> On Thu, May 08, 2025 at 10:12:53AM +0200, Roman Schnider via ptxdist wrote: >> https://www.sqlite.org/releaselog/3_49_2.html >> >> * Addresses CVE-2025-29088 and CVE-2025-3277 >> https://www.sqlite.org/cves.html >> >> * Adjust build options, disabled JSON support >> * Install missing symlink libsqlite3.so -> libsqlite3.so.3.49.2 in the >> targetinstall stage. >> >> Signed-off-by: Roman Schnider <[email protected]> >> --- >> v2: >> - Bump to 3.49.2 since just released yesterday >> - Since 3.49.0, the shared library is named using the package version, e.g. >> libsqlite3.so.3.49.2 >> The install_lib macro does create a libsqlite3.so.0 symlink, but the >> libsqlite3.so one is missing. >> Create it manually. >> >> rules/sqlite.make | 11 +++++++---- >> 1 file changed, 7 insertions(+), 4 deletions(-) >> >> diff --git a/rules/sqlite.make b/rules/sqlite.make >> index f75edfbd5..3eb011062 100644 >> --- a/rules/sqlite.make >> +++ b/rules/sqlite.make >> @@ -29,8 +29,8 @@ endef >> # >> # Paths and names >> # >> -SQLITE_VERSION := 3.48.0 >> -SQLITE_MD5 := ab4e0652b6dedb075faf7a2781ba2c20 >> +SQLITE_VERSION := 3.49.2 >> +SQLITE_MD5 := 46ef8fec4c97ec77ab27659ad27b28b0 >> SQLITE := sqlite-autoconf-$(call >> sqlite/file-version,$(SQLITE_VERSION)) >> SQLITE_SUFFIX := tar.gz >> SQLITE_URL := https://www.sqlite.org/2025/$(SQLITE).$(SQLITE_SUFFIX) >> @@ -67,8 +67,9 @@ SQLITE_CONF_OPT := \ >> --disable-editline \ >> --$(call ptx/endis,PTXCONF_SQLITE_READLINE)-readline \ >> --$(call ptx/endis,PTXCONF_SQLITE_THREADSAFE)-threadsafe \ >> - --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-dynamic-extensions \ >> + --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-load-extension \ >> --disable-math \ >> + --disable-json \ > > See my comment on v1. > >> --enable-fts4 \ >> --enable-fts3 \ >> --disable-fts5 \ >> @@ -90,7 +91,9 @@ $(STATEDIR)/sqlite.targetinstall: >> @$(call install_fixup, sqlite,AUTHOR,"Ladislav Michl >> <[email protected]>") >> @$(call install_fixup, sqlite,DESCRIPTION,missing) >> >> - @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) >> + @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) >> + @$(call install_link, sqlite, libsqlite3.so.$(SQLITE_VERSION), \ >> + /usr/lib/libsqlite3.so) > > PTXdist drops this link explicitly, because it should not be needed at > runtime. It is typically used to find -lsqlite3 at build-time. The linker > will then use the 'soname' which is libsqlite3.so.0 here. And that link > exists. > So why do you need libsqlite3.so here?
Since 3.49.0 the build does not create a shared library including the SONAME entry with 'libsqlite3.so.0' anymore. A binary linked against it will then include the default name libsqlite3.so for the NEEDED entry, which is not there: $ arm-v7a-linux-gnueabihf-objdump -p sqlite-test | grep NEEDED NEEDED libz.so.1 NEEDED libsqlite3.so NEEDED libc.so.6 A detailed explication why they removed the soname can be found here: https://sqlite.org/src/forumpost/5a3b44f510df8ded I guess we now have to options: 1. add the link manually 2. change the configuration to use the option --soname=legacy Roman. > > Michael > >> >> ifdef PTXCONF_SQLITE_TOOL >> @$(call install_copy, sqlite, 0, 0, 0755, -, /usr/bin/sqlite3) >> -- >> 2.43.0 >> >> >> > > -- > Pengutronix e.K. | | > Steuerwalder Str. 21 | http://www.pengutronix.de/ | > 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > >
