From 1e5bc17eead54ee3469e9e6baa290cec34373d61 Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Tue, 18 Dec 2018 20:51:53 +0100
Subject: [PATCH 1/2] sqlite3: security bump

A remote code execution vuln has been found in sqlite. Infos available
here:

https://blade.tencent.com/magellan/index_en.html

sqlite 3.26.0 contains the fix.

This commit also changes source URL to https.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 libs/sqlite3/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/sqlite3/Makefile b/libs/sqlite3/Makefile
index be065491a..28020e3a2 100644
--- a/libs/sqlite3/Makefile
+++ b/libs/sqlite3/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sqlite
-PKG_VERSION:=3250300
+PKG_VERSION:=3260000
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-autoconf-$(PKG_VERSION).tar.gz
-PKG_HASH:=00ebf97be13928941940cc71de3d67e9f852698233cd98ce2d178fd08092f3dd
-PKG_SOURCE_URL:=http://www.sqlite.org/2018/
+PKG_HASH:=5daa6a3fb7d1e8c767cd59c4ded8da6e4b00c61d3b466d0685e35c4dd6d7bf5d
+PKG_SOURCE_URL:=https://www.sqlite.org/2018/
 
 PKG_LICENSE:=PUBLICDOMAIN
 PKG_LICENSE_FILES:=

From c565ad271b5811be1d4aa1963326c8ec0d726b66 Mon Sep 17 00:00:00 2001
From: Sebastian Kemper <sebastian_ml@gmx.net>
Date: Tue, 18 Dec 2018 20:53:12 +0100
Subject: [PATCH 2/2] sqlite3: remove $(FPIC)

Defaulting to -fPIC is a bad idea, especially for executables (here:
sqlite3-cli). In short, there are certain security implications as well
as overhead/performance penalties. Details see:

https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals

The configure script is able to detect the need for PIC and adds the
flag when needed anyway (when compiling the library).

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
---
 libs/sqlite3/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/sqlite3/Makefile b/libs/sqlite3/Makefile
index 28020e3a2..71be4e189 100644
--- a/libs/sqlite3/Makefile
+++ b/libs/sqlite3/Makefile
@@ -75,7 +75,7 @@ $(call Package/sqlite3/Default/description)
  formats.
 endef
 
-TARGET_CFLAGS += $(FPIC) \
+TARGET_CFLAGS += \
 	-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 \
 	-DHAVE_ISNAN=1 \
 	-DHAVE_MALLOC_USABLE_SIZE=1