!118 同步社区补丁

From: @noodlesland 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

0003-CVE-2022-35737.patch

@@ -1,80 +0,0 @@
-From effc07ec9c6e08d3bd17665f8800054770f8c643 Mon Sep 17 00:00:00 2001
-From: drh <>
-Date: Fri, 15 Jul 2022 12:34:31 +0000
-Subject: [PATCH] Fix the whereKeyStats() routine (part of STAT4 processing
- only) so that it is able to cope with row-value comparisons against the
- primary key index of a WITHOUT ROWID table.
- [forum:/forumpost/3607259d3c|Forum post 3607259d3c].
-
-FossilOrigin-Name: 2a6f761864a462de5c2d5bc666b82fb0b7e124a03443cd1482620dde344b34bb
-
----
- src/where.c        |  4 ++--
- test/rowvalue.test | 31 +++++++++++++++++++++++++++++++
- 2 files changed, 33 insertions(+), 2 deletions(-)
-
-diff --git a/src/where.c b/src/where.c
-index de6ea91e3..110eb4845 100644
---- a/src/where.c
-+++ b/src/where.c
-@@ -1433,7 +1433,7 @@ static int whereKeyStats(
- #endif
-   assert( pRec!=0 );
-   assert( pIdx->nSample>0 );
--  assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
-+  assert( pRec->nField>0 );
- 
-   /* Do a binary search to find the first sample greater than or equal
-   ** to pRec. If pRec contains a single field, the set of samples to search
-@@ -1479,7 +1479,7 @@ static int whereKeyStats(
-   ** it is extended to two fields. The duplicates that this creates do not 
-   ** cause any problems.
-   */
--  nField = pRec->nField;
-+  nField = MIN(pRec->nField, pIdx->nSample);
-   iCol = 0;
-   iSample = pIdx->nSample * nField;
-   do{
-diff --git a/test/rowvalue.test b/test/rowvalue.test
-index 12fee8237..59b44d938 100644
---- a/test/rowvalue.test
-+++ b/test/rowvalue.test
-@@ -751,4 +751,35 @@ do_execsql_test 30.3 {
- 
- 
- 
-+# 2022-07-15
-+# https://sqlite.org/forum/forumpost/3607259d3c
-+#
-+reset_db
-+do_execsql_test 33.1 {
-+  CREATE TABLE t1(a INT, b INT PRIMARY KEY) WITHOUT ROWID;
-+  INSERT INTO t1(a, b) VALUES (0, 1),(15,-7),(3,100);
-+  ANALYZE;
-+} {}
-+do_execsql_test 33.2 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (0,5) AND (99,-2);
-+} {0 1}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (-8,5) AND (0,-2);
-+} {15 -7}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,4);
-+} {3 100}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (b,a) BETWEEN (3,5) AND (100,2);
-+} {}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (-2,99) AND (1,0);
-+} {0 1}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (14,99) AND (16,0);
-+} {15 -7}
-+do_execsql_test 33.3 {
-+  SELECT * FROM t1 WHERE (a,b) BETWEEN (2,99) AND (4,0);
-+} {3 100}
-+
- finish_test
--- 
-2.25.1
-

0005-fix-integer-overflow-on-gigabyte-string.patch

@@ -1,28 +0,0 @@
-From 72210cf3c782ff30867d5c78e13900be9904ba76 Mon Sep 17 00:00:00 2001
-From: zwtmichael <zhuwentao5@huawei.com>
-Date: Mon, 5 Sep 2022 16:49:05 +0800
-Subject: [PATCH] fix integer overflow on gigabyte string
-
-Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
----
- src/printf.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/printf.c b/src/printf.c
-index e635184..fb3689e 100644
---- a/src/printf.c
-+++ b/src/printf.c
-@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
-       case etSQLESCAPE:           /* %q: Escape ' characters */
-       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
-       case etSQLESCAPE3: {        /* %w: Escape " characters */
--        int i, j, k, n, isnull;
--        int needQuote;
-+        i64 i, j, k, n;
-+        int needQuote, isnull;
-         char ch;
-         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
-         char *escarg;
--- 
-2.25.1
-

0006-CVE-2022-46908.patch

@@ -1,53 +0,0 @@
-From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
-From: zwtmichael <zhuwentao5@huawei.com>
-Date: Thu, 15 Dec 2022 09:49:15 +0800
-Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
-
-Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
----
- src/shell.c.in   |  4 ++--
- test/shell2.test | 11 +++++++++++
- 2 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/src/shell.c.in b/src/shell.c.in
-index 543141c..2c1e013 100644
---- a/src/shell.c.in
-+++ b/src/shell.c.in
-@@ -1829,7 +1829,7 @@ static int safeModeAuth(
-     "zipfile",
-     "zipfile_cds",
-   };
--  UNUSED_PARAMETER(zA2);
-+  UNUSED_PARAMETER(zA1);
-   UNUSED_PARAMETER(zA3);
-   UNUSED_PARAMETER(zA4);
-   switch( op ){
-@@ -1840,7 +1840,7 @@ static int safeModeAuth(
-     case SQLITE_FUNCTION: {
-       int i;
-       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
--        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
-+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
-           failIfSafeMode(p, "cannot use the %s() function in safe mode",
-                          azProhibitedFunctions[i]);
-         }
-diff --git a/test/shell2.test b/test/shell2.test
-index 6b4dff5..c3777eb 100644
---- a/test/shell2.test
-+++ b/test/shell2.test
-@@ -188,4 +188,15 @@ b
- 2
- }}
- 
-+# Verify that safe mode rejects certain UDFs
-+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
-+do_test shell2-1.4.8 {
-+  catchcmd "-safe :memory:" {
-+ SELECT edit('DoNotCare');}
-+} {1 {line 2: cannot use the edit() function in safe mode}}
-+do_test shell2-1.4.9 {
-+  catchcmd "-safe :memory:" {
-+ SELECT writefile('DoNotCare', x'');}
-+} {1 {line 2: cannot use the writefile() function in safe mode}}
-+
- finish_test

backport-0001-sqlite-no-malloc-usable-size.patch

@@ -1,19 +1,21 @@
-diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
+From 6a7c9be9502ea2023c4b5cf39a0d5a5a55b320f7 Mon Sep 17 00:00:00 2001
---- sqlite-src-3120200/configure.ac.malloc_usable_size	2016-04-25 09:46:48.134690570 +0200
+From: Lixiaokeng <lixiaokeng@huawei.com>
-+++ sqlite-src-3120200/configure.ac	2016-04-25 09:48:41.622637181 +0200
+Date: Wed, 17 Jul 2024 10:31:56 +0800
-@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
+Subject: [PATCH] sqlite no malloc_usable_size
- #########
- # Figure out whether or not we have these functions
- #
--AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
-+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
 
- #########
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0001-sqlite-no-malloc-usable-size.patch
- # By default, we use the amalgamation (this may be changed below...)
+Conflict:NA
-diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
+
---- sqlite-src-3120200/configure.malloc_usable_size	2016-04-25 09:47:12.594679063 +0200
+---
-+++ sqlite-src-3120200/configure	2016-04-25 09:49:28.684615042 +0200
+ configure    | 2 +-
-@@ -10275,7 +10275,7 @@ done
+ configure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure b/configure
+index 29ca76b..d67183a 100755
+--- a/configure
++++ b/configure
+@@ -10292,7 +10292,7 @@ done
  #########
  # Figure out whether or not we have these functions
  #
@@ -22,3 +24,18 @@ diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/conf
  do :
    as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
  ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index 53be0a6..6f9b1e1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h stdint.h inttypes.h malloc.h])
+ #########
+ # Figure out whether or not we have these functions
+ #
+-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
++AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
+ 
+ #########
+ # By default, we use the amalgamation (this may be changed below...)
+-- 
+2.33.0

backport-0002-remove-fail-testcase-in-no-free-fd-situation.patch

@@ -3,6 +3,9 @@ From: eulerstorage <eulerstoragemt@huawei.com>
 Date: Sat, 11 Jan 2020 11:33:54 +0800
 Subject: [PATCH] remove fail testcase in no free fd situation
 
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Conflict:NA
+
 Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
 some situation if there is no enough fd resource.
 ---
@@ -63,4 +66,3 @@ index a51301c..d46218f 100644
  do_test 1.2.1 {
 -- 
 1.8.3.1
-

backport-0003-fix-memory-problem-in-the-rtree-test-suite.patch

@@ -1,25 +1,26 @@
-From 3755f418be5c3608a7e0b59488a8e172d443d738 Mon Sep 17 00:00:00 2001
+From 26ea25aacc1e70f4d142d8f041da2065509c0b51 Mon Sep 17 00:00:00 2001
 From: zwtmichael <zhuwentao5@huawei.com>
 Date: Tue, 30 Aug 2022 17:02:04 +0800
 Subject: [PATCH] fix memory problem in the rtree test suite
 
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0004-fix-memory-problem-in-the-rtree-test-suite.patch
+Conflict: BoxQueryCtx change to BoxGeomCtx
 ---
  ext/rtree/test_rtreedoc.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/ext/rtree/test_rtreedoc.c b/ext/rtree/test_rtreedoc.c
-index 119be0e..cdbcb2e 100644
+index cdbcb2e..59a7942 100644
 --- a/ext/rtree/test_rtreedoc.c
 +++ b/ext/rtree/test_rtreedoc.c
-@@ -324,7 +324,7 @@ static int SQLITE_TCLAPI register_box_query(
+@@ -188,7 +188,7 @@ static int SQLITE_TCLAPI register_box_geom(
    }
    if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR;
  
