CVSROOT:        /cvs
Module name:    ports
Changes by:     lan...@cvs.openbsd.org  2017/08/10 10:00:23

Modified files:
        databases/sqlite3: Makefile distinfo 

Log message:
Update to sqlite3 3.20.0.

Fixes CVE-2017-10989 ('The getNodeSize function in ext/rtree/rtree.c in
SQLite through 3.19.3, as used in GDAL and other products, mishandles
undersized RTree blobs in a crafted database, leading to a heap-based
buffer over-read or possibly unspecified other impact.')

The standalone fix itself is at
https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26

Pass -DSQLITE_ENABLE_FTS3 via CFLAGS, as it apparently fixes build
issues with mozilla (from FreeBSD r447626 via naddy@)

Reply via email to