Package init
This commit is contained in:
dogsheng
parent
81a5c3e471
commit
b4a4c8ae87
65
6045-sqlite-CVE-2019-16168.patch
Normal file
65
6045-sqlite-CVE-2019-16168.patch
Normal file
@ -0,0 +1,65 @@
|
||||
From f555312151f716b54558776bce53bef9edb69d3a Mon Sep 17 00:00:00 2001
|
||||
From: guiyao <guiyao@huawei.com>
|
||||
Date: Mon, 14 Oct 2019 05:23:59 -0400
|
||||
Subject: [PATCH] fix CVE-2019-16168
|
||||
|
||||
---
|
||||
src/analyze.c | 4 +++-
|
||||
src/where.c | 1 +
|
||||
test/analyzeC.test | 13 +++++++++++++
|
||||
3 files changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/analyze.c b/src/analyze.c
|
||||
index 48fd495..552330b 100644
|
||||
--- a/src/analyze.c
|
||||
+++ b/src/analyze.c
|
||||
@@ -1497,7 +1497,9 @@ static void decodeIntArray(
|
||||
if( sqlite3_strglob("unordered*", z)==0 ){
|
||||
pIndex->bUnordered = 1;
|
||||
}else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
|
||||
- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
|
||||
+ int sz = sqlite3Atoi(z+3);
|
||||
+ if( sz<2 ) sz = 2;
|
||||
+ pIndex->szIdxRow = sqlite3LogEst(sz);
|
||||
}else if( sqlite3_strglob("noskipscan*", z)==0 ){
|
||||
pIndex->noSkipScan = 1;
|
||||
}
|
||||
diff --git a/src/where.c b/src/where.c
|
||||
index b83915e..1df9b46 100644
|
||||
--- a/src/where.c
|
||||
+++ b/src/where.c
|
||||
@@ -2585,6 +2585,7 @@ static int whereLoopAddBtreeIndex(
|
||||
** it to pNew->rRun, which is currently set to the cost of the index
|
||||
** seek only. Then, if this is a non-covering index, add the cost of
|
||||
** visiting the rows in the main table. */
|
||||
+ assert( pSrc->pTab->szTabRow>0 );
|
||||
rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
|
||||
pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
|
||||
if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
|
||||
diff --git a/test/analyzeC.test b/test/analyzeC.test
|
||||
index 02faa9c..246da89 100644
|
||||
--- a/test/analyzeC.test
|
||||
+++ b/test/analyzeC.test
|
||||
@@ -132,6 +132,19 @@ do_execsql_test 4.3 {
|
||||
SELECT count(a) FROM t1;
|
||||
} {/.*INDEX t1ca.*/}
|
||||
|
||||
+# 2019-08-15.
|
||||
+# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
|
||||
+# The sz=N parameter in the sqlite_stat1 table needs to have a value of
|
||||
+# 2 or more to avoid a division by zero in the query planner.
|
||||
+#
|
||||
+do_execsql_test 4.4 {
|
||||
+ DROP TABLE IF EXISTS t44;
|
||||
+ CREATE TABLE t44(a PRIMARY KEY);
|
||||
+ INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
|
||||
+ ANALYZE sqlite_master;
|
||||
+ SELECT 0 FROM t44 WHERE a IN(1,2,3);
|
||||
+} {}
|
||||
+
|
||||
|
||||
# The sz=NNN parameter works even if there is other extraneous text
|
||||
# in the sqlite_stat1.stat column.
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
27
6046-Fix-CVE-2019-19646.patch
Normal file
27
6046-Fix-CVE-2019-19646.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From b097449afefa53e05637aaa43197c66cece575c7 Mon Sep 17 00:00:00 2001
|
||||
From: guiyao <guiyao@huawei.com>
|
||||
Date: Tue, 17 Dec 2019 10:53:58 -0500
|
||||
Subject: [PATCH] Backport Fix CVE-2019-19646
|
||||
|
||||
---
|
||||
src/pragma.c | 4 +++-
|
||||
1 files changed, 3 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/pragma.c b/src/pragma.c
|
||||
index 4699c96..eda1a16 100644
|
||||
--- a/src/pragma.c
|
||||
+++ b/src/pragma.c
|
||||
@@ -1571,7 +1571,9 @@ void sqlite3Pragma(
|
||||
if( j==pTab->iPKey ) continue;
|
||||
if( pTab->aCol[j].notNull==0 ) continue;
|
||||
sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
|
||||
- sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
|
||||
+ if( sqlite3VdbeGetOp(v,-1)->opcode==OP_Column ){
|
||||
+ sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
|
||||
+ }
|
||||
jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
|
||||
zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
|
||||
pTab->aCol[j].zName);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
17
sqlite.spec
17
sqlite.spec
@ -6,7 +6,7 @@
|
||||
|
||||
Name: sqlite
|
||||
Version: 3.24.0
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: Embeded SQL database
|
||||
License: Public Domain
|
||||
URL: http://www.sqlite.org/
|
||||
@ -69,7 +69,8 @@ Patch6041: 6041-Fix-another-segfault-that-could-occur-in-fts5-with-a.patch
|
||||
Patch6042: 6042-Fix-a-potential-memory-leak-in-RBU-if-the-rbu_fossil.patch
|
||||
Patch6043: 6043-Fix-a-potential-32-bit-integer-overflow-in-the-showd.patch
|
||||
Patch6044: 6044-sqlite-CVE-2019-8457-out-of-bounds-read.patch
|
||||
|
||||
Patch6045: 6045-sqlite-CVE-2019-16168.patch
|
||||
Patch6046: 6046-Fix-CVE-2019-19646.patch
|
||||
|
||||
BuildRequires: gcc autoconf tcl tcl-devel
|
||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||
@ -168,8 +169,8 @@ This contains man files and HTML files for the using of sqlite.
|
||||
%patch6042 -p1
|
||||
%patch6043 -p1
|
||||
%patch6044 -p1
|
||||
|
||||
|
||||
%patch6045 -p1
|
||||
%patch6046 -p1
|
||||
|
||||
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
|
||||
|
||||
@ -239,9 +240,13 @@ make test
|
||||
%doc %{name}-doc-%{extver}/*
|
||||
%{_mandir}/man*/*
|
||||
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-5
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:fix CVE bug
|
||||
|
||||
* Wed Sep 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.24.0-4
|
||||
- Type:enhancemnet
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user