apply upstream fix for CVE-2019-19926 (bz1789441)

This commit is contained in:
Tom Callaway 2020-01-09 16:44:30 -05:00
parent 45f87b7215
commit 683ae70000
2 changed files with 19 additions and 1 deletions

View File

@ -0,0 +1,11 @@
diff -up sqlite-src-3300100/src/select.c.CVE-2019-19926 sqlite-src-3300100/src/select.c
--- sqlite-src-3300100/src/select.c.CVE-2019-19926 2020-01-09 16:20:12.809275851 -0500
+++ sqlite-src-3300100/src/select.c 2020-01-09 16:20:55.935523511 -0500
@@ -2805,6 +2805,7 @@ static int multiSelect(
}
#endif
}
+ if( pParse->nErr ) goto multi_select_end;
/* Compute collating sequences used by
** temporary tables needed to implement the compound select.

View File

@ -10,7 +10,7 @@
Summary: Library that implements an embeddable SQL database engine
Name: sqlite
Version: %{rpmver}
Release: 1%{?dist}
Release: 2%{?dist}
License: Public Domain
URL: http://www.sqlite.org/
@ -29,6 +29,9 @@ Patch3: sqlite-3.8.0-percentile-test.patch
Patch4: sqlite-3.16-datetest-2.2c.patch
# Modify sync2.test to pass with DIRSYNC turned off
Patch5: sqlite-3.18.0-sync2-dirsync.patch
# Apply upstream fix for CVE-2019-19880
# https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
Patch6: sqlite-3.30.1-CVE-2019-19926.patch
BuildRequires: gcc
BuildRequires: ncurses-devel readline-devel glibc-devel
@ -125,6 +128,7 @@ This package contains the analysis program for %{name}.
%patch4 -p1
%endif
%patch5 -p1
%patch6 -p1
# Remove backup-file
rm -f %{name}-doc-%{docver}/sqlite.css~ || :
@ -229,6 +233,9 @@ make test
%endif
%changelog
* Thu Jan 9 2020 Tom Callaway <spot@fedoraproject.org> - 3.30.1-2
- apply upstream fix for CVE-2019-19926 (bz1789441)
* Mon Oct 14 2019 Petr Kubat <pkubat@redhat.com> - 3.30.1-1
- Updated to version 3.30.1 (https://sqlite.org/releaselog/3_30_1.html)