@@ -1,22 +1,23 @@

 %define perl_vendorarchdir %(test %{_host} == %{_build} && echo %{perl_vendorarch} || echo %{perl_vendorarch} | sed 's/x86_64-linux-thread-multi/%{_arch}-linux/')

-# Got the intial spec from Fedora and modified it

 Summary:        SQLite DBI Driver

 Name:           perl-DBD-SQLite

-Version:        1.62

-Release:        2%{?dist}

+Version:        1.64

+Release:        1%{?dist}

 Group:          Development/Libraries

 License:        (GPL+ or Artistic) and Public Domain

 URL:            http://search.cpan.org/dist/DBD-SQLite/

 Source0:        https://cpan.metacpan.org/authors/id/I/IS/ISHIGAKI/DBD-SQLite-%{version}.tar.gz

-%define sha1    DBD-SQLite=e4fb2fca987e92f5949fb5a50990bc963f8fe164

+%define sha1    DBD-SQLite=ab3dc0e88e75f5db0be79656a515b4bb7804997c

 Vendor:         VMware, Inc.

 Distribution:   Photon

+Patch0:         use-system-sqlite.patch

 BuildRequires:  sqlite-devel >= 3.22.0

 BuildRequires:  perl >= 5.28.0

 BuildRequires:  perl-DBI

 Requires:       perl-DBI

 Requires:       perl >= 5.28.0

+Requires:       sqlite-libs >= 3.31.1

 %description

 SQLite is a public domain RDBMS database engine that you can find at

@@ -27,6 +28,8 @@ libraries.

 %prep

 %setup -q -n DBD-SQLite-%{version}

+%patch0 -p1

+rm sqlite*

 %build

 CFLAGS="%{optflags}" perl Makefile.PL INSTALLDIRS=vendor AR=%{_host}-ar CC=%{_host}-gcc LD=%{_host}-gcc OPTIMIZE="%{optflags}"

@@ -52,6 +55,8 @@ make test

 %{_mandir}/man3/*

 %changelog

+*   Thu May 14 2020 Ankit Jain <ankitja@vmware.com> 1.64-1

+-   Updated to 1.64, Use system sqlite instead of bundled one

 *   Wed Jul 03 2019 Alexey Makhalov <amakhalov@vmware.com> 1.62-2

 -   Cross compilation support

 *   Tue Jan 22 2019 Michelle Wang <michellew@vmware.com> 1.62-1

new file mode 100644

@@ -0,0 +1,22 @@

+From d5d5e3c8baeef0c7897b1af3b03b338ae70ab5d8 Mon Sep 17 00:00:00 2001

+From: Ankit Jain <ankitja@vmware.com>

+Date: Thu, 14 May 2020 12:29:22 +0000

+Subject: [PATCH] Use system sqlite instead of bundled one

+

+---

+ Makefile.PL | 2 +-

+ 1 file changed, 1 insertion(+), 1 deletion(-)

+

+diff --git a/Makefile.PL b/Makefile.PL

+index 5c832af..5f308ab 100644

+--- a/Makefile.PL

+@@ -129,7 +129,7 @@ SCOPE: {

+ # a system sqlite is also sophisticated enough to have a patching system

+ # that can change the if ( 0 ) to if ( 1 )

+ my ($sqlite_local, $sqlite_base, $sqlite_lib, $sqlite_inc);

+-if ( 0 ) {

++if ( 1 ) {

+ 	require File::Spec;

+ 	if ( $sqlite_base = (grep(/SQLITE_LOCATION=.*/, @ARGV))[0] ) {

+ 		$sqlite_base =~ /=(.*)/;

new file mode 100644

@@ -0,0 +1,79 @@

+From 4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae Mon Sep 17 00:00:00 2001

+From: dan <dan@noemail.net>

+Date: Fri, 3 Apr 2020 11:52:59 +0000

+Subject: [PATCH] Do not suppress errors when resolving references in an ORDER

+ BY clause belonging to a compound SELECT within a view or trigger within

+ ALTER TABLE. Fix for ticket [a10a14e9b4ba2].

