[PATCH] Update databases/sqlite3 to 3.8.10 to fix sec. vuln.

To: pkgsrc-users%NetBSD.org@localhost
Subject: [PATCH] Update databases/sqlite3 to 3.8.10 to fix sec. vuln.
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Fri, 8 May 2015 17:40:12 -0500

Hello!

"pkg_admin audit" reports:

===
Package sqlite3-3.8.8.3 has a multiple-vulnerabilities vulnerability, see http://lcamtuf.blogspot.dk/2015/04/finding-bugs-in-sqlite-easy-way.html
===

Below is a patch against pkgsrc-2015Q1 to update databases/sqlite3
to version 3.8.10 which includes fixes for the bugs found by the AFL
fuzzer.  The fact that it includes these fixes is noted in the SQLite3
3.8.10 release notes [1].  Would a developer be willing to review and
commit?

I reviewed the changes made between version 3.8.8.3 and 3.8.10, and
I don't think the API nor the ABI changed in a backward incompatible
way.  However, my review was based on the release notes and on the diffs
from commit 30121870 and 0404ef88.  I'm not positive I looked at the
right diffs because I don't know anything about Fossil nor the SQLite
development model.

Thank you!

Lewis

[1] http://www.sqlite.org/releaselog/3_8_10.html

Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/databases/sqlite3/Makefile,v
retrieving revision 1.92
diff -u -r1.92 Makefile
--- Makefile	2 Mar 2015 13:34:16 -0000	1.92
+++ Makefile	8 May 2015 21:31:21 -0000
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.92 2015/03/02 13:34:16 adam Exp $
 
-DISTNAME=	sqlite-autoconf-3080803
-PKGNAME=	sqlite3-3.8.8.3
+DISTNAME=	sqlite-autoconf-3081000
+PKGNAME=	sqlite3-3.8.10
 CATEGORIES=	databases
 MASTER_SITES=	http://www.hwaci.com/sw/sqlite/2015/ \
 		http://www.sqlite.org/2015/
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/databases/sqlite3/distinfo,v
retrieving revision 1.101
diff -u -r1.101 distinfo
--- distinfo	2 Mar 2015 13:34:16 -0000	1.101
+++ distinfo	8 May 2015 21:31:21 -0000
@@ -1,5 +1,5 @@
 $NetBSD: distinfo,v 1.101 2015/03/02 13:34:16 adam Exp $
 
-SHA1 (sqlite-autoconf-3080803.tar.gz) = 2fe3f6226a2a08a2e814b97cd53e36bb3c597112
-RMD160 (sqlite-autoconf-3080803.tar.gz) = 9063dd4ae39745dfe44d99f514ec084ee4442685
-Size (sqlite-autoconf-3080803.tar.gz) = 2021112 bytes
+SHA1 (sqlite-autoconf-3081000.tar.gz) = 7e92b4f78d4648fb2a97a4dc721490cc08653a0b
+RMD160 (sqlite-autoconf-3081000.tar.gz) = 934884ac3f0ce83ea4ad98f6a9f5cb4b17dd2aab
+Size (sqlite-autoconf-3081000.tar.gz) = 2049170 bytes

Follow-Ups:
- Re: [PATCH] Update databases/sqlite3 to 3.8.10 to fix sec. vuln.
  - From: Benny Siegert

Prev by Date: business leads
Next by Date: Are you financially Squeezed?
Previous by Thread: business leads
Next by Thread: Re: [PATCH] Update databases/sqlite3 to 3.8.10 to fix sec. vuln.
Indexes:

Home | Main Index | Thread Index | Old Index