deleted file mode 100644

@@ -1,14 +0,0 @@

-diff -dupr a/sqlite3.c b/sqlite3.c

-+++ b/sqlite3.c	2017-07-14 14:11:49.114553056 -0700

-@@ -167480,6 +167480,10 @@ static int getNodeSize(

-     rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);

-     if( rc!=SQLITE_OK ){

-       *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));

-+    }else if( pRtree->iNodeSize<(512-64) ){

-+      rc = SQLITE_CORRUPT;

-+      *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",

-+                               pRtree->zName);

-     }

-   }

- 

deleted file mode 100644

@@ -1,79 +0,0 @@

-From 4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae Mon Sep 17 00:00:00 2001

-From: dan <dan@noemail.net>

-Date: Fri, 3 Apr 2020 11:52:59 +0000

-Subject: [PATCH] Do not suppress errors when resolving references in an ORDER

- BY clause belonging to a compound SELECT within a view or trigger within

- ALTER TABLE. Fix for ticket [a10a14e9b4ba2].

-

-FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026

-

-From c415d91007e1680e4eb17def583b202c3c83c718 Mon Sep 17 00:00:00 2001

-From: drh <drh@noemail.net>

-Date: Fri, 3 Apr 2020 13:19:03 +0000

-Subject: [PATCH] In the event of a semantic error in an aggregate query,

- early-out the resetAccumulator() function to prevent problems due to

- incomplete or incorrect initialization of the AggInfo object. Fix for ticket

- [af4556bb5c285c08].

-

-From fb99e388ec7f30fe43e4878236e3695ff24ae58d Mon Sep 17 00:00:00 2001

-From: dan <dan@noemail.net>

-Date: Fri, 3 Apr 2020 11:20:40 +0000

-Subject: [PATCH] Fix a case when a pointer might be used after being freed in

- the ALTER TABLE code. Fix for [4722bdab08cb1].

-

-FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906

-

-Upstream Patch Source: https://www3.sqlite.org/cgi/src/info/b64674919f673602

-Upstream Patch Source: https://www.sqlite.org/src/info/d09f8c3621d5f7f8

-

-diff --git a/sqlite3.c b/sqlite3.c

-index 55dc686..82eb682 100644

-+++ b/sqlite3.c

-@@ -97942,7 +97942,7 @@ static int resolveOrderByTermToExprList(

-   nc.nErr = 0;

-   db = pParse->db;

-   savedSuppErr = db->suppressErr;

--  db->suppressErr = 1;

-+  if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1;

-   rc = sqlite3ResolveExprNames(&nc, pE);

-   db->suppressErr = savedSuppErr;

-   if( rc ) return 0;

-@@ -105374,6 +105374,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){

-   }

- }

- 

-+/*

-+** Unmap all tokens in the IdList object passed as the second argument.

-+*/

-+static void unmapColumnIdlistNames(

-+  Parse *pParse,

-+  IdList *pIdList

-+){

-+  if( pIdList ){

-+    int ii;

-+    for(ii=0; ii<pIdList->nId; ii++){

-+      sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName);

-+    }

-+  }

-+}

-+

- /*

- ** Walker callback used by sqlite3RenameExprUnmap().

- */

-@@ -105395,6 +105410,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){

-     for(i=0; i<pSrc->nSrc; i++){

-       sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName);

-       if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort;

-+      unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing);

-     }

-   }

- 

-@@ -133217,6 +133233,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){

-   struct AggInfo_func *pFunc;

-   int nReg = pAggInfo->nFunc + pAggInfo->nColumn;

-   if( nReg==0 ) return;

-+  if( pParse->nErr ) return;

- #ifdef SQLITE_DEBUG

-   /* Verify that all AggInfo registers are within the range specified by

-   ** AggInfo.mnReg..AggInfo.mxReg */

new file mode 100644

@@ -0,0 +1,46 @@

+From b7cbf5c1b2a9e099eec176e1ebeb659427a20626 Mon Sep 17 00:00:00 2001

+From: drh <drh@noemail.net>

+Date: Mon, 15 Jun 2020 13:51:34 +0000

+Subject: [PATCH] Fix a defect in the query-flattener optimization identified

+ by ticket [8f157e8010b22af0].

+

+FossilOrigin-Name: 10fa79d00f8091e5748c245f4cae5b5f499a5f8db20da741c130e05a21ede443

+---

+--- a/sqlite3.c	2020-07-03 17:19:04.330032521 +0530

+@@ -18462,6 +18462,7 @@ struct Select {

+ #define SF_WhereBegin    0x0080000 /* Really a WhereBegin() call.  Debug Only */

+ #define SF_WinRewrite    0x0100000 /* Window function rewrite accomplished */

+ #define SF_View          0x0200000 /* SELECT statement is a view */

++#define SF_NoopOrderBy   0x0400000 /* ORDER BY is ignored for this query */

+ 

+ /*

+ ** The results of a SELECT can be distributed in several ways, as defined

+@@ -131551,9 +131552,7 @@ static int multiSelect(

+                           selectOpName(p->op)));

+         rc = sqlite3Select(pParse, p, &uniondest);

+         testcase( rc!=SQLITE_OK );

+-        /* Query flattening in sqlite3Select() might refill p->pOrderBy.

+-        ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */

+-        sqlite3ExprListDelete(db, p->pOrderBy);

++        assert( p->pOrderBy==0 );

+         pDelete = p->pPrior;

+         p->pPrior = pPrior;

+         p->pOrderBy = 0;

+@@ -132939,7 +132938,7 @@ static int flattenSubquery(

+     ** We look at every expression in the outer query and every place we see

+     ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".