+

+FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026

+

+From c415d91007e1680e4eb17def583b202c3c83c718 Mon Sep 17 00:00:00 2001

+From: drh <drh@noemail.net>

+Date: Fri, 3 Apr 2020 13:19:03 +0000

+Subject: [PATCH] In the event of a semantic error in an aggregate query,

+ early-out the resetAccumulator() function to prevent problems due to

+ incomplete or incorrect initialization of the AggInfo object. Fix for ticket

+ [af4556bb5c285c08].

+

+From fb99e388ec7f30fe43e4878236e3695ff24ae58d Mon Sep 17 00:00:00 2001

+From: dan <dan@noemail.net>

+Date: Fri, 3 Apr 2020 11:20:40 +0000

+Subject: [PATCH] Fix a case when a pointer might be used after being freed in

+ the ALTER TABLE code. Fix for [4722bdab08cb1].

+

+FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906

+

+Upstream Patch Source: https://www3.sqlite.org/cgi/src/info/b64674919f673602

+Upstream Patch Source: https://www.sqlite.org/src/info/d09f8c3621d5f7f8

+

+diff --git a/sqlite3.c b/sqlite3.c

+index 55dc686..82eb682 100644

+--- a/sqlite3.c

+@@ -97942,7 +97942,7 @@ static int resolveOrderByTermToExprList(

+   nc.nErr = 0;

+   db = pParse->db;

+   savedSuppErr = db->suppressErr;

+-  db->suppressErr = 1;

++  if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1;

+   rc = sqlite3ResolveExprNames(&nc, pE);

+   db->suppressErr = savedSuppErr;

+   if( rc ) return 0;

+@@ -105374,6 +105374,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){

+   }

+ }

+ 

++/*

++** Unmap all tokens in the IdList object passed as the second argument.

++*/

++static void unmapColumnIdlistNames(

++  Parse *pParse,

++  IdList *pIdList

++){

++  if( pIdList ){

++    int ii;

++    for(ii=0; ii<pIdList->nId; ii++){

++      sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName);

++    }

++  }

++}

++

+ /*

+ ** Walker callback used by sqlite3RenameExprUnmap().

+ */

+@@ -105395,6 +105410,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){

+     for(i=0; i<pSrc->nSrc; i++){

+       sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName);

+       if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort;

++      unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing);

+     }

+   }

+ 

+@@ -133217,6 +133233,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){

+   struct AggInfo_func *pFunc;

+   int nReg = pAggInfo->nFunc + pAggInfo->nColumn;

+   if( nReg==0 ) return;

++  if( pParse->nErr ) return;

+ #ifdef SQLITE_DEBUG

+   /* Verify that all AggInfo registers are within the range specified by

+   ** AggInfo.mnReg..AggInfo.mxReg */

new file mode 100644

@@ -0,0 +1,81 @@

+diff -ru a/sqlite3.c b/sqlite3.c

+--- a/sqlite3.c	2020-04-15 19:13:56.869715394 +0000

+@@ -17428,8 +17428,11 @@

+ */

+ #ifndef SQLITE_OMIT_VIRTUALTABLE

+ #  define IsVirtual(X)      ((X)->nModuleArg)

++#  define ExprIsVtab(X)  \

++              ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)

+ #else

+ #  define IsVirtual(X)      0

++#  define ExprIsVtab(X)     0

+ #endif

+ 

+ /*

+@@ -104133,19 +104136,25 @@

+     case TK_LT:

+     case TK_LE:

+     case TK_GT:

+-    case TK_GE:

++    case TK_GE: {

++      Expr *pLeft = pExpr->pLeft;

++      Expr *pRight = pExpr->pRight;      

+       testcase( pExpr->op==TK_EQ );

+       testcase( pExpr->op==TK_NE );

+       testcase( pExpr->op==TK_LT );

+       testcase( pExpr->op==TK_LE );

+       testcase( pExpr->op==TK_GT );

+       testcase( pExpr->op==TK_GE );

+-      if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))

+-       || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))

++      /* The y.pTab=0 assignment in wherecode.c always happens after the

++      ** impliesNotNullRow() test */

++      if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)

++                               && IsVirtual(pLeft->y.pTab))

++       || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)

++                               && IsVirtual(pRight->y.pTab))

+       ){

+-       return WRC_Prune;

++        return WRC_Prune;

+       }

+-

++    }

+     default:

+       return WRC_Continue;

+   }

+@@ -142591,7 +142600,8 @@

+     **       MATCH(expression,vtab_column)

+     */

+     pCol = pList->a[1].pExpr;

+-    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){

++    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );

++    if( ExprIsVtab(pCol) ){

+       for(i=0; i<ArraySize(aOp); i++){

+         if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){

+           *peOp2 = aOp[i].eOp2;

+@@ -142613,7 +142623,8 @@

+     ** with function names in an arbitrary case.

+     */

+     pCol = pList->a[0].pExpr;

+-    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){

++    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );

++    if( ExprIsVtab(pCol) ){    

+       sqlite3_vtab *pVtab;

+       sqlite3_module *pMod;

+       void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);

+@@ -142636,10 +142647,12 @@

+     int res = 0;

+     Expr *pLeft = pExpr->pLeft;

+     Expr *pRight = pExpr->pRight;

+-    if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){

++    testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );

++    if( ExprIsVtab(pLeft) ){    

+       res++;

+     }

+-    if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){

++    testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );

++    if( pRight && ExprIsVtab(pRight) ){

+       res++;

+       SWAP(Expr*, pLeft, pRight);

+     }

@@ -1,16 +1,19 @@

-%define sourcever 3260000

+%define sourcever 3310100

 Summary:    A portable, high level programming interface to various calling conventions

 Name:           sqlite

-Version:        3.26.0

+Version:        3.31.1

 Release:        1%{?dist}

 License:        Public Domain

 URL:            http://www.sqlite.org

 Group:          System Environment/GeneralLibraries

 Vendor:         VMware, Inc.

 Distribution:   Photon

-Source0:        http://sqlite.org/2018/%{name}-autoconf-%{sourcever}.tar.gz

-%define sha1    sqlite=9af2df1a6da5db6e2ecf3f463625f16740e036e9

+Source0:        http://sqlite.org/2020/%{name}-autoconf-%{sourcever}.tar.gz

+%define sha1    sqlite=0c30f5b22152a8166aa3bebb0f4bc1f3e9cc508b

+Patch0:         sqlite-CVE-2020-11656.patch

+Patch1:         sqlite-CVE-2020-9327.patch

 Obsoletes:      sqlite-autoconf

+Obsoletes:      sqlite-devel <= 3.27.2-5

 Requires:       sqlite-libs = %{version}-%{release}

 Provides:       sqlite3

 %description

@@ -37,15 +40,17 @@ The sqlite3 library.

 %prep

 %setup -q -n %{name}-autoconf-%{sourcever}

+%patch0 -p1

+%patch1 -p1

 %build

 %configure \

-    CFLAGS="%{optflags}"                \

-    CXXFLAGS="%{optflags}               \

+    CFLAGS="%{optflags}                 \

     -DSQLITE_ENABLE_FTS3=1              \

     -DSQLITE_ENABLE_COLUMN_METADATA=1   \

     -DSQLITE_ENABLE_UNLOCK_NOTIFY=1     \

     -DSQLITE_SECURE_DELETE=1"           \

+    CXXFLAGS="%{optflags}"              \

     --disable-static

 make

@@ -77,15 +82,17 @@ rm -rf %{buildroot}/*

 %files devel

 %defattr(-,root,root)

 %{_libdir}/libsqlite3.so

-%{_libdir}/libsqlite3.so.0

 %{_libdir}/pkgconfig/*

 %{_includedir}/*

 %files libs

 %defattr(-,root,root)

 %{_libdir}/libsqlite3.so.0.8.6

+%{_libdir}/libsqlite3.so.0

 %changelog

+*   Thu May 14 2020 Ankit Jain <ankitja@vmware.com> 3.31.1-1

+-   Updated to 3.31.1

 *   Wed Feb 3 2019 Michelle Wang <michellew@vmware.com> 3.26.0-1

 -   Upgrade to 3.26.0 for a critical Vulnerability named 'Magallan'.

 *   Fri Sep 21 2018 Srinidhi Rao <srinidhir@vmware.com> 3.25.1-1