Compare commits
No commits in common. "c10s" and "c8" have entirely different histories.
@ -1 +0,0 @@
|
||||
1
|
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,3 +1,3 @@
|
||||
/sqlite-*.zip
|
||||
/sqlite-autoconf-*.tar.gz
|
||||
/sqlite-*/
|
||||
SOURCES/sqlite-autoconf-3260000.tar.gz
|
||||
SOURCES/sqlite-doc-3260000.zip
|
||||
SOURCES/sqlite-src-3260000.zip
|
||||
|
3
.sqlite.metadata
Normal file
3
.sqlite.metadata
Normal file
@ -0,0 +1,3 @@
|
||||
9af2df1a6da5db6e2ecf3f463625f16740e036e9 SOURCES/sqlite-autoconf-3260000.tar.gz
|
||||
13c48e0396d15f3f4978214e144445031a23d509 SOURCES/sqlite-doc-3260000.zip
|
||||
a05429d6a8337d60ddc7c6381b49941059a55f68 SOURCES/sqlite-src-3260000.zip
|
24
SOURCES/sqlite-3.12.2-no-malloc-usable-size.patch
Normal file
24
SOURCES/sqlite-3.12.2-no-malloc-usable-size.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
|
||||
--- sqlite-src-3120200/configure.ac.malloc_usable_size 2016-04-25 09:46:48.134690570 +0200
|
||||
+++ sqlite-src-3120200/configure.ac 2016-04-25 09:48:41.622637181 +0200
|
||||
@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
|
||||
#########
|
||||
# Figure out whether or not we have these functions
|
||||
#
|
||||
-AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
|
||||
+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
|
||||
|
||||
#########
|
||||
# By default, we use the amalgamation (this may be changed below...)
|
||||
diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
|
||||
--- sqlite-src-3120200/configure.malloc_usable_size 2016-04-25 09:47:12.594679063 +0200
|
||||
+++ sqlite-src-3120200/configure 2016-04-25 09:49:28.684615042 +0200
|
||||
@@ -10275,7 +10275,7 @@ done
|
||||
#########
|
||||
# Figure out whether or not we have these functions
|
||||
#
|
||||
-for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
|
||||
+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
14
SOURCES/sqlite-3.16-datetest-2.2c.patch
Normal file
14
SOURCES/sqlite-3.16-datetest-2.2c.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- sqlite-src-3160100/test/date.test.orig 2017-01-04 14:48:46.113737093 +0100
|
||||
+++ sqlite-src-3160100/test/date.test 2017-01-04 14:49:11.144833563 +0100
|
||||
@@ -76,11 +76,6 @@ datetest 2.1c datetime(0,'unixepochx') N
|
||||
datetest 2.1d datetime('2003-10-22','unixepoch') NULL
|
||||
datetest 2.2 datetime(946684800,'unixepoch') {2000-01-01 00:00:00}
|
||||
datetest 2.2b datetime('946684800','unixepoch') {2000-01-01 00:00:00}
|
||||
-for {set i 0} {$i<1000} {incr i} {
|
||||
- set sql [format {strftime('%%H:%%M:%%f',1237962480.%03d,'unixepoch')} $i]
|
||||
- set res [format {06:28:00.%03d} $i]
|
||||
- datetest 2.2c-$i $sql $res
|
||||
-}
|
||||
datetest 2.3 {date('2003-10-22','weekday 0')} 2003-10-26
|
||||
datetest 2.4 {date('2003-10-22','weekday 1')} 2003-10-27
|
||||
datetest 2.4a {date('2003-10-22','weekday 1')} 2003-10-27
|
90
SOURCES/sqlite-3.18.0-sync2-dirsync.patch
Normal file
90
SOURCES/sqlite-3.18.0-sync2-dirsync.patch
Normal file
@ -0,0 +1,90 @@
|
||||
--- sqlite-src-3180000/test/sync2.test.sync2-dirsync 2017-03-30 21:26:42.000000000 +0200
|
||||
+++ sqlite-src-3180000/test/sync2.test 2017-04-03 13:16:14.422329691 +0200
|
||||
@@ -44,6 +44,15 @@
|
||||
uplevel [list do_test $tn [list execsql_sync $sql] [list {*}$res]]
|
||||
}
|
||||
|
||||
+# Wrapper over the expected sync count, takes DIRSYNC into consideration
|
||||
+proc expected_sync_count {sync_count} {
|
||||
+ ifcapable dirsync {
|
||||
+ return $sync_count
|
||||
+ } else {
|
||||
+ return [ incr sync_count -1 ]
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
#-----------------------------------------------------------------------
|
||||
# Tests for journal mode.
|
||||
#
|
||||
@@ -53,13 +62,13 @@
|
||||
INSERT INTO t1 VALUES(1, 2);
|
||||
}
|
||||
|
||||
-do_execsql_sync_test 1.1 { INSERT INTO t1 VALUES(3, 4) } 4
|
||||
+do_execsql_sync_test 1.1 { INSERT INTO t1 VALUES(3, 4) } [ expected_sync_count 4 ]
|
||||
|
||||
# synchronous=normal. So, 1 sync on the directory, 1 on the journal, 1
|
||||
# on the db file. 3 in total.
|
||||
do_execsql_test 1.2.1 { PRAGMA main.synchronous = NORMAL }
|
||||
do_execsql_test 1.2.2 { PRAGMA main.synchronous } 1
|
||||
-do_execsql_sync_test 1.2.3 { INSERT INTO t1 VALUES(5, 6) } 3
|
||||
+do_execsql_sync_test 1.2.3 { INSERT INTO t1 VALUES(5, 6) } [ expected_sync_count 3 ]
|
||||
|
||||
# synchronous=off. No syncs.
|
||||
do_execsql_test 1.3.1 { PRAGMA main.synchronous = OFF }
|
||||
@@ -70,7 +79,7 @@
|
||||
# 2 on the journal, 1 on the db file. 4 in total.
|
||||
do_execsql_test 1.4.1 { PRAGMA main.synchronous = FULL }
|
||||
do_execsql_test 1.4.2 { PRAGMA main.synchronous } 2
|
||||
-do_execsql_sync_test 1.4.3 { INSERT INTO t1 VALUES(9, 10) } 4
|
||||
+do_execsql_sync_test 1.4.3 { INSERT INTO t1 VALUES(9, 10) } [ expected_sync_count 4 ]
|
||||
|
||||
#-----------------------------------------------------------------------
|
||||
# Tests for wal mode.
|
||||
@@ -79,7 +88,7 @@
|
||||
|
||||
# sync=full, journal_mode=wal. One sync on the directory, two on the
|
||||
# wal file.
|
||||
-do_execsql_sync_test 1.6 { INSERT INTO t1 VALUES(11, 12) } 3
|
||||
+do_execsql_sync_test 1.6 { INSERT INTO t1 VALUES(11, 12) } [ expected_sync_count 3 ]
|
||||
|
||||
# One sync on the wal file.
|
||||
do_execsql_sync_test 1.7 { INSERT INTO t1 VALUES(13, 14) } 1
|
||||
@@ -112,7 +121,7 @@
|
||||
|
||||
# Wal mode, sync=normal. The first transaction does one sync on directory,
|
||||
# one on the wal file. The second does no syncs.
|
||||
- do_execsql_sync_test 1.11.1 { INSERT INTO t1 VALUES(19, 20) } 2
|
||||
+ do_execsql_sync_test 1.11.1 { INSERT INTO t1 VALUES(19, 20) } [ expected_sync_count 2 ]
|
||||
do_execsql_sync_test 1.11.2 { INSERT INTO t1 VALUES(21, 22) } 0
|
||||
do_execsql_test 1.11.3 { PRAGMA main.synchronous } 1
|
||||
|
||||
@@ -129,14 +138,14 @@
|
||||
# Delete mode, sync=full. The first transaction does one sync on
|
||||
# directory, two on the journal file, one on the db. The second does
|
||||
# the same.
|
||||
- do_execsql_sync_test 1.15.1 { INSERT INTO t1 VALUES(26, 27) } 4
|
||||
- do_execsql_sync_test 1.15.2 { INSERT INTO t1 VALUES(28, 29) } 4
|
||||
+ do_execsql_sync_test 1.15.1 { INSERT INTO t1 VALUES(26, 27) } [ expected_sync_count 4 ]
|
||||
+ do_execsql_sync_test 1.15.2 { INSERT INTO t1 VALUES(28, 29) } [ expected_sync_count 4 ]
|
||||
do_execsql_test 1.15.3 { PRAGMA main.synchronous } 2
|
||||
|
||||
# Switch back to wal mode.
|
||||
do_execsql_test 1.16 { PRAGMA journal_mode = wal } {wal}
|
||||
|
||||
- do_execsql_sync_test 1.17.1 { INSERT INTO t1 VALUES(30, 31) } 2
|
||||
+ do_execsql_sync_test 1.17.1 { INSERT INTO t1 VALUES(30, 31) } [ expected_sync_count 2 ]
|
||||
do_execsql_sync_test 1.17.2 { INSERT INTO t1 VALUES(32, 33) } 0
|
||||
do_execsql_test 1.17.3 { PRAGMA main.synchronous } 1
|
||||
|
||||
@@ -152,8 +161,8 @@
|
||||
# Close and reopen the db. Back to synchronous=normal.
|
||||
db close
|
||||
sqlite3 db test.db
|
||||
- do_execsql_sync_test 1.20.1 { INSERT INTO t1 VALUES(38, 39) } 4
|
||||
- do_execsql_sync_test 1.20.2 { INSERT INTO t1 VALUES(40, 41) } 4
|
||||
+ do_execsql_sync_test 1.20.1 { INSERT INTO t1 VALUES(38, 39) } [ expected_sync_count 4 ]
|
||||
+ do_execsql_sync_test 1.20.2 { INSERT INTO t1 VALUES(40, 41) } [ expected_sync_count 4 ]
|
||||
do_execsql_test 1.20.3 { PRAGMA main.synchronous } 2
|
||||
}
|
||||
|
149
SOURCES/sqlite-3.26-CVE-2019-13752.patch
Normal file
149
SOURCES/sqlite-3.26-CVE-2019-13752.patch
Normal file
@ -0,0 +1,149 @@
|
||||
From 92b243715eea17997ed9707540757d0667ad9eb2 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 2 Jan 2020 09:54:41 +0100
|
||||
Subject: [PATCH] Improved detection of corrupt shadow tables in FTS3. Enable
|
||||
the debugging special-inserts for FTS3 for both SQLITE_DEBUG and SQLITE_TEST.
|
||||
|
||||
Resolves: CVE-2019-13752
|
||||
---
|
||||
ext/fts3/fts3.c | 2 +-
|
||||
ext/fts3/fts3Int.h | 2 +-
|
||||
ext/fts3/fts3_write.c | 42 +++++++++++++++++++++++++++---------------
|
||||
3 files changed, 29 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
|
||||
index f6fb931..6d6bd46 100644
|
||||
--- a/ext/fts3/fts3.c
|
||||
+++ b/ext/fts3/fts3.c
|
||||
@@ -4304,7 +4304,7 @@ static int fts3EvalPhraseStart(Fts3Cursor *pCsr, int bOptOk, Fts3Phrase *p){
|
||||
int bIncrOk = (bOptOk
|
||||
&& pCsr->bDesc==pTab->bDescIdx
|
||||
&& p->nToken<=MAX_INCR_PHRASE_TOKENS && p->nToken>0
|
||||
-#ifdef SQLITE_TEST
|
||||
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
|
||||
&& pTab->bNoIncrDoclist==0
|
||||
#endif
|
||||
);
|
||||
diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h
|
||||
index 077bad7..6f5a7a0 100644
|
||||
--- a/ext/fts3/fts3Int.h
|
||||
+++ b/ext/fts3/fts3Int.h
|
||||
@@ -283,7 +283,7 @@ struct Fts3Table {
|
||||
int mxSavepoint; /* Largest valid xSavepoint integer */
|
||||
#endif
|
||||
|
||||
-#ifdef SQLITE_TEST
|
||||
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
|
||||
/* True to disable the incremental doclist optimization. This is controled
|
||||
** by special insert command 'test-no-incr-doclist'. */
|
||||
int bNoIncrDoclist;
|
||||
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
|
||||
index 8fc6589..ee668aa 100644
|
||||
--- a/ext/fts3/fts3_write.c
|
||||
+++ b/ext/fts3/fts3_write.c
|
||||
@@ -23,7 +23,7 @@
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
-
|
||||
+#include <stdio.h>
|
||||
|
||||
#define FTS_MAX_APPENDABLE_HEIGHT 16
|
||||
|
||||
@@ -2021,6 +2021,11 @@ static int fts3NodeAddTerm(
|
||||
nPrefix = fts3PrefixCompress(pTree->zTerm, pTree->nTerm, zTerm, nTerm);
|
||||
nSuffix = nTerm-nPrefix;
|
||||
|
||||
+ /* If nSuffix is zero or less, then zTerm/nTerm must be a prefix of
|
||||
+ ** pWriter->zTerm/pWriter->nTerm. i.e. must be equal to or less than when
|
||||
+ ** compared with BINARY collation. This indicates corruption. */
|
||||
+ if( nSuffix<=0 ) return FTS_CORRUPT_VTAB;
|
||||
+
|
||||
nReq += sqlite3Fts3VarintLen(nPrefix)+sqlite3Fts3VarintLen(nSuffix)+nSuffix;
|
||||
if( nReq<=p->nNodeSize || !pTree->zTerm ){
|
||||
|
||||
@@ -2309,9 +2314,11 @@ static int fts3SegWriterAdd(
|
||||
/* Append the prefix-compressed term and doclist to the buffer. */
|
||||
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nPrefix);
|
||||
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nSuffix);
|
||||
+ assert( nSuffix>0 );
|
||||
memcpy(&pWriter->aData[nData], &zTerm[nPrefix], nSuffix);
|
||||
nData += nSuffix;
|
||||
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nDoclist);
|
||||
+ assert( nDoclist>0 );
|
||||
memcpy(&pWriter->aData[nData], aDoclist, nDoclist);
|
||||
pWriter->nData = nData + nDoclist;
|
||||
|
||||
@@ -2331,6 +2338,7 @@ static int fts3SegWriterAdd(
|
||||
pWriter->zTerm = zNew;
|
||||
}
|
||||
assert( pWriter->zTerm==pWriter->zMalloc );
|
||||
+ assert( nTerm>0 );
|
||||
memcpy(pWriter->zTerm, zTerm, nTerm);
|
||||
}else{
|
||||
pWriter->zTerm = (char *)zTerm;
|
||||
@@ -2639,6 +2647,7 @@ static int fts3MsrBufferData(
|
||||
pMsr->aBuffer = pNew;
|
||||
}
|
||||
|
||||
+ assert( nList>0 );
|
||||
memcpy(pMsr->aBuffer, pList, nList);
|
||||
return SQLITE_OK;
|
||||
}
|
||||
@@ -3821,6 +3830,7 @@ static int fts3IncrmergePush(
|
||||
** be added to. */
|
||||
nPrefix = fts3PrefixCompress(pNode->key.a, pNode->key.n, zTerm, nTerm);
|
||||
nSuffix = nTerm - nPrefix;
|
||||
+ if( NEVER(nSuffix<=0) ) return FTS_CORRUPT_VTAB;
|
||||
nSpace = sqlite3Fts3VarintLen(nPrefix);
|
||||
nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
|
||||
|
||||
@@ -5300,7 +5310,7 @@ static int fts3DoIntegrityCheck(
|
||||
** meaningful value to insert is the text 'optimize'.
|
||||
*/
|
||||
static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
|
||||
- int rc; /* Return Code */
|
||||
+ int rc = SQLITE_ERROR; /* Return Code */
|
||||
const char *zVal = (const char *)sqlite3_value_text(pVal);
|
||||
int nVal = sqlite3_value_bytes(pVal);
|
||||
|
||||
@@ -5316,21 +5326,23 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
|
||||
rc = fts3DoIncrmerge(p, &zVal[6]);
|
||||
}else if( nVal>10 && 0==sqlite3_strnicmp(zVal, "automerge=", 10) ){
|
||||
rc = fts3DoAutoincrmerge(p, &zVal[10]);
|
||||
-#ifdef SQLITE_TEST
|
||||
- }else if( nVal>9 && 0==sqlite3_strnicmp(zVal, "nodesize=", 9) ){
|
||||
- p->nNodeSize = atoi(&zVal[9]);
|
||||
- rc = SQLITE_OK;
|
||||
- }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){
|
||||
- p->nMaxPendingData = atoi(&zVal[11]);
|
||||
- rc = SQLITE_OK;
|
||||
- }else if( nVal>21 && 0==sqlite3_strnicmp(zVal, "test-no-incr-doclist=", 21) ){
|
||||
- p->bNoIncrDoclist = atoi(&zVal[21]);
|
||||
- rc = SQLITE_OK;
|
||||
-#endif
|
||||
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
|
||||
}else{
|
||||
- rc = SQLITE_ERROR;
|
||||
+ int v;
|
||||
+ if( nVal>9 && 0==sqlite3_strnicmp(zVal, "nodesize=", 9) ){
|
||||
+ v = atoi(&zVal[9]);
|
||||
+ if( v>=24 && v<=p->nPgsz-35 ) p->nNodeSize = v;
|
||||
+ rc = SQLITE_OK;
|
||||
+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){
|
||||
+ v = atoi(&zVal[11]);
|
||||
+ if( v>=64 && v<=FTS3_MAX_PENDING_DATA ) p->nMaxPendingData = v;
|
||||
+ rc = SQLITE_OK;
|
||||
+ }else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
|
||||
+ p->bNoIncrDoclist = atoi(&zVal[21]);
|
||||
+ rc = SQLITE_OK;
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
-
|
||||
return rc;
|
||||
}
|
||||
|
||||
--
|
||||
2.19.1
|
||||
|
25
SOURCES/sqlite-3.26-CVE-2019-13753.patch
Normal file
25
SOURCES/sqlite-3.26-CVE-2019-13753.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 0b3ba64a9c7f785f6b3f1c1c15c5b0f1e41e0461 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 2 Jan 2020 10:25:58 +0100
|
||||
Subject: [PATCH] Remove a reachable NEVER() in FTS3.
|
||||
|
||||
---
|
||||
ext/fts3/fts3_write.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
|
||||
index ee668aa..8624329 100644
|
||||
--- a/ext/fts3/fts3_write.c
|
||||
+++ b/ext/fts3/fts3_write.c
|
||||
@@ -3830,7 +3830,7 @@ static int fts3IncrmergePush(
|
||||
** be added to. */
|
||||
nPrefix = fts3PrefixCompress(pNode->key.a, pNode->key.n, zTerm, nTerm);
|
||||
nSuffix = nTerm - nPrefix;
|
||||
- if( NEVER(nSuffix<=0) ) return FTS_CORRUPT_VTAB;
|
||||
+ if(nSuffix<=0 ) return FTS_CORRUPT_VTAB;
|
||||
nSpace = sqlite3Fts3VarintLen(nPrefix);
|
||||
nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
|
||||
|
||||
--
|
||||
2.19.1
|
||||
|
107
SOURCES/sqlite-3.26.0-CVE-2019-13734.patch
Normal file
107
SOURCES/sqlite-3.26.0-CVE-2019-13734.patch
Normal file
@ -0,0 +1,107 @@
|
||||
From 5f4ce30babee8085fc36680c6103d9a06be49ef7 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 2 Jan 2020 11:58:39 +0100
|
||||
Subject: [PATCH] More improvements to shadow table corruption detection in
|
||||
FTS3.
|
||||
|
||||
---
|
||||
ext/fts3/fts3.c | 4 ++++
|
||||
ext/fts3/fts3Int.h | 10 ++++++++++
|
||||
ext/fts3/fts3_write.c | 14 +++++++++++---
|
||||
3 files changed, 25 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
|
||||
index 6d6bd46..84fc8a5 100644
|
||||
--- a/ext/fts3/fts3.c
|
||||
+++ b/ext/fts3/fts3.c
|
||||
@@ -1460,6 +1460,10 @@ static int fts3InitVtab(
|
||||
fts3DatabasePageSize(&rc, p);
|
||||
p->nNodeSize = p->nPgsz-35;
|
||||
|
||||
+#if defined(SQLITE_DEBUG)||defined(SQLITE_TEST)
|
||||
+ p->nMergeCount = FTS3_MERGE_COUNT;
|
||||
+#endif
|
||||
+
|
||||
/* Declare the table schema to SQLite. */
|
||||
fts3DeclareVtab(&rc, p);
|
||||
|
||||
diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h
|
||||
index 6f5a7a0..0d1b491 100644
|
||||
--- a/ext/fts3/fts3Int.h
|
||||
+++ b/ext/fts3/fts3Int.h
|
||||
@@ -287,9 +287,19 @@ struct Fts3Table {
|
||||
/* True to disable the incremental doclist optimization. This is controled
|
||||
** by special insert command 'test-no-incr-doclist'. */
|
||||
int bNoIncrDoclist;
|
||||
+
|
||||
+ /* Number of segments in a level */
|
||||
+ int nMergeCount;
|
||||
#endif
|
||||
};
|
||||
|
||||
+/* Macro to find the number of segments to merge */
|
||||
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
|
||||
+# define MergeCount(P) ((P)->nMergeCount)
|
||||
+#else
|
||||
+# define MergeCount(P) FTS3_MERGE_COUNT
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
** When the core wants to read from the virtual table, it creates a
|
||||
** virtual table cursor (an instance of the following structure) using
|
||||
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
|
||||
index 8624329..d57d265 100644
|
||||
--- a/ext/fts3/fts3_write.c
|
||||
+++ b/ext/fts3/fts3_write.c
|
||||
@@ -1152,7 +1152,7 @@ static int fts3AllocateSegdirIdx(
|
||||
** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
|
||||
** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
|
||||
*/
|
||||
- if( iNext>=FTS3_MERGE_COUNT ){
|
||||
+ if( iNext>=MergeCount(p) ){
|
||||
fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
|
||||
rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
|
||||
*piIdx = 0;
|
||||
@@ -4259,6 +4259,10 @@ static int fts3IncrmergeLoad(
|
||||
int i;
|
||||
int nHeight = (int)aRoot[0];
|
||||
NodeWriter *pNode;
|
||||
+ if( nHeight<1 || nHeight>FTS_MAX_APPENDABLE_HEIGHT ){
|
||||
+ sqlite3_reset(pSelect);
|
||||
+ return FTS_CORRUPT_VTAB;
|
||||
+ }
|
||||
|
||||
pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
|
||||
pWriter->iStart = iStart;
|
||||
@@ -5007,7 +5011,7 @@ static int fts3DoIncrmerge(
|
||||
const char *zParam /* Nul-terminated string containing "A,B" */
|
||||
){
|
||||
int rc;
|
||||
- int nMin = (FTS3_MERGE_COUNT / 2);
|
||||
+ int nMin = (MergeCount(p) / 2);
|
||||
int nMerge = 0;
|
||||
const char *z = zParam;
|
||||
|
||||
@@ -5052,7 +5056,7 @@ static int fts3DoAutoincrmerge(
|
||||
int rc = SQLITE_OK;
|
||||
sqlite3_stmt *pStmt = 0;
|
||||
p->nAutoincrmerge = fts3Getint(&zParam);
|
||||
- if( p->nAutoincrmerge==1 || p->nAutoincrmerge>FTS3_MERGE_COUNT ){
|
||||
+ if( p->nAutoincrmerge==1 || p->nAutoincrmerge>MergeCount(p) ){
|
||||
p->nAutoincrmerge = 8;
|
||||
}
|
||||
if( !p->bHasStat ){
|
||||
@@ -5340,6 +5344,10 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
|
||||
}else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
|
||||
p->bNoIncrDoclist = atoi(&zVal[21]);
|
||||
rc = SQLITE_OK;
|
||||
+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){
|
||||
+ v = atoi(&zVal[11]);
|
||||
+ if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;
|
||||
+ rc = SQLITE_OK;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
--
|
||||
2.19.1
|
||||
|
158
SOURCES/sqlite-3.26.0-CVE-2019-13750.patch
Normal file
158
SOURCES/sqlite-3.26.0-CVE-2019-13750.patch
Normal file
@ -0,0 +1,158 @@
|
||||
Subject: [PATCH] In defensive mode, do not allow shadow tables to be renamed
|
||||
using ALTER TABLE and do not allow shadow tables to be dropped.
|
||||
|
||||
diff --git a/src/alter.c b/src/alter.c
|
||||
index 0fa24c0..707472a 100644
|
||||
--- a/src/alter.c
|
||||
+++ b/src/alter.c
|
||||
@@ -28,9 +28,16 @@
|
||||
**
|
||||
** Or, if zName is not a system table, zero is returned.
|
||||
*/
|
||||
-static int isSystemTable(Parse *pParse, const char *zName){
|
||||
- if( 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
|
||||
- sqlite3ErrorMsg(pParse, "table %s may not be altered", zName);
|
||||
+static int isAlterableTable(Parse *pParse, Table *pTab){
|
||||
+ if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7)
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+ || ( (pTab->tabFlags & TF_Shadow)
|
||||
+ && (pParse->db->flags & SQLITE_Defensive)
|
||||
+ && pParse->db->nVdbeExec==0
|
||||
+ )
|
||||
+#endif
|
||||
+ ){
|
||||
+ sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@@ -129,7 +136,7 @@ void sqlite3AlterRenameTable(
|
||||
/* Make sure it is not a system table being altered, or a reserved name
|
||||
** that the table is being renamed to.
|
||||
*/
|
||||
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
|
||||
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
|
||||
goto exit_rename_table;
|
||||
}
|
||||
if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto
|
||||
@@ -427,7 +434,7 @@ void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
|
||||
sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
|
||||
goto exit_begin_add_column;
|
||||
}
|
||||
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
|
||||
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
|
||||
goto exit_begin_add_column;
|
||||
}
|
||||
|
||||
@@ -529,7 +536,7 @@ void sqlite3AlterRenameColumn(
|
||||
if( !pTab ) goto exit_rename_column;
|
||||
|
||||
/* Cannot alter a system table */
|
||||
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
|
||||
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ) goto exit_rename_column;
|
||||
if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;
|
||||
|
||||
/* Which schema holds the table to be altered */
|
||||
diff --git a/src/build.c b/src/build.c
|
||||
index 1dc2614..3412670 100644
|
||||
--- a/src/build.c
|
||||
+++ b/src/build.c
|
||||
@@ -2661,6 +2661,22 @@ void sqlite3CodeDropTable(Parse *pParse, Table *pTab, int iDb, int isView){
|
||||
sqliteViewResetAll(db, iDb);
|
||||
}
|
||||
|
||||
+/*
|
||||
+** Return true if it is not allowed to drop the given table
|
||||
+*/
|
||||
+static int tableMayNotBeDropped(Parse *pParse, Table *pTab){
|
||||
+ if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 ){
|
||||
+ if( sqlite3StrNICmp(pTab->zName+7, "stat", 4)==0 ) return 0;
|
||||
+ if( sqlite3StrNICmp(pTab->zName+7, "parameters", 10)==0 ) return 0;
|
||||
+ return 1;
|
||||
+ }
|
||||
+ if( pTab->tabFlags & TF_Shadow ){
|
||||
+ sqlite3 *db = pParse->db;
|
||||
+ if( (db->flags & SQLITE_Defensive)!=0 && db->nVdbeExec==0 ) return 1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
** This routine is called to do the work of a DROP TABLE statement.
|
||||
** pName is the name of the table to be dropped.
|
||||
@@ -2730,8 +2746,7 @@ void sqlite3DropTable(Parse *pParse, SrcList *pName, int isView, int noErr){
|
||||
}
|
||||
}
|
||||
#endif
|
||||
- if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0
|
||||
- && sqlite3StrNICmp(pTab->zName, "sqlite_stat", 11)!=0 ){
|
||||
+ if( tableMayNotBeDropped(pParse, pTab) ){
|
||||
sqlite3ErrorMsg(pParse, "table %s may not be dropped", pTab->zName);
|
||||
goto exit_drop_table;
|
||||
}
|
||||
diff --git a/test/altertab.test b/test/altertab.test
|
||||
index a364207..891b081 100644
|
||||
--- a/test/altertab.test
|
||||
+++ b/test/altertab.test
|
||||
@@ -505,5 +505,62 @@ do_execsql_test 15.5 {
|
||||
SELECT sql FROM sqlite_master WHERE name = 'y';
|
||||
} {{CREATE VIEW y AS SELECT f2 AS f1 FROM x}}
|
||||
|
||||
+#-------------------------------------------------------------------------
|
||||
+# Test that it is not possible to rename a shadow table in DEFENSIVE mode.
|
||||
+#
|
||||
+ifcapable fts3 {
|
||||
+ proc vtab_command {method args} {
|
||||
+ switch -- $method {
|
||||
+ xConnect {
|
||||
+ if {[info exists ::vtab_connect_sql]} {
|
||||
+ execsql $::vtab_connect_sql
|
||||
+ }
|
||||
+ return "CREATE TABLE t1(a, b, c)"
|
||||
+ }
|
||||
+
|
||||
+ xBestIndex {
|
||||
+ set clist [lindex $args 0]
|
||||
+ if {[llength $clist]!=1} { error "unexpected constraint list" }
|
||||
+ catch { array unset C }
|
||||
+ array set C [lindex $clist 0]
|
||||
+ if {$C(usable)} {
|
||||
+ return "omit 0 cost 0 rows 1 idxnum 555 idxstr eq!"
|
||||
+ } else {
|
||||
+ return "cost 1000000 rows 0 idxnum 0 idxstr scan..."
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return {}
|
||||
+ }
|
||||
+
|
||||
+ register_tcl_module db
|
||||
+
|
||||
+ sqlite3_db_config db DEFENSIVE 1
|
||||
+
|
||||
+ do_execsql_test 16.0 {
|
||||
+ CREATE VIRTUAL TABLE y1 USING fts3;
|
||||
+ }
|
||||
+
|
||||
+ do_catchsql_test 16.10 {
|
||||
+ INSERT INTO y1_segments VALUES(1, X'1234567890');
|
||||
+ } {1 {table y1_segments may not be modified}}
|
||||
+
|
||||
+ do_catchsql_test 16.20 {
|
||||
+ ALTER TABLE y1_segments RENAME TO abc;
|
||||
+ } {1 {table y1_segments may not be altered}}
|
||||
+
|
||||
+ do_catchsql_test 16.21 {
|
||||
+ DROP TABLE y1_segments;
|
||||
+ } {1 {table y1_segments may not be dropped}}
|
||||
+
|
||||
+ do_execsql_test 16.30 {
|
||||
+ ALTER TABLE y1 RENAME TO z1;
|
||||
+ }
|
||||
+
|
||||
+ do_execsql_test 16.40 {
|
||||
+ SELECT * FROM z1_segments;
|
||||
+ }
|
||||
+}
|
||||
|
||||
finish_test
|
22
SOURCES/sqlite-3.26.0-CVE-2019-13751.patch
Normal file
22
SOURCES/sqlite-3.26.0-CVE-2019-13751.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Subject: [PATCH] Further improve detection of corrupt records in fts3
|
||||
|
||||
---
|
||||
ext/fts3/fts3_write.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
|
||||
index 5330b4c..0647bd7 100644
|
||||
--- a/ext/fts3/fts3_write.c
|
||||
+++ b/ext/fts3/fts3_write.c
|
||||
@@ -1376,7 +1376,7 @@ static int fts3SegReaderNext(
|
||||
pNext += fts3GetVarint32(pNext, &nSuffix);
|
||||
if( nSuffix<=0
|
||||
|| (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
|
||||
- || nPrefix>pReader->nTermAlloc
|
||||
+ || nPrefix>pReader->nTerm
|
||||
){
|
||||
return FTS_CORRUPT_VTAB;
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
65
SOURCES/sqlite-3.26.0-CVE-2019-16168.patch
Normal file
65
SOURCES/sqlite-3.26.0-CVE-2019-16168.patch
Normal file
@ -0,0 +1,65 @@
|
||||
From ab17169870e985b062e520ecf95e6c79ad784f38 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 23 Apr 2020 11:25:13 +0200
|
||||
Subject: [PATCH] fixed CVE-2019-16168 (rhbz#1826897)
|
||||
|
||||
---
|
||||
src/analyze.c | 4 +++-
|
||||
src/where.c | 1 +
|
||||
test/analyzeC.test | 13 +++++++++++++
|
||||
3 files changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/analyze.c b/src/analyze.c
|
||||
index 5075b57..e47c0f5 100644
|
||||
--- a/src/analyze.c
|
||||
+++ b/src/analyze.c
|
||||
@@ -1497,7 +1497,9 @@ static void decodeIntArray(
|
||||
if( sqlite3_strglob("unordered*", z)==0 ){
|
||||
pIndex->bUnordered = 1;
|
||||
}else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
|
||||
- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
|
||||
+ int sz = sqlite3Atoi(z+3);
|
||||
+ if( sz<2 ) sz = 2;
|
||||
+ pIndex->szIdxRow = sqlite3LogEst(sz);
|
||||
}else if( sqlite3_strglob("noskipscan*", z)==0 ){
|
||||
pIndex->noSkipScan = 1;
|
||||
}
|
||||
diff --git a/src/where.c b/src/where.c
|
||||
index 8e01660..1a4fa51 100644
|
||||
--- a/src/where.c
|
||||
+++ b/src/where.c
|
||||
@@ -2655,6 +2655,7 @@ static int whereLoopAddBtreeIndex(
|
||||
** it to pNew->rRun, which is currently set to the cost of the index
|
||||
** seek only. Then, if this is a non-covering index, add the cost of
|
||||
** visiting the rows in the main table. */
|
||||
+ assert( pSrc->pTab->szTabRow>0 );
|
||||
rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
|
||||
pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
|
||||
if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
|
||||
diff --git a/test/analyzeC.test b/test/analyzeC.test
|
||||
index 02faa9c..3595c9d 100644
|
||||
--- a/test/analyzeC.test
|
||||
+++ b/test/analyzeC.test
|
||||
@@ -132,6 +132,19 @@ do_execsql_test 4.3 {
|
||||
SELECT count(a) FROM t1;
|
||||
} {/.*INDEX t1ca.*/}
|
||||
|
||||
+# 2019-08-15.
|
||||
+# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
|
||||
+# The sz=N parameter in the sqlite_stat1 table needs to have a value of
|
||||
+# 2 or more to avoid a division by zero in the query planner.
|
||||
+#
|
||||
+do_execsql_test 4.4 {
|
||||
+ DROP TABLE IF EXISTS t44;
|
||||
+ CREATE TABLE t44(a PRIMARY KEY);
|
||||
+ INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
|
||||
+ ANALYZE sqlite_master;
|
||||
+ SELECT 0 FROM t44 WHERE a IN(1,2,3);
|
||||
+} {}
|
||||
+
|
||||
|
||||
# The sz=NNN parameter works even if there is other extraneous text
|
||||
# in the sqlite_stat1.stat column.
|
||||
--
|
||||
2.24.1
|
||||
|
124
SOURCES/sqlite-3.26.0-CVE-2019-19603.patch
Normal file
124
SOURCES/sqlite-3.26.0-CVE-2019-19603.patch
Normal file
@ -0,0 +1,124 @@
|
||||
Subject: [PATCH] Do not allow CREATE TABLE or CREATE VIEW of an object with a name
|
||||
that looks like a shadow table name.
|
||||
|
||||
diff --git a/src/build.c b/src/build.c
|
||||
index 3412670..f273394 100644
|
||||
--- a/src/build.c
|
||||
+++ b/src/build.c
|
||||
@@ -814,6 +814,22 @@ int sqlite3WritableSchema(sqlite3 *db){
|
||||
return (db->flags&(SQLITE_WriteSchema|SQLITE_Defensive))==SQLITE_WriteSchema;
|
||||
}
|
||||
|
||||
+/*
|
||||
+** Return TRUE if shadow tables should be read-only in the current
|
||||
+** context.
|
||||
+*/
|
||||
+int sqlite3ReadOnlyShadowTables(sqlite3 *db){
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+ if( (db->flags & SQLITE_Defensive)!=0
|
||||
+ && db->pVtabCtx==0
|
||||
+ && db->nVdbeExec==0
|
||||
+ ){
|
||||
+ return 1;
|
||||
+ }
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
** This routine is used to check if the UTF-8 string zName is a legal
|
||||
** unqualified name for a new schema object (table, index, view or
|
||||
@@ -822,9 +838,10 @@ int sqlite3WritableSchema(sqlite3 *db){
|
||||
** is reserved for internal use.
|
||||
*/
|
||||
int sqlite3CheckObjectName(Parse *pParse, const char *zName){
|
||||
- if( !pParse->db->init.busy && pParse->nested==0
|
||||
+ if(( !pParse->db->init.busy && pParse->nested==0
|
||||
&& sqlite3WritableSchema(pParse->db)==0
|
||||
- && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
|
||||
+ && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ) ||
|
||||
+ (sqlite3ReadOnlyShadowTables(pParse->db) && sqlite3ShadowTableName(pParse->db, zName))){
|
||||
sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", zName);
|
||||
return SQLITE_ERROR;
|
||||
}
|
||||
@@ -1929,7 +1946,7 @@ int sqlite3IsShadowTableOf(sqlite3 *db, Table *pTab, const char *zName){
|
||||
** zName is temporarily modified while this routine is running, but is
|
||||
** restored to its original value prior to this routine returning.
|
||||
*/
|
||||
-static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
+int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
|
||||
char *zTail; /* Pointer to the last "_" in zName */
|
||||
Table *pTab; /* Table that zName is a shadow of */
|
||||
|
||||
@@ -1942,8 +1959,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
if( !IsVirtual(pTab) ) return 0;
|
||||
return sqlite3IsShadowTableOf(db, pTab, zName);
|
||||
}
|
||||
-#else
|
||||
-# define isShadowTableName(x,y) 0
|
||||
#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
|
||||
|
||||
/*
|
||||
@@ -1985,7 +2000,7 @@ void sqlite3EndTable(
|
||||
p = pParse->pNewTable;
|
||||
if( p==0 ) return;
|
||||
|
||||
- if( pSelect==0 && isShadowTableName(db, p->zName) ){
|
||||
+ if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){
|
||||
p->tabFlags |= TF_Shadow;
|
||||
}
|
||||
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index 60b2ebd..e5ba8a0 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -4408,6 +4408,11 @@ void sqlite3AutoLoadExtensions(sqlite3*);
|
||||
);
|
||||
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
|
||||
#endif
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+ int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
|
||||
+#else
|
||||
+# define sqlite3ShadowTableName(A,B) 0
|
||||
+#endif
|
||||
#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
int sqlite3IsShadowTableOf(sqlite3*,Table*,const char*);
|
||||
#else
|
||||
diff --git a/test/altertab.test b/test/altertab.test
|
||||
index 891b081..0705abc 100644
|
||||
--- a/test/altertab.test
|
||||
+++ b/test/altertab.test
|
||||
@@ -547,13 +547,29 @@ ifcapable fts3 {
|
||||
} {1 {table y1_segments may not be modified}}
|
||||
|
||||
do_catchsql_test 16.20 {
|
||||
- ALTER TABLE y1_segments RENAME TO abc;
|
||||
- } {1 {table y1_segments may not be altered}}
|
||||
-
|
||||
- do_catchsql_test 16.21 {
|
||||
DROP TABLE y1_segments;
|
||||
} {1 {table y1_segments may not be dropped}}
|
||||
|
||||
+ do_catchsql_test 16.20 {
|
||||
+ ALTER TABLE y1_segments RENAME TO abc;
|
||||
+ } {1 {table y1_segments may not be altered}}
|
||||
+ sqlite3_db_config db DEFENSIVE 0
|
||||
+ do_catchsql_test 16.22 {
|
||||
+ ALTER TABLE y1_segments RENAME TO abc;
|
||||
+ } {0 {}}
|
||||
+ sqlite3_db_config db DEFENSIVE 1
|
||||
+ do_catchsql_test 16.23 {
|
||||
+ CREATE TABLE y1_segments AS SELECT * FROM abc;
|
||||
+ } {1 {object name reserved for internal use: y1_segments}}
|
||||
+ do_catchsql_test 16.24 {
|
||||
+ CREATE VIEW y1_segments AS SELECT * FROM abc;
|
||||
+ } {1 {object name reserved for internal use: y1_segments}}
|
||||
+ sqlite3_db_config db DEFENSIVE 0
|
||||
+ do_catchsql_test 16.25 {
|
||||
+ ALTER TABLE abc RENAME TO y1_segments;
|
||||
+ } {0 {}}
|
||||
+ sqlite3_db_config db DEFENSIVE 1
|
||||
+
|
||||
do_execsql_test 16.30 {
|
||||
ALTER TABLE y1 RENAME TO z1;
|
||||
}
|
67
SOURCES/sqlite-3.26.0-CVE-2019-19923.patch
Normal file
67
SOURCES/sqlite-3.26.0-CVE-2019-19923.patch
Normal file
@ -0,0 +1,67 @@
|
||||
From 7d47517d579601bb6e59e33bf0896f0ed36aa0aa Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Mon, 20 Jan 2020 09:34:41 +0100
|
||||
Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of
|
||||
check-in
|
||||
|
||||
by disallowing query flattening if the outer query is DISTINCT. Without this fix,
|
||||
if an index scan is run on the table within the view on the right-hand side of the
|
||||
LEFT JOIN, stale result registers might be accessed yielding incorrect results,
|
||||
and/or an OP_IfNullRow opcode might be invoked on the un-opened table, resulting
|
||||
in a NULL-pointer dereference. This problem was found by the Yongheng and Rui fuzzer.
|
||||
---
|
||||
src/select.c | 8 ++++++--
|
||||
test/join.test | 13 +++++++++++++
|
||||
2 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index c60ff27..0205a08 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -3569,6 +3569,7 @@ static void substSelect(
|
||||
** (3b) the FROM clause of the subquery may not contain a virtual
|
||||
** table and
|
||||
** (3c) the outer query may not be an aggregate.
|
||||
+** (3d) the outer query may not be DISTINCT.
|
||||
**
|
||||
** (4) The subquery can not be DISTINCT.
|
||||
**
|
||||
@@ -3765,8 +3766,11 @@ static int flattenSubquery(
|
||||
*/
|
||||
if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
|
||||
isLeftJoin = 1;
|
||||
- if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){
|
||||
- /* (3a) (3c) (3b) */
|
||||
+ if( pSubSrc->nSrc>1 /* (3a) */
|
||||
+ || isAgg /* (3b) */
|
||||
+ || IsVirtual(pSubSrc->a[0].pTab) /* (3c) */
|
||||
+ || (p->selFlags & SF_Distinct)!=0 /* (3d) */
|
||||
+ ){
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff --git a/test/join.test b/test/join.test
|
||||
index 8c6f463..8c6a53d 100644
|
||||
--- a/test/join.test
|
||||
+++ b/test/join.test
|
||||
@@ -844,4 +844,17 @@ do_execsql_test join-15.110 {
|
||||
ORDER BY a1, a2, a3, a4, a5;
|
||||
} {1 {} {} {} {} 1 11 {} {} {} 1 12 {} {} {} 1 12 121 {} {} 1 13 {} {} {}}
|
||||
|
||||
+# 2019-12-18 problem with a LEFT JOIN where the RHS is a view.
|
||||
+# Detected by Yongheng and Rui.
|
||||
+# Follows from the optimization attempt of check-in 41c27bc0ff1d3135
|
||||
+# on 2017-04-18
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test join-22.10 {
|
||||
+ CREATE TABLE t0(a, b);
|
||||
+ CREATE INDEX t0a ON t0(a);
|
||||
+ INSERT INTO t0 VALUES(10,10),(10,11),(10,12);
|
||||
+ SELECT DISTINCT c FROM t0 LEFT JOIN (SELECT a+1 AS c FROM t0) ORDER BY c ;
|
||||
+} {11}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.19.1
|
||||
|
60
SOURCES/sqlite-3.26.0-CVE-2019-19924.patch
Normal file
60
SOURCES/sqlite-3.26.0-CVE-2019-19924.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 6b06304c2a46e17a6dc4402eadc75ccac24da893 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Fri, 17 Jan 2020 13:03:54 +0100
|
||||
Subject: [PATCH] When an error occurs while rewriting the parser tree for
|
||||
window functions in the sqlite3WindowRewrite() routine, make sure that
|
||||
pParse->nErr is set, and make sure that this shuts down any subsequent code
|
||||
generation that might depend on the transformations that were implemented.
|
||||
This fixes a problem discovered by the Yongheng and Rui fuzzer.
|
||||
|
||||
---
|
||||
src/expr.c | 1 +
|
||||
src/vdbeaux.c | 3 ++-
|
||||
src/window.c | 5 +++++
|
||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/expr.c b/src/expr.c
|
||||
index d4eb9de..b081ca2 100644
|
||||
--- a/src/expr.c
|
||||
+++ b/src/expr.c
|
||||
@@ -344,6 +344,7 @@ static int codeCompare(
|
||||
int addr;
|
||||
CollSeq *p4;
|
||||
|
||||
+ if( pParse->nErr ) return 0;
|
||||
p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight);
|
||||
p5 = binaryCompareP5(pLeft, pRight, jumpIfNull);
|
||||
addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1,
|
||||
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
|
||||
index f1496a3..b74141b 100644
|
||||
--- a/src/vdbeaux.c
|
||||
+++ b/src/vdbeaux.c
|
||||
@@ -1160,7 +1160,8 @@ void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
|
||||
*/
|
||||
static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
|
||||
assert( p->nOp>0 || p->aOp==0 );
|
||||
- assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
|
||||
+ assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed
|
||||
+ || p->pParse->nErr>0 );
|
||||
if( p->nOp ){
|
||||
assert( p->aOp );
|
||||
sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
|
||||
diff --git a/src/window.c b/src/window.c
|
||||
index f5deae9..56c0145 100644
|
||||
--- a/src/window.c
|
||||
+++ b/src/window.c
|
||||
@@ -843,6 +843,11 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
|
||||
if( db->mallocFailed ) rc = SQLITE_NOMEM;
|
||||
}
|
||||
|
||||
+ if( rc && pParse->nErr==0 ){
|
||||
+ assert( pParse->db->mallocFailed );
|
||||
+ return SQLITE_NOMEM;
|
||||
+ }
|
||||
+
|
||||
return rc;
|
||||
}
|
||||
|
||||
--
|
||||
2.19.1
|
||||
|
50
SOURCES/sqlite-3.26.0-CVE-2019-19925.patch
Normal file
50
SOURCES/sqlite-3.26.0-CVE-2019-19925.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From 1986c6384122947b10804cbc5c4d7af85e097404 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Mon, 20 Jan 2020 10:09:55 +0100
|
||||
Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
|
||||
pathname of
|
||||
|
||||
the file being inserted is a NULL. Bug discovered by the
|
||||
Yongheng and Rui fuzzer.
|
||||
---
|
||||
ext/misc/zipfile.c | 1 +
|
||||
test/zipfile.test | 13 +++++++++++++
|
||||
2 files changed, 14 insertions(+)
|
||||
|
||||
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
||||
index e57dc38..6f48d0f 100644
|
||||
--- a/ext/misc/zipfile.c
|
||||
+++ b/ext/misc/zipfile.c
|
||||
@@ -1618,6 +1618,7 @@ static int zipfileUpdate(
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
zPath = (const char*)sqlite3_value_text(apVal[2]);
|
||||
+ if( zPath==0 ) zPath = "";
|
||||
nPath = (int)strlen(zPath);
|
||||
mTime = zipfileGetTime(apVal[4]);
|
||||
}
|
||||
diff --git a/test/zipfile.test b/test/zipfile.test
|
||||
index 2bab066..5bca10b 100644
|
||||
--- a/test/zipfile.test
|
||||
+++ b/test/zipfile.test
|
||||
@@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
|
||||
} {. ./x1.txt ./x2.txt}
|
||||
}
|
||||
|
||||
+# 2019-12-18 Yongheng and Rui fuzzer
|
||||
+#
|
||||
+do_execsql_test 13.10 {
|
||||
+ DROP TABLE IF EXISTS t0;
|
||||
+ DROP TABLE IF EXISTS t1;
|
||||
+ CREATE TABLE t0(a,b,c,d,e,f,g);
|
||||
+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);
|
||||
+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
|
||||
+ REPLACE INTO t1 SELECT * FROM t0;
|
||||
+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
|
||||
+ quote(data),quote(method) FROM t1;
|
||||
+} {'' 10 10 2 X'3130' X'3130' 0}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.19.1
|
||||
|
63
SOURCES/sqlite-3.26.0-CVE-2019-19959.patch
Normal file
63
SOURCES/sqlite-3.26.0-CVE-2019-19959.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 16c5290d72cb8059e9dfe545613183b850fc44e4 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Mon, 20 Jan 2020 10:26:35 +0100
|
||||
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
|
||||
it is able to
|
||||
|
||||
deal with goofy filenames that contain embedded zeros.
|
||||
---
|
||||
ext/misc/zipfile.c | 4 ++--
|
||||
test/zipfile.test | 13 +++++++++++++
|
||||
2 files changed, 15 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
||||
index 6f48d0f..e6141ef 100644
|
||||
--- a/ext/misc/zipfile.c
|
||||
+++ b/ext/misc/zipfile.c
|
||||
@@ -1632,7 +1632,7 @@ static int zipfileUpdate(
|
||||
zFree = sqlite3_mprintf("%s/", zPath);
|
||||
if( zFree==0 ){ rc = SQLITE_NOMEM; }
|
||||
zPath = (const char*)zFree;
|
||||
- nPath++;
|
||||
+ nPath = (int)strlen(zPath);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2033,11 +2033,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
|
||||
}else{
|
||||
if( zName[nName-1]!='/' ){
|
||||
zName = zFree = sqlite3_mprintf("%s/", zName);
|
||||
- nName++;
|
||||
if( zName==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
goto zipfile_step_out;
|
||||
}
|
||||
+ nName = (int)strlen(zName);
|
||||
}else{
|
||||
while( nName>1 && zName[nName-2]=='/' ) nName--;
|
||||
}
|
||||
diff --git a/test/zipfile.test b/test/zipfile.test
|
||||
index 5bca10b..e4b8088 100644
|
||||
--- a/test/zipfile.test
|
||||
+++ b/test/zipfile.test
|
||||
@@ -808,4 +808,17 @@ do_execsql_test 13.10 {
|
||||
quote(data),quote(method) FROM t1;
|
||||
} {'' 10 10 2 X'3130' X'3130' 0}
|
||||
|
||||
+# 2019-12-23 Yongheng and Rui fuzzer
|
||||
+# Run using valgrind to see the problem.
|
||||
+#
|
||||
+do_execsql_test 14.10 {
|
||||
+ DROP TABLE t1;
|
||||
+ CREATE TABLE t1(x char);
|
||||
+ INSERT INTO t1(x) VALUES('1');
|
||||
+ INSERT INTO t1(x) SELECT zipfile(x, 'xyz') FROM t1;
|
||||
+ INSERT INTO t1(x) SELECT zipfile(x, 'uvw') FROM t1;
|
||||
+ SELECT count(*) FROM t1;
|
||||
+ PRAGMA integrity_check;
|
||||
+} {3 ok}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.19.1
|
||||
|
102
SOURCES/sqlite-3.26.0-CVE-2019-20218.patch
Normal file
102
SOURCES/sqlite-3.26.0-CVE-2019-20218.patch
Normal file
@ -0,0 +1,102 @@
|
||||
From ff5f246e41239cc4dd33ffa73883fa07f78674e1 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Fri, 7 Aug 2020 07:00:29 +0200
|
||||
Subject: [PATCH] Do not attempt to unwind the WITH stack in the Parse object
|
||||
following an error.
|
||||
|
||||
---
|
||||
src/select.c | 5 ++++-
|
||||
src/util.c | 1 +
|
||||
test/altertab2.test | 20 ++++++++++++++++++++
|
||||
test/with3.test | 10 +++++++++-
|
||||
4 files changed, 34 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index c46f177..a6d1757 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -4639,6 +4639,9 @@ static int withExpand(
|
||||
With *pWith; /* WITH clause that pCte belongs to */
|
||||
|
||||
assert( pFrom->pTab==0 );
|
||||
+ if( pParse->nErr ){
|
||||
+ return SQLITE_ERROR;
|
||||
+ }
|
||||
|
||||
pCte = searchWith(pParse->pWith, pFrom, &pWith);
|
||||
if( pCte ){
|
||||
@@ -4908,7 +4911,7 @@ static int selectExpander(Walker *pWalker, Select *p){
|
||||
|
||||
/* Process NATURAL keywords, and ON and USING clauses of joins.
|
||||
*/
|
||||
- if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){
|
||||
+ if( pParse->nErr || db->mallocFailed || sqliteProcessJoin(pParse, p) ){
|
||||
return WRC_Abort;
|
||||
}
|
||||
|
||||
diff --git a/src/util.c b/src/util.c
|
||||
index 54f9b93..96b0b14 100644
|
||||
--- a/src/util.c
|
||||
+++ b/src/util.c
|
||||
@@ -222,6 +222,7 @@ void sqlite3ErrorMsg(Parse *pParse, const char *zFormat, ...){
|
||||
sqlite3DbFree(db, pParse->zErrMsg);
|
||||
pParse->zErrMsg = zMsg;
|
||||
pParse->rc = SQLITE_ERROR;
|
||||
+ pParse->pWith = 0;
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/test/altertab2.test b/test/altertab2.test
|
||||
index 2e4212c..2102e02 100644
|
||||
--- a/test/altertab2.test
|
||||
+++ b/test/altertab2.test
|
||||
@@ -85,5 +85,25 @@ do_execsql_test 2.3 {
|
||||
{CREATE TABLE c3(x, FOREIGN KEY (x) REFERENCES "p3"(a))}
|
||||
}
|
||||
|
||||
+#------------------------------------------------------------------------
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 3.0 {
|
||||
+ CREATE TABLE v0 (a);
|
||||
+ CREATE VIEW v2 (v3) AS
|
||||
+ WITH x1 AS (SELECT * FROM v2)
|
||||
+ SELECT v3 AS x, v3 AS y FROM v2;
|
||||
+}
|
||||
+
|
||||
+do_catchsql_test 3.1 {
|
||||
+ SELECT * FROM v2
|
||||
+} {1 {view v2 is circularly defined}}
|
||||
+
|
||||
+db close
|
||||
+sqlite3 db test.db
|
||||
+
|
||||
+do_catchsql_test 3.2 {
|
||||
+ ALTER TABLE v0 RENAME TO t3 ;
|
||||
+} {1 {error in view v2: view v2 is circularly defined}}
|
||||
|
||||
finish_test
|
||||
diff --git a/test/with3.test b/test/with3.test
|
||||
index de150b1..4a3a5a7 100644
|
||||
--- a/test/with3.test
|
||||
+++ b/test/with3.test
|
||||
@@ -30,7 +30,15 @@ do_catchsql_test 1.0 {
|
||||
SELECT 5 FROM t0 UNION SELECT 8 FROM m
|
||||
)
|
||||
SELECT * FROM i;
|
||||
-} {1 {no such table: m}}
|
||||
+} {1 {no such table: t0}}
|
||||
+
|
||||
+# 2019-11-09 dbfuzzcheck find
|
||||
+do_catchsql_test 1.1 {
|
||||
+ CREATE VIEW v1(x,y) AS
|
||||
+ WITH t1(a,b) AS (VALUES(1,2))
|
||||
+ SELECT * FROM nosuchtable JOIN t1;
|
||||
+ SELECT * FROM v1;
|
||||
+} {1 {no such table: main.nosuchtable}}
|
||||
|
||||
# Additional test cases that came out of the work to
|
||||
# fix for Kostya's problem.
|
||||
--
|
||||
2.26.0
|
||||
|
281
SOURCES/sqlite-3.26.0-CVE-2019-5018.patch
Normal file
281
SOURCES/sqlite-3.26.0-CVE-2019-5018.patch
Normal file
@ -0,0 +1,281 @@
|
||||
Subject: [PATCH] Prevent aliases of window functions expressions from being
|
||||
used as arguments to aggregate or other window functions.
|
||||
|
||||
---
|
||||
src/resolve.c | 21 ++++++---
|
||||
src/sqliteInt.h | 2 +
|
||||
test/windowerr.tcl | 59 ++++++++++++++++++++++++++
|
||||
test/windowerr.test | 99 ++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 176 insertions(+), 5 deletions(-)
|
||||
create mode 100644 test/windowerr.tcl
|
||||
create mode 100644 test/windowerr.test
|
||||
|
||||
diff --git a/src/resolve.c b/src/resolve.c
|
||||
index 0c7dfc0..cdcf4d9 100644
|
||||
--- a/src/resolve.c
|
||||
+++ b/src/resolve.c
|
||||
@@ -436,6 +436,10 @@ static int lookupName(
|
||||
sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
|
||||
return WRC_Abort;
|
||||
}
|
||||
+ if( (pNC->ncFlags&NC_AllowWin)==0 && ExprHasProperty(pOrig, EP_Win) ){
|
||||
+ sqlite3ErrorMsg(pParse, "misuse of aliased window function %s",zAs);
|
||||
+ return WRC_Abort;
|
||||
+ }
|
||||
if( sqlite3ExprVectorSize(pOrig)!=1 ){
|
||||
sqlite3ErrorMsg(pParse, "row value misused");
|
||||
return WRC_Abort;
|
||||
@@ -707,6 +711,7 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
|
||||
const char *zId; /* The function name. */
|
||||
FuncDef *pDef; /* Information about the function */
|
||||
u8 enc = ENC(pParse->db); /* The database encoding */
|
||||
+ int savedAllowFlags = (pNC->ncFlags & (NC_AllowAgg | NC_AllowWin));
|
||||
|
||||
assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
|
||||
zId = pExpr->u.zToken;
|
||||
@@ -828,8 +833,11 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
|
||||
pNC->nErr++;
|
||||
}
|
||||
if( is_agg ){
|
||||
+ /* Window functions may not be arguments of aggregate functions.
|
||||
+ ** Or arguments of other window functions. But aggregate functions
|
||||
+ ** may be arguments for window functions. */
|
||||
#ifndef SQLITE_OMIT_WINDOWFUNC
|
||||
- pNC->ncFlags &= ~(pExpr->y.pWin ? NC_AllowWin : NC_AllowAgg);
|
||||
+ pNC->ncFlags &= ~(NC_AllowWin | (!pExpr->y.pWin ? NC_AllowAgg : 0));
|
||||
#else
|
||||
pNC->ncFlags &= ~NC_AllowAgg;
|
||||
#endif
|
||||
@@ -850,7 +858,7 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
|
||||
pExpr->y.pWin->pNextWin = pSel->pWin;
|
||||
pSel->pWin = pExpr->y.pWin;
|
||||
}
|
||||
- pNC->ncFlags |= NC_AllowWin;
|
||||
+ pNC->ncFlags |= NC_HasWin;
|
||||
}else
|
||||
#endif /* SQLITE_OMIT_WINDOWFUNC */
|
||||
{
|
||||
@@ -868,8 +876,8 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
|
||||
pNC2->ncFlags |= NC_HasAgg | (pDef->funcFlags & SQLITE_FUNC_MINMAX);
|
||||
|
||||
}
|
||||
- pNC->ncFlags |= NC_AllowAgg;
|
||||
}
|
||||
+ pNC->ncFlags |= savedAllowFlags;
|
||||
}
|
||||
/* FIX ME: Compute pExpr->affinity based on the expected return
|
||||
** type of the function
|
||||
@@ -1573,8 +1581,8 @@ int sqlite3ResolveExprNames(
|
||||
Walker w;
|
||||
|
||||
if( pExpr==0 ) return SQLITE_OK;
|
||||
- savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg);
|
||||
- pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg);
|
||||
+ savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg|NC_HasWin);
|
||||
+ pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg|NC_HasWin);
|
||||
w.pParse = pNC->pParse;
|
||||
w.xExprCallback = resolveExprStep;
|
||||
w.xSelectCallback = resolveSelectStep;
|
||||
@@ -1593,6 +1601,9 @@ int sqlite3ResolveExprNames(
|
||||
if( pNC->ncFlags & NC_HasAgg ){
|
||||
ExprSetProperty(pExpr, EP_Agg);
|
||||
}
|
||||
+ if( pNC->ncFlags & NC_HasWin ){
|
||||
+ ExprSetProperty(pExpr, EP_Win);
|
||||
+ }
|
||||
pNC->ncFlags |= savedHasAgg;
|
||||
return pNC->nErr>0 || w.pParse->nErr>0;
|
||||
}
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index 5f5f3cc..b7d3571 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -2517,6 +2517,7 @@ struct Expr {
|
||||
#define EP_Alias 0x400000 /* Is an alias for a result set column */
|
||||
#define EP_Leaf 0x800000 /* Expr.pLeft, .pRight, .u.pSelect all NULL */
|
||||
#define EP_WinFunc 0x1000000 /* TK_FUNCTION with Expr.y.pWin set */
|
||||
+#define EP_Win 0x8000000 /* Contains window functions */
|
||||
|
||||
/*
|
||||
** The EP_Propagate mask is a set of properties that automatically propagate
|
||||
@@ -2773,6 +2774,7 @@ struct NameContext {
|
||||
#define NC_MinMaxAgg 0x1000 /* min/max aggregates seen. See note above */
|
||||
#define NC_Complex 0x2000 /* True if a function or subquery seen */
|
||||
#define NC_AllowWin 0x4000 /* Window functions are allowed here */
|
||||
+#define NC_HasWin 0x8000 /* One or more window functions seen */
|
||||
|
||||
/*
|
||||
** An instance of the following object describes a single ON CONFLICT
|
||||
diff --git a/test/windowerr.tcl b/test/windowerr.tcl
|
||||
new file mode 100644
|
||||
index 0000000..80f464d
|
||||
--- /dev/null
|
||||
+++ b/test/windowerr.tcl
|
||||
@@ -0,0 +1,59 @@
|
||||
+# 2018 May 19
|
||||
+#
|
||||
+# The author disclaims copyright to this source code. In place of
|
||||
+# a legal notice, here is a blessing:
|
||||
+#
|
||||
+# May you do good and not evil.
|
||||
+# May you find forgiveness for yourself and forgive others.
|
||||
+# May you share freely, never taking more than you give.
|
||||
+#
|
||||
+#***********************************************************************
|
||||
+#
|
||||
+
|
||||
+source [file join [file dirname $argv0] pg_common.tcl]
|
||||
+
|
||||
+#=========================================================================
|
||||
+
|
||||
+start_test windowerr "2019 March 01"
|
||||
+ifcapable !windowfunc
|
||||
+
|
||||
+execsql_test 1.0 {
|
||||
+ DROP TABLE IF EXISTS t1;
|
||||
+ CREATE TABLE t1(a INTEGER, b INTEGER);
|
||||
+ INSERT INTO t1 VALUES(1, 1);
|
||||
+ INSERT INTO t1 VALUES(2, 2);
|
||||
+ INSERT INTO t1 VALUES(3, 3);
|
||||
+ INSERT INTO t1 VALUES(4, 4);
|
||||
+ INSERT INTO t1 VALUES(5, 5);
|
||||
+}
|
||||
+
|
||||
+foreach {tn frame} {
|
||||
+ 1 "ORDER BY a ROWS BETWEEN -1 PRECEDING AND 1 FOLLOWING"
|
||||
+ 2 "ORDER BY a ROWS BETWEEN 1 PRECEDING AND -1 FOLLOWING"
|
||||
+
|
||||
+ 3 "ORDER BY a RANGE BETWEEN -1 PRECEDING AND 1 FOLLOWING"
|
||||
+ 4 "ORDER BY a RANGE BETWEEN 1 PRECEDING AND -1 FOLLOWING"
|
||||
+
|
||||
+ 5 "ORDER BY a GROUPS BETWEEN -1 PRECEDING AND 1 FOLLOWING"
|
||||
+ 6 "ORDER BY a GROUPS BETWEEN 1 PRECEDING AND -1 FOLLOWING"
|
||||
+
|
||||
+ 7 "ORDER BY a,b RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING"
|
||||
+
|
||||
+ 8 "PARTITION BY a RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING"
|
||||
+} {
|
||||
+ errorsql_test 1.$tn "
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ $frame
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+ "
|
||||
+}
|
||||
+errorsql_test 2.1 {
|
||||
+ SELECT sum( sum(a) OVER () ) FROM t1;
|
||||
+}
|
||||
+
|
||||
+errorsql_test 2.2 {
|
||||
+ SELECT sum(a) OVER () AS xyz FROM t1 ORDER BY sum(xyz);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+finish_test
|
||||
diff --git a/test/windowerr.test b/test/windowerr.test
|
||||
new file mode 100644
|
||||
index 0000000..97dae64
|
||||
--- /dev/null
|
||||
+++ b/test/windowerr.test
|
||||
@@ -0,0 +1,99 @@
|
||||
+# 2019 March 01
|
||||
+#
|
||||
+# The author disclaims copyright to this source code. In place of
|
||||
+# a legal notice, here is a blessing:
|
||||
+#
|
||||
+# May you do good and not evil.
|
||||
+# May you find forgiveness for yourself and forgive others.
|
||||
+# May you share freely, never taking more than you give.
|
||||
+#
|
||||
+#***********************************************************************
|
||||
+# This file implements regression tests for SQLite library.
|
||||
+#
|
||||
+
|
||||
+####################################################
|
||||
+# DO NOT EDIT! THIS FILE IS AUTOMATICALLY GENERATED!
