gh-115009: Update Windows installer to use SQLite 3.45.3. #117445
Conversation
felixxm
commented
Apr 2, 2024
•
felixxm
commented
- Issue: Upgrade Windows and macOS installers to use SQLite 3.45 #115009
|
That's something new. Should I manually update SBOM 🤔 ? |
erlend-aasland
changed the title
erlend-aasland
added
needs backport to 3.11
|
Should I create a 3rd PR for Android? Line 103 in 9dae05e |
Yes, that's new to me too. Looks like this patch is needed: diff --git a/Misc/externals.spdx.json b/Misc/externals.spdx.json
index 6df6401835..df7ca6f759 100644
--- a/Misc/externals.spdx.json
+++ b/Misc/externals.spdx.json
@@ -94,7 +94,7 @@
"checksumValue": "6f0364a27375435a34137b138ca4fedef8d23eec6493ca1dfff33bfc0c34fda4"
}
],
- "downloadLocation": "https://github.com/python/cpython-source-deps/archive/refs/tags/sqlite-3.45.1.0.tar.gz",
+ "downloadLocation": "https://github.com/python/cpython-source-deps/archive/refs/tags/sqlite-3.45.2.0.tar.gz",
"externalRefs": [
{
"referenceCategory": "SECURITY",
@@ -105,7 +105,7 @@
"licenseConcluded": "NOASSERTION",
"name": "sqlite",
"primaryPackagePurpose": "SOURCE",
- "versionInfo": "3.45.1.0"
+ "versionInfo": "3.45.2.0"
},
{
"SPDXID": "SPDXRef-PACKAGE-tcl-core", |
Sure, but we don't distribute binaries for Android (yet, or possibly ever), so it is not imperative. cc. @mhsmith |
Updated 🤞 |
felixxm
force-pushed
the
gh-115009-windows
branch
from
96da47d to
2249e72
Compare
The library dependencies for Android come from https://github.com/beeware/cpython-android-source-deps. I've just added a release of SQLite 3.45.2, so you can pick that up in CPython if you like. If anyone wants to update Android dependency versions in the future, please create an issue in that repository. There's also cpython-apple-source-deps for iOS, although that doesn't include SQLite because it's supplied by iOS itself. |
|
@mhsmith TIL about the separate repositories for Apple/Android builds, is the long-term plan to fold those into |
|
|
There are some patch files in both the iOS and Android repositories.
I agree; let's revisit this when we start talking about making official binary releases for Android and iOS, which I'd like to do during the Python 3.14 cycle. |
|
I created python/cpython-source-deps#35 to add the 3.45.3 source. |
felixxm
force-pushed
the
gh-115009-windows
branch
from
2249e72 to
fc9d542
Compare
felixxm
changed the title
|
Updated to SQLite 3.45.3. |
|
FYI, we prefer to not merge PRs into the source-deps repository, as it means we need one of our committers to verify that you've provided exactly the same code (with no added backdoors, look up xz if you think this sounds unreasonable). Doing that check is more work than just pushing it ourselves, so it's generally best to just notify us when there is a new version so that whichever of our maintainers looks after it most can bring in the new version. |
Noted 👍 I only had good intentions 💝 |
Didn't doubt them, but it's a policy that's easier to handle when we don't have exceptions. PRs on that repo should automatically close now (after ~hour). |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
@felixxm or @erlend-aasland can one of you do the backport? I can try to get to it later this week, but no guarantees I'll remember. |
Will prepare it later today. |
|
GH-118008 is a backport of this pull request to the 3.12 branch. |
…pythonGH-117445) (cherry picked from commit de0dc68)
