!106 修复漏洞CVE-2023-7104

From: @Jeremyzz 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

.gitattributes

@@ -1,2 +0,0 @@
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text

.lfsconfig

@@ -1,2 +0,0 @@
-[lfs]
-	url = https://artlfs.openeuler.openatom.cn/src-openEuler/sqlite

0001-sqlite-no-malloc-usable-size.patch

@@ -0,0 +1,24 @@
+diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
+--- sqlite-src-3120200/configure.ac.malloc_usable_size	2016-04-25 09:46:48.134690570 +0200
++++ sqlite-src-3120200/configure.ac	2016-04-25 09:48:41.622637181 +0200
+@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
+ #########
+ # Figure out whether or not we have these functions
+ #
+-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
++AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
+ 
+ #########
+ # By default, we use the amalgamation (this may be changed below...)
+diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
+--- sqlite-src-3120200/configure.malloc_usable_size	2016-04-25 09:47:12.594679063 +0200
++++ sqlite-src-3120200/configure	2016-04-25 09:49:28.684615042 +0200
+@@ -10275,7 +10275,7 @@ done
+ #########
+ # Figure out whether or not we have these functions
+ #
+-for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
++for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

0002-remove-fail-testcase-in-no-free-fd-situation.patch

@@ -0,0 +1,66 @@
+From defded46ea50037500590122d847ba6a7cb96110 Mon Sep 17 00:00:00 2001
+From: eulerstorage <eulerstoragemt@huawei.com>
+Date: Sat, 11 Jan 2020 11:33:54 +0800
+Subject: [PATCH] remove fail testcase in no free fd situation
+
+Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
+some situation if there is no enough fd resource.
+---
+ test/oserror.test | 27 ---------------------------
+ 1 file changed, 27 deletions(-)
+
+diff --git a/test/oserror.test b/test/oserror.test
+index a51301c..d46218f 100644
+--- a/test/oserror.test
++++ b/test/oserror.test
+@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} {
+   
+ }
+ 
+-#--------------------------------------------------------------------------
+-# Tests oserror-1.* test failures in the open() system call.
+-#
+-
+-# Test a failure in open() due to too many files. 
+-#
+-# The xOpen() method of the unix VFS calls getcwd() as well as open().
+-# Although this does not appear to be documented in the man page, on OSX
+-# a call to getcwd() may fail if there are no free file descriptors. So
+-# an error may be reported for either open() or getcwd() here.
+-#
+-if {![clang_sanitize_address]} {
+-  unset -nocomplain rc
+-  unset -nocomplain nOpen
+-  set nOpen 20000
+-  do_test 1.1.1 {
+-    set ::log [list]
+-    set ::rc [catch {
+-      for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
+-    } msg]
+-    if {$::rc==0} {
+-      # Some system (ex: Debian) are able to create 20000+ file descriptiors
+-      # such systems will not fail here
+-      set x ok
+-    } elseif {$::rc==1 && $msg=="unable to open database file"} {
+-      set x ok
+-    } else {
+-      set x [list $::rc $msg]
+-    }
+-  } {ok}
+-  do_test 1.1.2 {
+-    catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } }
+-  } $::rc
+-  if {$rc} {
+-    do_re_test 1.1.3 { 
+-      lindex $::log 0 
+-    } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
+-  }
+-}
+-
+-
+ # Test a failure in open() due to the path being a directory.
+ #
+ do_test 1.2.1 {
+-- 
+1.8.3.1
+

0004-CVE-2022-35737.patch

@@ -0,0 +1,80 @@
+From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Fri, 15 Jul 2022 12:34:31 +0000
+Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing
+ only) so that it is able to cope with row-value comparisons against the
+ primary key index of a WITHOUT ROWID table.
+ [forum:/forumpost/3607259d3c|Forum post 3607259d3c].
+
+FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb
+
+---
+ src/where.c        |  4 ++--
+ test/rowvalue.test | 31 +++++++++++++++++++++++++++++++
+ 2 files changed, 33 insertions(+), 2 deletions(-)
+
+diff --git a/src/where.c b/src/where.c
+index de6ea91e3..110eb4845 100644
+--- a/src/where.c
++++ b/src/where.c
+@@ -1433,7 +1433,7 @@ static int whereKeyStats(
+ #endif
+   assert( pRec!=0 );
+   assert( pIdx->nSample>0 );
+-  assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
++  assert( pRec->nField>0 );
+ 
+   /* Do a binary search to find the first sample greater than or equal
+   ** to pRec. If pRec contains a single field, the set of samples to search
+@@ -1479,7 +1479,7 @@ static int whereKeyStats(
+   ** it is extended to two fields. The duplicates that this creates do not 
+   ** cause any problems.
+   */
+-  nField = pRec->nField;
++  nField = MIN(pRec->nField, pIdx->nSample);
+   iCol = 0;
+   iSample = pIdx->nSample * nField;
+   do{
+diff --git a/test/rowvalue.test b/test/rowvalue.test
+index 12fee8237..59b44d938 100644
+--- a/test/rowvalue.test
++++ b/test/rowvalue.test
+@@ -751,4 +751,35 @@ do_catchsql_test 27.10 {
+   INSERT INTO t0(c0) VALUES(0) ON CONFLICT(c0) DO UPDATE SET c0 = 3;
+ } {1 {ON CONFLICT clause does not match any PRIMARY KEY or UNIQUE constraint}}
+ 
++# 2022-07-15
++# https://sqlite.org/forum/forumpost/3607259d3c
++#
++reset_db
++do_execsql_test 33.1 {
++  CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID;
++  INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100);
++  ANALYZE;
++} {}
++do_execsql_test 33.2 {
++  SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2);
++} {0 1}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2);
++} {15 -7}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4);
++} {3 100}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2);
++} {}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0);
++} {0 1}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0);
++} {15 -7}
++do_execsql_test 33.3 {
++  SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0);
++} {3 100}
++
+ finish_test
+-- 
+2.25.1
+

0005-CVE-2021-20223.patch

@@ -0,0 +1,73 @@
+From 4c5f8ebaf38faa9be7bdacc4fe53e91dc9750a88 Mon Sep 17 00:00:00 2001
+From: wbq_sky <wangbingquan@huawei.com>
+Date: Wed, 31 Aug 2022 10:56:50 +0800
+Subject: [PATCH] Fix CVE-2021-20223 From
+ d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 From: dan
+ <dan@noemail.net> Date: Mon, 26 Oct 2020 13:24:36 +0000 Subject: [PATCH]
+ Prevent fts5 tokenizer unicode61 from considering '\0' to be  a token
+ characters, even if other characters of class "Cc" are.
+
+FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
+---
+ ext/fts5/fts5_unicode2.c    |  1 +
+ ext/fts5/test/fts5tok1.test | 35 +++++++++++++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+)
+
+diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c
+index 161e8d8..843133e 100644
+--- a/ext/fts5/fts5_unicode2.c
++++ b/ext/fts5/fts5_unicode2.c
+@@ -773,4 +773,5 @@ void sqlite3Fts5UnicodeAscii(u8 *aArray, u8 *aAscii){
+     }
+     iTbl++;
+   }
++  aAscii[0] = 0;                  /* 0x00 is never a token character */
+ }
+diff --git a/ext/fts5/test/fts5tok1.test b/ext/fts5/test/fts5tok1.test
+index a336f11..c605ce3 100644
+--- a/ext/fts5/test/fts5tok1.test
++++ b/ext/fts5/test/fts5tok1.test
+@@ -111,5 +111,40 @@ do_catchsql_test 2.1 {
+   SELECT * FROM t4;
+ } {1 {SQL logic error}}
+ 
++#-------------------------------------------------------------------------
++# Embedded 0x00 characters.
++#
++reset_db
++do_execsql_test 3.1.0 {
++  CREATE VIRTUAL TABLE t1 USING fts5(z);
++  CREATE VIRTUAL TABLE tt USING fts5vocab(t1, 'instance');
++  INSERT INTO t1 VALUES('abc' || char(0) || 'def');
++  SELECT * FROM tt;
++} { abc 1 z 0 def 1 z 1 }
++do_execsql_test 3.1.1 {
++  SELECT hex(z) FROM t1;
++} {61626300646566}
++do_execsql_test 3.1.2 {
++  INSERT INTO t1(t1) VALUES('integrity-check');
++} {}
++
++do_execsql_test 3.2.0 {
++  CREATE VIRTUAL TABLE t2 USING fts5(z, 
++      tokenize="unicode61 categories 'L* N* Co Cc'"
++  );
++  CREATE VIRTUAL TABLE tu USING fts5vocab(t2, 'instance');
++
++  INSERT INTO t2 VALUES('abc' || char(0) || 'def');
++  SELECT * FROM tu;
++} { abc 1 z 0 def 1 z 1 }
++
++do_execsql_test 3.2.1 {
++  SELECT hex(z) FROM t1;
++} {61626300646566}
++
++do_execsql_test 3.2.2 {
++  INSERT INTO t1(t1) VALUES('integrity-check');
++} {}
++
+ 
+ finish_test
+-- 
+2.25.1
+

