diff --git a/0001-sqlite-no-malloc-usable-size.patch b/0001-sqlite-no-malloc-usable-size.patch deleted file mode 100644 index b983bd3b3d78aecc2b7d9dbac8e2d568e2f02316..0000000000000000000000000000000000000000 --- a/0001-sqlite-no-malloc-usable-size.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac ---- sqlite-src-3120200/configure.ac.malloc_usable_size 2016-04-25 09:46:48.134690570 +0200 -+++ sqlite-src-3120200/configure.ac 2016-04-25 09:48:41.622637181 +0200 -@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s - ######### - # Figure out whether or not we have these functions - # --AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64]) -+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64]) - - ######### - # By default, we use the amalgamation (this may be changed below...) -diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure ---- sqlite-src-3120200/configure.malloc_usable_size 2016-04-25 09:47:12.594679063 +0200 -+++ sqlite-src-3120200/configure 2016-04-25 09:49:28.684615042 +0200 -@@ -10275,7 +10275,7 @@ done - ######### - # Figure out whether or not we have these functions - # --for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64 -+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64 - do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` - ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" diff --git a/0002-remove-fail-testcase-in-no-free-fd-situation.patch b/0002-remove-fail-testcase-in-no-free-fd-situation.patch deleted file mode 100644 index ce557734c979afeba6da909047e2cb79eeb758f8..0000000000000000000000000000000000000000 --- a/0002-remove-fail-testcase-in-no-free-fd-situation.patch +++ /dev/null @@ -1,66 +0,0 @@ -From defded46ea50037500590122d847ba6a7cb96110 Mon Sep 17 00:00:00 2001 -From: eulerstorage -Date: Sat, 11 Jan 2020 11:33:54 +0800 -Subject: [PATCH] remove fail testcase in no free fd situation - -Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in -some situation if there is no enough fd resource. ---- - test/oserror.test | 27 --------------------------- - 1 file changed, 27 deletions(-) - -diff --git a/test/oserror.test b/test/oserror.test -index a51301c..d46218f 100644 ---- a/test/oserror.test -+++ b/test/oserror.test -@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} { - - } - --#-------------------------------------------------------------------------- --# Tests oserror-1.* test failures in the open() system call. --# -- --# Test a failure in open() due to too many files. --# --# The xOpen() method of the unix VFS calls getcwd() as well as open(). --# Although this does not appear to be documented in the man page, on OSX --# a call to getcwd() may fail if there are no free file descriptors. So --# an error may be reported for either open() or getcwd() here. --# --if {![clang_sanitize_address]} { -- unset -nocomplain rc -- unset -nocomplain nOpen -- set nOpen 20000 -- do_test 1.1.1 { -- set ::log [list] -- set ::rc [catch { -- for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 } -- } msg] -- if {$::rc==0} { -- # Some system (ex: Debian) are able to create 20000+ file descriptiors -- # such systems will not fail here -- set x ok -- } elseif {$::rc==1 && $msg=="unable to open database file"} { -- set x ok -- } else { -- set x [list $::rc $msg] -- } -- } {ok} -- do_test 1.1.2 { -- catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } } -- } $::rc -- if {$rc} { -- do_re_test 1.1.3 { -- lindex $::log 0 -- } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - } -- } --} -- -- - # Test a failure in open() due to the path being a directory. - # - do_test 1.2.1 { --- -1.8.3.1 - diff --git a/0003-CVE-2022-35737.patch b/0003-CVE-2022-35737.patch deleted file mode 100644 index 9c6fa5b37a01849ba8bff71e16a69da14d8ea7a8..0000000000000000000000000000000000000000 --- a/0003-CVE-2022-35737.patch +++ /dev/null @@ -1,80 +0,0 @@ -From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001 -From: drh <> -Date: Fri, 15 Jul 2022 12:34:31 +0000 -Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing - only) so that it is able to cope with row-value comparisons against the - primary key index of a WITHOUT ROWID table. - [forum:/forumpost/3607259d3c|Forum post 3607259d3c]. - -FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb - ---- - src/where.c | 4 ++-- - test/rowvalue.test | 31 +++++++++++++++++++++++++++++++ - 2 files changed, 33 insertions(+), 2 deletions(-) - -diff --git a/src/where.c b/src/where.c -index de6ea91e3..110eb4845 100644 ---- a/src/where.c -+++ b/src/where.c -@@ -1433,7 +1433,7 @@ static int whereKeyStats( - #endif - assert( pRec!