diff --git a/0001-CVE-2023-7104.patch b/0001-CVE-2023-7104.patch deleted file mode 100644 index e8ab8a9274a9f3c795b55d410b0d14af324b4cd4..0000000000000000000000000000000000000000 --- a/0001-CVE-2023-7104.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e4bb334dc3c6a4bfa6e3f4bbc1e98c62156c07e9 Mon Sep 17 00:00:00 2001 -From: songmingliang -Date: Wed, 3 Jul 2024 16:18:49 +0800 -Subject: [PATCH] CVE-2023-7104 - ---- - ext/session/sqlite3session.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c -index 6794088..e3aabeb 100644 ---- a/ext/session/sqlite3session.c -+++ b/ext/session/sqlite3session.c -@@ -3235,15 +3235,19 @@ static int sessionReadRecord( - } - } - if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ -- sqlite3_int64 v = sessionGetI64(aVal); -- if( eType==SQLITE_INTEGER ){ -- sqlite3VdbeMemSetInt64(apOut[i], v); -+ if( (pIn->nData-pIn->iNext)<8 ){ -+ rc = SQLITE_CORRUPT_BKPT; - }else{ -- double d; -- memcpy(&d, &v, 8); -- sqlite3VdbeMemSetDouble(apOut[i], d); -+ sqlite3_int64 v = sessionGetI64(aVal); -+ if( eType==SQLITE_INTEGER ){ -+ sqlite3VdbeMemSetInt64(apOut[i], v); -+ }else{ -+ double d; -+ memcpy(&d, &v, 8); -+ sqlite3VdbeMemSetDouble(apOut[i], d); -+ } -+ pIn->iNext += 8; - } -- pIn->iNext += 8; - } - } - } --- -2.27.0 - diff --git a/sqlite-doc-3420000.zip b/sqlite-doc-3440200.zip similarity index 67% rename from sqlite-doc-3420000.zip rename to sqlite-doc-3440200.zip index bc4fb0c41daa7c74a49c32e3e48b87d0455fa2e9..ad36fb07929120e096c76c666c31fc7a2b747844 100644 Binary files a/sqlite-doc-3420000.zip and b/sqlite-doc-3440200.zip differ diff --git a/sqlite-src-3420000.zip b/sqlite-src-3440200.zip similarity index 78% rename from sqlite-src-3420000.zip rename to sqlite-src-3440200.zip index 241a8532258b1132f7595453e0680afe7e755830..d4a5c4f7ba53eca5f256fc92a02b1079423117ca 100644 Binary files a/sqlite-src-3420000.zip and b/sqlite-src-3440200.zip differ diff --git a/sqlite.spec b/sqlite.spec index d970ce2d58e664fb53e894f6b1716aa3a22f2a15..f37400ca9ab5561332af53facf3116a911112b2b 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -5,13 +5,13 @@ %bcond_with static %bcond_without check -%define realver 3420000 -%define docver 3420000 +%define realver 3440200 +%define docver 3440200 %define year 2023 Summary: Library that implements an embeddable SQL database engine Name: sqlite -Version: 3.42.0 +Version: 3.44.2 Epoch: 1 Release: %{anolis_release}%{?dist} License: Public Domain @@ -19,7 +19,6 @@ URL: http://www.sqlite.org/ Source0: http://www.sqlite.org/%{year}/sqlite-src-%{realver}.zip Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{docver}.zip -Patch0001: 0001-CVE-2023-7104.patch BuildRequires: make BuildRequires: gcc @@ -114,7 +113,6 @@ This package contains the analysis program for %{name}. %prep %setup -q -a1 -n %{name}-src-%{realver} -%patch0001 -p1 # Remove backup-file rm -f %{name}-doc-%{docver}/sqlite.css~ || : @@ -239,6 +237,9 @@ rm -rf test/transitive1.test test/tkt3493.test test/misc1.test test/indexexpr2.t %endif %changelog +* Sat Sep 14 2024 tingyin duan - 3.44.2-4 +- update to 3.44.2 + * Wed Jul 3 2024 pangqing - 3.42.0-4 - CVE: CVE-2023-7104