0006-fix-integer-overflow-on-gigabyte-string.patch

@@ -0,0 +1,28 @@
+From d409970d551d4cc9c8fc969cb3f39b0a2334841f Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Tue, 6 Sep 2022 10:47:19 +0800
+Subject: [PATCH] fix integer overflow on gigabyte string
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/printf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/printf.c b/src/printf.c
+index ae95702..699bdb5 100644
+--- a/src/printf.c
++++ b/src/printf.c
+@@ -798,8 +798,8 @@ void sqlite3_str_vappendf(
+       case etSQLESCAPE:           /* %q: Escape ' characters */
+       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
+       case etSQLESCAPE3: {        /* %w: Escape " characters */
+-        int i, j, k, n, isnull;
+-        int needQuote;
++        i64 i, j, k, n;
++        int needQuote, isnull;
+         char ch;
+         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+         char *escarg;
+-- 
+2.25.1
+

0007-CVE-2023-7104.patch

@@ -0,0 +1,45 @@
+it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
+From: mazhao <mazhao12@huawei.com>
+Date: Wed, 3 Jan 2024 12:00:45 +0800
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Signed-off-by: mazhao <mazhao12@huawei.com>
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.34.1
+

CVE-2021-20227.patch

@@ -0,0 +1,69 @@
+Index: sqlite-src-3320300/src/select.c
+==================================================================
+--- sqlite-src-3320300/src/select.c
++++ sqlite-src-3320300/src/select.c
+@@ -5613,11 +5613,13 @@
+ ** within the HAVING expression with a constant "1".
+ */
+ static int havingToWhereExprCb(Walker *pWalker, Expr *pExpr){
+   if( pExpr->op!=TK_AND ){
+     Select *pS = pWalker->u.pSelect;
+-    if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ){
++    if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) 
++     && ExprAlwaysFalse(pExpr)==0
++    ){
+       sqlite3 *db = pWalker->pParse->db;
+       Expr *pNew = sqlite3Expr(db, TK_INTEGER, "1");
+       if( pNew ){
+         Expr *pWhere = pS->pWhere;
+         SWAP(Expr, *pNew, *pExpr);
+
+Index: sqlite-src-3320300/test/having.test
+==================================================================
+--- sqlite-src-3320300/test/having.test
++++ sqlite-src-3320300/test/having.test
+@@ -63,12 +63,12 @@
+     "SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a HAVING sum(b)>5"
+ 
+   3 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING a=2"
+     "SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a COLLATE binary"
+ 
+-  5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 0"
+-    "SELECT a, sum(b) FROM t1 WHERE 0 GROUP BY a COLLATE binary"
++  5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 1"
++    "SELECT a, sum(b) FROM t1 WHERE 1 GROUP BY a COLLATE binary"
+ 
+   6 "SELECT count(*) FROM t1,t2 WHERE a=c GROUP BY b, d HAVING b=d"
+     "SELECT count(*) FROM t1,t2 WHERE a=c AND b=d GROUP BY b, d"
+ 
+   7 {
+@@ -151,8 +151,28 @@
+ #
+ set ::nondeter_ret 0
+ do_execsql_test 4.3 {
+   SELECT a, sum(b) FROM t3 WHERE nondeter(a) GROUP BY a
+ } {1 4 2 2}
++
++#-------------------------------------------------------------------------
++reset_db
++do_execsql_test 5.0 {
++  CREATE TABLE t1(a, b);
++  CREATE TABLE t2(x, y);
++  INSERT INTO t1 VALUES('a', 'b');
++}
++
++# The WHERE clause (a=2), uses an aggregate column from the outer query.
++# If the HAVING term (0) is moved into the WHERE clause in this case,
++# SQLite would at one point optimize (a=2 AND 0) to simply (0). Which
++# is logically correct, but happened to cause problems in aggregate
++# processing for the outer query. This test case verifies that those 
++# problems are no longer present.
++do_execsql_test 5.1 {
++  SELECT min(b), (
++    SELECT x FROM t2 WHERE a=2 GROUP BY y HAVING 0
++  ) FROM t1;
++} {b {}}
+ 
+ 
+ finish_test
+

sqlite-3.48.0-buildtclext.patch

@@ -1,11 +0,0 @@
---- a/tool/buildtclext.tcl	2024-11-18 14:01:05.040080030 +0800
-+++ b/tool/buildtclext.tcl	2024-11-18 14:01:27.998394871 +0800
-@@ -300,7 +300,7 @@
- 
-   # Generate and execute the command with which to do the compilation.
-   #
--  set cmd "$CMD -DUSE_TCL_STUBS tclsqlite3.c -o $OUT $LIBS"
-+  set cmd "$CMD -DUSE_TCL_STUBS tclsqlite3.c -o $OUT $LIBS -lm"
-   puts $cmd
-   file delete -force $OUT
-   catch {exec {*}$cmd} errmsg

sqlite-doc-3500300.zip

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bdbd4e47d52c64c7acc332d1294aa67ad6251ef370abeb0b086ee0cbec91186d
-size 11390337

sqlite-src-3500300.zip

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:119862654b36e252ac5f8add2b3d41ba03f4f387b48eb024956c36ea91012d3f
-size 14393097

sqlite.spec

@@ -1,30 +1,41 @@
 %bcond_without check
 
+%global extver 3320300
+%global tcl_version 8.6
+%global tcl_sitearch %{_libdir}/tcl%{tcl_version}
+%global year 2020
+
 Name:    sqlite
-Version: 3.50.3
-%global extver %(echo %{version} |awk -F. '{printf "%d%02d%02d00", $1,$2,$3}')
-Release: 1
+Version: 3.32.3
+Release: 7
 Summary: Embeded SQL database
 License: Public Domain
-URL:     https://www.sqlite.org/
+URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2025/sqlite-src-%{extver}.zip
-Source1: https://www.sqlite.org/2025/sqlite-doc-%{extver}.zip
-Patch0:  sqlite-3.48.0-buildtclext.patch
+Source0: https://www.sqlite.org/%{year}/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/%{year}/sqlite-autoconf-%{extver}.tar.gz
 
-BuildRequires: gcc tcl tcl-devel
+Patch1: 0001-sqlite-no-malloc-usable-size.patch
+Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Patch3: CVE-2021-20227.patch
+Patch4: 0004-CVE-2022-35737.patch
+Patch5: 0005-CVE-2021-20223.patch
+Patch6: 0006-fix-integer-overflow-on-gigabyte-string.patch
+Patch7: 0007-CVE-2023-7104.patch
+
+BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
-BuildRequires: chrpath
-BuildRequires: rpm_macro(tcl_sitearch)
 
-Provides:  %{name}-libs = %{version}-%{release}
-Obsoletes: %{name}-libs < %{version}-%{release}
-Provides:  lemon = %{version}-%{release}
-Obsoletes: lemon < %{version}-%{release}
-Provides:  %{name}-analyzer = %{version}-%{release}
-Obsoletes: %{name}-analyzer < %{version}-%{release}
-Provides:  %{name}-tcl = %{version}-%{release}
-Obsoletes: %{name}-tcl < %{version}-%{release}
+
+Provides:  %{name}-libs
+Obsoletes: %{name}-libs
+Provides:  lemon
+Obsoletes: lemon
+Provides:  %{name}-analyzer
+Obsoletes: %{name}-analyzer
+Provides:  %{name}-tcl
+Obsoletes: %{name}-tcl
 
 %description
 SQLite is a C-language library that implements a small, fast, self-contained,
@@ -36,6 +47,7 @@ use every day.It also include lemon and sqlite3_analyzer and tcl tools.
 %package devel
 Summary:  Including header files and library for the developing of sqlite
 Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
 
 %description devel
 This contains dynamic libraries and header files for the developing of sqlite.
@@ -43,8 +55,8 @@ This contains dynamic libraries and header files for the developing of sqlite.
 %package help
 Summary:   Man file and documentation for sqlite
 BuildArch: noarch
-Provides:  %{name}-doc = %{version}-%{release}
-Obsoletes: %{name}-doc < %{version}-%{release}
+Provides:  %{name}-doc
+Obsoletes: %{name}-doc
 
 %description help
 This contains man files and HTML files for the using of sqlite.
@@ -53,10 +65,18 @@ This contains man files and HTML files for the using of sqlite.
 %prep
 #autosetup will fail because of 2 zip files
 %setup -q -a1 -n %{name}-src-%{extver}
-%autopatch -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
+autoconf
+
 %build
 export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
@@ -64,53 +84,55 @@ export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \
                -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \
                -Wall -fno-strict-aliasing"
-export CC=%{__cc}
-%configure --fts5 \
+
+%configure --enable-fts5 \
            --enable-threadsafe \
+           --enable-threads-override-locks \
            --enable-load-extension \
-	   --disable-static \
-	   --soname=legacy \
            TCLLIBDIR=%{tcl_sitearch}/sqlite3
 
