OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=263

2021-04-06 15:00:05 +00:00 · 2021-04-06 15:00:05 +00:00 · 8b96f6cbba
commit 8b96f6cbba
parent c767c076fa
2 changed files with 46 additions and 12 deletions
--- a/sqlite3.changes
+++ b/sqlite3.changes
@ -1,17 +1,7 @@
 -------------------------------------------------------------------
-Sat Apr  3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+Tue Apr  6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>

- SQLite 3.35.4:
-  * Fix a defect in the query planner optimization
-  * Fix a defect in the new RETURNING syntax
-  * Fix the new RETURNING feature so that it raises an error if one
-    of the terms in the RETURNING clause references a unknown
-    table, instead of silently ignoring that error
-  * Fix an assertion associated with aggregate function processing
-    that was incorrectly triggered by the push-down optimization
-
-------------------------------------------------------------------
-Thu Apr  1 10:27:58 UTC 2021 - Reinhard Max <max@suse.com>
+- Sync Factory to SLE-12 and SLE-15.

 - The following CVEs have been fixed in upstream releases up to
  this point, but were not mentioned in the chane log so far:
@ -56,6 +46,38 @@ Thu Apr  1 10:27:58 UTC 2021 - Reinhard Max <max@suse.com>
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
+  * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query
+    optimizer may cause a buffer overflow and application crash via
+    a crafted SQL statement.
+  * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the
+    rtreenode() function when handling invalid rtree tables.
+  * bsc#1132045, CVE-2017-10989: getNodeSize function in
+    ext/rtree/rtree.c issues
+  * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability
+
+- Fix build on SLE-12 and remove the following patches from there
+  which are all upstream:
+  * sqlite3-CVE-2017-10989.patch
+  * sqlite3-CVE-2017-2518.patch,
+  * sqlite3-CVE-2018-20346.patch,
+  * sqlite3-CVE-2018-8740.patch,
+  * sqlite3-CVE-2019-16168.patch (bsc#1019518),
+  * sqlite3-CVE-2019-8457.patch,
+  * sqlite3-journal-file.patch,
+  * sqlite3-xFetch-null.patch (bsc#1025034),
+  * sqlite3-CVE-2016-6153.patch
+
+-------------------------------------------------------------------
+Sat Apr  3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- SQLite 3.35.4:
+  * Fix a defect in the query planner optimization
+  * Fix a defect in the new RETURNING syntax
+  * Fix the new RETURNING feature so that it raises an error if one
+    of the terms in the RETURNING clause references a unknown
+    table, instead of silently ignoring that error
+  * Fix an assertion associated with aggregate function processing
+    that was incorrectly triggered by the push-down optimization

 -------------------------------------------------------------------
 Sat Mar 27 11:52:17 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
@ -1320,6 +1342,11 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com
    analyzed.
  * sqlite3_memory_alarm() no-op.

+-------------------------------------------------------------------
+Tue Aug 11 09:20:25 UTC 2015 - max@suse.com
+- Submit Factory package to SLE12-SP1 to enable the unlock notify
+  API (fate#317928).
+
 -------------------------------------------------------------------
 Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com

--- a/sqlite3.spec
+++ b/sqlite3.spec
@ -35,7 +35,14 @@ BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
 BuildRequires:  tcl-devel
 BuildRequires:  unzip
+%if 0%{suse_version} < 1500
+# As of 2021 we still need to be able to compile this on SLE-12
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  zlib-devel
+%global make_build make
+%else
 BuildRequires:  pkgconfig(zlib)
+%endif
 Provides:       %{oname} = %{version}
 Obsoletes:      %{oname} < %{version}
 %if %{with icu}