[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: Great, thanks folks! I've pushed an update to GH-18678. (BTW, is it kosher to force push to PRs like this?) -- ___ Python tracker

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Steve Dower added the comment: Isn't that what we ended up merging? (Goes to check). Ah, that was 3.30.1. Sure, go for it. We'll have RCs of everything before the next final releases go out, so provided someone double checks that it's all good before then I'm okay with it. --

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: I agree. I've updated the branches for source deps and cpython. I'll wait for Steve's approval before I open a new PR over at cpython-source-deps and update GH-18678. -- ___ Python tracker

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Ned Deily added the comment: I would prefer to go to 3.31.1 at this point particularly given the track record of the SQLite project. It's been released for a month now. Any objections, Steve? -- ___ Python tracker

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: You're welcome. If you are ok with that, I'd be happy to prepare a PR for the source deps for sqlite3 v3.31.1, and update GH-18678 as soon as it is tagged. -- ___ Python tracker

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Ned Deily added the comment: Thanks for the PRs. If we're going to update now as we should, why not to 3.31.1 which is current? -- ___ Python tracker ___

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: Yes, we need the tag for the Windows build, so the PR currently fails the Windows checks. (Tagging must be done explicitly by the maintainers, IIRC.) I also forgot to add a NEWS entry, so I'll do another push to add those (and kick off the CI) when

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Steve Dower added the comment: We still need the tag added to the cpython-source-deps repo, and I still can't complete a clone right now (something is strange with SSL to GitHub on my (temporary) internet connection). Zach - can you tag it?

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Change by Erlend Egeberg Aasland : -- pull_requests: +18038 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/18678 ___ Python tracker

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Change by Erlend Egeberg Aasland : Added file: https://bugs.python.org/file48922/0002-bpo-38380-Update-Windows-builds-to-use-SQLite-3.30.1.patch ___ Python tracker ___

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Change by Erlend Egeberg Aasland : Added file: https://bugs.python.org/file48921/0001-bpo-38380-Update-macOS-installer-to-use-SQLite-3.30.1.patch ___ Python tracker ___

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: I've updated these patches to sqlite3-3.30.1 (https://www.sqlite.org/releaselog/3_30_1.html). cpython-source-deps is updated (https://github.com/python/cpython-source-deps/pull/17). CPython commits are updated and rebased onto current 3.9 master:

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: Update: Tested on macOS 10.14.6 with make test on 2.7.17rc1, 3.7.5rc1+, 3.8.0rc1+. -- ___ Python tracker ___

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: FYI: Compiled cpython 3.9 with sqlite-3.30 on macOS 10.14.6. Make test completes without errors. -- ___ Python tracker ___

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: bpo-38380: Update Windows builds to use SQLite 3.30.0 https://github.com/erlend-aasland/cpython/commit/e25214e6fa7a64353d9c3e16b139c41f5d62eb31 -- Added file:

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: bpo-38380: Update macOS installer to use SQLite 3.30.0 https://github.com/erlend-aasland/cpython/commit/aa7d7b1a3bed9a6a73f0611d0542a3442e85b0b6 -- keywords: +patch Added file:

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Erlend Egeberg Aasland added the comment: I've prepared a PR for https://github.com/python/cpython-source-deps at https://github.com/erlend-aasland/cpython-source-deps/tree/upgrade-sqlite. Patches for Windows and macOS installer builds on 3.9 prepared at

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

Ned Deily added the comment: I verified it is exploitable via the sqlite3 module by adapting the test case from the SQLite ticket (https://www.sqlite.org/src/info/e4598ecbdd18bd82). But since it requires the exploiter to be able to specify raw SQL statements, it doesn't sound like it needs

[issue38380] Update SQLite to 3.30 in Windows and macOS installer builds

New submission from Big Stone : there is a security fix in sqlite-3.30 https://nvd.nist.gov/vuln/detail/CVE-2019-16168#VulnChangeHistorySection https://www.sqlite.org/releaselog/3_30_0.html -- messages: 354023 nosy: Big Stone priority: normal severity: normal status: open title: