From 3be27cd879bf7372efb58219cb2d9fa7e0883016 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <andrew.lukoshko@gmail.com>
Date: Wed, 28 Jun 2023 15:13:06 +0000
Subject: [PATCH] import CS sqlite-3.26.0-18.el8

---
 SOURCES/sqlite-3.26.0-CVE-2020-24736.patch | 114 +++++++++++++++++++++
 SPECS/sqlite.spec                          |   9 +-
 2 files changed, 122 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/sqlite-3.26.0-CVE-2020-24736.patch

diff --git a/SOURCES/sqlite-3.26.0-CVE-2020-24736.patch b/SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
new file mode 100644
index 0000000..38c1930
--- /dev/null
+++ b/SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
@@ -0,0 +1,114 @@
+From f030b376820102ff6cda49565c8b8173b2d44606 Mon Sep 17 00:00:00 2001
+From: dan <dan@noemail.net>
+Date: Fri, 22 Feb 2019 19:24:16 +0000
+Subject: [PATCH] Internally, remove all references to a Window object that
+ belongs to an expression in an ORDER BY clause if that expression is
+ converted to an alias of a result-set expression. Fix for [4feb3159c6].
+
+FossilOrigin-Name: 579b66eaa0816561c6e47ea116b46f229188f0fc84c1173bfe0d21df2dff9a9a
+---
+ src/resolve.c     | 49 ++++++++++++++++++++++++++++++++++-------------
+ test/window1.test | 20 +++++++++++++++++++
+ 2 files changed, 56 insertions(+), 13 deletions(-)
+
+diff --git a/src/resolve.c b/src/resolve.c
+index 9410bc020..fd2cf539a 100644
+--- a/src/resolve.c
++++ b/src/resolve.c
+@@ -1243,6 +1243,38 @@ int sqlite3ResolveOrderGroupBy(
+   return 0;
+ }
+ 
++#ifndef SQLITE_OMIT_WINDOWFUNC
++/*
++** Walker callback for resolveRemoveWindows().
++*/
++static int resolveRemoveWindowsCb(Walker *pWalker, Expr *pExpr){
++  if( ExprHasProperty(pExpr, EP_WinFunc) ){
++    Window **pp;
++    for(pp=&pWalker->u.pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
++      if( *pp==pExpr->y.pWin ){
++        *pp = (*pp)->pNextWin;
++        break;
++      }    
++    }
++  }
++  return WRC_Continue;
++}
++
++/*
++** Remove any Window objects owned by the expression pExpr from the
++** Select.pWin list of Select object pSelect.
++*/
++static void resolveRemoveWindows(Select *pSelect, Expr *pExpr){
++  Walker sWalker;
++  memset(&sWalker, 0, sizeof(Walker));
++  sWalker.xExprCallback = resolveRemoveWindowsCb;
++  sWalker.u.pSelect = pSelect;
++  sqlite3WalkExpr(&sWalker, pExpr);
++}
++#else
++# define resolveRemoveWindows(x,y)
++#endif
++
+ /*
+ ** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
+ ** The Name context of the SELECT statement is pNC.  zType is either
+@@ -1309,19 +1341,10 @@ static int resolveOrderGroupBy(
+     }
+     for(j=0; j<pSelect->pEList->nExpr; j++){
+       if( sqlite3ExprCompare(0, pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
+-#ifndef SQLITE_OMIT_WINDOWFUNC
+-        if( ExprHasProperty(pE, EP_WinFunc) ){
+-          /* Since this window function is being changed into a reference
+-          ** to the same window function the result set, remove the instance
+-          ** of this window function from the Select.pWin list. */
+-          Window **pp;
+-          for(pp=&pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
+-            if( *pp==pE->y.pWin ){
+-              *pp = (*pp)->pNextWin;
+-            }    
+-          }
+-        }
+-#endif
++        /* Since this expresion is being changed into a reference
++        ** to an identical expression in the result set, remove all Window
++        ** objects belonging to the expression from the Select.pWin list. */
++        resolveRemoveWindows(pSelect, pE);
+         pItem->u.x.iOrderByCol = j+1;
+       }
+     }
+diff --git a/test/window1.test b/test/window1.test
+index 2c504205e..b3073985b 100644
+--- a/test/window1.test
++++ b/test/window1.test
+@@ -594,6 +594,26 @@
+ } {
+ }
+
++#-------------------------------------------------------------------------
++do_execsql_test 17.0 {
++  CREATE TABLE t8(a);
++  INSERT INTO t8 VALUES(1), (2), (3);
++}
++
++do_execsql_test 17.1 {
++  SELECT +sum(0) OVER () ORDER BY +sum(0) OVER ();
++} {0}
++
++do_execsql_test 17.2 {
++  select +sum(a) OVER () FROM t8 ORDER BY +sum(a) OVER () DESC;
++} {6 6 6}
++
++do_execsql_test 17.3 {
++  SELECT 10+sum(a) OVER (ORDER BY a)
++  FROM t8
++  ORDER BY 10+sum(a) OVER (ORDER BY a) DESC;
++} {16 13 11}
++
+ # 2020-05-23
+ # ticket 7a5279a25c57adf1
+ #
+-- 
+2.39.2
+
diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec
index 7b89a32..6b98d65 100644
--- a/SPECS/sqlite.spec
+++ b/SPECS/sqlite.spec
@@ -10,7 +10,7 @@
 Summary: Library that implements an embeddable SQL database engine
 Name: sqlite
 Version: %{rpmver}
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: Public Domain
 Group: Applications/Databases
 URL: http://www.sqlite.org/
@@ -101,6 +101,9 @@ Patch36: sqlite-3.26.0-CVE-2020-35525.patch
 # Fix for CVE-2022-35737
 # https://www.sqlite.org/src/info/26db4fc22fe66658
 Patch37: sqlite-3.26.0-CVE-2022-35737.patch
+# Fix for CVE-2020-24736
+# https://www.sqlite.org/src/info/579b66eaa0816561
+Patch38: sqlite-3.26.0-CVE-2020-24736.patch
 
 BuildRequires: ncurses-devel readline-devel glibc-devel
 BuildRequires: autoconf
@@ -233,6 +236,7 @@ This package contains the analysis program for %{name}.
 %patch35 -p1
 %patch36 -p1
 %patch37 -p1
+%patch38 -p1
 
 
 # Remove backup-file
@@ -334,6 +338,9 @@ make test
 %endif
 
 %changelog
+* Fri Apr 14 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-18
+- Fixed CVE-2022-24736
+
 * Tue Nov 15 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-17
 - Fixed CVE-2022-35737