Remove sqlite patch from sqlite-replication as it's incompatible #72997
Conversation
|
The version being built here = "3.27.2+replication3", and NVD seems to believe that CVE-2019-16168 still exists in 3.27.2: I can't find any evidence that this was patched in canonical's repo. |
|
OK, so this was probably my misunderstanding about |
|
Thanks for poking. I see, indeed we have not tested sqlite-replication (personally, I was unaware of this one), but it's not surprising that the patch does not apply to this version - due to the amalgamation approach they are taking, chances are higher that such a patch will fail even between minor versions. Maybe it applies cleanly for 3.28+replication - but then again this would still introduce a version update to stable - I guess it would have been good for them to not diverge in the first place. Let me know if you need any help. |
|
The problem is that With |
|
Yeah, I see. Its a bit iffy to tie those two together in such a way, but maybe worth trying with enabled amalgamation - or overwrite patches with the original upstream patch. I'll keep an eye on this PR and can spend a bit of time helping out if you run into issues. |
|
Honestly, I thought it will be "easy fix", because I assumed that However, as it's getting more complex, I won't have time (at this moment, at least) to dive deeper into this issue. It will be best for original author to fix it, as he (or she) will be best aware about why choices like |
|
Alright, then I'll propose a fix in a little bit and will reference this PR. |
|
Thank you! |
Things done
Removed CVE patch from
sqlite-replicationpackage as it wasn't applying and it seems unrelevant.In
masterthere is alreadysqlite-3.30which does not have this patch at all, so it's only relevant to19.09.sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @