adam@ has updated the version in HEAD today but that patch does not apply cleanly to 2015Q1. I have submitted your patch as a ticket. See
http://releng.netbsd.org/cgi-bin/req-pkgsrc.cgi?show=4710
On Sat, May 9, 2015 at 12:40 AM, J. Lewis Muir <
jlmuir%imca-cat.org@localhost> wrote:
> Hello!
>
> "pkg_admin audit" reports:
>
> ===
> Package sqlite3-3.8.8.3 has a multiple-vulnerabilities vulnerability, see
http://lcamtuf.blogspot.dk/2015/04/finding-bugs-in-sqlite-easy-way.html
> ===
>
> Below is a patch against pkgsrc-2015Q1 to update databases/sqlite3
> to version 3.8.10 which includes fixes for the bugs found by the AFL
> fuzzer. The fact that it includes these fixes is noted in the SQLite3
> 3.8.10 release notes [1]. Would a developer be willing to review and
> commit?
>
> I reviewed the changes made between version 3.8.8.3 and 3.8.10, and
> I don't think the API nor the ABI changed in a backward incompatible
> way. However, my review was based on the release notes and on the diffs
> from commit 30121870 and 0404ef88. I'm not positive I looked at the
> right diffs because I don't know anything about Fossil nor the SQLite
> development model.
>
> Thank you!
>
> Lewis
>
> [1]
http://www.sqlite.org/releaselog/3_8_10.html
>
> Index: Makefile
> ===================================================================
> RCS file: /cvsroot/pkgsrc/databases/sqlite3/Makefile,v
> retrieving revision 1.92
> diff -u -r1.92 Makefile
> --- Makefile 2 Mar 2015 13:34:16 -0000 1.92
> +++ Makefile 8 May 2015 21:31:21 -0000
> @@ -1,7 +1,7 @@
> # $NetBSD: Makefile,v 1.92 2015/03/02 13:34:16 adam Exp $
>
> -DISTNAME= sqlite-autoconf-3080803
> -PKGNAME= sqlite3-3.8.8.3
> +DISTNAME= sqlite-autoconf-3081000
> +PKGNAME= sqlite3-3.8.10
> CATEGORIES= databases
> MASTER_SITES=
http://www.hwaci.com/sw/sqlite/2015/ \
>
http://www.sqlite.org/2015/
> Index: distinfo
> ===================================================================
> RCS file: /cvsroot/pkgsrc/databases/sqlite3/distinfo,v
> retrieving revision 1.101
> diff -u -r1.101 distinfo
> --- distinfo 2 Mar 2015 13:34:16 -0000 1.101
> +++ distinfo 8 May 2015 21:31:21 -0000
> @@ -1,5 +1,5 @@
> $NetBSD: distinfo,v 1.101 2015/03/02 13:34:16 adam Exp $
>
> -SHA1 (sqlite-autoconf-3080803.tar.gz) = 2fe3f6226a2a08a2e814b97cd53e36bb3c597112
> -RMD160 (sqlite-autoconf-3080803.tar.gz) = 9063dd4ae39745dfe44d99f514ec084ee4442685
> -Size (sqlite-autoconf-3080803.tar.gz) = 2021112 bytes
> +SHA1 (sqlite-autoconf-3081000.tar.gz) = 7e92b4f78d4648fb2a97a4dc721490cc08653a0b
> +RMD160 (sqlite-autoconf-3081000.tar.gz) = 934884ac3f0ce83ea4ad98f6a9f5cb4b17dd2aab
> +Size (sqlite-autoconf-3081000.tar.gz) = 2049170 bytes
--
The first essential in chemistry is that you should perform practical work and conduct experiments, for he who performs not practical work nor makes experiments will never attain the least degree of mastery.
-- Abu Musa Jabir ibn Hayyan (721-815)