|
||||
+####################################################
|
||||
+
|
||||
+set testdir [file dirname $argv0]
|
||||
+source $testdir/tester.tcl
|
||||
+set testprefix windowerr
|
||||
+
|
||||
+ifcapable !windowfunc { finish_test ; return }
|
||||
+do_execsql_test 1.0 {
|
||||
+ DROP TABLE IF EXISTS t1;
|
||||
+ CREATE TABLE t1(a INTEGER, b INTEGER);
|
||||
+ INSERT INTO t1 VALUES(1, 1);
|
||||
+ INSERT INTO t1 VALUES(2, 2);
|
||||
+ INSERT INTO t1 VALUES(3, 3);
|
||||
+ INSERT INTO t1 VALUES(4, 4);
|
||||
+ INSERT INTO t1 VALUES(5, 5);
|
||||
+} {}
|
||||
+
|
||||
+# PG says ERROR: frame starting offset must not be negative
|
||||
+do_test 1.1 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a ROWS BETWEEN -1 PRECEDING AND 1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: frame ending offset must not be negative
|
||||
+do_test 1.2 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a ROWS BETWEEN 1 PRECEDING AND -1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: invalid preceding or following size in window function
|
||||
+do_test 1.3 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a RANGE BETWEEN -1 PRECEDING AND 1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: invalid preceding or following size in window function
|
||||
+do_test 1.4 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a RANGE BETWEEN 1 PRECEDING AND -1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: frame starting offset must not be negative
|
||||
+do_test 1.5 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a GROUPS BETWEEN -1 PRECEDING AND 1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: frame ending offset must not be negative
|
||||
+do_test 1.6 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a GROUPS BETWEEN 1 PRECEDING AND -1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: RANGE with offset PRECEDING/FOLLOWING requires exactly one ORDER BY column
|
||||
+do_test 1.7 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ ORDER BY a,b RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: RANGE with offset PRECEDING/FOLLOWING requires exactly one ORDER BY column
|
||||
+do_test 1.8 { catch { execsql {
|
||||
+ SELECT a, sum(b) OVER (
|
||||
+ PARTITION BY a RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING
|
||||
+ ) FROM t1 ORDER BY 1
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: aggregate function calls cannot contain window function calls
|
||||
+do_test 2.1 { catch { execsql {
|
||||
+ SELECT sum( sum(a) OVER () ) FROM t1;
|
||||
+} } } 1
|
||||
+
|
||||
+# PG says ERROR: column "xyz" does not exist
|
||||
+do_test 2.2 { catch { execsql {
|
||||
+ SELECT sum(a) OVER () AS xyz FROM t1 ORDER BY sum(xyz);
|
||||
+} } } 1
|
||||
+
|
||||
+finish_test
|
||||
--
|
||||
2.24.1
|
||||
|
442
SOURCES/sqlite-3.26.0-CVE-2019-5827.patch
Normal file
442
SOURCES/sqlite-3.26.0-CVE-2019-5827.patch
Normal file
@ -0,0 +1,442 @@
|
||||
Subject: [PATCH] Use the 64-bit memory allocator interfaces in extensions,
|
||||
whenever possible and Enforce the SQLITE_LIMIT_COLUMN limit on virtual tables
|
||||
|
||||
---
|
||||
ext/fts3/fts3_snippet.c | 7 ++++---
|
||||
ext/fts3/fts3_test.c | 6 +++---
|
||||
ext/fts3/fts3_tokenize_vtab.c | 2 +-
|
||||
ext/fts3/fts3_tokenizer.c | 4 ++--
|
||||
ext/fts3/fts3_write.c | 19 ++++++++++---------
|
||||
ext/fts5/fts5_tokenize.c | 2 +-
|
||||
ext/rtree/geopoly.c | 20 ++++++++++----------
|
||||
src/build.c | 8 ++++----
|
||||
src/expr.c | 2 +-
|
||||
src/main.c | 2 +-
|
||||
src/test_fs.c | 2 +-
|
||||
src/util.c | 2 +-
|
||||
src/vdbeaux.c | 8 +++++---
|
||||
src/vdbesort.c | 4 ++--
|
||||
src/vtab.c | 25 +++++++++++++++----------
|
||||
15 files changed, 61 insertions(+), 52 deletions(-)
|
||||
|
||||
diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
|
||||
index 5778620..efffff3 100644
|
||||
--- a/ext/fts3/fts3_snippet.c
|
||||
+++ b/ext/fts3/fts3_snippet.c
|
||||
@@ -130,10 +130,11 @@ struct StrBuffer {
|
||||
*/
|
||||
static MatchinfoBuffer *fts3MIBufferNew(int nElem, const char *zMatchinfo){
|
||||
MatchinfoBuffer *pRet;
|
||||
- int nByte = sizeof(u32) * (2*nElem + 1) + sizeof(MatchinfoBuffer);
|
||||
- int nStr = (int)strlen(zMatchinfo);
|
||||
+ sqlite3_int64 nByte = sizeof(u32) * (2*(sqlite3_int64)nElem + 1)
|
||||
+ + sizeof(MatchinfoBuffer);
|
||||
+ sqlite3_int64 nStr = strlen(zMatchinfo);
|
||||
|
||||
- pRet = sqlite3_malloc(nByte + nStr+1);
|
||||
+ pRet = sqlite3_malloc64(nByte + nStr+1);
|
||||
if( pRet ){
|
||||
memset(pRet, 0, nByte);
|
||||
pRet->aMatchinfo[0] = (u8*)(&pRet->aMatchinfo[1]) - (u8*)pRet;
|
||||
diff --git a/ext/fts3/fts3_test.c b/ext/fts3/fts3_test.c
|
||||
index a48a556..0b4edcc 100644
|
||||
--- a/ext/fts3/fts3_test.c
|
||||
+++ b/ext/fts3/fts3_test.c
|
||||
@@ -448,14 +448,14 @@ static int testTokenizerNext(
|
||||
}else{
|
||||
/* Advance to the end of the token */
|
||||
const char *pToken = p;
|
||||
- int nToken;
|
||||
+ sqlite3_int64 nToken;
|
||||
while( p<pEnd && testIsTokenChar(*p) ) p++;
|
||||
- nToken = (int)(p-pToken);
|
||||
+ nToken = (sqlite3_int64)(p-pToken);
|
||||
|
||||
/* Copy the token into the buffer */
|
||||
if( nToken>pCsr->nBuffer ){
|
||||
sqlite3_free(pCsr->aBuffer);
|
||||
- pCsr->aBuffer = sqlite3_malloc(nToken);
|
||||
+ pCsr->aBuffer = sqlite3_malloc64(nToken);
|
||||
}
|
||||
if( pCsr->aBuffer==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
diff --git a/ext/fts3/fts3_tokenize_vtab.c b/ext/fts3/fts3_tokenize_vtab.c
|
||||
index a3d24bc..5b4085b 100644
|
||||
--- a/ext/fts3/fts3_tokenize_vtab.c
|
||||
+++ b/ext/fts3/fts3_tokenize_vtab.c
|
||||
@@ -346,7 +346,7 @@ static int fts3tokFilterMethod(
|
||||
if( idxNum==1 ){
|
||||
const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
|
||||
int nByte = sqlite3_value_bytes(apVal[0]);
|
||||
- pCsr->zInput = sqlite3_malloc(nByte+1);
|
||||
+ pCsr->zInput = sqlite3_malloc64(nByte+1);
|
||||
if( pCsr->zInput==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
}else{
|
||||
diff --git a/ext/fts3/fts3_tokenizer.c b/ext/fts3/fts3_tokenizer.c
|
||||
index bfc36af..fe2003e 100644
|
||||
--- a/ext/fts3/fts3_tokenizer.c
|
||||
+++ b/ext/fts3/fts3_tokenizer.c
|
||||
@@ -194,8 +194,8 @@ int sqlite3Fts3InitTokenizer(
|
||||
int iArg = 0;
|
||||
z = &z[n+1];
|
||||
while( z<zEnd && (NULL!=(z = (char *)sqlite3Fts3NextToken(z, &n))) ){
|
||||
- int nNew = sizeof(char *)*(iArg+1);
|
||||
- char const **aNew = (const char **)sqlite3_realloc((void *)aArg, nNew);
|
||||
+ sqlite3_int64 nNew = sizeof(char *)*(iArg+1);
|
||||
+ char const **aNew = (const char **)sqlite3_realloc64((void *)aArg, nNew);
|
||||
if( !aNew ){
|
||||
sqlite3_free(zCopy);
|
||||
sqlite3_free((void *)aArg);
|
||||
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
|
||||
index d57d265..5330b4c 100644
|
||||
--- a/ext/fts3/fts3_write.c
|
||||
+++ b/ext/fts3/fts3_write.c
|
||||
@@ -1744,8 +1744,9 @@ int sqlite3Fts3SegReaderPending(
|
||||
}
|
||||
|
||||
if( nElem>0 ){
|
||||
- int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
|
||||
- pReader = (Fts3SegReader *)sqlite3_malloc(nByte);
|
||||
+ sqlite3_int64 nByte;
|
||||
+ nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
|
||||
+ pReader = (Fts3SegReader *)sqlite3_malloc64(nByte);
|
||||
if( !pReader ){
|
||||
rc = SQLITE_NOMEM;
|
||||
}else{
|
||||
@@ -3357,7 +3358,7 @@ static void fts3InsertDocsize(
|
||||
int rc; /* Result code from subfunctions */
|
||||
|
||||
if( *pRC ) return;
|
||||
- pBlob = sqlite3_malloc( 10*p->nColumn );
|
||||
+ pBlob = sqlite3_malloc64( 10*(sqlite3_int64)p->nColumn );
|
||||
if( pBlob==0 ){
|
||||
*pRC = SQLITE_NOMEM;
|
||||
return;
|
||||
@@ -3407,7 +3408,7 @@ static void fts3UpdateDocTotals(
|
||||
const int nStat = p->nColumn+2;
|
||||
|
||||
if( *pRC ) return;
|
||||
- a = sqlite3_malloc( (sizeof(u32)+10)*nStat );
|
||||
+ a = sqlite3_malloc64( (sizeof(u32)+10)*(sqlite3_int64)nStat );
|
||||
if( a==0 ){
|
||||
*pRC = SQLITE_NOMEM;
|
||||
return;
|
||||
@@ -3528,8 +3529,8 @@ static int fts3DoRebuild(Fts3Table *p){
|
||||
}
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
- int nByte = sizeof(u32) * (p->nColumn+1)*3;
|
||||
- aSz = (u32 *)sqlite3_malloc(nByte);
|
||||
+ sqlite3_int64 nByte = sizeof(u32) * ((sqlite3_int64)p->nColumn+1)*3;
|
||||
+ aSz = (u32 *)sqlite3_malloc64(nByte);
|
||||
if( aSz==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
}else{
|
||||
@@ -3595,12 +3596,12 @@ static int fts3IncrmergeCsr(
|
||||
){
|
||||
int rc; /* Return Code */
|
||||
sqlite3_stmt *pStmt = 0; /* Statement used to read %_segdir entry */
|
||||
- int nByte; /* Bytes allocated at pCsr->apSegment[] */
|
||||
+ sqlite3_int64 nByte; /* Bytes allocated at pCsr->apSegment[] */
|
||||
|
||||
/* Allocate space for the Fts3MultiSegReader.aCsr[] array */
|
||||
memset(pCsr, 0, sizeof(*pCsr));
|
||||
nByte = sizeof(Fts3SegReader *) * nSeg;
|
||||
- pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc(nByte);
|
||||
+ pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc64(nByte);
|
||||
|
||||
if( pCsr->apSegment==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
@@ -5591,7 +5592,7 @@ int sqlite3Fts3UpdateMethod(
|
||||
}
|
||||
|
||||
/* Allocate space to hold the change in document sizes */
|
||||
- aSzDel = sqlite3_malloc( sizeof(aSzDel[0])*(p->nColumn+1)*2 );
|
||||
+ aSzDel = sqlite3_malloc64(sizeof(aSzDel[0])*((sqlite3_int64)p->nColumn+1)*2);
|
||||
if( aSzDel==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
goto update_out;
|
||||
diff --git a/ext/fts5/fts5_tokenize.c b/ext/fts5/fts5_tokenize.c
|
||||
index af2bc22..029efc5 100644
|
||||
--- a/ext/fts5/fts5_tokenize.c
|
||||
+++ b/ext/fts5/fts5_tokenize.c
|
||||
@@ -363,7 +363,7 @@ static int fts5UnicodeCreate(
|
||||
|
||||
p->bRemoveDiacritic = 1;
|
||||
p->nFold = 64;
|
||||
- p->aFold = sqlite3_malloc(p->nFold * sizeof(char));
|
||||
+ p->aFold = sqlite3_malloc64(p->nFold * sizeof(char));
|
||||
if( p->aFold==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
}
|
||||
diff --git a/ext/rtree/geopoly.c b/ext/rtree/geopoly.c
|
||||
index f6a31f5..7b97f9b 100644
|
||||
--- a/ext/rtree/geopoly.c
|
||||
+++ b/ext/rtree/geopoly.c
|
||||
@@ -261,7 +261,7 @@ static GeoPoly *geopolyParseJson(const unsigned char *z, int *pRc){
|
||||
GeoPoly *pOut;
|
||||
int x = 1;
|
||||
s.nVertex--; /* Remove the redundant vertex at the end */
|
||||
- pOut = sqlite3_malloc64( GEOPOLY_SZ(s.nVertex) );
|
||||
+ pOut = sqlite3_malloc64( GEOPOLY_SZ((sqlite3_int64)s.nVertex) );
|
||||
x = 1;
|
||||
if( pOut==0 ) goto parse_json_err;
|
||||
pOut->nVertex = s.nVertex;
|
||||
@@ -644,7 +644,7 @@ static GeoPoly *geopolyBBox(
|
||||
if( pRc ) *pRc = SQLITE_OK;
|
||||
if( aCoord==0 ){
|
||||
geopolyBboxFill:
|
||||
- pOut = sqlite3_realloc(p, GEOPOLY_SZ(4));
|
||||
+ pOut = sqlite3_realloc64(p, GEOPOLY_SZ(4));
|
||||
if( pOut==0 ){
|
||||
sqlite3_free(p);
|
||||
if( context ) sqlite3_result_error_nomem(context);
|
||||
@@ -1040,9 +1040,9 @@ static GeoSegment *geopolySortSegmentsByYAndC(GeoSegment *pList){
|
||||
** Determine the overlap between two polygons
|
||||
*/
|
||||
static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
|
||||
- int nVertex = p1->nVertex + p2->nVertex + 2;
|
||||
+ sqlite3_int64 nVertex = p1->nVertex + p2->nVertex + 2;
|
||||
GeoOverlap *p;
|
||||
- int nByte;
|
||||
+ sqlite3_int64 nByte;
|
||||
GeoEvent *pThisEvent;
|
||||
double rX;
|
||||
int rc = 0;
|
||||
@@ -1054,7 +1054,7 @@ static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
|
||||
nByte = sizeof(GeoEvent)*nVertex*2
|
||||
+ sizeof(GeoSegment)*nVertex
|
||||
+ sizeof(GeoOverlap);
|
||||
- p = sqlite3_malloc( nByte );
|
||||
+ p = sqlite3_malloc64( nByte );
|
||||
if( p==0 ) return -1;
|
||||
p->aEvent = (GeoEvent*)&p[1];
|
||||
p->aSegment = (GeoSegment*)&p->aEvent[nVertex*2];
|
||||
@@ -1213,8 +1213,8 @@ static int geopolyInit(
|
||||
){
|
||||
int rc = SQLITE_OK;
|
||||
Rtree *pRtree;
|
||||
- int nDb; /* Length of string argv[1] */
|
||||
- int nName; /* Length of string argv[2] */
|
||||
+ sqlite3_int64 nDb; /* Length of string argv[1] */
|
||||
+ sqlite3_int64 nName; /* Length of string argv[2] */
|
||||
sqlite3_str *pSql;
|
||||
char *zSql;
|
||||
int ii;
|
||||
@@ -1222,9 +1222,9 @@ static int geopolyInit(
|
||||
sqlite3_vtab_config(db, SQLITE_VTAB_CONSTRAINT_SUPPORT, 1);
|
||||
|
||||
/* Allocate the sqlite3_vtab structure */
|
||||
- nDb = (int)strlen(argv[1]);
|
||||
- nName = (int)strlen(argv[2]);
|
||||
- pRtree = (Rtree *)sqlite3_malloc(sizeof(Rtree)+nDb+nName+2);
|
||||
+ nDb = strlen(argv[1]);
|
||||
+ nName = strlen(argv[2]);
|
||||
+ pRtree = (Rtree *)sqlite3_malloc64(sizeof(Rtree)+nDb+nName+2);
|
||||
if( !pRtree ){
|
||||
return SQLITE_NOMEM;
|
||||
}
|
||||
diff --git a/src/build.c b/src/build.c
|
||||
index afe4171..1dc2614 100644
|
||||
--- a/src/build.c
|
||||
+++ b/src/build.c
|
||||
@@ -3760,9 +3760,9 @@ void *sqlite3ArrayAllocate(
|
||||
int *pIdx /* Write the index of a new slot here */
|
||||
){
|
||||
char *z;
|
||||
- int n = *pnEntry;
|
||||
+ sqlite3_int64 n = *pnEntry;
|
||||
if( (n & (n-1))==0 ){
|
||||
- int sz = (n==0) ? 1 : 2*n;
|
||||
+ sqlite3_int64 sz = (n==0) ? 1 : 2*n;
|
||||
void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
|
||||
if( pNew==0 ){
|
||||
*pIdx = -1;
|
||||
@@ -3870,7 +3870,7 @@ SrcList *sqlite3SrcListEnlarge(
|
||||
/* Allocate additional space if needed */
|
||||
if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
|
||||
SrcList *pNew;
|
||||
- int nAlloc = pSrc->nSrc*2+nExtra;
|
||||
+ sqlite3_int64 nAlloc = 2*(sqlite3_int64)pSrc->nSrc+nExtra;
|
||||
int nGot;
|
||||
pNew = sqlite3DbRealloc(db, pSrc,
|
||||
sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
|
||||
@@ -4612,7 +4612,7 @@ With *sqlite3WithAdd(
|
||||
}
|
||||
|
||||
if( pWith ){
|
||||
- int nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
|
||||
+ sqlite3_int64 nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
|
||||
pNew = sqlite3DbRealloc(db, pWith, nByte);
|
||||
}else{
|
||||
pNew = sqlite3DbMallocZero(db, sizeof(*pWith));
|
||||
diff --git a/src/expr.c b/src/expr.c
|
||||
index 5f98f76..d64b8eb 100644
|
||||
--- a/src/expr.c
|
||||
+++ b/src/expr.c
|
||||
@@ -1547,7 +1547,7 @@ ExprList *sqlite3ExprListAppend(
|
||||
}else if( (pList->nExpr & (pList->nExpr-1))==0 ){
|
||||
ExprList *pNew;
|
||||
pNew = sqlite3DbRealloc(db, pList,
|
||||
- sizeof(*pList)+(2*pList->nExpr - 1)*sizeof(pList->a[0]));
|
||||
+ sizeof(*pList)+(2*(sqlite3_int64)pList->nExpr-1)*sizeof(pList->a[0]));
|
||||
if( pNew==0 ){
|
||||
goto no_mem;
|
||||
}
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index 46c8346..434b898 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -698,7 +698,7 @@ static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
|
||||
pStart = 0;
|
||||
}else if( pBuf==0 ){
|
||||
sqlite3BeginBenignMalloc();
|
||||
- pStart = sqlite3Malloc( sz*cnt ); /* IMP: R-61949-35727 */
|
||||
+ pStart = sqlite3Malloc( sz*(sqlite3_int64)cnt ); /* IMP: R-61949-35727 */
|
||||
sqlite3EndBenignMalloc();
|
||||
if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
|
||||
}else{
|
||||
diff --git a/src/test_fs.c b/src/test_fs.c
|
||||
index 8192beb..1feea46 100644
|
||||
--- a/src/test_fs.c
|
||||
+++ b/src/test_fs.c
|
||||
@@ -744,7 +744,7 @@ static int fsColumn(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int i){
|
||||
fstat(fd, &sbuf);
|
||||
|
||||
if( sbuf.st_size>=pCur->nAlloc ){
|
||||
- int nNew = sbuf.st_size*2;
|
||||
+ sqlite3_int64 nNew = sbuf.st_size*2;
|
||||
char *zNew;
|
||||
if( nNew<1024 ) nNew = 1024;
|
||||
|
||||
diff --git a/src/util.c b/src/util.c
|
||||
index 96b0b14..7f2b977 100644
|
||||
--- a/src/util.c
|
||||
+++ b/src/util.c
|
||||
@@ -1572,7 +1572,7 @@ VList *sqlite3VListAdd(
|
||||
assert( pIn==0 || pIn[0]>=3 ); /* Verify ok to add new elements */
|
||||
if( pIn==0 || pIn[1]+nInt > pIn[0] ){
|
||||
/* Enlarge the allocation */
|
||||
- int nAlloc = (pIn ? pIn[0]*2 : 10) + nInt;
|
||||
+ sqlite3_int64 nAlloc = (pIn ? 2*(sqlite3_int64)pIn[0] : 10) + nInt;
|
||||
VList *pOut = sqlite3DbRealloc(db, pIn, nAlloc*sizeof(int));
|
||||
if( pOut==0 ) return pIn;
|
||||
if( pIn==0 ) pOut[1] = 2;
|
||||
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
|
||||
index b74141b..ffc5d0b 100644
|
||||
--- a/src/vdbeaux.c
|
||||
+++ b/src/vdbeaux.c
|
||||
@@ -125,9 +125,11 @@ static int growOpArray(Vdbe *v, int nOp){
|
||||
** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
|
||||
** size of the op array or add 1KB of space, whichever is smaller. */
|
||||
#ifdef SQLITE_TEST_REALLOC_STRESS
|
||||
- int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
|
||||
+ sqlite3_int64 nNew = (p->nOpAlloc>=512 ? 2*(sqlite3_int64)p->nOpAlloc
|
||||
+ : (sqlite3_int64)p->nOpAlloc+nOp);
|
||||
#else
|
||||
- int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
|
||||
+ sqlite3_int64 nNew = (p->nOpAlloc ? 2*(sqlite3_int64)p->nOpAlloc
|
||||
+ : (sqlite3_int64)1024/sizeof(Op));
|
||||
UNUSED_PARAMETER(nOp);
|
||||
#endif
|
||||
|
||||
@@ -875,7 +877,7 @@ void sqlite3VdbeScanStatus(
|
||||
LogEst nEst, /* Estimated number of output rows */
|
||||
const char *zName /* Name of table or index being scanned */
|
||||
){
|
||||
- int nByte = (p->nScan+1) * sizeof(ScanStatus);
|
||||
+ sqlite3_int64 nByte = (p->nScan+1) * sizeof(ScanStatus);
|
||||
ScanStatus *aNew;
|
||||
aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
|
||||
if( aNew ){
|
||||
diff --git a/src/vdbesort.c b/src/vdbesort.c
|
||||
index b30bc4e..d84a411 100644
|
||||
--- a/src/vdbesort.c
|
||||
+++ b/src/vdbesort.c
|
||||
@@ -537,7 +537,7 @@ static int vdbePmaReadBlob(
|
||||
/* Extend the p->aAlloc[] allocation if required. */
|
||||
if( p->nAlloc<nByte ){
|
||||
u8 *aNew;
|
||||
- int nNew = MAX(128, p->nAlloc*2);
|
||||
+ sqlite3_int64 nNew = MAX(128, 2*(sqlite3_int64)p->nAlloc);
|
||||
while( nByte>nNew ) nNew = nNew*2;
|
||||
aNew = sqlite3Realloc(p->aAlloc, nNew);
|
||||
if( !aNew ) return SQLITE_NOMEM_BKPT;
|
||||
@@ -1829,7 +1829,7 @@ int sqlite3VdbeSorterWrite(
|
||||
if( nMin>pSorter->nMemory ){
|
||||
u8 *aNew;
|
||||
int iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
|
||||
- int nNew = pSorter->nMemory * 2;
|
||||
+ sqlite3_int64 nNew = 2 * (sqlite3_int64)pSorter->nMemory;
|
||||
while( nNew < nMin ) nNew = nNew*2;
|
||||
if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
|
||||
if( nNew < nMin ) nNew = nMin;
|
||||
diff --git a/src/vtab.c b/src/vtab.c
|
||||
index 1b8d283..41c6093 100644
|
||||
--- a/src/vtab.c
|
||||
+++ b/src/vtab.c
|
||||
@@ -302,9 +302,13 @@ void sqlite3VtabClear(sqlite3 *db, Table *p){
|
||||
** string will be freed automatically when the table is
|
||||
** deleted.
|
||||
*/
|
||||
-static void addModuleArgument(sqlite3 *db, Table *pTable, char *zArg){
|
||||
- int nBytes = sizeof(char *)*(2+pTable->nModuleArg);
|
||||
+static void addModuleArgument(Parse *pParse, Table *pTable, char *zArg){
|
||||
+ sqlite3_int64 nBytes = sizeof(char *)*(2+pTable->nModuleArg);
|
||||
char **azModuleArg;
|
||||
+ sqlite3 *db = pParse->db;
|
||||
+ if( pTable->nModuleArg+3>=db->aLimit[SQLITE_LIMIT_COLUMN] ){
|
||||
+ sqlite3ErrorMsg(pParse, "too many columns on %s", pTable->zName);
|
||||
+ }
|
||||
azModuleArg = sqlite3DbRealloc(db, pTable->azModuleArg, nBytes);
|
||||
if( azModuleArg==0 ){
|
||||
sqlite3DbFree(db, zArg);
|
||||
@@ -339,9 +343,9 @@ void sqlite3VtabBeginParse(
|
||||
db = pParse->db;
|
||||
|
||||
assert( pTable->nModuleArg==0 );
|
||||
- addModuleArgument(db, pTable, sqlite3NameFromToken(db, pModuleName));
|
||||
- addModuleArgument(db, pTable, 0);
|
||||
- addModuleArgument(db, pTable, sqlite3DbStrDup(db, pTable->zName));
|
||||
+ addModuleArgument(pParse, pTable, sqlite3NameFromToken(db, pModuleName));
|
||||
+ addModuleArgument(pParse, pTable, 0);
|
||||
+ addModuleArgument(pParse, pTable, sqlite3DbStrDup(db, pTable->zName));
|
||||
assert( (pParse->sNameToken.z==pName2->z && pName2->z!=0)
|
||||
|| (pParse->sNameToken.z==pName1->z && pName2->z==0)
|
||||
);
|
||||
@@ -374,7 +378,7 @@ static void addArgumentToVtab(Parse *pParse){
|
||||
const char *z = (const char*)pParse->sArg.z;
|
||||
int n = pParse->sArg.n;
|
||||
sqlite3 *db = pParse->db;
|
||||
- addModuleArgument(db, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
|
||||
+ addModuleArgument(pParse, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -663,7 +667,8 @@ static int growVTrans(sqlite3 *db){
|
||||
/* Grow the sqlite3.aVTrans array if required */
|
||||
if( (db->nVTrans%ARRAY_INCR)==0 ){
|
||||
VTable **aVTrans;
|
||||
- int nBytes = sizeof(sqlite3_vtab *) * (db->nVTrans + ARRAY_INCR);
|
||||
+ sqlite3_int64 nBytes = sizeof(sqlite3_vtab*)*
|
||||
+ ((sqlite3_int64)db->nVTrans + ARRAY_INCR);
|
||||
aVTrans = sqlite3DbRealloc(db, (void *)db->aVTrans, nBytes);
|
||||
if( !aVTrans ){
|
||||
return SQLITE_NOMEM_BKPT;
|
||||
@@ -1157,9 +1162,9 @@ int sqlite3VtabEponymousTableInit(Parse *pParse, Module *pMod){
|
||||
pTab->pSchema = db->aDb[0].pSchema;
|
||||
assert( pTab->nModuleArg==0 );
|
||||
pTab->iPKey = -1;
|
||||
- addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
|
||||
- addModuleArgument(db, pTab, 0);
|
||||
- addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
|
||||
+ addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
|
||||
+ addModuleArgument(pParse, pTab, 0);
|
||||
+ addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
|
||||
rc = vtabCallConstructor(db, pTab, pMod, pModule->xConnect, &zErr);
|
||||
if( rc ){
|
||||
sqlite3ErrorMsg(pParse, "%s", zErr);
|
||||
--
|
||||
2.30.2
|
||||
|
73
SOURCES/sqlite-3.26.0-CVE-2020-13434.patch
Normal file
73
SOURCES/sqlite-3.26.0-CVE-2020-13434.patch
Normal file
@ -0,0 +1,73 @@
|
||||
Subject: [PATCH] Limit the "precision" of floating-point to text conversions
|
||||
in the printf() function to 100,000,000.
|
||||
|
||||
---
|
||||
src/printf.c | 12 ++++++++++++
|
||||
test/printf.test | 16 +++++++++++++---
|
||||
2 files changed, 25 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/printf.c b/src/printf.c
|
||||
index 7bce83f..260bf79 100644
|
||||
--- a/src/printf.c
|
||||
+++ b/src/printf.c
|
||||
@@ -165,6 +165,13 @@ static char *getTextArg(PrintfArguments *p){
|
||||
#endif
|
||||
#define etBUFSIZE SQLITE_PRINT_BUF_SIZE /* Size of the output buffer */
|
||||
|
||||
+/*
|
||||
+** Hard limit on the precision of floating-point conversions.
|
||||
+*/
|
||||
+#ifndef SQLITE_PRINTF_PRECISION_LIMIT
|
||||
+# define SQLITE_FP_PRECISION_LIMIT 100000000
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
** Render a string given by "fmt" into the StrAccum object.
|
||||
*/
|
||||
@@ -471,6 +478,11 @@ void sqlite3_str_vappendf(
|
||||
length = 0;
|
||||
#else
|
||||
if( precision<0 ) precision = 6; /* Set default precision */
|
||||
+#ifdef SQLITE_FP_PRECISION_LIMIT
|
||||
+ if( precision>SQLITE_FP_PRECISION_LIMIT ){
|
||||
+ precision = SQLITE_FP_PRECISION_LIMIT;
|
||||
+ }
|
||||
+#endif
|
||||
if( realvalue<0.0 ){
|
||||
realvalue = -realvalue;
|
||||
prefix = '-';
|
||||
diff --git a/test/printf.test b/test/printf.test
|
||||
index d768898..a2b5e2a 100644
|
||||
--- a/test/printf.test
|
||||
+++ b/test/printf.test
|
||||
@@ -538,9 +538,11 @@ do_test printf-2.1.2.8 {
|
||||
do_test printf-2.1.2.9 {
|
||||
sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20
|
||||
} {abc: 1 1 (1e-20) :xyz}
|
||||
-do_test printf-2.1.2.10 {
|
||||
- sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
|
||||
-} {abc: }
|
||||
+if {$SQLITE_MAX_LENGTH<=[expr 1000*1000*1000]} {
|
||||
+ do_test printf-2.1.2.10 {
|
||||
+ sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
|
||||
+ } {}
|
||||
+}
|
||||
do_test printf-2.1.3.1 {
|
||||
sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 1.0
|
||||
} {abc: (1.0) :xyz}
|
||||
@@ -3777,4 +3779,12 @@ foreach ::iRepeat {0 1} {
|
||||
}
|
||||
}
|
||||
|
||||
+# 2020-05-23
|
||||
+# ticket 23439ea582241138
|
||||
+#
|
||||
+do_execsql_test printf-16.1 {
|
||||
+ SELECT printf('%.*g',2147483647,0.01);
|
||||
+} {0.01}
|
||||
+
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.24.1
|
||||
|
144
SOURCES/sqlite-3.26.0-CVE-2020-13435.patch
Normal file
144
SOURCES/sqlite-3.26.0-CVE-2020-13435.patch
Normal file
@ -0,0 +1,144 @@
|
||||
Subject: [PATCH] When rewriting a query for window functions, if the rewrite
|
||||
changes the depth of TK_AGG_FUNCTION nodes, be sure to adjust the Expr.op2
|
||||
field appropriately.
|
||||
|
||||
diff --git a/src/resolve.c b/src/resolve.c
|
||||
index cdcf4d9..c47f6bb 100644
|
||||
--- a/src/resolve.c
|
||||
+++ b/src/resolve.c
|
||||
@@ -24,6 +24,8 @@
|
||||
**
|
||||
** incrAggFunctionDepth(pExpr,n) is the main routine. incrAggDepth(..)
|
||||
** is a helper function - a callback for the tree walker.
|
||||
+**
|
||||
+** See also the sqlite3WindowExtraAggFuncDepth() routine in window.c
|
||||
*/
|
||||
static int incrAggDepth(Walker *pWalker, Expr *pExpr){
|
||||
if( pExpr->op==TK_AGG_FUNCTION ) pExpr->op2 += pWalker->u.n;
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index a6d1757..6f5570c 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -1961,7 +1961,7 @@ int sqlite3ColumnsFromExprList(
|
||||
assert( pColExpr!=0 );
|
||||
}
|
||||
assert( pColExpr->op!=TK_AGG_COLUMN );
|
||||
- if( pColExpr->op==TK_COLUMN ){
|
||||
+ if( pColExpr->op==TK_COLUMN && pColExpr->y.pTab ){
|
||||
/* For columns use the column name name */
|
||||
int iCol = pColExpr->iColumn;
|
||||
Table *pTab = pColExpr->y.pTab;
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index 1cf6937..ea9a7ae 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -3579,6 +3579,8 @@ void sqlite3WindowUpdate(Parse*, Window*, Window*, FuncDef*);
|
||||
Window *sqlite3WindowDup(sqlite3 *db, Expr *pOwner, Window *p);
|
||||
Window *sqlite3WindowListDup(sqlite3 *db, Window *p);
|
||||
void sqlite3WindowFunctions(void);
|
||||
+int sqlite3WalkerDepthIncrease(Walker*,Select*);
|
||||
+void sqlite3WalkerDepthDecrease(Walker*,Select*);
|
||||
#else
|
||||
# define sqlite3WindowDelete(a,b)
|
||||
# define sqlite3WindowFunctions()
|
||||
diff --git a/src/walker.c b/src/walker.c
|
||||
index c31d94f..8cd3b65 100644
|
||||
--- a/src/walker.c
|
||||
+++ b/src/walker.c
|
||||
@@ -165,3 +165,16 @@ int sqlite3WalkSelect(Walker *pWalker, Select *p){
|
||||
}while( p!=0 );
|
||||
return WRC_Continue;
|
||||
}
|
||||
+
|
||||
+/* Increase the walkerDepth when entering a subquery, and
|
||||
+** descrease when leaving the subquery.
|
||||
+*/
|
||||
+int sqlite3WalkerDepthIncrease(Walker *pWalker, Select *pSelect){
|
||||
+ UNUSED_PARAMETER(pSelect);
|
||||
+ pWalker->walkerDepth++;
|
||||
+ return WRC_Continue;
|
||||
+}
|
||||
+void sqlite3WalkerDepthDecrease(Walker *pWalker, Select *pSelect){
|
||||
+ UNUSED_PARAMETER(pSelect);
|
||||
+ pWalker->walkerDepth--;
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/src/window.c b/src/window.c
|
||||
index c65eadd..48d8090 100644
|
||||
--- a/src/window.c
|
||||
+++ b/src/window.c
|
||||
@@ -738,6 +738,23 @@ static ExprList *exprListAppendList(
|
||||
return pList;
|
||||
}
|
||||
|
||||
+/*
|
||||
+** When rewriting a query, if the new subquery in the FROM clause
|
||||
+** contains TK_AGG_FUNCTION nodes that refer to an outer query,
|
||||
+** then we have to increase the Expr->op2 values of those nodes
|
||||
+** due to the extra subquery layer that was added.
|
||||
+**
|
||||
+** See also the incrAggDepth() routine in resolve.c
|
||||
+*/
|
||||
+static int sqlite3WindowExtraAggFuncDepth(Walker *pWalker, Expr *pExpr){
|
||||
+ if( pExpr->op==TK_AGG_FUNCTION
|
||||
+ && pExpr->op2>=pWalker->walkerDepth
|
||||
+ ){
|
||||
+ pExpr->op2++;
|
||||
+ }
|
||||
+ return WRC_Continue;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
** If the SELECT statement passed as the second argument does not invoke
|
||||
** any SQL window functions, this function is a no-op. Otherwise, it
|
||||
@@ -827,14 +844,24 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
|
||||
p->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
|
||||
assert( p->pSrc || db->mallocFailed );
|
||||
if( p->pSrc ){
|
||||
+ Table *pTab2;
|
||||
+ Walker w;
|
||||
p->pSrc->a[0].pSelect = pSub;
|
||||
sqlite3SrcListAssignCursors(pParse, p->pSrc);
|
||||
- if( sqlite3ExpandSubquery(pParse, &p->pSrc->a[0]) ){
|
||||
+ pTab2 = sqlite3ResultSetOfSelect(pParse, pSub);
|
||||
+ if( pTab2==0 ){
|
||||
rc = SQLITE_NOMEM;
|
||||
}else{
|
||||
pSub->selFlags |= SF_Expanded;
|
||||
p->selFlags &= ~SF_Aggregate;
|
||||
sqlite3SelectPrep(pParse, pSub, 0);
|
||||
+ pTab2->tabFlags |= TF_Ephemeral;
|
||||
+ p->pSrc->a[0].pTab = pTab2;
|
||||
+ memset(&w, 0, sizeof(w));
|
||||
+ w.xExprCallback = sqlite3WindowExtraAggFuncDepth;
|
||||
+ w.xSelectCallback = sqlite3WalkerDepthIncrease;
|
||||
+ w.xSelectCallback2 = sqlite3WalkerDepthDecrease;
|
||||
+ sqlite3WalkSelect(&w, pSub);
|
||||
}
|
||||
|
||||
sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pMWin->iEphCsr, pSublist->nExpr);
|
||||
diff --git a/test/window1.test b/test/window1.test
|
||||
index a8399a8..13ecc32 100644
|
||||
--- a/test/window1.test
|
||||
+++ b/test/window1.test
|
||||
@@ -594,4 +594,20 @@ do_execsql_test 13.5 {
|
||||
} {
|
||||
}
|
||||
|
||||
+# 2020-05-23
|
||||
+# ticket 7a5279a25c57adf1
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 53.0 {
|
||||
+ CREATE TABLE a(c UNIQUE);
|
||||
+ INSERT INTO a VALUES(4),(0),(9),(-9);
|
||||
+ SELECT a.c
|
||||
+ FROM a
|
||||
+ JOIN a AS b ON a.c=4
|
||||
+ JOIN a AS e ON a.c=e.c
|
||||
+ WHERE a.c=(SELECT (SELECT coalesce(lead(2) OVER(),0) + sum(d.c))
|
||||
+ FROM a AS d
|
||||
+ WHERE a.c);
|
||||
+} {4 4 4 4}
|
||||
+
|
||||
finish_test
|
88
SOURCES/sqlite-3.26.0-CVE-2020-13630.patch
Normal file
88
SOURCES/sqlite-3.26.0-CVE-2020-13630.patch
Normal file
@ -0,0 +1,88 @@
|
||||
Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function.
|
||||
|
||||
---
|
||||
ext/fts3/fts3.c | 1 +
|
||||
test/fts3snippet2.test | 59 ++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 60 insertions(+)
|
||||
create mode 100644 test/fts3snippet2.test
|
||||
|
||||
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
|
||||
index 84fc8a5..9ddd201 100644
|
||||
--- a/ext/fts3/fts3.c
|
||||
+++ b/ext/fts3/fts3.c
|
||||
@@ -5213,6 +5213,7 @@ static void fts3EvalNextRow(
|
||||
fts3EvalNextRow(pCsr, pLeft, pRc);
|
||||
}
|
||||
}
|
||||
+ pRight->bEof = pLeft->bEof = 1;
|
||||
}
|
||||
}
|
||||
break;
|
||||
diff --git a/test/fts3snippet2.test b/test/fts3snippet2.test
|
||||
new file mode 100644
|
||||
index 0000000..607b01e
|
||||
--- /dev/null
|
||||
+++ b/test/fts3snippet2.test
|
||||
@@ -0,0 +1,59 @@
|
||||
+# 2020-05-14
|
||||
+#
|
||||
+# The author disclaims copyright to this source code. In place of
|
||||
+# a legal notice, here is a blessing:
|
||||
+#
|
||||
+# May you do good and not evil.
|
||||
+# May you find forgiveness for yourself and forgive others.
|
||||
+# May you share freely, never taking more than you give.
|
||||
+#
|
||||
+#*************************************************************************
|
||||
+#
|
||||
+# The tests in this file test the FTS3 auxillary functions offsets(),
|
||||
+# snippet() and matchinfo() work. At time of writing, running this file
|
||||
+# provides full coverage of fts3_snippet.c.
|
||||
+#
|
||||
+
|
||||
+set testdir [file dirname $argv0]
|
||||
+source $testdir/tester.tcl
|
||||
+set testprefix fts3snippet
|
||||
+
|
||||
+# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
|
||||
+ifcapable !fts3 { finish_test ; return }
|
||||
+source $testdir/fts3_common.tcl
|
||||
+
|
||||
+set sqlite_fts3_enable_parentheses 1
|
||||
+#-------------------------------------------------------------------------
|
||||
+# Request a snippet from a query with more than 64 phrases.
