From e931fa6171f428fd412b36dc60510fe1af64dd08 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 15 Jan 2024 18:57:39 +0000 Subject: [PATCH] import UBI sqlite-3.26.0-19.el8_9 --- SOURCES/sqlite-3.34.1-CVE-2023-7104.patch | 42 +++++++++++++ SPECS/sqlite.spec | 77 ++++++++++++----------- 2 files changed, 83 insertions(+), 36 deletions(-) create mode 100644 SOURCES/sqlite-3.34.1-CVE-2023-7104.patch diff --git a/SOURCES/sqlite-3.34.1-CVE-2023-7104.patch b/SOURCES/sqlite-3.34.1-CVE-2023-7104.patch new file mode 100644 index 0000000..6b9c1b7 --- /dev/null +++ b/SOURCES/sqlite-3.34.1-CVE-2023-7104.patch @@ -0,0 +1,42 @@ +From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001 +From: dan +Date: Thu, 7 Sep 2023 13:53:09 +0000 +Subject: [PATCH] Fix a buffer overread in the sessions extension that could + occur when processing a corrupt changeset. + +FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7 + +diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c +index 9f862f2465..0491549231 100644 +--- a/ext/session/sqlite3session.c ++++ b/ext/session/sqlite3session.c +@@ -2811,15 +2811,19 @@ static int sessionReadRecord( + } + } + if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ +- sqlite3_int64 v = sessionGetI64(aVal); +- if( eType==SQLITE_INTEGER ){ +- sqlite3VdbeMemSetInt64(apOut[i], v); ++ if( (pIn->nData-pIn->iNext)<8 ){ ++ rc = SQLITE_CORRUPT_BKPT; + }else{ +- double d; +- memcpy(&d, &v, 8); +- sqlite3VdbeMemSetDouble(apOut[i], d); ++ sqlite3_int64 v = sessionGetI64(aVal); ++ if( eType==SQLITE_INTEGER ){ ++ sqlite3VdbeMemSetInt64(apOut[i], v); ++ }else{ ++ double d; ++ memcpy(&d, &v, 8); ++ sqlite3VdbeMemSetDouble(apOut[i], d); ++ } ++ pIn->iNext += 8; + } +- pIn->iNext += 8; + } + } + } +-- +2.43.0 + diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec index 6b98d65..f6b961a 100644 --- a/SPECS/sqlite.spec +++ b/SPECS/sqlite.spec @@ -10,7 +10,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 18%{?dist} +Release: 19%{?dist} License: Public Domain Group: Applications/Databases URL: http://www.sqlite.org/ @@ -104,6 +104,7 @@ Patch37: sqlite-3.26.0-CVE-2022-35737.patch # Fix for CVE-2020-24736 # https://www.sqlite.org/src/info/579b66eaa0816561 Patch38: sqlite-3.26.0-CVE-2020-24736.patch +Patch39: sqlite-3.34.1-CVE-2023-7104.patch BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: autoconf @@ -200,43 +201,44 @@ This package contains the analysis program for %{name}. %prep %setup -q -a1 -n %{name}-src-%{realver} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch6 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 +%patch -P 6 -p1 %ifarch %{ix86} -%patch7 -p1 +%patch -P 7 -p1 %endif -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 -%patch37 -p1 -%patch38 -p1 +%patch -P 8 -p1 +%patch -P 9 -p1 +%patch -P 10 -p1 +%patch -P 11 -p1 +%patch -P 12 -p1 +%patch -P 13 -p1 +%patch -P 14 -p1 +%patch -P 15 -p1 +%patch -P 16 -p1 +%patch -P 17 -p1 +%patch -P 18 -p1 +%patch -P 19 -p1 +%patch -P 20 -p1 +%patch -P 21 -p1 +%patch -P 22 -p1 +%patch -P 23 -p1 +%patch -P 24 -p1 +%patch -P 25 -p1 +%patch -P 26 -p1 +%patch -P 27 -p1 +%patch -P 28 -p1 +%patch -P 29 -p1 +%patch -P 30 -p1 +%patch -P 31 -p1 +%patch -P 34 -p1 +%patch -P 35 -p1 +%patch -P 36 -p1 +%patch -P 37 -p1 +%patch -P 38 -p1 +%patch -P 39 -p1 # Remove backup-file @@ -338,6 +340,9 @@ make test %endif %changelog +* Wed Jan 03 2024 Zuzana Miklankova - 3.26.0-19 +- Fixed CVE-2023-7104 + * Fri Apr 14 2023 Zuzana Miklankova - 3.26.0-18 - Fixed CVE-2022-24736