From 6e7ba45357078b31a369b23f8a9f38302dfcbb10 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 18 Mar 2021 07:09:10 +0100 Subject: gnu: sqlite: Update to 3.32.3 [security fixes]. Fixes CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327. * gnu/packages/sqlite.scm (sqlite/fixed): New variable. (sqlite)[replacement]: Graft. --- gnu/packages/sqlite.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/sqlite.scm b/gnu/packages/sqlite.scm index eeb77749d8..a48d724488 100644 --- a/gnu/packages/sqlite.scm +++ b/gnu/packages/sqlite.scm @@ -65,6 +65,7 @@ (sha256 (base32 "1bj936svd8i5g25xd1bj52hj4zca01fgl3sqkj86z9q5pkz4wa32")))) + (replacement sqlite/fixed) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (native-inputs (if (hurd-target?) @@ -122,6 +123,27 @@ widely deployed SQL database engine in the world. The source code for SQLite is in the public domain.") (license license:public-domain))) +(define-public sqlite/fixed + (package + (inherit sqlite) + (version "3.32.3") + (source (origin + (method url-fetch) + (uri (let ((numeric-version + (match (string-split version #\.) + ((first-digit other-digits ...) + (string-append first-digit + (string-pad-right + (string-concatenate + (map (cut string-pad <> 2 #\0) + other-digits)) + 6 #\0)))))) + (string-append "https://sqlite.org/2020/sqlite-autoconf-" + numeric-version ".tar.gz"))) + (sha256 + (base32 + "0rlbaq177gcgk5dswd3akbhv2nvvzljrbhgy18hklbhw7h90f5d3")))))) + ;; Column metadata support was added to the regular 'sqlite' package with ;; commit fad5b1a6d8d9c36bea5785ae4fbc1beb37e644d7. (define-public sqlite-with-column-metadata -- cgit v1.2.3