Hello community, here is the log from the commit of package sqlite3 for openSUSE:Factory checked in at 2020-06-27 23:20:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sqlite3 (Old) and /work/SRC/openSUSE:Factory/.sqlite3.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sqlite3" Sat Jun 27 23:20:29 2020 rev:120 rq:816145 version:3.32.3 Changes: -------- --- /work/SRC/openSUSE:Factory/sqlite3/sqlite3.changes 2020-06-11 14:41:57.692834773 +0200 +++ /work/SRC/openSUSE:Factory/.sqlite3.new.3060/sqlite3.changes 2020-06-27 23:20:32.545420285 +0200 @@ -1,0 +2,11 @@ +Sat Jun 20 11:11:01 UTC 2020 - Andreas Stieger <[email protected]> + +- SQLite 3.32.3: + * Fix Heap Buffer Overflow in multiSelectOrderBy + * Fix Assertion `flags3==pIn3->flags' failed + * Fix Assertion `pExpr->pAggInfo==pAggInfo' failed + * Fix Segfault in sqlite3Select + * Fix Use after free in resetAccumulator + CVE-2020-13871 boo#1172646 + +------------------------------------------------------------------- @@ -31,0 +43,7 @@ + * CVE-2020-13434 boo#1172115: integer overflow in + sqlite3_str_vappendf + * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow + * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed + to one of its shadow tables + * CVE-2020-13632 boo#1172240: NULL pointer dereference via + crafted matchinfo() query Old: ---- sqlite-doc-3320200.zip sqlite-src-3320200.zip New: ---- sqlite-doc-3320300.zip sqlite-src-3320300.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sqlite3.spec ++++++ --- /var/tmp/diff_new_pack.WA6TBu/_old 2020-06-27 23:20:33.961424941 +0200 +++ /var/tmp/diff_new_pack.WA6TBu/_new 2020-06-27 23:20:33.965424954 +0200 @@ -16,23 +16,20 @@ # -%bcond_with icu %define oname sqlite -%define tarversion 3320200 +%define tarversion 3320300 +%bcond_with icu Name: sqlite3 -Version: 3.32.2 +Version: 3.32.3 Release: 0 Summary: Embeddable SQL Database Engine License: SUSE-Public-Domain Group: Productivity/Databases/Servers -URL: http://www.sqlite.org/ +URL: https://www.sqlite.org/ Source0: http://www.sqlite.org/2020/sqlite-src-%{tarversion}.zip Source1: baselibs.conf Source2: http://www.sqlite.org/2020/sqlite-doc-%{tarversion}.zip BuildRequires: automake -%if %{with icu} -BuildRequires: libicu-devel -%endif BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: readline-devel @@ -41,6 +38,9 @@ BuildRequires: pkgconfig(zlib) Provides: %{oname} = %{version} Obsoletes: %{oname} < %{version} +%if %{with icu} +BuildRequires: libicu-devel +%endif %description SQLite is a C library that implements an embeddable SQL database @@ -144,11 +144,11 @@ --enable-json1 \ --enable-update-limit \ --enable-rtree -make %{?_smp_mflags} sqlite3.c -make %{?_smp_mflags} +%make_build sqlite3.c +%make_build %check -make %{?_smp_mflags} test +%make_build test %install %make_install