=0 ); - assert( pIdx->nSample>0 ); -- assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol ); -+ assert( pRec->nField>0 ); - - /* Do a binary search to find the first sample greater than or equal - ** to pRec. If pRec contains a single field, the set of samples to search -@@ -1479,7 +1479,7 @@ static int whereKeyStats( - ** it is extended to two fields. The duplicates that this creates do not - ** cause any problems. - */ -- nField = pRec->nField; -+ nField = MIN(pRec->nField, pIdx->nSample); - iCol = 0; - iSample = pIdx->nSample * nField; - do{ -diff --git a/test/rowvalue.test b/test/rowvalue.test -index 12fee8237..59b44d938 100644 ---- a/test/rowvalue.test -+++ b/test/rowvalue.test -@@ -751,4 +751,35 @@ do_execsql_test 30.3 { - - - -+# 2022-07-15 -+# https://sqlite.org/forum/forumpost/3607259d3c -+# -+reset_db -+do_execsql_test 33.1 { -+ CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID; -+ INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100); -+ ANALYZE; -+} {} -+do_execsql_test 33.2 { -+ SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2); -+} {0 1} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2); -+} {15 -7} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4); -+} {3 100} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2); -+} {} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0); -+} {0 1} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0); -+} {15 -7} -+do_execsql_test 33.3 { -+ SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0); -+} {3 100} -+ - finish_test --- -2.25.1 - diff --git a/0004-fix-memory-problem-in-the-rtree-test-suite.patch b/0004-fix-memory-problem-in-the-rtree-test-suite.patch deleted file mode 100644 index 273fbef54f5057cf67b615e09f555ee252d2044d..0000000000000000000000000000000000000000 --- a/0004-fix-memory-problem-in-the-rtree-test-suite.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3755f418be5c3608a7e0b59488a8e172d443d738 Mon Sep 17 00:00:00 2001 -From: zwtmichael -Date: Tue, 30 Aug 2022 17:02:04 +0800 -Subject: [PATCH] fix memory problem in the rtree test suite - ---- - ext/rtree/test_rtreedoc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c -index 119be0e..cdbcb2e 100644 ---- a/ext/rtree/test_rtreedoc.c -+++ b/ext/rtree/test_rtreedoc.c -@@ -324,7 +324,7 @@ static int SQLITE_TCLAPI register_box_query( - } - if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR; - -- pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx*)); -+ pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx)); - pCtx->interp = interp; - pCtx->pScript = Tcl_DuplicateObj(objv[2]); - Tcl_IncrRefCount(pCtx->pScript); --- -2.23.0 - diff --git a/0005-fix-integer-overflow-on-gigabyte-string.patch b/0005-fix-integer-overflow-on-gigabyte-string.patch deleted file mode 100644 index 4163eb6dfc8516b83b46c844bc0b97b3230227b1..0000000000000000000000000000000000000000 --- a/0005-fix-integer-overflow-on-gigabyte-string.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001 -From: zwtmichael -Date: Mon, 5 Sep 2022 16:49:05 +0800 -Subject: [PATCH] fix integer overflow on gigabyte string - -Signed-off-by: zwtmichael ---- - src/printf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/printf.c b/src/printf.c -index e635184..fb3689e 100644 ---- a/src/printf.c -+++ b/src/printf.c -@@ -803,8 +803,8 @@ void sqlite3_str_vappendf( - case etSQLESCAPE: /* %q: Escape ' characters */ - case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */ - case etSQLESCAPE3: { /* %w: Escape " characters */ -- int i, j, k, n, isnull; -- int needQuote; -+ i64 i, j, k, n; -+ int needQuote, isnull; - char ch; - char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */ - char *escarg; --- -2.25.1 - diff --git a/0006-CVE-2022-46908.patch b/0006-CVE-2022-46908.patch deleted file mode 100644 index db5c22219c7d1389cb1062f650ade5930fc779cd..0000000000000000000000000000000000000000 --- a/0006-CVE-2022-46908.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001 -From: zwtmichael -Date: Thu, 15 Dec 2022 09:49:15 +0800 -Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs - -Signed-off-by: zwtmichael ---- - src/shell.c.in | 4 ++-- - test/shell2.test | 11 +++++++++++ - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/src/shell.c.in b/src/shell.c.in -index 543141c..2c1e013 100644 ---- a/src/shell.c.in -+++ b/src/shell.c.in -@@ -1829,7 +1829,7 @@ static int safeModeAuth( - "zipfile", - "zipfile_cds", - }; -- UNUSED_PARAMETER(zA2); -+ UNUSED_PARAMETER(zA1); - UNUSED_PARAMETER(zA3); - UNUSED_PARAMETER(zA4); - switch( op ){ -@@ -1840,7 +1840,7 @@ static int safeModeAuth( - case SQLITE_FUNCTION: { - int i; - for(i=0; i -Date: Mon, 7 Aug 2023 15:10:32 +0800 -Subject: [PATCH] fix segmentation violation - -Signed-off-by: zwtmichael ---- - src/shell.c.in | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/shell.c.in b/src/shell.c.in -index 543141c..d278988 100644 ---- a/src/shell.c.in -+++ b/src/shell.c.in -@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){ - }else if( strcmp(z,"-bail")==0 ){ - bail_on_error = 1; - }else if( strcmp(z,"-nonce")==0 ){ -- free(data.zNonce); -- data.zNonce = strdup(argv[++i]); -+ if( data.zNonce ) free(data.zNonce); -+ if( i+1 < argc ) data.zNonce = strdup(argv[++i]); -+ else{ -+ data.zNonce = 0; -+ break; -+ } - }else if( strcmp(z,"-safe")==0 ){ - /* no-op - catch this on the second pass */ - } --- -2.34.1.windows.1 - diff --git a/0008-CVE-2023-7104.patch b/0008-CVE-2023-7104.patch deleted file mode 100644 index bded7fdbff8ddeed4a42241e24c42dd07bb837f0..0000000000000000000000000000000000000000 --- a/0008-CVE-2023-7104.patch +++ /dev/null @@ -1,45 +0,0 @@ -it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001 -From: mazhao -Date: Wed, 3 Jan 2024 12:00:45 +0800 -Subject: [PATCH] Fix a buffer overread in the sessions extension that could - occur when processing a corrupt changeset. - -Signed-off-by: mazhao ---- - ext/session/sqlite3session.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c -index a892804..72ad427 100644 ---- a/ext/session/sqlite3session.c -+++ b/ext/session/sqlite3session.c -@@ -3050,15 +3050,19 @@ static int sessionReadRecord( - } - } - if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ -- sqlite3_int64 v = sessionGetI64(aVal); -- if( eType==SQLITE_INTEGER ){ -- sqlite3VdbeMemSetInt64(apOut[i], v); -+ if( (pIn->nData-pIn->iNext)<8 ){ -+ rc = SQLITE_CORRUPT_BKPT; - }else{ -- double d; -- memcpy(&d, &v, 8); -- sqlite3VdbeMemSetDouble(apOut[i], d); -+ sqlite3_int64 v = sessionGetI64(aVal); -+ if( eType==SQLITE_INTEGER ){ -+ sqlite3VdbeMemSetInt64(apOut[i], v); -+ }else{ -+ double d; -+ memcpy(&d, &v, 8); -+ sqlite3VdbeMemSetDouble(apOut[i], d); -+ } -+ pIn->iNext += 8; - } -- pIn->iNext += 8; - } - } - } --- -2.34.1 - diff --git a/sqlite-autoconf-3370200.tar.gz b/sqlite-autoconf-3370200.tar.gz deleted file mode 100644 index 418e66f1e4dc878eeccc19b6d3ab0302617149bc..0000000000000000000000000000000000000000 Binary files a/sqlite-autoconf-3370200.tar.gz and /dev/null differ diff --git a/sqlite-autoconf-3420000.tar.gz b/sqlite-autoconf-3420000.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..add41942a78a0d413b0797805b17f1e5cbc32097 Binary files /dev/null and b/sqlite-autoconf-3420000.tar.gz differ diff --git a/sqlite-doc-3370200.zip b/sqlite-doc-3420000.zip similarity index 60% rename from sqlite-doc-3370200.zip rename to sqlite-doc-3420000.zip index 636a5c442dc7f311f50bd881c95ca52487e0bd74..bc4fb0c41daa7c74a49c32e3e48b87d0455fa2e9 100644 Binary files a/sqlite-doc-3370200.zip and b/sqlite-doc-3420000.zip differ diff --git a/sqlite-src-3370200.zip b/sqlite-src-3420000.zip similarity index 74% rename from sqlite-src-3370200.zip rename to sqlite-src-3420000.zip index a736b3451f0feb25f281dc6b769f4e3524864346..241a8532258b1132f7595453e0680afe7e755830 100644 Binary files a/sqlite-src-3370200.zip and b/sqlite-src-3420000.zip differ diff --git a/sqlite.spec b/sqlite.spec index d06df4a7b74e1b2924fc18801446fb0a30f2642f..7fd324b18522722a612aff76c6b9f03d83a71761 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -1,28 +1,19 @@ %bcond_without check -%global extver 3370200 +%global extver 3420000 %global tcl_version 8.6 %global tcl_sitearch %{_libdir}/tcl%{tcl_version} Name: sqlite -Version: 3.37.2 -Release: 7 +Version: 3.42.0 +Release: 1 Summary: Embeded SQL database License: Public Domain URL: http://www.sqlite.org/ -Source0: https://www.sqlite.org/2022/sqlite-src-%{extver}.zip -Source1: http://www.sqlite.org/2022/sqlite-doc-%{extver}.zip -Source2: https://www.sqlite.org/2022/sqlite-autoconf-%{extver}.tar.gz - -Patch1: 0001-sqlite-no-malloc-usable-size.patch -Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch -Patch3: 0003-CVE-2022-35737.patch -Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch -Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch -Patch6: 0006-CVE-2022-46908.patch -Patch7: 0007-CVE-2023-36191.patch -Patch8: 0008-CVE-2023-7104.patch +Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip +Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip +Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: ncurses-devel readline-devel glibc-devel @@ -65,14 +56,6 @@ This contains man files and HTML files for the using of sqlite. %prep #autosetup will fail because of 2 zip files %setup -q -a1 -n %{name}-src-%{extver} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 rm -f %{name}-doc-%{extver}/sqlite.css~ || : @@ -147,6 +130,9 @@ make test %{_mandir}/man*/* %changelog +* Tue Feb 27 2024 Zheng Zhenyu - 3.42.0-1 +- Bump version to fix CVE-2024-0232 + * Wed Jan 3 2024 mazhao - 3.37.2-7 - fix the CVE-2023-7104