Accepting request 816144 from home:AndreasStieger:branches:server:database

SQLite 3.32.3 CVE-2020-13871 boo#1172646 OBS-URL: https://build.opensuse.org/request/show/816144 OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=248
2020-06-20 11:26:28 +00:00 · 2020-06-20 11:26:28 +00:00 · 324a41fa9f
commit 324a41fa9f
parent dd9eb59508
6 changed files with 34 additions and 16 deletions
--- a/sqlite-doc-3320200.zip
+++ b/sqlite-doc-3320200.zip
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4355a8e835b1b67e6d555ee383c904aab6912b3298f3ee7380246a3428760701
-size 9766769
--- a/sqlite-doc-3320300.zip
+++ b/sqlite-doc-3320300.zip
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:36920536daf7f8b19c2e646dc79db62e13cc1a992f562ba9a11fa7c191f24a4e
+size 9772933
--- a/sqlite-src-3320200.zip
+++ b/sqlite-src-3320200.zip
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e027dd65738eb03fa87d79075a0ec2db2d2c7ad8ebca9ad2a0e96e6612d210cb
-size 12525765
--- a/sqlite-src-3320300.zip
+++ b/sqlite-src-3320300.zip
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9312f0865d3692384d466048f746d18f88e7ffd1758b77d4f07904e03ed5f5b9
+size 12461750
--- a/sqlite3.changes
+++ b/sqlite3.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sat Jun 20 11:11:01 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- SQLite 3.32.3:
+  * Fix Heap Buffer Overflow in multiSelectOrderBy
+  * Fix Assertion `flags3==pIn3->flags' failed
+  * Fix Assertion `pExpr->pAggInfo==pAggInfo' failed
+  * Fix Segfault in sqlite3Select 
+  * Fix Use after free in resetAccumulator
+    CVE-2020-13871 boo#1172646
+
 -------------------------------------------------------------------
 Fri Jun  5 12:57:51 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>

@ -29,6 +40,13 @@ Sun May 24 06:03:29 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
  * Add code for the UINT collating sequence as an optional
    loadable extension
  * multiple enhancements to the CLI
+  * CVE-2020-13434 boo#1172115: integer overflow in
+    sqlite3_str_vappendf
+  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
+  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
+    to one of its shadow tables
+  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
+    crafted matchinfo() query
 - drop upstreamed patches:
  * 04885763c4cd00cb-s390-compatibility.patch
  * b20503aaf5b6595a-adapt-FTS-tests-for-big-endian.patch
--- a/sqlite3.spec
+++ b/sqlite3.spec
@ -16,23 +16,20 @@
 #


-%bcond_with icu
 %define oname sqlite
-%define tarversion 3320200
+%define tarversion 3320300
+%bcond_with icu
 Name:           sqlite3
-Version:        3.32.2
+Version:        3.32.3
 Release:        0
 Summary:        Embeddable SQL Database Engine
 License:        SUSE-Public-Domain
 Group:          Productivity/Databases/Servers
-URL:            http://www.sqlite.org/
+URL:            https://www.sqlite.org/
 Source0:        http://www.sqlite.org/2020/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        http://www.sqlite.org/2020/sqlite-doc-%{tarversion}.zip
 BuildRequires:  automake
-%if %{with icu}
-BuildRequires:  libicu-devel
-%endif
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
@ -41,6 +38,9 @@ BuildRequires:  unzip
 BuildRequires:  pkgconfig(zlib)
 Provides:       %{oname} = %{version}
 Obsoletes:      %{oname} < %{version}
+%if %{with icu}
+BuildRequires:  libicu-devel
+%endif

 %description
 SQLite is a C library that implements an embeddable SQL database
@ -144,11 +144,11 @@ export CFLAGS="%{optflags} \
  --enable-json1 \
  --enable-update-limit \
  --enable-rtree
-make %{?_smp_mflags} sqlite3.c
-make %{?_smp_mflags}
+%make_build sqlite3.c
+%make_build

 %check
-make %{?_smp_mflags} test
+%make_build test

 %install
 %make_install