fix CVEs
This commit is contained in:
eulerstorage
parent
1c5fee08fa
commit
8c80ee8972
@ -0,0 +1,43 @@
|
||||
From d8f2d46cbc9925e034a68aaaf60aad788d9373c1 Mon Sep 17 00:00:00 2001
|
||||
From: drh <drh@noemail.net>
|
||||
Date: Mon, 23 Dec 2019 21:04:33 +0000
|
||||
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
|
||||
it is able to deal with goofy filenames that contain embedded zeros.
|
||||
|
||||
Code for CVE-2019-19959 fixing
|
||||
Modified by openEuler build team
|
||||
Removed manifest changes and adapt to old code.
|
||||
|
||||
FossilOrigin-Name: cc0fb00a128fd0773db5ff7891f7aa577a3671d570166d2cbb30df922344adcf
|
||||
---
|
||||
ext/misc/zipfile.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
||||
index 9f2258e..3a87ec2 100644
|
||||
--- a/ext/misc/zipfile.c
|
||||
+++ b/ext/misc/zipfile.c
|
||||
@@ -1631,7 +1631,7 @@ static int zipfileUpdate(
|
||||
zFree = sqlite3_mprintf("%s/", zPath);
|
||||
if( zFree==0 ){ rc = SQLITE_NOMEM; }
|
||||
zPath = (const char*)zFree;
|
||||
- nPath++;
|
||||
+ nPath = (int)strlen(zPath);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2032,11 +2032,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
|
||||
}else{
|
||||
if( zName[nName-1]!='/' ){
|
||||
zName = zFree = sqlite3_mprintf("%s/", zName);
|
||||
- nName++;
|
||||
if( zName==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
goto zipfile_step_out;
|
||||
}
|
||||
+ nName = (int)strlen(zName);
|
||||
}else{
|
||||
while( nName>1 && zName[nName-2]=='/' ) nName--;
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
||||
10
sqlite.spec
10
sqlite.spec
@ -6,7 +6,7 @@
|
||||
|
||||
Name: sqlite
|
||||
Version: 3.24.0
|
||||
Release: 7
|
||||
Release: 8
|
||||
Summary: Embeded SQL database
|
||||
License: Public Domain
|
||||
URL: http://www.sqlite.org/
|
||||
@ -73,6 +73,7 @@ Patch6050: 6050-Fix-CVE-2019-19924-When-an-error-occurs-while-rewriting-the-pars
|
||||
Patch6051: 6051-Fix-CVE-2019-19925-Fix-the-zipfile-extension-so-that-INSERT-works-even-.patch
|
||||
Patch6052: 6052-Fix-CVE-2019-19926-Continuation-of-e2bddcd4c55ba3cb-Add-another-spot-wh.patch
|
||||
Patch6053: 6053-Fix-CVE-2019-20218-Do-not-attempt-to-unwind-the-WITH-stack-in-the-Parse.patch
|
||||
Patch6054: 6054-Fix-the-zipfile-function-in-the-zipfile-extension-so.patch
|
||||
|
||||
BuildRequires: gcc autoconf tcl tcl-devel
|
||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||
@ -172,6 +173,7 @@ This contains man files and HTML files for the using of sqlite.
|
||||
%patch6051 -p1
|
||||
%patch6052 -p1
|
||||
%patch6053 -p1
|
||||
%patch6054 -p1
|
||||
|
||||
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
|
||||
|
||||
@ -242,6 +244,12 @@ make test
|
||||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Wed Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-8
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:CVE-2019-19959 fixed
|
||||
|
||||
* Wed Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-7
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user