https://www.sqlite.org/releaselog/3_49_2.html
* Addresses CVE-2025-29088 and CVE-2025-3277 https://www.sqlite.org/cves.html * Since 3.49.0, the build does not create a shared library including the SONAME entry with 'libsqlite3.so.0' anymore. A binary linked against it will then include the default name 'libsqlite3.so' in its NEEDED entry. However, this symlink is not installed on the target. See also https://sqlite.org/src/forumpost/5a3b44f510df8ded To keep the old behaviour, configure the build using '--soname=legacy'. * Adapated to renamed configure option Signed-off-by: Roman Schnider <[email protected]> --- v3: - use --soname=legacy to build shared lib using old naming convention - removed --disable-json to keep JSON support by default --- rules/sqlite.make | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rules/sqlite.make b/rules/sqlite.make index f75edfbd5..cc855697c 100644 --- a/rules/sqlite.make +++ b/rules/sqlite.make @@ -29,8 +29,8 @@ endef # # Paths and names # -SQLITE_VERSION := 3.48.0 -SQLITE_MD5 := ab4e0652b6dedb075faf7a2781ba2c20 +SQLITE_VERSION := 3.49.2 +SQLITE_MD5 := 46ef8fec4c97ec77ab27659ad27b28b0 SQLITE := sqlite-autoconf-$(call sqlite/file-version,$(SQLITE_VERSION)) SQLITE_SUFFIX := tar.gz SQLITE_URL := https://www.sqlite.org/2025/$(SQLITE).$(SQLITE_SUFFIX) @@ -63,11 +63,12 @@ SQLITE_CONF_TOOL := autoconf SQLITE_CONF_OPT := \ $(CROSS_AUTOCONF_USR) \ $(GLOBAL_LARGE_FILE_OPTION) \ + --soname=legacy \ --disable-static \ --disable-editline \ --$(call ptx/endis,PTXCONF_SQLITE_READLINE)-readline \ --$(call ptx/endis,PTXCONF_SQLITE_THREADSAFE)-threadsafe \ - --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-dynamic-extensions \ + --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-load-extension \ --disable-math \ --enable-fts4 \ --enable-fts3 \ -- 2.43.0