--  pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx*));
+-  pCtx = (BoxGeomCtx*)ckalloc(sizeof(BoxGeomCtx*));
-+  pCtx = (BoxQueryCtx*)ckalloc(sizeof(BoxQueryCtx));
++  pCtx = (BoxGeomCtx*)ckalloc(sizeof(BoxGeomCtx));
    pCtx->interp = interp;
    pCtx->pScript = Tcl_DuplicateObj(objv[2]);
    Tcl_IncrRefCount(pCtx->pScript);
 -- 
-2.23.0
+2.33.0
-

backport-0004-CVE-2023-36191.patch

@@ -0,0 +1,34 @@
+From c5c8e025ff6cf0f7400b17aec73014e9cdc00935 Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Mon, 7 Aug 2023 15:10:32 +0800
+Subject: [PATCH] fix segmentation violation
+
+Reference:https://gitee.com/src-openeuler/sqlite/blob/openEuler-22.03-LTS-SP3/0007-CVE-2023-36191.patch
+Conflict:context adaptation
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/shell.c.in | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/shell.c.in b/src/shell.c.in
+index 72e4498..355b4bb 100644
+--- a/src/shell.c.in
++++ b/src/shell.c.in
+@@ -12219,8 +12219,12 @@ int SQLITE_CDECL wmain(int argc, wchar_t **wargv){
+     }else if( cli_strcmp(z,"-bail")==0 ){
+       bail_on_error = 1;
+     }else if( cli_strcmp(z,"-nonce")==0 ){
+-      free(data.zNonce);
+-      data.zNonce = strdup(argv[++i]);
++      if( data.zNonce ) free(data.zNonce);
++      if( i + 1 < argc ) data.zNonce = strdup(argv[++i]);
++      else{
++	      data.zNonce = 0;
++	      break;
++      }
+     }else if( cli_strcmp(z,"-unsafe-testing")==0 ){
+       ShellSetFlag(&data,SHFLG_TestingMode);
+     }else if( cli_strcmp(z,"-safe")==0 ){
+-- 
+2.33.0

backport-CVE-2023-7104.patch

@@ -0,0 +1,46 @@
+From 310e27eec4eb0e6c5cbc7bad6d3c0ad71619cb44 Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Reference:https://sqlite.org/src/info/0e4e7a05c4204b47
+Conflict:NA
+
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.33.0

sqlite.spec

@@ -1,31 +1,29 @@
 %bcond_without check
 
-%global extver 3370200
+%global extver 3420000
 %global tcl_version 8.6
 %global tcl_sitearch %{_libdir}/tcl%{tcl_version}
 
 Name:    sqlite
-Version: 3.37.2
+Version: 3.42.0
-Release: 5
+Release: 3
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2022/sqlite-src-%{extver}.zip
+Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2022/sqlite-doc-%{extver}.zip
+Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2022/sqlite-autoconf-%{extver}.tar.gz
+Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz
 
-Patch1: 0001-sqlite-no-malloc-usable-size.patch
+Patch6000: backport-0001-sqlite-no-malloc-usable-size.patch
-Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Patch6001: backport-0002-remove-fail-testcase-in-no-free-fd-situation.patch 
-Patch3: 0003-CVE-2022-35737.patch
+Patch6002: backport-0003-fix-memory-problem-in-the-rtree-test-suite.patch
-Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
+Patch6003: backport-0004-CVE-2023-36191.patch
-Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
+Patch6004: backport-CVE-2023-7104.patch
-Patch6: 0006-CVE-2022-46908.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
 
-
 Provides:  %{name}-libs
 Obsoletes: %{name}-libs
 Provides:  lemon
@@ -63,12 +61,11 @@ This contains man files and HTML files for the using of sqlite.
 %prep
 #autosetup will fail because of 2 zip files
 %setup -q -a1 -n %{name}-src-%{extver}
-%patch1 -p1
+%patch6000 -p1
-%patch2 -p1
+%patch6001 -p1
-%patch3 -p1
+%patch6002 -p1
-%patch4 -p1
+%patch6003 -p1
-%patch5 -p1
+%patch6004 -p1
-%patch6 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
@@ -143,6 +140,21 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Mon Nov 11 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-3
+- sync the patch from 2203
+
+* Wed Sep 4 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-2
+- sync the CVE-2023-7104 from 2203
+
+* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
+- Bump version to fix CVE-2024-0232
+
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
+- fix the CVE-2023-7104
+
+* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
+- fix the CVE-2023-36191
+
 * Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
 - remove fail testcase for loongarch