diff --git a/0005-CVE-2021-20223.patch b/0005-CVE-2021-20223.patch new file mode 100644 index 0000000000000000000000000000000000000000..22ffb50e99cd0f7604bbcfea8402bf525f1ccea9 --- /dev/null +++ b/0005-CVE-2021-20223.patch @@ -0,0 +1,73 @@ +From 4c5f8ebaf38faa9be7bdacc4fe53e91dc9750a88 Mon Sep 17 00:00:00 2001 +From: wbq_sky +Date: Wed, 31 Aug 2022 10:56:50 +0800 +Subject: [PATCH] Fix CVE-2021-20223 From + d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 From: dan + Date: Mon, 26 Oct 2020 13:24:36 +0000 Subject: [PATCH] + Prevent fts5 tokenizer unicode61 from considering '\0' to be a token + characters, even if other characters of class "Cc" are. + +FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f +--- + ext/fts5/fts5_unicode2.c | 1 + + ext/fts5/test/fts5tok1.test | 35 +++++++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+) + +diff --git a/ext/fts5/fts5_unicode2.c b/ext/fts5/fts5_unicode2.c +index 161e8d8..843133e 100644 +--- a/ext/fts5/fts5_unicode2.c ++++ b/ext/fts5/fts5_unicode2.c +@@ -773,4 +773,5 @@ void sqlite3Fts5UnicodeAscii(u8 *aArray, u8 *aAscii){ + } + iTbl++; + } ++ aAscii[0] = 0; /* 0x00 is never a token character */ + } +diff --git a/ext/fts5/test/fts5tok1.test b/ext/fts5/test/fts5tok1.test +index a336f11..c605ce3 100644 +--- a/ext/fts5/test/fts5tok1.test ++++ b/ext/fts5/test/fts5tok1.test +@@ -111,5 +111,40 @@ do_catchsql_test 2.1 { + SELECT * FROM t4; + } {1 {SQL logic error}} + ++#------------------------------------------------------------------------- ++# Embedded 0x00 characters. ++# ++reset_db ++do_execsql_test 3.1.0 { ++ CREATE VIRTUAL TABLE t1 USING fts5(z); ++ CREATE VIRTUAL TABLE tt USING fts5vocab(t1, 'instance'); ++ INSERT INTO t1 VALUES('abc' || char(0) || 'def'); ++ SELECT * FROM tt; ++} { abc 1 z 0 def 1 z 1 } ++do_execsql_test 3.1.1 { ++ SELECT hex(z) FROM t1; ++} {61626300646566} ++do_execsql_test 3.1.2 { ++ INSERT INTO t1(t1) VALUES('integrity-check'); ++} {} ++ ++do_execsql_test 3.2.0 { ++ CREATE VIRTUAL TABLE t2 USING fts5(z, ++ tokenize="unicode61 categories 'L* N* Co Cc'" ++ ); ++ CREATE VIRTUAL TABLE tu USING fts5vocab(t2, 'instance'); ++ ++ INSERT INTO t2 VALUES('abc' || char(0) || 'def'); ++ SELECT * FROM tu; ++} { abc 1 z 0 def 1 z 1 } ++ ++do_execsql_test 3.2.1 { ++ SELECT hex(z) FROM t1; ++} {61626300646566} ++ ++do_execsql_test 3.2.2 { ++ INSERT INTO t1(t1) VALUES('integrity-check'); ++} {} ++ + + finish_test +-- +2.25.1 + diff --git a/sqlite.spec b/sqlite.spec index ae13e21c6fbbf7c4ac474ed50c04b79df01f0d51..6b70eb3197efd2d5ead429cc3a4fdef290a4018a 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -7,7 +7,7 @@ Name: sqlite Version: 3.32.3 -Release: 4 +Release: 5 Summary: Embeded SQL database License: Public Domain URL: http://www.sqlite.org/ @@ -20,6 +20,7 @@ Patch1: 0001-sqlite-no-malloc-usable-size.patch Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch Patch3: CVE-2021-20227.patch Patch4: 0004-CVE-2022-35737.patch +Patch5: 0005-CVE-2021-20223.patch BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: ncurses-devel readline-devel glibc-devel @@ -66,7 +67,7 @@ This contains man files and HTML files for the using of sqlite. %patch2 -p1 %patch3 -p1 %patch4 -p1 - +%patch5 -p1 rm -f %{name}-doc-%{extver}/sqlite.css~ || : @@ -139,6 +140,9 @@ make test %{_mandir}/man*/* %changelog +* Wed Aug 31 2022 wbq_sky - 3.32.3-5 +- Fix CVE-2021-20223 + * Tue Aug 16 2022 liusirui - 3.32.3-4 - Fix CVE-2022-35737