fix CVE-2020-11655
This commit is contained in:
ethan848
parent
b3bfc53d7e
commit
70009f31e0
31
6057-Fix-CVE-2020-11655.patch
Normal file
31
6057-Fix-CVE-2020-11655.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From fc24a3a984c373d94612dcb3ec1e75b4f8a3ab6c Mon Sep 17 00:00:00 2001
|
||||||
|
From: luoshijie1 <luoshijie1@huawei.com>
|
||||||
|
Date: Tue, 14 Apr 2020 16:21:35 +0000
|
||||||
|
Subject: [PATCH] sqlite: fix CVE-2020-11655
|
||||||
|
|
||||||
|
In the event of a semantic error in an aggregate query, early-out
|
||||||
|
the resetAccumulator() function to prevent problems due to incomplete
|
||||||
|
or incorrect initialization of the AggInfo object.
|
||||||
|
Fix for ticket [af4556bb5c285c08].
|
||||||
|
https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11
|
||||||
|
|
||||||
|
Signed-off-by: drh <drh@noemail.net>
|
||||||
|
Signed-off-by: luoshiji1 <luoshijie1@huawei.com>
|
||||||
|
---
|
||||||
|
src/select.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/select.c b/src/select.c
|
||||||
|
index 3bb98ad..270075a 100644
|
||||||
|
--- a/src/select.c
|
||||||
|
+++ b/src/select.c
|
||||||
|
@@ -5058,6 +5058,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){
|
||||||
|
struct AggInfo_func *pFunc;
|
||||||
|
int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
|
||||||
|
if( nReg==0 ) return;
|
||||||
|
+ if( pParse->nErr ) return;
|
||||||
|
#ifdef SQLITE_DEBUG
|
||||||
|
/* Verify that all AggInfo registers are within the range specified by
|
||||||
|
** AggInfo.mnReg..AggInfo.mxReg */
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
10
sqlite.spec
10
sqlite.spec
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: sqlite
|
Name: sqlite
|
||||||
Version: 3.24.0
|
Version: 3.24.0
|
||||||
Release: 9
|
Release: 10
|
||||||
Summary: Embeded SQL database
|
Summary: Embeded SQL database
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
URL: http://www.sqlite.org/
|
URL: http://www.sqlite.org/
|
||||||
@ -76,6 +76,7 @@ Patch6053: 6053-Fix-CVE-2019-20218-Do-not-attempt-to-unwind-the-WITH-stack-in-th
|
|||||||
Patch6054: 6054-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch
|
Patch6054: 6054-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch
|
||||||
Patch6055: 6055-Fix-CVE-2018-20505.patch
|
Patch6055: 6055-Fix-CVE-2018-20505.patch
|
||||||
Patch6056: 6056-Fix-CVE-2020-9327.patch
|
Patch6056: 6056-Fix-CVE-2020-9327.patch
|
||||||
|
Patch6057: 6057-Fix-CVE-2020-11655.patch
|
||||||
|
|
||||||
BuildRequires: gcc autoconf tcl tcl-devel
|
BuildRequires: gcc autoconf tcl tcl-devel
|
||||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||||
@ -178,6 +179,7 @@ This contains man files and HTML files for the using of sqlite.
|
|||||||
%patch6054 -p1
|
%patch6054 -p1
|
||||||
%patch6055 -p1
|
%patch6055 -p1
|
||||||
%patch6056 -p1
|
%patch6056 -p1
|
||||||
|
%patch6057 -p1
|
||||||
|
|
||||||
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
|
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
|
||||||
|
|
||||||
@ -248,6 +250,12 @@ make test
|
|||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 19 2020 ethan848 <mingfangsen@huawei.com>
|
||||||
|
- Type:enhancement
|
||||||
|
- ID:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:CVE-2020-11655 fixed
|
||||||
|
|
||||||
* Tue Mar 10 2020 steven <steven_ygui@163.com> - 3.24.0-9
|
* Tue Mar 10 2020 steven <steven_ygui@163.com> - 3.24.0-9
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user