diff --git a/0001-CVE-2023-7104.patch b/0001-CVE-2023-7104.patch deleted file mode 100644 index e8ab8a9274a9f3c795b55d410b0d14af324b4cd4..0000000000000000000000000000000000000000 --- a/0001-CVE-2023-7104.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e4bb334dc3c6a4bfa6e3f4bbc1e98c62156c07e9 Mon Sep 17 00:00:00 2001 -From: songmingliang -Date: Wed, 3 Jul 2024 16:18:49 +0800 -Subject: [PATCH] CVE-2023-7104 - ---- - ext/session/sqlite3session.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c -index 6794088..e3aabeb 100644 ---- a/ext/session/sqlite3session.c -+++ b/ext/session/sqlite3session.c -@@ -3235,15 +3235,19 @@ static int sessionReadRecord( - } - } - if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ -- sqlite3_int64 v = sessionGetI64(aVal); -- if( eType==SQLITE_INTEGER ){ -- sqlite3VdbeMemSetInt64(apOut[i], v); -+ if( (pIn->nData-pIn->iNext)<8 ){ -+ rc = SQLITE_CORRUPT_BKPT; - }else{ -- double d; -- memcpy(&d, &v, 8); -- sqlite3VdbeMemSetDouble(apOut[i], d); -+ sqlite3_int64 v = sessionGetI64(aVal); -+ if( eType==SQLITE_INTEGER ){ -+ sqlite3VdbeMemSetInt64(apOut[i], v); -+ }else{ -+ double d; -+ memcpy(&d, &v, 8); -+ sqlite3VdbeMemSetDouble(apOut[i], d); -+ } -+ pIn->iNext += 8; - } -- pIn->iNext += 8; - } - } - } --- -2.27.0 - diff --git a/sqlite-doc-3420000.zip b/sqlite-doc-3500300.zip similarity index 60% rename from sqlite-doc-3420000.zip rename to sqlite-doc-3500300.zip index bc4fb0c41daa7c74a49c32e3e48b87d0455fa2e9..bd9be085e4105bf679b14746a357d1b57fa04953 100644 Binary files a/sqlite-doc-3420000.zip and b/sqlite-doc-3500300.zip differ diff --git a/sqlite-src-3420000.zip b/sqlite-src-3500300.zip similarity index 72% rename from sqlite-src-3420000.zip rename to sqlite-src-3500300.zip index 241a8532258b1132f7595453e0680afe7e755830..8ae0cd3b81d7b47dcef14f651096af6be902b9af 100644 Binary files a/sqlite-src-3420000.zip and b/sqlite-src-3500300.zip differ diff --git a/sqlite.spec b/sqlite.spec index d970ce2d58e664fb53e894f6b1716aa3a22f2a15..8917db4fc1d66e44d659678d8a9c716b60b0bb46 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -1,17 +1,17 @@ -%define anolis_release 4 +%define anolis_release 1 %bcond_without tcl %bcond_without sqldiff %bcond_with static %bcond_without check -%define realver 3420000 -%define docver 3420000 -%define year 2023 +%define realver 3500300 +%define docver 3500300 +%define year 2025 Summary: Library that implements an embeddable SQL database engine Name: sqlite -Version: 3.42.0 +Version: 3.50.3 Epoch: 1 Release: %{anolis_release}%{?dist} License: Public Domain @@ -19,12 +19,12 @@ URL: http://www.sqlite.org/ Source0: http://www.sqlite.org/%{year}/sqlite-src-%{realver}.zip Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{docver}.zip -Patch0001: 0001-CVE-2023-7104.patch BuildRequires: make BuildRequires: gcc BuildRequires: ncurses-devel readline-devel glibc-devel -BuildRequires: autoconf automake libtool +BuildRequires: autoconf chrpath +#automake libtool %if %{with tcl} BuildRequires: /usr/bin/tclsh BuildRequires: tcl-devel @@ -83,6 +83,17 @@ that can be used to eliminate resource leaks, making is suitable for use in long-running programs such as graphical user interfaces or embedded controllers. +%package debug +Summary: SQLite shell configured for development and debugging purposes + +%description debug +This version of SQLite shell contains features that are useful for +debugging purposes. These features are not present in a normal SQLite shell +because some have negative impact on a non-developer user experience. + +Current list of modification from normal SQLite shell (in sqlite package): +- Ability to enable .scanstats for metrics regarding query speeds + %if %{with sqldiff} %package tools Summary: %{name} tools @@ -114,33 +125,60 @@ This package contains the analysis program for %{name}. %prep %setup -q -a1 -n %{name}-src-%{realver} -%patch0001 -p1 # Remove backup-file rm -f %{name}-doc-%{docver}/sqlite.css~ || : %build -autoreconf -fi -export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \ - -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=1 \ - -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \ +export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS \ + -DSQLITE_ENABLE_COLUMN_METADATA=1 \ + -DSQLITE_DISABLE_DIRSYNC=1 \ + -DSQLITE_SECURE_DELETE=1 \ -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \ - -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \ - -DSQLITE_ENABLE_FTS4=1 \ - -DSQLITE_ENABLE_MATH_FUNCTIONS \ + -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 \ + -DSQLITE_ENABLE_STMT_SCANSTATUS \ -DSQLITE_ENABLE_DBPAGE_VTAB \ + -DSQLITE_ENABLE_SESSION \ + -DSQLITE_ENABLE_PREUPDATE_HOOK \ -Wall -fno-strict-aliasing" %configure %{!?with_tcl:--disable-tcl} \ + --enable-rtree \ + --enable-fts3 \ --enable-fts4 \ --enable-fts5 \ --enable-threadsafe \ --enable-load-extension \ - %{?with_tcl:TCLLIBDIR=%{tcl_sitearch}/sqlite3} + --soname=legacy \ + --disable-static -# rpath removal -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool +%make_build +mv sqlite3 sqlite3-debug + +make clean + +# Now rebuild rest of the packages normally +export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS \ + -DSQLITE_ENABLE_COLUMN_METADATA=1 \ + -DSQLITE_DISABLE_DIRSYNC=1 \ + -DSQLITE_SECURE_DELETE=1 \ + -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \ + -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 \ + -DSQLITE_ENABLE_DBPAGE_VTAB \ + -DSQLITE_ENABLE_SESSION \ + -DSQLITE_ENABLE_PREUPDATE_HOOK \ + -Wall -fno-strict-aliasing" + +%configure %{!?with_tcl:--disable-tcl} \ + --enable-rtree \ + --enable-fts3 \ + --enable-fts4 \ + --enable-fts5 \ + --enable-threadsafe \ + --enable-load-extension \ + --soname=legacy \ + --disable-static + %make_build # Build sqlite3_analyzer @@ -160,9 +198,12 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool install -D -m0644 sqlite3.1 $RPM_BUILD_ROOT/%{_mandir}/man1/sqlite3.1 install -D -m0755 lemon $RPM_BUILD_ROOT/%{_bindir}/lemon install -D -m0644 tool/lempar.c $RPM_BUILD_ROOT/%{_datadir}/lemon/lempar.c +install -D -m0755 sqlite3-debug $RPM_BUILD_ROOT/%{_bindir}/sqlite3-debug %if %{with tcl} # fix up permissions to enable dep extraction +install -d $RPM_BUILD_ROOT%{tcl_sitearch} +mv $RPM_BUILD_ROOT%{_datadir}/tcl%{tcl_version}/sqlite* $RPM_BUILD_ROOT%{tcl_sitearch}/ chmod 0755 ${RPM_BUILD_ROOT}/%{tcl_sitearch}/sqlite3/*.so # Install sqlite3_analyzer install -D -m0755 sqlite3_analyzer $RPM_BUILD_ROOT/%{_bindir}/sqlite3_analyzer @@ -177,6 +218,15 @@ install -D -m0755 sqldiff $RPM_BUILD_ROOT/%{_bindir}/sqldiff rm -f $RPM_BUILD_ROOT/%{_libdir}/*.a %endif +# This is needed since rpath removal using sed won't work for tcl library for some reason +chrpath --delete $RPM_BUILD_ROOT/%{tcl_sitearch}/sqlite3/*.so +chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/*.so.%{version} + +chrpath --delete $RPM_BUILD_ROOT/%{_bindir}/sqlite3 +chrpath --delete $RPM_BUILD_ROOT/%{_bindir}/sqlite3-debug +chrpath --delete $RPM_BUILD_ROOT/%{_bindir}/sqldiff +chrpath --delete $RPM_BUILD_ROOT/%{_bindir}/sqlite3_analyzer + %generate_compatibility_deps %check @@ -224,6 +274,10 @@ rm -rf test/transitive1.test test/tkt3493.test test/misc1.test test/indexexpr2.t %{_bindir}/lemon %{_datadir}/lemon +%files debug +%{_bindir}/sqlite3-debug +%{abidir}/sqlite3-debug-option.list + %if %{with tcl} %files tcl %{tcl_sitearch}/sqlite3 @@ -239,6 +293,10 @@ rm -rf test/transitive1.test test/tkt3493.test test/misc1.test test/indexexpr2.t %endif %changelog +* Fri Jul 18 2025 mgb01105731 - 3.50.3-1 +- Update to 3.50.3 to fix CVE-2025-6965 +- Delete patch as the content already contains + * Wed Jul 3 2024 pangqing - 3.42.0-4 - CVE: CVE-2023-7104