import sqlite-3.26.0-15.el8
This commit is contained in:
CentOS Sources
parent
80349fc412
commit
7b98790635
@ -1,112 +0,0 @@
|
||||
Subject: [PATCH] Avoid infinite recursion in the ALTER TABLE code when a view
|
||||
contains an unused CTE that references, directly or indirectly, the view itself.
|
||||
|
||||
diff --git a/src/alter.c b/src/alter.c
|
||||
index 707472a..132c821 100644
|
||||
--- a/src/alter.c
|
||||
+++ b/src/alter.c
|
||||
@@ -796,6 +796,7 @@ static void renameTokenFind(Parse *pParse, struct RenameCtx *pCtx, void *pPtr){
|
||||
** descend into sub-select statements.
|
||||
*/
|
||||
static int renameColumnSelectCb(Walker *pWalker, Select *p){
|
||||
+ if( p->selFlags & SF_View ) return WRC_Prune;
|
||||
UNUSED_PARAMETER(pWalker);
|
||||
UNUSED_PARAMETER(p);
|
||||
return WRC_Continue;
|
||||
@@ -1258,8 +1259,9 @@ static void renameColumnFunc(
|
||||
if( sParse.pNewTable ){
|
||||
Select *pSelect = sParse.pNewTable->pSelect;
|
||||
if( pSelect ){
|
||||
+ pSelect->selFlags &= ~SF_View;
|
||||
sParse.rc = SQLITE_OK;
|
||||
- sqlite3SelectPrep(&sParse, sParse.pNewTable->pSelect, 0);
|
||||
+ sqlite3SelectPrep(&sParse, pSelect, 0);
|
||||
rc = (db->mallocFailed ? SQLITE_NOMEM : sParse.rc);
|
||||
if( rc==SQLITE_OK ){
|
||||
sqlite3WalkSelect(&sWalker, pSelect);
|
||||
@@ -1368,6 +1370,7 @@ static int renameTableSelectCb(Walker *pWalker, Select *pSelect){
|
||||
int i;
|
||||
RenameCtx *p = pWalker->u.pRename;
|
||||
SrcList *pSrc = pSelect->pSrc;
|
||||
+ if( pSelect->selFlags & SF_View ) return WRC_Prune;
|
||||
for(i=0; i<pSrc->nSrc; i++){
|
||||
struct SrcList_item *pItem = &pSrc->a[i];
|
||||
if( pItem->pTab==p->pTab ){
|
||||
@@ -1442,10 +1445,13 @@ static void renameTableFunc(
|
||||
|
||||
if( pTab->pSelect ){
|
||||
if( isLegacy==0 ){
|
||||
+ Select *pSelect = pTab->pSelect;
|
||||
NameContext sNC;
|
||||
memset(&sNC, 0, sizeof(sNC));
|
||||
sNC.pParse = &sParse;
|
||||
|
||||
+ assert( pSelect->selFlags & SF_View );
|
||||
+ pSelect->selFlags &= ~SF_View;
|
||||
sqlite3SelectPrep(&sParse, pTab->pSelect, &sNC);
|
||||
if( sParse.nErr ) rc = sParse.rc;
|
||||
sqlite3WalkSelect(&sWalker, pTab->pSelect);
