diff --git a/0003-CVE-2022-35737.patch b/0003-CVE-2022-35737.patch new file mode 100644 index 0000000000000000000000000000000000000000..9c6fa5b37a01849ba8bff71e16a69da14d8ea7a8 --- /dev/null +++ b/0003-CVE-2022-35737.patch @@ -0,0 +1,80 @@ +From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Fri, 15 Jul 2022 12:34:31 +0000 +Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing + only) so that it is able to cope with row-value comparisons against the + primary key index of a WITHOUT ROWID table. + [forum:/forumpost/3607259d3c|Forum post 3607259d3c]. + +FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb + +--- + src/where.c | 4 ++-- + test/rowvalue.test | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/src/where.c b/src/where.c +index de6ea91e3..110eb4845 100644 +--- a/src/where.c ++++ b/src/where.c +@@ -1433,7 +1433,7 @@ static int whereKeyStats( + #endif + assert( pRec!=0 ); + assert( pIdx->nSample>0 ); +- assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol ); ++ assert( pRec->nField>0 ); + + /* Do a binary search to find the first sample greater than or equal + ** to pRec. If pRec contains a single field, the set of samples to search +@@ -1479,7 +1479,7 @@ static int whereKeyStats( + ** it is extended to two fields. The duplicates that this creates do not + ** cause any problems. + */ +- nField = pRec->nField; ++ nField = MIN(pRec->nField, pIdx->nSample); + iCol = 0; + iSample = pIdx->nSample * nField; + do{ +diff --git a/test/rowvalue.test b/test/rowvalue.test +index 12fee8237..59b44d938 100644 +--- a/test/rowvalue.test ++++ b/test/rowvalue.test +@@ -751,4 +751,35 @@ do_execsql_test 30.3 { + + + ++# 2022-07-15 ++# https://sqlite.org/forum/forumpost/3607259d3c ++# ++reset_db ++do_execsql_test 33.1 { ++ CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID; ++ INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100); ++ ANALYZE; ++} {} ++do_execsql_test 33.2 { ++ SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2); ++} {0 1} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2); ++} {15 -7} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4); ++} {3 100} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2); ++} {} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0); ++} {0 1} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0); ++} {15 -7} ++do_execsql_test 33.3 { ++ SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0); ++} {3 100} ++ + finish_test +-- +2.25.1 + diff --git a/0004-fix-memory-problem-in-the-rtree-test-suite.patch b/0004-fix-memory-problem-in-the-rtree-test-suite.patch new file mode 100644 index 0000000000000000000000000000000000000000..273fbef54f5057cf67b615e09f555ee252d2044d --- /dev/null +++ b/0004-fix-memory-problem-in-the-rtree-test-suite.patch @@ -0,0 +1,25 @@ +From 3755f418be5c3608a7e0b59488a8e172d443d738 Mon Sep 17 00:00:00 2001 +From: zwtmichael +Date: Tue, 30 Aug 2022 17:02:04 +0800 +Subject: [PATCH] fix memory problem in the rtree test suite + +--- + ext/rtree/test_rtreedoc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c +index 119be0e..cdbcb2e 100644 +--- a/ext/rtree/test_rtreedoc.c ++++ b/ext/rtree/test_rtreedoc.c +@@ -324,7 +324,7 @@ static int SQLITE_TCLAPI register_box_query( + } + if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR; + +- pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx*)); ++ pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx)); + pCtx->interp = interp; + pCtx->pScript = Tcl_DuplicateObj(objv[2]); + Tcl_IncrRefCount(pCtx->pScript); +-- +2.23.0 + diff --git a/0005-fix-integer-overflow-on-gigabyte-string.patch b/0005-fix-integer-overflow-on-gigabyte-string.patch new file mode 100644 index 0000000000000000000000000000000000000000..4163eb6dfc8516b83b46c844bc0b97b3230227b1 --- /dev/null +++ b/0005-fix-integer-overflow-on-gigabyte-string.patch @@ -0,0 +1,28 @@ +From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001 +From: zwtmichael +Date: Mon, 5 Sep 2022 16:49:05 +0800 +Subject: [PATCH] fix integer overflow on gigabyte string + +Signed-off-by: zwtmichael +--- + src/printf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/printf.c b/src/printf.c +index e635184..fb3689e 100644 +--- a/src/printf.c ++++ b/src/printf.c +@@ -803,8 +803,8 @@ void sqlite3_str_vappendf( + case etSQLESCAPE: /* %q: Escape ' characters */ + case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */ + case etSQLESCAPE3: { /* %w: Escape " characters */ +- int i, j, k, n, isnull; +- int needQuote; ++ i64 i, j, k, n; ++ int needQuote, isnull; + char ch; + char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */ + char *escarg; +-- +2.25.1 + diff --git a/0006-CVE-2022-46908.patch b/0006-CVE-2022-46908.patch new file mode 100644 index 0000000000000000000000000000000000000000..db5c22219c7d1389cb1062f650ade5930fc779cd --- /dev/null +++ b/0006-CVE-2022-46908.patch @@ -0,0 +1,53 @@ +From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001 +From: zwtmichael +Date: Thu, 15 Dec 2022 09:49:15 +0800 +Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs + +Signed-off-by: zwtmichael +--- + src/shell.c.in | 4 ++-- + test/shell2.test | 11 +++++++++++ + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/shell.c.in b/src/shell.c.in +index 543141c..2c1e013 100644 +--- a/src/shell.c.in ++++ b/src/shell.c.in +@@ -1829,7 +1829,7 @@ static int safeModeAuth( + "zipfile", + "zipfile_cds", + }; +- UNUSED_PARAMETER(zA2); ++ UNUSED_PARAMETER(zA1); + UNUSED_PARAMETER(zA3); + UNUSED_PARAMETER(zA4); + switch( op ){ +@@ -1840,7 +1840,7 @@ static int safeModeAuth( + case SQLITE_FUNCTION: { + int i; + for(i=0; i +Date: Mon, 7 Aug 2023 15:10:32 +0800 +Subject: [PATCH] fix segmentation violation + +Signed-off-by: zwtmichael +--- + src/shell.c.in | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/shell.c.in b/src/shell.c.in +index 543141c..d278988 100644 +--- a/src/shell.c.in ++++ b/src/shell.c.in +@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){ + }else if( strcmp(z,"-bail")==0 ){ + bail_on_error = 1; + }else if( strcmp(z,"-nonce")==0 ){ +- free(data.zNonce); +- data.zNonce = strdup(argv[++i]); ++ if( data.zNonce ) free(data.zNonce); ++ if( i+1 < argc ) data.zNonce = strdup(argv[++i]); ++ else{ ++ data.zNonce = 0; ++ break; ++ } + }else if( strcmp(z,"-safe")==0 ){ + /* no-op - catch this on the second pass */ + } +-- +2.34.1.windows.1 + diff --git a/sqlite-autoconf-3340000.tar.gz b/sqlite-autoconf-3340000.tar.gz deleted file mode 100644 index 4ddcb8924ca93836dc5d590929e715083027212a..0000000000000000000000000000000000000000 Binary files a/sqlite-autoconf-3340000.tar.gz and /dev/null differ diff --git a/sqlite-autoconf-3370200.tar.gz b/sqlite-autoconf-3370200.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..418e66f1e4dc878eeccc19b6d3ab0302617149bc Binary files /dev/null and b/sqlite-autoconf-3370200.tar.gz differ diff --git a/sqlite-doc-3340000.zip b/sqlite-doc-3370200.zip similarity index 60% rename from sqlite-doc-3340000.zip rename to sqlite-doc-3370200.zip index 66f3921e0c4ee039bb3534bcc4d72613e77aa807..636a5c442dc7f311f50bd881c95ca52487e0bd74 100644 Binary files a/sqlite-doc-3340000.zip and b/sqlite-doc-3370200.zip differ diff --git a/sqlite-src-3340000.zip b/sqlite-src-3370200.zip similarity index 77% rename from sqlite-src-3340000.zip rename to sqlite-src-3370200.zip index beb49f6449fdb059276cf43ac61555f13ad9071b..a736b3451f0feb25f281dc6b769f4e3524864346 100644 Binary files a/sqlite-src-3340000.zip and b/sqlite-src-3370200.zip differ diff --git a/sqlite.spec b/sqlite.spec index c6600c930bb4d978cfd5914dabe21bad2e121d41..b304d95c05ea89c8ce2895b67f1c4aa96a0110b5 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -1,22 +1,27 @@ %bcond_without check -%global extver 3340000 +%global extver 3370200 %global tcl_version 8.6 %global tcl_sitearch %{_libdir}/tcl%{tcl_version} Name: sqlite -Version: 3.34.0 -Release: 1 +Version: 3.37.2 +Release: 6 Summary: Embeded SQL database License: Public Domain URL: http://www.sqlite.org/ -Source0: https://www.sqlite.org/2020/sqlite-src-%{extver}.zip -Source1: http://www.sqlite.org/2020/sqlite-doc-%{extver}.zip -Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz +Source0: https://www.sqlite.org/2022/sqlite-src-%{extver}.zip +Source1: http://www.sqlite.org/2022/sqlite-doc-%{extver}.zip +Source2: https://www.sqlite.org/2022/sqlite-autoconf-%{extver}.tar.gz Patch1: 0001-sqlite-no-malloc-usable-size.patch Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch +Patch3: 0003-CVE-2022-35737.patch +Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch +Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch +Patch6: 0006-CVE-2022-46908.patch +Patch7: 0007-CVE-2023-36191.patch BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: ncurses-devel readline-devel glibc-devel @@ -61,12 +66,17 @@ This contains man files and HTML files for the using of sqlite. %setup -q -a1 -n %{name}-src-%{extver} %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 rm -f %{name}-doc-%{extver}/sqlite.css~ || : -autoconf - %build + +autoconf export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \ -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \ -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \ @@ -107,6 +117,10 @@ export MALLOC_CHECK_=3 %else rm test/csv01.test %endif +%ifarch loongarch64 +rm -rf test/thread1.test +rm -rf test/thread2.test +%endif make test %endif # with check @@ -131,6 +145,39 @@ make test %{_mandir}/man*/* %changelog +* Mon Aug 7 2023 zhuwentao - 3.37.2-6 +- fix the CVE-2023-36191 + +* Fri Jan 13 2023 Wenlong Zhang - 3.37.2-5 +- remove fail testcase for loongarch + +* Wed Dec 14 2022 zhuwentao - 3.37.2-4 +- fix the CVE-2022-46908 + +* Wed Sep 14 2022 zhuwentao - 3.37.2-3 +- fix build problem + +* Mon Sep 5 2022 zhuwentao - 3.37.2-2 +- fix integer overflow on gigabyte string + +* Mon Aug 29 2022 zhuwentao - 3.37.2-1 +- update to 3.37.2 + +* Tue Aug 16 2022 liusirui - 3.36.0-3 +- fix the CVE-2022-35737. + +* Sat Nov 27 2021 wbq_sky - 3.36.0-2 +- fix the CVE-2021-36690. + +* Fri Nov 25 2021 wbq_sky - 3.36.0-1 +- update to 3.36.0. + +* Fri Sep 3 2021 wbq_sky - 3.34.0-3 +- fix the null reference in the tigger statement. + +* Fri Sep 3 2021 wbq_sky - 3.34.0-2 +- fix the infinite loop problem in the trim function while the pattern is well formed. + * Thu Jan 14 2021 yanglongkang - 3.34.0-1 - update package to 3.34.0