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 1.0 {
|
||||
+ CREATE VIRTUAL TABLE f USING fts3(b);
|
||||
+ INSERT INTO f VALUES ( x'746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218');
|
||||
+}
|
||||
+
|
||||
+do_execsql_test 1.1 {
|
||||
+ SELECT length(snippet(f))>0 FROM f WHERE b MATCH x'1065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a010f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c2a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e0f42';
|
||||
+} {1}
|
||||
+
|
||||
+reset_db
|
||||
+do_execsql_test 2.0 {
|
||||
+ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
|
||||
+ INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
|
||||
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH x'0a4d4d4d4d320a4f52d70a310a310a4e4541520a0a31f6ce0a4f520a0a310a310a310a4f520a75fc2a242424' ;
|
||||
+} {<b>1</b>}
|
||||
+
|
||||
+reset_db
|
||||
+do_execsql_test 2.1 {
|
||||
+ CREATE VIRTUAL TABLE t0 USING fts3(
|
||||
+ col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY
|
||||
+ );
|
||||
+ INSERT INTO t0 VALUES ('one', '1234','aaaa','bbbb');
|
||||
+}
|
||||
+do_execsql_test 2.2 {
|
||||
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH
|
||||
+ '(def AND (one NEAR abc)) OR one'
|
||||
+} {<b>one</b>}
|
||||
+
|
||||
+set sqlite_fts3_enable_parentheses 0
|
||||
+finish_test
|
||||
--
|
||||
2.24.1
|
||||
|
98
SOURCES/sqlite-3.26.0-CVE-2020-13631.patch
Normal file
98
SOURCES/sqlite-3.26.0-CVE-2020-13631.patch
Normal file
@ -0,0 +1,98 @@
|
||||
Subject: [PATCH] Do not allow a virtual table to be renamed into the name of
|
||||
one of its shadows.
|
||||
|
||||
---
|
||||
src/alter.c | 5 ++++-
|
||||
src/build.c | 29 +++++++++++++++++++++++------
|
||||
src/sqliteInt.h | 5 +++++
|
||||
3 files changed, 32 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/alter.c b/src/alter.c
|
||||
index 1280e90..0fa24c0 100644
|
||||
--- a/src/alter.c
|
||||
+++ b/src/alter.c
|
||||
@@ -117,7 +117,10 @@ void sqlite3AlterRenameTable(
|
||||
/* Check that a table or index named 'zName' does not already exist
|
||||
** in database iDb. If so, this is an error.
|
||||
*/
|
||||
- if( sqlite3FindTable(db, zName, zDb) || sqlite3FindIndex(db, zName, zDb) ){
|
||||
+ if( sqlite3FindTable(db, zName, zDb)
|
||||
+ || sqlite3FindIndex(db, zName, zDb)
|
||||
+ || sqlite3IsShadowTableOf(db, pTab, zName)
|
||||
+ ){
|
||||
sqlite3ErrorMsg(pParse,
|
||||
"there is already another table or index with this name: %s", zName);
|
||||
goto exit_rename_table;
|
||||
diff --git a/src/build.c b/src/build.c
|
||||
index e0fed8a..afe4171 100644
|
||||
--- a/src/build.c
|
||||
+++ b/src/build.c
|
||||
@@ -1899,6 +1899,28 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
|
||||
recomputeColumnsNotIndexed(pPk);
|
||||
}
|
||||
|
||||
+
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+/*
|
||||
+** Return true if pTab is a virtual table and zName is a shadow table name
|
||||
+** for that virtual table.
|
||||
+*/
|
||||
+int sqlite3IsShadowTableOf(sqlite3 *db, Table *pTab, const char *zName){
|
||||
+ int nName; /* Length of zName */
|
||||
+ Module *pMod; /* Module for the virtual table */
|
||||
+
|
||||
+ if( !IsVirtual(pTab) ) return 0;
|
||||
+ nName = sqlite3Strlen30(pTab->zName);
|
||||
+ if( sqlite3_strnicmp(zName, pTab->zName, nName)!=0 ) return 0;
|
||||
+ if( zName[nName]!='_' ) return 0;
|
||||
+ pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
|
||||
+ if( pMod==0 ) return 0;
|
||||
+ if( pMod->pModule->iVersion<3 ) return 0;
|
||||
+ if( pMod->pModule->xShadowName==0 ) return 0;
|
||||
+ return pMod->pModule->xShadowName(zName+nName+1);
|
||||
+}
|
||||
+#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
|
||||
+
|
||||
#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
/*
|
||||
** Return true if zName is a shadow table name in the current database
|
||||
@@ -1910,7 +1932,6 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
|
||||
static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
char *zTail; /* Pointer to the last "_" in zName */
|
||||
Table *pTab; /* Table that zName is a shadow of */
|
||||
- Module *pMod; /* Module for the virtual table */
|
||||
|
||||
zTail = strrchr(zName, '_');
|
||||
if( zTail==0 ) return 0;
|
||||
@@ -1919,11 +1940,7 @@ static int isShadowTableName(sqlite3 *db, char *zName){
|
||||
*zTail = '_';
|
||||
if( pTab==0 ) return 0;
|
||||
if( !IsVirtual(pTab) ) return 0;
|
||||
- pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
|
||||
- if( pMod==0 ) return 0;
|
||||
- if( pMod->pModule->iVersion<3 ) return 0;
|
||||
- if( pMod->pModule->xShadowName==0 ) return 0;
|
||||
- return pMod->pModule->xShadowName(zTail+1);
|
||||
+ return sqlite3IsShadowTableOf(db, pTab, zName);
|
||||
}
|
||||
#else
|
||||
# define isShadowTableName(x,y) 0
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index b7d3571..76337f7 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -4407,6 +4407,11 @@ void sqlite3AutoLoadExtensions(sqlite3*);
|
||||
);
|
||||
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
|
||||
#endif
|
||||
+#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
+ int sqlite3IsShadowTableOf(sqlite3*,Table*,const char*);
|
||||
+#else
|
||||
+# define sqlite3IsShadowTableOf(A,B,C) 0
|
||||
+#endif
|
||||
int sqlite3VtabEponymousTableInit(Parse*,Module*);
|
||||
void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
|
||||
void sqlite3VtabMakeWritable(Parse*,Table*);
|
||||
--
|
||||
2.24.1
|
||||
|
67
SOURCES/sqlite-3.26.0-CVE-2020-13632.patch
Normal file
67
SOURCES/sqlite-3.26.0-CVE-2020-13632.patch
Normal file
@ -0,0 +1,67 @@
|
||||
Subject: [PATCH] Fix a null pointer deference that can occur on a strange
|
||||
matchinfo() query.
|
||||
|
||||
---
|
||||
ext/fts3/fts3_snippet.c | 2 +-
|
||||
test/fts3matchinfo2.test | 35 +++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 36 insertions(+), 1 deletion(-)
|
||||
create mode 100644 test/fts3matchinfo2.test
|
||||
|
||||
diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
|
||||
index a0771c0..5778620 100644
|
||||
--- a/ext/fts3/fts3_snippet.c
|
||||
+++ b/ext/fts3/fts3_snippet.c
|
||||
@@ -869,7 +869,7 @@ static void fts3ExprLHits(
|
||||
iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
|
||||
}
|
||||
|
||||
- while( 1 ){
|
||||
+ if( pIter ) while( 1 ){
|
||||
int nHit = fts3ColumnlistCount(&pIter);
|
||||
if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
|
||||
if( p->flag==FTS3_MATCHINFO_LHITS ){
|
||||
diff --git a/test/fts3matchinfo2.test b/test/fts3matchinfo2.test
|
||||
new file mode 100644
|
||||
index 0000000..d6b3ad0
|
||||
--- /dev/null
|
||||
+++ b/test/fts3matchinfo2.test
|
||||
@@ -0,0 +1,35 @@
|
||||
+# 2020-05-14
|
||||
+#
|
||||
+# The author disclaims copyright to this source code. In place of
|
||||
+# a legal notice, here is a blessing:
|
||||
+#
|
||||
+# May you do good and not evil.
|
||||
+# May you find forgiveness for yourself and forgive others.
|
||||
+# May you share freely, never taking more than you give.
|
||||
+#
|
||||
+#***********************************************************************
|
||||
+# This file implements regression tests for the FTS3 module. The focus
|
||||
+# of this file is tables created with the "matchinfo=fts3" option.
|
||||
+#
|
||||
+
|
||||
+set testdir [file dirname $argv0]
|
||||
+source $testdir/tester.tcl
|
||||
+
|
||||
+# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
|
||||
+ifcapable !fts3 { finish_test ; return }
|
||||
+
|
||||
+set sqlite_fts3_enable_parentheses 1
|
||||
+
|
||||
+# Crash case found by cyg0810 at gmail.com 2020-05-14. Reported to
|
||||
+# chromium (which is not vulnerable) who kindly referred it to us.
|
||||
+#
|
||||
+do_execsql_test 1.0 {
|
||||
+ CREATE TABLE t_content(col0 INTEGER);
|
||||
+ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
|
||||
+ INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
|
||||
+ SELECT hex(matchinfo(t0,'yxy')) FROM t0 WHERE t0 MATCH x'2b0a312b0a312a312a2a0b5d0a0b0b0a312a0a0b0b0a312a0b310a392a0b0a27312a2a0b5d0a312a0b310a31315d0b310a312a316d2a0b313b15bceaa50a312a0b0a27312a2a0b5d0a312a0b310a312b0b2a310a312a0b2a0b2a0b2e5d0a0bff313336e34a2a312a0b0a3c310b0a0b4b4b0b4b2a4bec40322b2a0b310a0a312a0a0a0a0a0a0a0a0a0b310a312a2a2a0b5d0a0b0b0a312a0b310a312a0b0a4e4541530b310a5df5ced70a0a0a0a0a4f520a0a0a0a0a0a0a312a0b0a4e4541520b310a5d616161610a0a0a0a4f520a0a0a0a0a0a312b0a312a312a0a0a0a0a0a0a004a0b0a310b220a0b0a310a4a22310a0b0a7e6fe0e0e030e0e0e0e0e01176e02000e0e0e0e0e01131320226310a0b0a310a4a22310a0b0a310a766f8b8b4ee0e0300ae0090909090909090909090909090909090909090909090909090909090909090947aaaa540b09090909090909090909090909090909090909090909090909090909090909fae0e0f2f22164e0e0f273e07fefefef7d6dfafafafa6d6d6d6d';
|
||||
+} {/000000.*0000000/}
|
||||
+
|
||||
+
|
||||
+set sqlite_fts3_enable_parentheses 0
|
||||
+finish_test
|
||||
\ No newline at end of file
|
||||
--
|
||||
2.24.1
|
||||
|
88
SOURCES/sqlite-3.26.0-CVE-2020-15358.patch
Normal file
88
SOURCES/sqlite-3.26.0-CVE-2020-15358.patch
Normal file
@ -0,0 +1,88 @@
|
||||
Subject: [PATCH] Fix a defect in the query-flattener optimization
|
||||
|
||||
---
|
||||
src/select.c | 8 ++++----
|
||||
src/sqliteInt.h | 1 +
|
||||
test/selectA.test | 22 ++++++++++++++++++++++
|
||||
3 files changed, 27 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index 88a43df..a513d36 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -2686,9 +2686,7 @@ static int multiSelect(
|
||||
selectOpName(p->op)));
|
||||
rc = sqlite3Select(pParse, p, &uniondest);
|
||||
testcase( rc!=SQLITE_OK );
|
||||
- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
|
||||
- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
|
||||
- sqlite3ExprListDelete(db, p->pOrderBy);
|
||||
+ assert( p->pOrderBy==0 );
|
||||
pDelete = p->pPrior;
|
||||
p->pPrior = pPrior;
|
||||
p->pOrderBy = 0;
|
||||
@@ -4010,7 +4008,7 @@ static int flattenSubquery(
|
||||
** We look at every expression in the outer query and every place we see
|
||||
** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
|
||||
*/
|
||||
- if( pSub->pOrderBy ){
|
||||
+ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
|
||||
/* At this point, any non-zero iOrderByCol values indicate that the
|
||||
** ORDER BY column expression is identical to the iOrderByCol'th
|
||||
** expression returned by SELECT statement pSub. Since these values
|
||||
@@ -5633,6 +5631,8 @@ int sqlite3Select(
|
||||
sqlite3ExprListDelete(db, p->pOrderBy);
|
||||
p->pOrderBy = 0;
|
||||
p->selFlags &= ~SF_Distinct;
|
||||
+ p->selFlags |= SF_NoopOrderBy;
|
||||
+
|
||||
}
|
||||
sqlite3SelectPrep(pParse, p, 0);
|
||||
if( pParse->nErr || db->mallocFailed ){
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index 76337f7..60b2ebd 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -2874,6 +2874,7 @@ struct Select {
|
||||
#define SF_Converted 0x10000 /* By convertCompoundSelectToSubquery() */
|
||||
#define SF_IncludeHidden 0x20000 /* Include hidden columns in output */
|
||||
#define SF_ComplexResult 0x40000 /* Result contains subquery or function */
|
||||
+#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
|
||||
|
||||
/*
|
||||
** The results of a SELECT can be distributed in several ways, as defined
|
||||
diff --git a/test/selectA.test b/test/selectA.test
|
||||
index 838e5f4..2626008 100644
|
||||
--- a/test/selectA.test
|
||||
+++ b/test/selectA.test
|
||||
@@ -1446,5 +1446,27 @@ do_execsql_test 6.1 {
|
||||
SELECT * FROM (SELECT a FROM t1 UNION SELECT b FROM t2) WHERE a=a;
|
||||
} {12345}
|
||||
|
||||
+# 2020-06-15 ticket 8f157e8010b22af0
|
||||
+#
|
||||
+reset_db
|
||||
+do_execsql_test 7.1 {
|
||||
+ CREATE TABLE t1(c1); INSERT INTO t1 VALUES(12),(123),(1234),(NULL),('abc');
|
||||
+ CREATE TABLE t2(c2); INSERT INTO t2 VALUES(44),(55),(123);
|
||||
+ CREATE TABLE t3(c3,c4); INSERT INTO t3 VALUES(66,1),(123,2),(77,3);
|
||||
+ CREATE VIEW t4 AS SELECT c3 FROM t3;
|
||||
+ CREATE VIEW t5 AS SELECT c3 FROM t3 ORDER BY c4;
|
||||
+}
|
||||
+do_execsql_test 7.2 {
|
||||
+ SELECT * FROM t1, t2 WHERE c1=(SELECT 123 INTERSECT SELECT c2 FROM t4) AND c1=123;
|
||||
+} {123 123}
|
||||
+do_execsql_test 7.3 {
|
||||
+ SELECT * FROM t1, t2 WHERE c1=(SELECT 123 INTERSECT SELECT c2 FROM t5) AND c1=123;
|
||||
+} {123 123}
|
||||
+do_execsql_test 7.4 {
|
||||
+ CREATE TABLE a(b);
|
||||
+ CREATE VIEW c(d) AS SELECT b FROM a ORDER BY b;
|
||||
+ SELECT sum(d) OVER( PARTITION BY(SELECT 0 FROM c JOIN a WHERE b =(SELECT b INTERSECT SELECT d FROM c) AND b = 123)) FROM c;
|
||||
+} {}
|
||||
+
|
||||
|
||||
finish_test
|
||||
--
|
||||
2.24.1
|
||||
|
114
SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
Normal file
114
SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
Normal file
@ -0,0 +1,114 @@
|
||||
From f030b376820102ff6cda49565c8b8173b2d44606 Mon Sep 17 00:00:00 2001
|
||||
From: dan <dan@noemail.net>
|
||||
Date: Fri, 22 Feb 2019 19:24:16 +0000
|
||||
Subject: [PATCH] Internally, remove all references to a Window object that
|
||||
belongs to an expression in an ORDER BY clause if that expression is
|
||||
converted to an alias of a result-set expression. Fix for [4feb3159c6].
|
||||
|
||||
FossilOrigin-Name: 579b66eaa0816561c6e47ea116b46f229188f0fc84c1173bfe0d21df2dff9a9a
|
||||
---
|
||||
src/resolve.c | 49 ++++++++++++++++++++++++++++++++++-------------
|
||||
test/window1.test | 20 +++++++++++++++++++
|
||||
2 files changed, 56 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/resolve.c b/src/resolve.c
|
||||
index 9410bc020..fd2cf539a 100644
|
||||
--- a/src/resolve.c
|
||||
+++ b/src/resolve.c
|
||||
@@ -1243,6 +1243,38 @@ int sqlite3ResolveOrderGroupBy(
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef SQLITE_OMIT_WINDOWFUNC
|
||||
+/*
|
||||
+** Walker callback for resolveRemoveWindows().
