From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33589) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gZ5XG-0004mU-Ac for guix-patches@gnu.org; Mon, 17 Dec 2018 21:55:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gZ5XC-0001FM-IH for guix-patches@gnu.org; Mon, 17 Dec 2018 21:55:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:48174) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gZ5XC-0001F8-Dp for guix-patches@gnu.org; Mon, 17 Dec 2018 21:55:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gZ5XC-0006br-Be for guix-patches@gnu.org; Mon, 17 Dec 2018 21:55:02 -0500 Subject: [bug#33783] [PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes]. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33366) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gZ5Vx-0004e7-Ln for guix-patches@gnu.org; Mon, 17 Dec 2018 21:53:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gZ5Vt-0006fV-QO for guix-patches@gnu.org; Mon, 17 Dec 2018 21:53:45 -0500 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:45152) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gZ5Vo-0006Gw-0C for guix-patches@gnu.org; Mon, 17 Dec 2018 21:53:38 -0500 Received: by mail-pl1-x642.google.com with SMTP id a14so7080959plm.12 for ; Mon, 17 Dec 2018 18:53:27 -0800 (PST) From: Alex Vong Date: Tue, 18 Dec 2018 10:53:19 +0800 Message-ID: <87mup31r6o.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 33783@debbugs.gnu.org Cc: alexvong1995@gmail.com --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Tag: security Hello, This patch grafts sqlite to its latest version. It also changes all the sqlite-* packages to use 'package/inherit' so that they get the replacement as well. See for details. --=-=-= Content-Type: text/x-diff; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-sqlite-Replace-with-3.26.0-security-fixes.patch Content-Transfer-Encoding: quoted-printable From=209d0fae1e1fa2fc13bd794bb2dbeb89750c772cfb Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Tue, 18 Dec 2018 10:36:52 +0800 Subject: [PATCH] gnu: sqlite: Replace with 3.26.0 [security fixes]. Fixes . Reported by Marius Bakke . * gnu/packages/databases.scm (sqlite-3.26.0): New public variable. (sqlite)[replacement]: Use it. (sqlite-with-fts5): Use 'package/inherit'. (sqlite-with-column-metadata): Likewise. =2D-- gnu/packages/databases.scm | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 0fa6d451e..78d9a6739 100644 =2D-- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -24,7 +24,7 @@ ;;; Copyright =C2=A9 2017 Adriano Peluso ;;; Copyright =C2=A9 2017 Arun Isaac ;;; Copyright =C2=A9 2017, 2018 Tobias Geerinckx-Rice =2D;;; Copyright =C2=A9 2017 Alex Vong +;;; Copyright =C2=A9 2017, 2018 Alex Vong ;;; Copyright =C2=A9 2017, 2018 Ben Woodcroft ;;; Copyright =C2=A9 2017 Rutger Helling ;;; Copyright =C2=A9 2017, 2018 Pierre Langlois @@ -1183,6 +1183,7 @@ changes.") (define-public sqlite (package (name "sqlite") + (replacement sqlite-3.26.0) (version "3.24.0") (source (origin (method url-fetch) @@ -1219,9 +1220,29 @@ widely deployed SQL database engine in the world. T= he source code for SQLite is in the public domain.") (license license:public-domain))) =20 +(define-public sqlite-3.26.0 + (package/inherit sqlite + (version "3.26.0") + (source (origin + (method url-fetch) + (uri (let ((numeric-version + (match (string-split version #\.) + ((first-digit other-digits ...) + (string-append first-digit + (string-pad-right + (string-concatenate + (map (cut string-pad <> 2 #\= 0) + other-digits)) + 6 #\0)))))) + (string-append "https://sqlite.org/2018/sqlite-autoco= nf-" + numeric-version ".tar.gz"))) + (sha256 + (base32 + "0pdzszb4sp73hl36siiv3p300jvfvbcdxi2rrmkwgs6inwznmajx"))))= )) + ;; This is used by Tracker. (define-public sqlite-with-fts5 =2D (package (inherit sqlite) + (package/inherit sqlite (name "sqlite-with-fts5") (arguments (substitute-keyword-arguments (package-arguments sqlite) @@ -1230,7 +1251,7 @@ is in the public domain.") =20 ;; This is used by Qt. (define-public sqlite-with-column-metadata =2D (package (inherit sqlite) + (package/inherit sqlite (name "sqlite-with-column-metadata") (arguments (substitute-keyword-arguments (package-arguments sqlite) =2D-=20 2.19.2 --=-=-= Content-Type: text/plain Cheers, Alex --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCXBhhHwAKCRBh71Au9gJS 8uQDAP9K/j4Fho5Y0tGj2rPYQLgh2/X4rJ+Ad+xIKAtSja48xAEAyWKJMtJibdKy D55YjKFBOZJ59CTp0rJcPU+WYFdBgQk= =sDdb -----END PGP SIGNATURE----- --==-=-=--