||
^--- error here}}
|
|
||||||
+
|
|
||||||
+# Verify that safe mode rejects certain UDFs
|
|
||||||
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
|
|
||||||
+do_test shell2-1.4.8 {
|
|
||||||
+ catchcmd "-safe :memory:" {
|
|
||||||
+ SELECT edit('DoNotCare');}
|
|
||||||
+} {1 {line 2: cannot use the edit() function in safe mode}}
|
|
||||||
+do_test shell2-1.4.9 {
|
|
||||||
+ catchcmd "-safe :memory:" {
|
|
||||||
+ SELECT writefile('DoNotCare', x'');}
|
|
||||||
+} {1 {line 2: cannot use the writefile() function in safe mode}}
|
|
||||||
+
|
|
||||||
|
|
||||||
finish_test
|
|
||||||
|
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:1adc16f71e920963913597d5d0da4fd90aef24a43779e7f75d86e47442f08dad
|
|
||||||
size 10921883
|
|
||||||
3
sqlite-doc-3400100.zip
Normal file
3
sqlite-doc-3400100.zip
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:72abaa381459740cfb41f19646f18a5154f93591d34f7eeb3c4f5dc7ae363a29
|
||||||
|
size 10934836
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:48550828142051293e179ffc6a8520f6fbfd82e1cdca78b93792f766cc89b8e2
|
|
||||||
size 13723231
|
|
||||||
3
sqlite-src-3400100.zip
Normal file
3
sqlite-src-3400100.zip
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5064126aa50db20c35578b612b56c3129425c0506ed4d1610efa4a0f01bdf8d0
|
||||||
|
size 13725560
|
||||||
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 28 21:37:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
- Update to 3.40.1:
|
||||||
|
* Fix the --safe command-line option to the CLI such that it
|
||||||
|
correctly disallows the use of SQL functions like writefile()
|
||||||
|
that can cause harmful side-effects.
|
||||||
|
(previously patched, drop sqlite-CVE-2022-46908.patch)
|
||||||
|
* Fix a potential infinite loop in the memsys5 alternative memory
|
||||||
|
allocator. This bug was introduced by a performance
|
||||||
|
optimization in version 3.39.0.
|
||||||
|
* Various other obscure fixes.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <max@suse.com>
|
Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <max@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -17,11 +17,11 @@
|
|||||||
|
|
||||||
|
|
||||||
%define oname sqlite
|
%define oname sqlite
|
||||||
%define tarversion 3400000
|
%define tarversion 3400100
|
||||||
%bcond_with icu
|
%bcond_with icu
|
||||||
%bcond_without check
|
%bcond_without check
|
||||||
Name: sqlite3
|
Name: sqlite3
|
||||||
Version: 3.40.0
|
Version: 3.40.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Embeddable SQL Database Engine
|
Summary: Embeddable SQL Database Engine
|
||||||
License: SUSE-Public-Domain
|
License: SUSE-Public-Domain
|
||||||
@ -31,7 +31,6 @@ Source0: https://www.sqlite.org/2022/sqlite-src-%{tarversion}.zip
|
|||||||
Source1: baselibs.conf
|
Source1: baselibs.conf
|
||||||
Source2: https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip
|
Source2: https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip
|
||||||
Patch0: sqlite-src-3390000-func7-pg-181.patch
|
Patch0: sqlite-src-3390000-func7-pg-181.patch
|
||||||
Patch1: sqlite-CVE-2022-46908.patch
|
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -130,7 +129,6 @@ other documentation found on sqlite.org. The files can be found in
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n sqlite-src-%{tarversion} -a2
|
%setup -q -n sqlite-src-%{tarversion} -a2
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1
|
|
||||||
|
|
||||||
rm -v sqlite-doc-%{tarversion}/releaselog/current.html
|
rm -v sqlite-doc-%{tarversion}/releaselog/current.html
|
||||||
ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html
|
ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user