On Thu, May 08, 2025 at 10:12:53AM +0200, Roman Schnider via ptxdist wrote: > https://www.sqlite.org/releaselog/3_49_2.html > > * Addresses CVE-2025-29088 and CVE-2025-3277 > https://www.sqlite.org/cves.html > > * Adjust build options, disabled JSON support > * Install missing symlink libsqlite3.so -> libsqlite3.so.3.49.2 in the > targetinstall stage. > > Signed-off-by: Roman Schnider <[email protected]> > --- > v2: > - Bump to 3.49.2 since just released yesterday > - Since 3.49.0, the shared library is named using the package version, e.g. > libsqlite3.so.3.49.2 > The install_lib macro does create a libsqlite3.so.0 symlink, but the > libsqlite3.so one is missing. > Create it manually. > > rules/sqlite.make | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/rules/sqlite.make b/rules/sqlite.make > index f75edfbd5..3eb011062 100644 > --- a/rules/sqlite.make > +++ b/rules/sqlite.make > @@ -29,8 +29,8 @@ endef > # > # Paths and names > # > -SQLITE_VERSION := 3.48.0 > -SQLITE_MD5 := ab4e0652b6dedb075faf7a2781ba2c20 > +SQLITE_VERSION := 3.49.2 > +SQLITE_MD5 := 46ef8fec4c97ec77ab27659ad27b28b0 > SQLITE := sqlite-autoconf-$(call > sqlite/file-version,$(SQLITE_VERSION)) > SQLITE_SUFFIX := tar.gz > SQLITE_URL := https://www.sqlite.org/2025/$(SQLITE).$(SQLITE_SUFFIX) > @@ -67,8 +67,9 @@ SQLITE_CONF_OPT := \ > --disable-editline \ > --$(call ptx/endis,PTXCONF_SQLITE_READLINE)-readline \ > --$(call ptx/endis,PTXCONF_SQLITE_THREADSAFE)-threadsafe \ > - --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-dynamic-extensions \ > + --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-load-extension \ > --disable-math \ > + --disable-json \
See my comment on v1. > --enable-fts4 \ > --enable-fts3 \ > --disable-fts5 \ > @@ -90,7 +91,9 @@ $(STATEDIR)/sqlite.targetinstall: > @$(call install_fixup, sqlite,AUTHOR,"Ladislav Michl > <[email protected]>") > @$(call install_fixup, sqlite,DESCRIPTION,missing) > > - @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) > + @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) > + @$(call install_link, sqlite, libsqlite3.so.$(SQLITE_VERSION), \ > + /usr/lib/libsqlite3.so) PTXdist drops this link explicitly, because it should not be needed at runtime. It is typically used to find -lsqlite3 at build-time. The linker will then use the 'soname' which is libsqlite3.so.0 here. And that link exists. So why do you need libsqlite3.so here? Michael > > ifdef PTXCONF_SQLITE_TOOL > @$(call install_copy, sqlite, 0, 0, 0755, -, /usr/bin/sqlite3) > -- > 2.43.0 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