+# rpath removal
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
 %make_build
 
 %make_build sqlite3_analyzer
 
 %install
-mkdir -p %{buildroot}/%{tcl_sitearch}/sqlite3
-%make_install TCLLIBDIR=%{tcl_sitearch}/sqlite3
-%delete_la
+make DESTDIR=${RPM_BUILD_ROOT} install
 
 install -D -m 755 lemon %{buildroot}%{_bindir}/lemon
 install -D -m 644 tool/lempar.c %{buildroot}%{_datadir}/lemon/lempar.c
 install -D -m 644 sqlite3.1 %{buildroot}%{_mandir}/man1/sqlite3.1
 install -D -m 755 sqlite3_analyzer %{buildroot}%{_bindir}/sqlite3_analyzer
+chmod 755 %{buildroot}/%{tcl_sitearch}/sqlite3/*.so
 
-chrpath --delete $RPM_BUILD_ROOT/%{tcl_sitearch}/sqlite3/*.so
 
 %if %{with check}
 %check
 export LD_LIBRARY_PATH=`pwd`/.libs
 export MALLOC_CHECK_=3
+#bypass zipfile.test
+rm test/zipfile.test
 
 %ifarch x86_64 %{ix86}
 %else
 rm test/csv01.test
 %endif
-%ifarch loongarch64
-rm -rf test/thread1.test
-rm -rf test/thread2.test
-%endif
 
-%make_build test
+make test
 %endif # with check
 
+%ldconfig_scriptlets
+
 %files
 %doc README.md
 %{_bindir}/{sqlite3,lemon,sqlite3_analyzer}
 %{_libdir}/*.so.*
 %{_datadir}/lemon
 %{tcl_sitearch}/sqlite3
+%exclude %{_libdir}/*.{la,a}
 
 %files devel
 %{_includedir}/*.h
@@ -122,134 +144,70 @@ rm -rf test/thread2.test
 %{_mandir}/man*/*
 
 %changelog
-* Thu Jul 17 2025 Funda Wang <fundawang@yeah.net> - 3.50.3-1
-- update to 3.50.3
-
-* Sun Jun 29 2025 Funda Wang <fundawang@yeah.net> - 3.50.2-1
-- update to 3.50.2
-
-* Sat Jun 07 2025 Funda Wang <fundawang@yeah.net> - 3.50.1-1
-- update to 3.50.1
-
-* Fri May 30 2025 Funda Wang <fundawang@yeah.net> - 3.50.0-1
-- update to 3.50.0
-
-* Wed May 07 2025 Funda Wang <fundawang@yeah.net> - 3.49.2-1
-- update to 3.49.2
-
-* Mon Mar 10 2025 Funda Wang <fundawang@yeah.net> - 3.49.1-2
-- remove rpath for tcl binding
-
-* Wed Feb 19 2025 Funda Wang <fundawang@yeah.net> - 3.49.1-1
-- update to 3.49.1
-
-* Thu Feb 06 2025 Funda Wang <fundawang@yeah.net> - 3.49.0-1
-- update to 3.49.0
-
-* Sun Jan 19 2025 Funda Wang <fundawang@yeah.net> - 3.48.0-2
-- set legacy soname, otherwise it changes too much
-  (see `./configure --help`)
-
-* Tue Jan 14 2025 Funda Wang <fundawang@yeah.net> - 3.48.0-1
-- update to 3.48.0
-
-* Sun Dec 08 2024 Funda Wang <fundawang@yeah.net> - 3.47.2-1
-- update to 3.47.2
-
-* Tue Nov 26 2024 Funda Wang <fundawang@yeah.net> - 3.47.1-1
-- update to 3.47.1
-
-* Tue Oct 22 2024 Funda Wang <fundawang@yeah.net> - 3.47.0-1
-- update to 3.47.0
-
-* Tue Aug 13 2024 Funda Wang <fundawang@yeah.net> - 3.46.1-1
-- update to 3.46.1
-
-* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
-- Bump version to fix CVE-2024-0232
-
-* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.32.3-7
 - fix the CVE-2023-7104
 
-* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
-- fix the CVE-2023-36191
-
-* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
-- remove fail testcase for loongarch
-
-* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
-- fix the CVE-2022-46908
-
-* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
-- fix build problem
-
-* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
+* Tue Sep 6 2022 zhuwentao <zhuwentao5@huawei.com> - 3.32.3-6
 - fix integer overflow on gigabyte string
 
-* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
-- update to 3.37.2
+* Wed Aug 31 2022 wbq_sky<wangbingquan@huawei.com> - 3.32.3-5
+- Fix CVE-2021-20223
 
-* Tue Aug 16 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
-- fix the CVE-2022-35737.
+* Tue Aug 16 2022 liusirui<liusirui@huawei.com> - 3.32.3-4
+- Fix CVE-2022-35737
 
-* Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
-- fix the CVE-2021-36690.
+* Mon Apr 26 2021 bzhaoop<bzhaojyathousandy@gmail.com> - 3.32.3-3
+- Fix CVE-2021-20227
 
-* Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
-- update to 3.36.0.
-
-* Fri Sep 26 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-4
-- fix the uninitialized value used in pattern match.
-
-* Fri Sep 3 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-3
-- fix the null reference in the tigger statement.
-
-* Fri Sep 3 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-2
-- fix the infinite loop problem in the trim function while the pattern is well formed.
-
-* Thu Jan 14 2021 yanglongkang <yanglongkang@huawei.com> - 3.34.0-1
-- update package to 3.34.0
-
-* Thu Sep 3 2020 lihaotian<lihaotian9@huawei.com> - 3.32.3-3
+* Thu Sep 3 2020 lihaotian<lihaotian9@huawei.com> - 3.32.3-2
 - update source0 url
 
-* Tue Jul 21 2020 jixinjie <jixinjie@huawei.com> - 3.32.3-2
-- update yaml file
-
-* Tue Jul 21 2020 jixinjie <jixinjie@huawei.com> - 3.32.3-1
+* Tue Aug 25 2020 yanglongkang <yanglongkang@huawei.com> - 3.32.3-1
 - update package to 3.32.3
 
-* Tue Jun 30 2020 volcanodragon <linfeilong@huawei.com> - 3.24.0-12
-- Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC:rename patches
-
-* Tue Jun 23 2020 yanglongkang <yanglongkang@huawei.com> - 3.24.0-11
+* Tue Aug 4 2020 yanglongkang <yanglongkang@huawei.com> - 3.31.1-2
 - Type:cves
-- ID:CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13632
-- SUG:NA
-- DESC:fix CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13632
+- ID:CVE-2020-13871
+- SUG: NA
+- DESC: fix cve
 
-* Sun Apr 19 2020 ethan848 <mingfangsen@huawei.com>
+* Mon Aug 3 2020 yanglongkang <yanglongkang@huawei.com> - 3.31.1-1
+- Type:cves
+- ID:CVE-2020-15358 CVE-2020-13631
+- SUG: NA
+- DESC: fix cve
+
+* Fri Apr 17 2020 luoshijie <luoshijie1@huawei.com> - 3.31.1-0
 - Type:enhancement
 - ID:NA
-- SUG:NA
-- DESC:CVE-2020-11655 fixed
+- SUG:restart
+- DESC:update sqlite to 3.31.1.
 
-* Tue Mar 10 2020 steven <steven_ygui@163.com> - 3.24.0-9
+* Tue Mar 10 2020 guiyao <guiyao@huawei.com> - 3.24.0-11
+- Type:cves
+- ID:CVE-2020-9327
+- SUG: NA
+- DESC: fix cve
+
+* Fri Feb 28 2020 sunshihao <sunshihao@huawei.com> - 3.24.0-10
 - Type:enhancement
-- ID:NA
-- SUG:NA
-- DESC:CVE-2018-20505, CVE-2020-9327 fixed
+- ID:
+- SUG: NA
+- DESC: remove suffix information
 
-* Wed Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-8
+* Wed Feb 26 2020 guiyao <guiyao@huawei.com> - 3.24.0-9
+- Type:cves
+- ID:CVE-2018-20505
+- SUG:NA
+- DESC:fix cves
+
+* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-8
 - Type:enhancement
 - ID:NA
 - SUG:NA
 - DESC:CVE-2019-19959 fixed
 
-* Wed Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-7
+* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-7
 - Type:enhancement
 - ID:NA
 - SUG:NA

sqlite.yaml

@@ -1,4 +0,0 @@
-version_control: fossil
-src_repo: https://www.sqlite.org/src
-tag_prefix: "version-"
-seperator: "."