|
||||
diff --git a/src/build.c b/src/build.c
|
||||
index f273394..7d73893 100644
|
||||
--- a/src/build.c
|
||||
+++ b/src/build.c
|
||||
@@ -2266,6 +2266,7 @@ void sqlite3CreateView(
|
||||
** allocated rather than point to the input string - which means that
|
||||
** they will persist after the current sqlite3_exec() call returns.
|
||||
*/
|
||||
+ pSelect->selFlags |= SF_View;
|
||||
if( IN_RENAME_OBJECT ){
|
||||
p->pSelect = pSelect;
|
||||
pSelect = 0;
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index e5ba8a0..1cf6937 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -2875,6 +2875,7 @@ struct Select {
|
||||
#define SF_IncludeHidden 0x20000 /* Include hidden columns in output */
|
||||
#define SF_ComplexResult 0x40000 /* Result contains subquery or function */
|
||||
#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
|
||||
+#define SF_View 0x0200000 /* SELECT statement is a view */
|
||||
|
||||
/*
|
||||
** The results of a SELECT can be distributed in several ways, as defined
|
||||
diff --git a/test/altertab2.test b/test/altertab2.test
|
||||
index 2102e02..f2fa5ee 100644
|
||||
--- a/test/altertab2.test
|
||||
+++ b/test/altertab2.test
|
||||
@@ -106,4 +106,35 @@ do_catchsql_test 3.2 {
|
||||
ALTER TABLE v0 RENAME TO t3 ;
|
||||
} {1 {error in view v2: view v2 is circularly defined}}
|
||||
|
||||
+#------------------------------------------------------------------------
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 4.1 {
|
||||
+ CREATE TABLE t1(a);
|
||||
+ CREATE VIEW v2(b) AS SELECT * FROM v2;
|
||||
+}
|
||||
+
|
||||
+do_catchsql_test 4.2 {
|
||||
+ ALTER TABLE t1 RENAME TO t4;
|
||||
+} {1 {error in view v2: view v2 is circularly defined}}
|
||||
+
|
||||
+do_execsql_test 4.3 {
|
||||
+ DROP VIEW v2;
|
||||
+ CREATE VIEW v2(b) AS WITH t3 AS (SELECT b FROM v2) SELECT * FROM t3;
|
||||
+}
|
||||
+
|
||||
+breakpoint
|
||||
+do_catchsql_test 4.4 {
|
||||
+ ALTER TABLE t1 RENAME TO t4;
|
||||
+} {1 {error in view v2: view v2 is circularly defined}}
|
||||
+
|
||||
+do_execsql_test 4.5 {
|
||||
+ DROP VIEW v2;
|
||||
+ CREATE VIEW v2(b) AS WITH t3 AS (SELECT b FROM v2) VALUES(1);
|
||||
+}
|
||||
+
|
||||
+do_catchsql_test 4.6 {
|
||||
+ ALTER TABLE t1 RENAME TO t4;
|
||||
+} {0 {}}
|
||||
+
|
||||
finish_test
|
||||
@ -1,17 +0,0 @@
|
||||
Subject: [PATCH] When processing constant integer values in ORDER BY clauses of
|
||||
window definitions (see check-in [7e4809eadfe99ebf]) be sure to fully disable
|
||||
the constant value to avoid an invalid pointer dereference if the expression
|
||||
is ever duplicated.
|
||||
|
||||
diff --git a/src/window.c b/src/window.c
|
||||
index 56c0145..c65eadd 100644
|
||||
--- a/src/window.c
|
||||
+++ b/src/window.c
|
||||
@@ -730,6 +730,7 @@ static ExprList *exprListAppendList(
|
||||
int nInit = pList ? pList->nExpr : 0;
|
||||
for(i=0; i<pAppend->nExpr; i++){
|
||||
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
|
||||
+ assert( pDup == NULL || !ExprHasProperty(pDup, EP_MemToken) );
|
||||
pList = sqlite3ExprListAppend(pParse, pList, pDup);
|
||||
if( pList ) pList->a[nInit+i].sortOrder = pAppend->a[i].sortOrder;
|
||||
}
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: Library that implements an embeddable SQL database engine
|
||||
Name: sqlite
|
||||
Version: %{rpmver}
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: Public Domain
|
||||
Group: Applications/Databases
|
||||
URL: http://www.sqlite.org/
|
||||
@ -89,17 +89,10 @@ Patch30: sqlite-3.26.0-CVE-2019-13751.patch
|
||||
# Fix for CVE-2019-19603
|
||||
# https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
|
||||
Patch31: sqlite-3.26.0-CVE-2019-19603.patch
|
||||
# Fix for CVE-2019-19645
|
||||
# https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
|
||||
Patch32: sqlite-3.26.0-CVE-2019-19645.patch
|
||||
# Fix for CVE-2019-19880
|
||||
# https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54
|
||||
Patch33: sqlite-3.26.0-CVE-2019-19880.patch
|
||||
# Fix for CVE-2020-13435
|
||||
# https://www.sqlite.org/src/info/ad7bb70af9bb68d1
|
||||
Patch34: sqlite-3.26.0-CVE-2020-13435.patch
|
||||
|
||||
|
||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||
BuildRequires: autoconf
|
||||
%if %{with tcl}
|
||||
@ -227,8 +220,6 @@ This package contains the analysis program for %{name}.
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
|
||||
|
||||
@ -331,13 +322,15 @@ make test
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue May 18 2021 Petr Kubat <pkubat@redhat.com> - 3.26.0-15
|
||||
- Removing fix for CVE-2019-19645 (unaffected)
|
||||
- Removing fix for CVE-2019-19880 (unaffected)
|
||||
|
||||
* Thu Apr 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-14
|
||||
- Fixed CVE-2019-5827 (#1710184)
|
||||
- Fixed CVE-2019-13750 (#1786510)
|
||||
- Fixed CVE-2019-13751 (#1786522)
|
||||
- Fixed CVE-2019-19603 (#1792013)
|
||||
- Fixed CVE-2019-19645 (#1787525)
|
||||
- Fixed CVE-2019-19880 (#1787529)
|
||||
- Fixed CVE-2020-13435 (#1841233)
|
||||
|
||||
* Tue Dec 01 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-13
|
||||
|
||||
Loading…
Reference in New Issue
Block a user