From 99b3ea44295a2ec3aa841f83d81c9231f89cb6e5 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Mon, 2 Jan 2023 22:18:54 +0100 Subject: [PATCH] package/sqlite: security bump to version 3.40.1 Fixes the following security issues: CVE-2022-46908: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. Release notes: https://sqlite.org/releaselog/3_40_1.html Signed-off-by: Bernd Kuhls [Peter: mark as security bump] Signed-off-by: Peter Korsgaard --- package/sqlite/sqlite.hash | 2 +- package/sqlite/sqlite.mk | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/sqlite/sqlite.hash b/package/sqlite/sqlite.hash index ea4e30a463..36f6907fbc 100644 --- a/package/sqlite/sqlite.hash +++ b/package/sqlite/sqlite.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 0333552076d2700c75352256e91c78bf5cd62491589ba0c69aed0a81868980e7 sqlite-autoconf-3400000.tar.gz +sha256 2c5dea207fa508d765af1ef620b637dcb06572afa6f01f0815bd5bbf864b33d9 sqlite-autoconf-3400100.tar.gz sha256 66e056b6e8687f32af30d5187611b98b12a8f46f07aaf62f43585f276e8f0ac9 tea/license.terms diff --git a/package/sqlite/sqlite.mk b/package/sqlite/sqlite.mk index 9d0b60ab59..789eddfa0a 100644 --- a/package/sqlite/sqlite.mk +++ b/package/sqlite/sqlite.mk @@ -4,8 +4,8 @@ # ################################################################################ -SQLITE_VERSION = 3.40.0 -SQLITE_TAR_VERSION = 3400000 +SQLITE_VERSION = 3.40.1 +SQLITE_TAR_VERSION = 3400100 SQLITE_SOURCE = sqlite-autoconf-$(SQLITE_TAR_VERSION).tar.gz SQLITE_SITE = https://www.sqlite.org/2022 SQLITE_LICENSE = Public domain