rpms/sqlite
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import sqlite-3.26.0-4.el8_1

Browse Source
This commit is contained in:
CentOS Sources 2020-01-29 04:14:55 -05:00 committed by Andrew Lukoshko
parent 8373fed629
commit 7dfd0b5ebd
2 changed files with 114 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
SOURCES/sqlite-3.26.0-CVE-2019-13734.patch Normal file
View File

@ -0,0 +1,107 @@
From 414660066ee2f1670a9f09a11ab41533015b2f3a Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 2 Jan 2020 15:04:42 +0100
Subject: [PATCH] More improvements to shadow table corruption detection in
FTS3.
---
ext/fts3/fts3.c | 4 ++++
ext/fts3/fts3Int.h | 10 ++++++++++
ext/fts3/fts3_write.c | 14 +++++++++++---
3 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index f6fb931..caa742f 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -1460,6 +1460,10 @@ static int fts3InitVtab(
fts3DatabasePageSize(&rc, p);
p->nNodeSize = p->nPgsz-35;
+#if defined(SQLITE_DEBUG)||defined(SQLITE_TEST)
+ p->nMergeCount = FTS3_MERGE_COUNT;
+#endif
+
/* Declare the table schema to SQLite. */
fts3DeclareVtab(&rc, p);
diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h
index 077bad7..12392c0 100644
--- a/ext/fts3/fts3Int.h
+++ b/ext/fts3/fts3Int.h
@@ -287,9 +287,19 @@ struct Fts3Table {
/* True to disable the incremental doclist optimization. This is controled
** by special insert command 'test-no-incr-doclist'. */
int bNoIncrDoclist;
+
+ /* Number of segments in a level */
+ int nMergeCount;
#endif
};
+/* Macro to find the number of segments to merge */
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+# define MergeCount(P) ((P)->nMergeCount)
+#else
+# define MergeCount(P) FTS3_MERGE_COUNT
+#endif
+
/*
** When the core wants to read from the virtual table, it creates a
** virtual table cursor (an instance of the following structure) using
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 8fc6589..e4b9640 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1152,7 +1152,7 @@ static int fts3AllocateSegdirIdx(
** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
*/
- if( iNext>=FTS3_MERGE_COUNT ){
+ if( iNext>=MergeCount(p) ){
fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
*piIdx = 0;
@@ -4249,6 +4249,10 @@ static int fts3IncrmergeLoad(
int i;
int nHeight = (int)aRoot[0];
NodeWriter *pNode;
+ if( nHeight<1 || nHeight>FTS_MAX_APPENDABLE_HEIGHT ){
+ sqlite3_reset(pSelect);
+ return FTS_CORRUPT_VTAB;
+ }
pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
pWriter->iStart = iStart;
@@ -4997,7 +5001,7 @@ static int fts3DoIncrmerge(
const char *zParam /* Nul-terminated string containing "A,B" */
){
int rc;
- int nMin = (FTS3_MERGE_COUNT / 2);
+ int nMin = (MergeCount(p) / 2);
int nMerge = 0;
const char *z = zParam;
@@ -5042,7 +5046,7 @@ static int fts3DoAutoincrmerge(
int rc = SQLITE_OK;
sqlite3_stmt *pStmt = 0;
p->nAutoincrmerge = fts3Getint(&zParam);
- if( p->nAutoincrmerge==1 || p->nAutoincrmerge>FTS3_MERGE_COUNT ){
+ if( p->nAutoincrmerge==1 || p->nAutoincrmerge>MergeCount(p) ){
p->nAutoincrmerge = 8;
}
if( !p->bHasStat ){
@@ -5326,6 +5330,10 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
}else if( nVal>21 && 0==sqlite3_strnicmp(zVal, "test-no-incr-doclist=", 21) ){
p->bNoIncrDoclist = atoi(&zVal[21]);
rc = SQLITE_OK;
+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){
+ int v = atoi(&zVal[11]);
+ if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;
+ rc = SQLITE_OK;
#endif
}else{
rc = SQLITE_ERROR;
--
2.19.1

8
SPECS/sqlite.spec
View File

@ -10,7 +10,7 @@
Summary: Library that implements an embeddable SQL database engine Summary: Library that implements an embeddable SQL database engine
Name: sqlite Name: sqlite
Version: %{rpmver} Version: %{rpmver}
Release: 3%{?dist} Release: 4%{?dist}
License: Public Domain License: Public Domain
Group: Applications/Databases Group: Applications/Databases
URL: http://www.sqlite.org/ URL: http://www.sqlite.org/
@ -34,6 +34,8 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
Patch7: sqlite-3.16-datetest-2.2c.patch Patch7: sqlite-3.16-datetest-2.2c.patch
# Modify sync2.test to pass with DIRSYNC turned off # Modify sync2.test to pass with DIRSYNC turned off
Patch8: sqlite-3.18.0-sync2-dirsync.patch Patch8: sqlite-3.18.0-sync2-dirsync.patch
# Fixed CVE-2019-13734
Patch9: sqlite-3.26.0-CVE-2019-13734.patch
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
BuildRequires: autoconf BuildRequires: autoconf
@ -139,6 +141,7 @@ This package contains the analysis program for %{name}.
%patch7 -p1 %patch7 -p1
%endif %endif
%patch8 -p1 %patch8 -p1
%patch9 -p1
# Remove backup-file # Remove backup-file
rm -f %{name}-doc-%{docver}/sqlite.css~ || : rm -f %{name}-doc-%{docver}/sqlite.css~ || :
@ -243,6 +246,9 @@ make test
%endif %endif
%changelog %changelog
* Thu Jan 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-4
- Fixed CVE-2019-13734 (#1786508)
* Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-3 * Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-3
- Rebuild to pick up latest test sources by the CI - Rebuild to pick up latest test sources by the CI