+     */

+-    if( pSub->pOrderBy ){

++    if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){

+       /* At this point, any non-zero iOrderByCol values indicate that the

+       ** ORDER BY column expression is identical to the iOrderByCol'th

+       ** expression returned by SELECT statement pSub. Since these values

+@@ -134621,6 +134620,7 @@ SQLITE_PRIVATE int sqlite3Select(

+     sqlite3ExprListDelete(db, p->pOrderBy);

+     p->pOrderBy = 0;

+     p->selFlags &= ~SF_Distinct;

++    p->selFlags |= SF_NoopOrderBy;

+   }

+   sqlite3SelectPrep(pParse, p, 0);

+   if( pParse->nErr || db->mallocFailed ){

deleted file mode 100644

@@ -1,81 +0,0 @@

-diff -ru a/sqlite3.c b/sqlite3.c

-+++ b/sqlite3.c	2020-04-15 20:18:27.531621936 +0000

-@@ -17428,8 +17428,11 @@

- */

- #ifndef SQLITE_OMIT_VIRTUALTABLE

- #  define IsVirtual(X)      ((X)->nModuleArg)

-+#  define ExprIsVtab(X)  \

-+              ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)

- #else

- #  define IsVirtual(X)      0

-+#  define ExprIsVtab(X)     0

- #endif

- 

- /*

-@@ -104133,19 +104136,25 @@

-     case TK_LT:

-     case TK_LE:

-     case TK_GT:

--    case TK_GE:

-+    case TK_GE: {

-+      Expr *pLeft = pExpr->pLeft;

-+      Expr *pRight = pExpr->pRight;      

-       testcase( pExpr->op==TK_EQ );

-       testcase( pExpr->op==TK_NE );

-       testcase( pExpr->op==TK_LT );

-       testcase( pExpr->op==TK_LE );

-       testcase( pExpr->op==TK_GT );

-       testcase( pExpr->op==TK_GE );

--      if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))

--       || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))

-+      /* The y.pTab=0 assignment in wherecode.c always happens after the

-+      ** impliesNotNullRow() test */

-+      if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)

-+                               && IsVirtual(pLeft->y.pTab))

-+       || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)

-+                               && IsVirtual(pRight->y.pTab))

-       ){

--       return WRC_Prune;

-+        return WRC_Prune;

-       }

--

-+    }

-     default:

-       return WRC_Continue;

-   }

-@@ -142591,7 +142600,8 @@

-     **       MATCH(expression,vtab_column)

-     */

-     pCol = pList->a[1].pExpr;

--    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){

-+    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );

-+    if( ExprIsVtab(pCol) ){

-       for(i=0; i<ArraySize(aOp); i++){

-         if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){

-           *peOp2 = aOp[i].eOp2;

-@@ -142613,7 +142623,8 @@

-     ** with function names in an arbitrary case.

-     */

-     pCol = pList->a[0].pExpr;

--    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){

-+    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );

-+    if( ExprIsVtab(pCol) ){    

-       sqlite3_vtab *pVtab;

-       sqlite3_module *pMod;

-       void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);

-@@ -142636,10 +142647,12 @@

-     int res = 0;

-     Expr *pLeft = pExpr->pLeft;

-     Expr *pRight = pExpr->pRight;

--    if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){

-+    testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );

-+    if( ExprIsVtab(pLeft) ){    

-       res++;

-     }

--    if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){

-+    testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );

-+    if( pRight && ExprIsVtab(pRight) ){

-       res++;

-       SWAP(Expr*, pLeft, pRight);

-     }

@@ -1,7 +1,7 @@

-%define sourcever 3310100

+%define sourcever 3320100

 Summary:    A portable, high level programming interface to various calling conventions

 Name:           sqlite

-Version:        3.31.1

+Version:        3.32.1

 Release:        1%{?dist}

 License:        Public Domain

 URL:            http://www.sqlite.org

@@ -9,9 +9,8 @@ Group:          System Environment/GeneralLibraries

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://sqlite.org/2020/%{name}-autoconf-%{sourcever}.tar.gz

-%define sha1    sqlite=0c30f5b22152a8166aa3bebb0f4bc1f3e9cc508b

-Patch0:         sqlite-CVE-2020-11656.patch

-Patch1:         sqlite-CVE-2020-9327.patch

+%define sha1    sqlite=3d34d86ef726b66edeb0b93b2a4c0d036ea8dcf3

+Patch0:         sqlite-CVE-2020-15358.patch

 Obsoletes:      sqlite-autoconf

 Obsoletes:      sqlite-devel <= 3.27.2-5

 Requires:       sqlite-libs = %{version}-%{release}

@@ -41,7 +40,6 @@ The sqlite3 library.

 %prep

 %setup -q -n %{name}-autoconf-%{sourcever}

 %patch0 -p1

-%patch1 -p1

 %build

 %configure \

@@ -91,9 +89,12 @@ rm -rf %{buildroot}/*

 %{_libdir}/libsqlite3.so.0

 %changelog

+*   Fri Jul 03 2020 Shreyas B <shreyasb@vmware.com> 3.32.1-1

+-   Upgrade to 3.32.1 & fix CVE-2020-15358

+-   CVE-2020-13630 CVE-2020-13434 CVE-2020-13435 CVE-2020-13631 CVE-2020-13632

 *   Thu May 14 2020 Ankit Jain <ankitja@vmware.com> 3.31.1-1

 -   Updated to 3.31.1

-*   Wed Feb 3 2019 Michelle Wang <michellew@vmware.com> 3.26.0-1

+*   Sun Feb 3 2019 Michelle Wang <michellew@vmware.com> 3.26.0-1

 -   Upgrade to 3.26.0 for a critical Vulnerability named 'Magallan'.

 *   Fri Sep 21 2018 Srinidhi Rao <srinidhir@vmware.com> 3.25.1-1

 -   Upgrade to version 3.25.1