From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 09 May 2025 15:44:02 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uDO1C-003oDA-2w for lore@lore.pengutronix.de; Fri, 09 May 2025 15:44:02 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uDO1C-0003NY-JE; Fri, 09 May 2025 15:44:02 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1uDO10-0003NF-Iv; Fri, 09 May 2025 15:43:50 +0200 Received: from pty.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::c5]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uDO0z-001tgq-2N; Fri, 09 May 2025 15:43:49 +0200 Received: from mol by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1uDO0z-00COsF-1y; Fri, 09 May 2025 15:43:49 +0200 Date: Fri, 9 May 2025 15:43:49 +0200 From: Michael Olbrich To: Roman Schnider Message-ID: <20250509134349.GH1080564@pengutronix.de> Mail-Followup-To: Roman Schnider , Roman Schnider via ptxdist References: <20250508081437.16799-1-r.schnider@cab.de> <4c1f6d51-22ce-4c74-a7c5-561cb7aa2df7@cab.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4c1f6d51-22ce-4c74-a7c5-561cb7aa2df7@cab.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-IRC: #ptxdist @freenode Subject: Re: [ptxdist] [PATCH v2] sqlite: version bump 3.48.0 -> 3.49.2 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Roman Schnider via ptxdist Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Fri, May 09, 2025 at 01:29:40PM +0000, Roman Schnider wrote: > > On Thu, May 08, 2025 at 10:12:53AM +0200, Roman Schnider via ptxdist wrote: > >> https://www.sqlite.org/releaselog/3_49_2.html > >> > >> * Addresses CVE-2025-29088 and CVE-2025-3277 > >> https://www.sqlite.org/cves.html > >> > >> * Adjust build options, disabled JSON support > >> * Install missing symlink libsqlite3.so -> libsqlite3.so.3.49.2 in the targetinstall stage. > >> > >> Signed-off-by: Roman Schnider > >> --- > >> v2: > >> - Bump to 3.49.2 since just released yesterday > >> - Since 3.49.0, the shared library is named using the package version, e.g. libsqlite3.so.3.49.2 > >> The install_lib macro does create a libsqlite3.so.0 symlink, but the libsqlite3.so one is missing. > >> Create it manually. > >> > >> rules/sqlite.make | 11 +++++++---- > >> 1 file changed, 7 insertions(+), 4 deletions(-) > >> > >> diff --git a/rules/sqlite.make b/rules/sqlite.make > >> index f75edfbd5..3eb011062 100644 > >> --- a/rules/sqlite.make > >> +++ b/rules/sqlite.make > >> @@ -29,8 +29,8 @@ endef > >> # > >> # Paths and names > >> # > >> -SQLITE_VERSION := 3.48.0 > >> -SQLITE_MD5 := ab4e0652b6dedb075faf7a2781ba2c20 > >> +SQLITE_VERSION := 3.49.2 > >> +SQLITE_MD5 := 46ef8fec4c97ec77ab27659ad27b28b0 > >> SQLITE := sqlite-autoconf-$(call sqlite/file-version,$(SQLITE_VERSION)) > >> SQLITE_SUFFIX := tar.gz > >> SQLITE_URL := https://www.sqlite.org/2025/$(SQLITE).$(SQLITE_SUFFIX) > >> @@ -67,8 +67,9 @@ SQLITE_CONF_OPT := \ > >> --disable-editline \ > >> --$(call ptx/endis,PTXCONF_SQLITE_READLINE)-readline \ > >> --$(call ptx/endis,PTXCONF_SQLITE_THREADSAFE)-threadsafe \ > >> - --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-dynamic-extensions \ > >> + --$(call ptx/endis,PTXCONF_SQLITE_LOAD_EXTENSION)-load-extension \ > >> --disable-math \ > >> + --disable-json \ > > > > See my comment on v1. > > > >> --enable-fts4 \ > >> --enable-fts3 \ > >> --disable-fts5 \ > >> @@ -90,7 +91,9 @@ $(STATEDIR)/sqlite.targetinstall: > >> @$(call install_fixup, sqlite,AUTHOR,"Ladislav Michl ") > >> @$(call install_fixup, sqlite,DESCRIPTION,missing) > >> > >> - @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) > >> + @$(call install_lib, sqlite, 0, 0, 0644, libsqlite3) > >> + @$(call install_link, sqlite, libsqlite3.so.$(SQLITE_VERSION), \ > >> + /usr/lib/libsqlite3.so) > > > > PTXdist drops this link explicitly, because it should not be needed at > > runtime. It is typically used to find -lsqlite3 at build-time. The linker > > will then use the 'soname' which is libsqlite3.so.0 here. And that link > > exists. > > So why do you need libsqlite3.so here? > > Since 3.49.0 the build does not create a shared library including the > SONAME entry with 'libsqlite3.so.0' anymore. A binary linked against it > will then include the default name libsqlite3.so for the NEEDED entry, > which is not there: > $ arm-v7a-linux-gnueabihf-objdump -p sqlite-test | grep NEEDED > NEEDED libz.so.1 > NEEDED libsqlite3.so > NEEDED libc.so.6 > > > A detailed explication why they removed the soname can be found here: > https://sqlite.org/src/forumpost/5a3b44f510df8ded Thank you for the explication. > I guess we now have to options: > 1. add the link manually > 2. change the configuration to use the option --soname=legacy Please use --soname=legacy so that we can keep the rest as is. Michael > >> ifdef PTXCONF_SQLITE_TOOL > >> @$(call install_copy, sqlite, 0, 0, 0755, -, /usr/bin/sqlite3) > >> -- > >> 2.43.0 -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |