packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bump to 3.42.0

Browse Source 
Bump to 3.42.0 to fix CVE-2024-0232

Signed-off-by: Zhenyu Zheng <zheng.zhenyu@outlook.com>
This commit is contained in:
Zhenyu Zheng 2024-02-27 23:11:54 +08:00
parent 418511d548
commit 56bc0cbcce
13 changed files with 9 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0001-sqlite-no-malloc-usable-size.patch
View File

@ -1,24 +0,0 @@
diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
--- sqlite-src-3120200/configure.ac.malloc_usable_size 2016-04-25 09:46:48.134690570 +0200
+++ sqlite-src-3120200/configure.ac 2016-04-25 09:48:41.622637181 +0200
@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
#########
# Figure out whether or not we have these functions
#
-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
#########
# By default, we use the amalgamation (this may be changed below...)
diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
--- sqlite-src-3120200/configure.malloc_usable_size 2016-04-25 09:47:12.594679063 +0200
+++ sqlite-src-3120200/configure 2016-04-25 09:49:28.684615042 +0200
@@ -10275,7 +10275,7 @@ done
#########
# Figure out whether or not we have these functions
#
-for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

66
0002-remove-fail-testcase-in-no-free-fd-situation.patch
View File

@ -1,66 +0,0 @@
From defded46ea50037500590122d847ba6a7cb96110 Mon Sep 17 00:00:00 2001
From: eulerstorage <eulerstoragemt@huawei.com>
Date: Sat, 11 Jan 2020 11:33:54 +0800
Subject: [PATCH] remove fail testcase in no free fd situation
Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
some situation if there is no enough fd resource.
---
test/oserror.test | 27 ---------------------------
1 file changed, 27 deletions(-)
diff --git a/test/oserror.test b/test/oserror.test
index a51301c..d46218f 100644
--- a/test/oserror.test
+++ b/test/oserror.test
@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} {
}
-#--------------------------------------------------------------------------
-# Tests oserror-1.* test failures in the open() system call.
-#
-
-# Test a failure in open() due to too many files.
-#
-# The xOpen() method of the unix VFS calls getcwd() as well as open().
-# Although this does not appear to be documented in the man page, on OSX
-# a call to getcwd() may fail if there are no free file descriptors. So
-# an error may be reported for either open() or getcwd() here.
-#
-if {![clang_sanitize_address]} {
- unset -nocomplain rc
- unset -nocomplain nOpen
- set nOpen 20000
- do_test 1.1.1 {
- set ::log [list]
- set ::rc [catch {
- for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
- } msg]
- if {$::rc==0} {
- # Some system (ex: Debian) are able to create 20000+ file descriptiors
- # such systems will not fail here
- set x ok
- } elseif {$::rc==1 && $msg=="unable to open database file"} {
- set x ok
- } else {
- set x [list $::rc $msg]
- }
- } {ok}
- do_test 1.1.2 {
- catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } }
- } $::rc
- if {$rc} {
- do_re_test 1.1.3 {
- lindex $::log 0
- } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
- }
-}
-
-
# Test a failure in open() due to the path being a directory.
#
do_test 1.2.1 {
--
1.8.3.1

80
0003-CVE-2022-35737.patch
View File

@ -1,80 +0,0 @@
From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001
From: drh <>
Date: Fri, 15 Jul 2022 12:34:31 +0000
Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing
only) so that it is able to cope with row-value comparisons against the
primary key index of a WITHOUT ROWID table.
[forum:/forumpost/3607259d3c|Forum post 3607259d3c].
FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb
---
src/where.c | 4 ++--
test/rowvalue.test | 31 +++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/src/where.c b/src/where.c
index de6ea91e3..110eb4845 100644
--- a/src/where.c
+++ b/src/where.c
@@ -1433,7 +1433,7 @@ static int whereKeyStats(
#endif
assert( pRec!=0 );
assert( pIdx->nSample>0 );
- assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
+ assert( pRec->nField>0 );
/* Do a binary search to find the first sample greater than or equal
** to pRec. If pRec contains a single field, the set of samples to search
@@ -1479,7 +1479,7 @@ static int whereKeyStats(
** it is extended to two fields. The duplicates that this creates do not
** cause any problems.
*/
- nField = pRec->nField;
+ nField = MIN(pRec->nField, pIdx->nSample);
iCol = 0;
iSample = pIdx->nSample * nField;
do{
diff --git a/test/rowvalue.test b/test/rowvalue.test
index 12fee8237..59b44d938 100644
--- a/test/rowvalue.test
+++ b/test/rowvalue.test
@@ -751,4 +751,35 @@ do_execsql_test 30.3 {
+# 2022-07-15
+# https://sqlite.org/forum/forumpost/3607259d3c
+#
+reset_db
+do_execsql_test 33.1 {
+ CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID;
+ INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100);
+ ANALYZE;
+} {}
+do_execsql_test 33.2 {
+ SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2);
+} {0 1}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2);
+} {15 -7}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4);
+} {3 100}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2);
+} {}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0);
+} {0 1}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0);
+} {15 -7}
+do_execsql_test 33.3 {
+ SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0);
+} {3 100}
+
finish_test
--
2.25.1

25
0004-fix-memory-problem-in-the-rtree-test-suite.patch
View File

@ -1,25 +0,0 @@
From 3755f418be5c3608a7e0b59488a8e172d443d738 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Tue, 30 Aug 2022 17:02:04 +0800
Subject: [PATCH] fix memory problem in the rtree test suite
---
ext/rtree/test_rtreedoc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c
index 119be0e..cdbcb2e 100644
--- a/ext/rtree/test_rtreedoc.c
+++ b/ext/rtree/test_rtreedoc.c
@@ -324,7 +324,7 @@ static int SQLITE_TCLAPI register_box_query(
}
if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR;
- pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx*));
+ pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx));
pCtx->interp = interp;
pCtx->pScript = Tcl_DuplicateObj(objv[2]);
Tcl_IncrRefCount(pCtx->pScript);
--
2.23.0

28
0005-fix-integer-overflow-on-gigabyte-string.patch
View File

@ -1,28 +0,0 @@
From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Mon, 5 Sep 2022 16:49:05 +0800
Subject: [PATCH] fix integer overflow on gigabyte string
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
src/printf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/printf.c b/src/printf.c
index e635184..fb3689e 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
case etSQLESCAPE: /* %q: Escape ' characters */
case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
case etSQLESCAPE3: { /* %w: Escape " characters */
- int i, j, k, n, isnull;
- int needQuote;
+ i64 i, j, k, n;
+ int needQuote, isnull;
char ch;
char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
char *escarg;
--
2.25.1

53
0006-CVE-2022-46908.patch
View File

@ -1,53 +0,0 @@
From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Thu, 15 Dec 2022 09:49:15 +0800
Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
src/shell.c.in | 4 ++--
test/shell2.test | 11 +++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/shell.c.in b/src/shell.c.in
index 543141c..2c1e013 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -1829,7 +1829,7 @@ static int safeModeAuth(
"zipfile",
"zipfile_cds",
};
- UNUSED_PARAMETER(zA2);
+ UNUSED_PARAMETER(zA1);
UNUSED_PARAMETER(zA3);
UNUSED_PARAMETER(zA4);
switch( op ){
@@ -1840,7 +1840,7 @@ static int safeModeAuth(
case SQLITE_FUNCTION: {
int i;
for(i=0; i<ArraySize(azProhibitedFunctions); i++){
- if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+ if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
failIfSafeMode(p, "cannot use the %s() function in safe mode",
azProhibitedFunctions[i]);
}
diff --git a/test/shell2.test b/test/shell2.test
index 6b4dff5..c3777eb 100644
--- a/test/shell2.test
+++ b/test/shell2.test
@@ -188,4 +188,15 @@ b
2
}}
+# Verify that safe mode rejects certain UDFs
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
+do_test shell2-1.4.8 {
+ catchcmd "-safe :memory:" {
+ SELECT edit('DoNotCare');}
+} {1 {line 2: cannot use the edit() function in safe mode}}
+do_test shell2-1.4.9 {
+ catchcmd "-safe :memory:" {
+ SELECT writefile('DoNotCare', x'');}
+} {1 {line 2: cannot use the writefile() function in safe mode}}
+
finish_test

32
0007-CVE-2023-36191.patch
View File

@ -1,32 +0,0 @@
From 1b2901722e5de3ef8d29edb4481327e48bd3363c Mon Sep 17 00:00:00 2001
From: zwtmichael <zhuwentao5@huawei.com>
Date: Mon, 7 Aug 2023 15:10:32 +0800
Subject: [PATCH] fix segmentation violation
Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
---
src/shell.c.in | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/shell.c.in b/src/shell.c.in
index 543141c..d278988 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -11469,8 +11469,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
}else if( strcmp(z,"-bail")==0 ){
bail_on_error = 1;
}else if( strcmp(z,"-nonce")==0 ){
- free(data.zNonce);
- data.zNonce = strdup(argv[++i]);
+ if( data.zNonce ) free(data.zNonce);
+ if( i+1 < argc ) data.zNonce = strdup(argv[++i]);
+ else{
+ data.zNonce = 0;
+ break;
+ }
}else if( strcmp(z,"-safe")==0 ){
/* no-op - catch this on the second pass */
}
--
2.34.1.windows.1

45
0008-CVE-2023-7104.patch
View File

@ -1,45 +0,0 @@
it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
From: mazhao <mazhao12@huawei.com>
Date: Wed, 3 Jan 2024 12:00:45 +0800
Subject: [PATCH] Fix a buffer overread in the sessions extension that could
occur when processing a corrupt changeset.
Signed-off-by: mazhao <mazhao12@huawei.com>
---
ext/session/sqlite3session.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
index a892804..72ad427 100644
--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
}
}
if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
- sqlite3_int64 v = sessionGetI64(aVal);
- if( eType==SQLITE_INTEGER ){
- sqlite3VdbeMemSetInt64(apOut[i], v);
+ if( (pIn->nData-pIn->iNext)<8 ){
+ rc = SQLITE_CORRUPT_BKPT;
}else{
- double d;
- memcpy(&d, &v, 8);
- sqlite3VdbeMemSetDouble(apOut[i], d);
+ sqlite3_int64 v = sessionGetI64(aVal);
+ if( eType==SQLITE_INTEGER ){
+ sqlite3VdbeMemSetInt64(apOut[i], v);
+ }else{
+ double d;
+ memcpy(&d, &v, 8);
+ sqlite3VdbeMemSetDouble(apOut[i], d);
+ }
+ pIn->iNext += 8;
}
- pIn->iNext += 8;
}
}
}
--
2.34.1

BIN
sqlite-autoconf-3370200.tar.gz
View File

Binary file not shown.

BIN
sqlite-autoconf-3420000.tar.gz Normal file
View File

Binary file not shown.

BIN
sqlite-doc-3370200.zip → sqlite-doc-3420000.zip
View File

Binary file not shown.

BIN
sqlite-src-3370200.zip → sqlite-src-3420000.zip
View File

Binary file not shown.

32
sqlite.spec
View File

@ -1,28 +1,19 @@
%bcond_without check
%global extver 3370200
%global extver 3420000
%global tcl_version 8.6
%global tcl_sitearch %{_libdir}/tcl%{tcl_version}
Name: sqlite
Version: 3.37.2
Release: 7
Version: 3.42.0
Release: 1
Summary: Embeded SQL database
License: Public Domain
URL: http://www.sqlite.org/
Source0: https://www.sqlite.org/2022/sqlite-src-%{extver}.zip
Source1: http://www.sqlite.org/2022/sqlite-doc-%{extver}.zip
Source2: https://www.sqlite.org/2022/sqlite-autoconf-%{extver}.tar.gz
Patch1: 0001-sqlite-no-malloc-usable-size.patch
Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
Patch3: 0003-CVE-2022-35737.patch
Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
Patch6: 0006-CVE-2022-46908.patch
Patch7: 0007-CVE-2023-36191.patch
Patch8: 0008-CVE-2023-7104.patch
Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip
Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip
Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz
BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel
@ -65,14 +56,6 @@ This contains man files and HTML files for the using of sqlite.
%prep
#autosetup will fail because of 2 zip files
%setup -q -a1 -n %{name}-src-%{extver}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -147,6 +130,9 @@ make test
%{_mandir}/man*/*
%changelog
* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
- Bump version to fix CVE-2024-0232
* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
- fix the CVE-2023-7104