|
| From: | Mark H Weaver |
| Subject: | bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327 |
| Date: | Thu, 25 Mar 2021 21:23:56 -0400 |
Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> writes:
> From b0f9566e9ff9a5f409a3fd4293c048ec58bc770d Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= <lle-bout@zaclys.net>
> Date: Thu, 18 Mar 2021 07:09:10 +0100
> Subject: [PATCH] gnu: sqlite: Update to 3.32.3 [security fixes].
>
> * gnu/packages/sqlite.scm (sqlite/fixed): New variable.
> (sqlite)[replacement]: Graft.
> ---
> gnu/packages/sqlite.scm | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/gnu/packages/sqlite.scm b/gnu/packages/sqlite.scm
> index eeb77749d8..cc378b359a 100644
> --- a/gnu/packages/sqlite.scm
> +++ b/gnu/packages/sqlite.scm
> @@ -65,6 +65,7 @@
> (sha256
> (base32
> "1bj936svd8i5g25xd1bj52hj4zca01fgl3sqkj86z9q5pkz4wa32"))))
> + (replacement sqlite/fixed)
> (build-system gnu-build-system)
> (inputs `(("readline" ,readline)))
> (native-inputs (if (hurd-target?)
> @@ -122,6 +123,26 @@ widely deployed SQL database engine in the world. The
> source code for SQLite
> is in the public domain.")
> (license license:public-domain)))
>
> +(define-public sqlite/fixed
> + (package/inherit sqlite
Just a reminder that, just as with 'mysql/fixed', 'sqlite/fixed' should
*not* use 'package/inherit', since the package you're defining is the
replacement for the package you're inheriting from.
Otherwise, it looks good to me!
Thanks,
Mark
| [Prev in Thread] | Current Thread | [Next in Thread] |