|
||||
+*/
|
||||
+static int resolveRemoveWindowsCb(Walker *pWalker, Expr *pExpr){
|
||||
+ if( ExprHasProperty(pExpr, EP_WinFunc) ){
|
||||
+ Window **pp;
|
||||
+ for(pp=&pWalker->u.pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
|
||||
+ if( *pp==pExpr->y.pWin ){
|
||||
+ *pp = (*pp)->pNextWin;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ return WRC_Continue;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+** Remove any Window objects owned by the expression pExpr from the
|
||||
+** Select.pWin list of Select object pSelect.
|
||||
+*/
|
||||
+static void resolveRemoveWindows(Select *pSelect, Expr *pExpr){
|
||||
+ Walker sWalker;
|
||||
+ memset(&sWalker, 0, sizeof(Walker));
|
||||
+ sWalker.xExprCallback = resolveRemoveWindowsCb;
|
||||
+ sWalker.u.pSelect = pSelect;
|
||||
+ sqlite3WalkExpr(&sWalker, pExpr);
|
||||
+}
|
||||
+#else
|
||||
+# define resolveRemoveWindows(x,y)
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
|
||||
** The Name context of the SELECT statement is pNC. zType is either
|
||||
@@ -1309,19 +1341,10 @@ static int resolveOrderGroupBy(
|
||||
}
|
||||
for(j=0; j<pSelect->pEList->nExpr; j++){
|
||||
if( sqlite3ExprCompare(0, pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
|
||||
-#ifndef SQLITE_OMIT_WINDOWFUNC
|
||||
- if( ExprHasProperty(pE, EP_WinFunc) ){
|
||||
- /* Since this window function is being changed into a reference
|
||||
- ** to the same window function the result set, remove the instance
|
||||
- ** of this window function from the Select.pWin list. */
|
||||
- Window **pp;
|
||||
- for(pp=&pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
|
||||
- if( *pp==pE->y.pWin ){
|
||||
- *pp = (*pp)->pNextWin;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
+ /* Since this expresion is being changed into a reference
|
||||
+ ** to an identical expression in the result set, remove all Window
|
||||
+ ** objects belonging to the expression from the Select.pWin list. */
|
||||
+ resolveRemoveWindows(pSelect, pE);
|
||||
pItem->u.x.iOrderByCol = j+1;
|
||||
}
|
||||
}
|
||||
diff --git a/test/window1.test b/test/window1.test
|
||||
index 2c504205e..b3073985b 100644
|
||||
--- a/test/window1.test
|
||||
+++ b/test/window1.test
|
||||
@@ -594,6 +594,26 @@
|
||||
} {
|
||||
}
|
||||
|
||||
+#-------------------------------------------------------------------------
|
||||
+do_execsql_test 17.0 {
|
||||
+ CREATE TABLE t8(a);
|
||||
+ INSERT INTO t8 VALUES(1), (2), (3);
|
||||
+}
|
||||
+
|
||||
+do_execsql_test 17.1 {
|
||||
+ SELECT +sum(0) OVER () ORDER BY +sum(0) OVER ();
|
||||
+} {0}
|
||||
+
|
||||
+do_execsql_test 17.2 {
|
||||
+ select +sum(a) OVER () FROM t8 ORDER BY +sum(a) OVER () DESC;
|
||||
+} {6 6 6}
|
||||
+
|
||||
+do_execsql_test 17.3 {
|
||||
+ SELECT 10+sum(a) OVER (ORDER BY a)
|
||||
+ FROM t8
|
||||
+ ORDER BY 10+sum(a) OVER (ORDER BY a) DESC;
|
||||
+} {16 13 11}
|
||||
+
|
||||
# 2020-05-23
|
||||
# ticket 7a5279a25c57adf1
|
||||
#
|
||||
--
|
||||
2.39.2
|
||||
|
26
SOURCES/sqlite-3.26.0-CVE-2020-35525.patch
Normal file
26
SOURCES/sqlite-3.26.0-CVE-2020-35525.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 5f69512404cd2e5153ddf90ea277fbba6dd58ab7 Mon Sep 17 00:00:00 2001
|
||||
From: drh <drh@noemail.net>
|
||||
Date: Thu, 20 Feb 2020 14:08:51 +0000
|
||||
Subject: [PATCH] Early-out on the INTERSECT query processing following an
|
||||
error.
|
||||
|
||||
FossilOrigin-Name: a67cf5b7d37d5b1484be32092635faafd8f76e5881898cd9435517c4b287d663
|
||||
---
|
||||
src/select.c | 1 +
|
||||
1 files changed, 1 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index c60ff2700..b3ae9f415 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -2775,6 +2775,7 @@ static int multiSelect(
|
||||
/* Generate code to take the intersection of the two temporary
|
||||
** tables.
|
||||
*/
|
||||
+ if( rc ) break;
|
||||
assert( p->pEList );
|
||||
iBreak = sqlite3VdbeMakeLabel(v);
|
||||
iCont = sqlite3VdbeMakeLabel(v);
|
||||
--
|
||||
2.37.3
|
||||
|
55
SOURCES/sqlite-3.26.0-CVE-2020-35527.patch
Normal file
55
SOURCES/sqlite-3.26.0-CVE-2020-35527.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 0990c415f65d2556a5e4122cbe5727d500411aeb Mon Sep 17 00:00:00 2001
|
||||
From: drh <drh@noemail.net>
|
||||
Date: Sun, 23 Feb 2020 17:34:45 +0000
|
||||
Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
|
||||
FROM clause. Ticket [f50af3e8a565776b].
|
||||
|
||||
FossilOrigin-Name: c431b3fd8fd0f6a6974bba3e9366b0430ec003d570e7ce70ceefbcff5fe4b6fa
|
||||
---
|
||||
src/select.c | 2 +-
|
||||
test/altertab.test | 17 +++++++++++++++++
|
||||
4 files changed, 18 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index c60ff2700..fe0229ca8 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -5046,7 +5046,7 @@ static int selectExpander(Walker *pWalker, Select *p){
|
||||
pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
|
||||
sqlite3TokenInit(&sColname, zColname);
|
||||
sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
|
||||
- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
|
||||
+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT){
|
||||
struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
|
||||
if( pSub ){
|
||||
pX->zSpan = sqlite3DbStrDup(db, pSub->pEList->a[j].zSpan);
|
||||
|
||||
diff --git a/test/altertab.test b/test/altertab.test
|
||||
index a3642070e..520502c3d 100644
|
||||
--- a/test/altertab.test
|
||||
+++ b/test/altertab.test
|
||||
@@ -578,5 +578,21 @@ ifcapable fts3 {
|
||||
SELECT * FROM z1_segments;
|
||||
}
|
||||
}
|
||||
+# 2020-02-23 ticket f50af3e8a565776b
|
||||
+reset_db
|
||||
+do_execsql_test 19.100 {
|
||||
+ CREATE TABLE t1(x);
|
||||
+ CREATE VIEW t2 AS SELECT 1 FROM t1, (t1 AS a0, t1);
|
||||
+ ALTER TABLE t1 RENAME TO t3;
|
||||
+ SELECT sql FROM sqlite_master;
|
||||
+} {{CREATE TABLE "t3"(x)} {CREATE VIEW t2 AS SELECT 1 FROM "t3", ("t3" AS a0, "t3")}}
|
||||
+do_execsql_test 19.110 {
|
||||
+ INSERT INTO t3(x) VALUES(123);
|
||||
+ SELECT * FROM t2;
|
||||
+} {1}
|
||||
+do_execsql_test 19.120 {
|
||||
+ INSERT INTO t3(x) VALUES('xyz');
|
||||
+ SELECT * FROM t2;
|
||||
+} {1 1 1 1 1 1 1 1}
|
||||
|
||||
finish_test
|
||||
--
|
||||
2.37.3
|
||||
|
27
SOURCES/sqlite-3.26.0-CVE-2020-6405.patch
Normal file
27
SOURCES/sqlite-3.26.0-CVE-2020-6405.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 1668926bc3c7da0b2870a60382b179a0e3edb5de Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 26 Mar 2020 08:14:29 +0100
|
||||
Subject: [PATCH] Do not allow the constant-propagation optimization to apple
|
||||
to ON/USING clause terms as it does not help and it might cause downstream
|
||||
problems.
|
||||
|
||||
---
|
||||
src/select.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/select.c b/src/select.c
|
||||
index bbd13a4..88a43df 100644
|
||||
--- a/src/select.c
|
||||
+++ b/src/select.c
|
||||
@@ -4171,7 +4171,7 @@ static int propagateConstantExprRewrite(Walker *pWalker, Expr *pExpr){
|
||||
int i;
|
||||
WhereConst *pConst;
|
||||
if( pExpr->op!=TK_COLUMN ) return WRC_Continue;
|
||||
- if( ExprHasProperty(pExpr, EP_FixedCol) ) return WRC_Continue;
|
||||
+ if( ExprHasProperty(pExpr, EP_FixedCol|EP_FromJoin) ) return WRC_Continue;
|
||||
pConst = pWalker->u.pConst;
|
||||
for(i=0; i<pConst->nConst; i++){
|
||||
Expr *pColumn = pConst->apExpr[i*2];
|
||||
--
|
||||
2.24.1
|
||||
|
106
SOURCES/sqlite-3.26.0-CVE-2020-9327.patch
Normal file
106
SOURCES/sqlite-3.26.0-CVE-2020-9327.patch
Normal file
@ -0,0 +1,106 @@
|
||||
From 2d788539b0018d34d3cabb328387ba6bec41ec42 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 26 Mar 2020 09:43:43 +0100
|
||||
Subject: [PATCH] NULL pointer dereference and segmentation fault because of
|
||||
generated column optimizations
|
||||
|
||||
Take care when checking the table of a TK_COLUMN expression node to
|
||||
see if the table is a virtual table to first ensure that the
|
||||
Expr.y.pTab pointer is not null due to generated column optimizations.
|
||||
---
|
||||
src/expr.c | 13 ++++++++++---
|
||||
src/sqliteInt.h | 3 +++
|
||||
src/whereexpr.c | 12 ++++++++----
|
||||
3 files changed, 21 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/expr.c b/src/expr.c
|
||||
index b081ca2..5f98f76 100644
|
||||
--- a/src/expr.c
|
||||
+++ b/src/expr.c
|
||||
@@ -4901,18 +4901,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){
|
||||
case TK_LT:
|
||||
case TK_LE:
|
||||
case TK_GT:
|
||||
- case TK_GE:
|
||||
+ case TK_GE: {
|
||||
+ Expr *pLeft = pExpr->pLeft;
|
||||
+ Expr *pRight = pExpr->pRight;
|
||||
testcase( pExpr->op==TK_EQ );
|
||||
testcase( pExpr->op==TK_NE );
|
||||
testcase( pExpr->op==TK_LT );
|
||||
testcase( pExpr->op==TK_LE );
|
||||
testcase( pExpr->op==TK_GT );
|
||||
testcase( pExpr->op==TK_GE );
|
||||
- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))
|
||||
- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))
|
||||
+ /* The y.pTab=0 assignment in wherecode.c always happens after the
|
||||
+ ** impliesNotNullRow() test */
|
||||
+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)
|
||||
+ && IsVirtual(pLeft->y.pTab))
|
||||
+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)
|
||||
+ && IsVirtual(pRight->y.pTab))
|
||||
){
|
||||
return WRC_Prune;
|
||||
}
|
||||
+ }
|
||||
default:
|
||||
return WRC_Continue;
|
||||
}
|
||||
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
|
||||
index 051aa40..5f5f3cc 100644
|
||||
--- a/src/sqliteInt.h
|
||||
+++ b/src/sqliteInt.h
|
||||
@@ -2014,8 +2014,11 @@ struct Table {
|
||||
*/
|
||||
#ifndef SQLITE_OMIT_VIRTUALTABLE
|
||||
# define IsVirtual(X) ((X)->nModuleArg)
|
||||
+# define ExprIsVtab(X) \
|
||||
+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)
|
||||
#else
|
||||
# define IsVirtual(X) 0
|
||||
+# define ExprIsVtab(X) 0
|
||||
#endif
|
||||
|
||||
/*
|
||||
diff --git a/src/whereexpr.c b/src/whereexpr.c
|
||||
index dbb7f0d..9d2813a 100644
|
||||
--- a/src/whereexpr.c
|
||||
+++ b/src/whereexpr.c
|
||||
@@ -382,7 +382,8 @@ static int isAuxiliaryVtabOperator(
|
||||
** MATCH(expression,vtab_column)
|
||||
*/
|
||||
pCol = pList->a[1].pExpr;
|
||||
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
|
||||
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
|
||||
+ if( ExprIsVtab(pCol) ){
|
||||
for(i=0; i<ArraySize(aOp); i++){
|
||||
if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
|
||||
*peOp2 = aOp[i].eOp2;
|
||||
@@ -404,7 +405,8 @@ static int isAuxiliaryVtabOperator(
|
||||
** with function names in an arbitrary case.
|
||||
*/
|
||||
pCol = pList->a[0].pExpr;
|
||||
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
|
||||
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
|
||||
+ if( ExprIsVtab(pCol) ){
|
||||
sqlite3_vtab *pVtab;
|
||||
sqlite3_module *pMod;
|
||||
void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
|
||||
@@ -427,10 +429,12 @@ static int isAuxiliaryVtabOperator(
|
||||
int res = 0;
|
||||
Expr *pLeft = pExpr->pLeft;
|
||||
Expr *pRight = pExpr->pRight;
|
||||
- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){
|
||||
+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );
|
||||
+ if( ExprIsVtab(pLeft) ){
|
||||
res++;
|
||||
}
|
||||
- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){
|
||||
+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );
|
||||
+ if( pRight && ExprIsVtab(pRight) ){
|
||||
res++;
|
||||
SWAP(Expr*, pLeft, pRight);
|
||||
}
|
||||
--
|
||||
2.24.1
|
||||
|
31
SOURCES/sqlite-3.26.0-CVE-2022-35737.patch
Normal file
31
SOURCES/sqlite-3.26.0-CVE-2022-35737.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 077e17b59a98eb8839ecfef661e7305fdb3e898d Mon Sep 17 00:00:00 2001
|
||||
From: drh <>
|
||||
Date: Mon, 18 Jul 2022 15:02:00 +0000
|
||||
Subject: [PATCH] Increase the size of loop variables in the printf()
|
||||
implementation to avoid harmless compiler warnings.
|
||||
|
||||
FossilOrigin-Name: aab790a16e1bdff78759f9c9ae87a2559ba82dd34ef3dedfb66035a0db7067a7
|
||||
---
|
||||
manifest | 12 ++++++------
|
||||
manifest.uuid | 2 +-
|
||||
src/printf.c | 4 ++--
|
||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/printf.c b/src/printf.c
|
||||
index f0bfa5327..3602e1fcb 100644
|
||||
--- a/src/printf.c
|
||||
+++ b/src/printf.c
|
||||
@@ -803,8 +803,8 @@ void sqlite3_str_vappendf(
|
||||
case etSQLESCAPE: /* %q: Escape ' characters */
|
||||
case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
|
||||
case etSQLESCAPE3: { /* %w: Escape " characters */
|
||||
- int i, j, k, n, isnull;
|
||||
- int needQuote;
|
||||
+ i64 i, j, k, n;
|
||||
+ int needQuote, isnull;
|
||||
char ch;
|
||||
char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
|
||||
char *escarg;
|
||||
--
|
||||
2.38.1
|
||||
|
89
SOURCES/sqlite-3.26.0-out-of-bounds-read.patch
Normal file
89
SOURCES/sqlite-3.26.0-out-of-bounds-read.patch
Normal file
@ -0,0 +1,89 @@
|
||||
From eca47c8481b0c2f09a7818ed2bce0ad27b1dae27 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Wed, 26 Jun 2019 12:25:10 +0200
|
||||
Subject: [PATCH] Fixed out of bounds heap read in function rtreenode()
|
||||
|
||||
Enhance the rtreenode() function of rtree (used for
|
||||
testing) so that it uses the newer sqlite3_str object
|
||||
for better performance and improved error reporting.
|
||||
Test cases added to TH3.
|
||||
|
||||
Resolves: #1723338
|
||||
Version: 3.26.0-4
|
||||
---
|
||||
ext/rtree/rtree.c | 35 ++++++++++++++++-------------------
|
||||
1 file changed, 16 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
|
||||
index 4b044cb..87d0de0 100644
|
||||
--- a/ext/rtree/rtree.c
|
||||
+++ b/ext/rtree/rtree.c
|
||||
@@ -3711,49 +3711,46 @@ rtreeInit_fail:
|
||||
** <num-dimension>*2 coordinates.
|
||||
*/
|
||||
static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
|
||||
- char *zText = 0;
|
||||
RtreeNode node;
|
||||
Rtree tree;
|
||||
int ii;
|
||||
+ int nData;
|
||||
+ int errCode;
|
||||
+ sqlite3_str *pOut;
|
||||
|
||||
UNUSED_PARAMETER(nArg);
|
||||
memset(&node, 0, sizeof(RtreeNode));
|
||||
memset(&tree, 0, sizeof(Rtree));
|
||||
tree.nDim = (u8)sqlite3_value_int(apArg[0]);
|
||||
+ if( tree.nDim<1 || tree.nDim>5 ) return;
|
||||
tree.nDim2 = tree.nDim*2;
|
||||
tree.nBytesPerCell = 8 + 8 * tree.nDim;
|
||||
node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
|
||||
+ nData = sqlite3_value_bytes(apArg[1]);
|
||||
+ if( nData<4 ) return;
|
||||
+ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
|
||||
|
||||
+ pOut = sqlite3_str_new(0);
|
||||
for(ii=0; ii<NCELL(&node); ii++){
|
||||
- char zCell[512];
|
||||
- int nCell = 0;
|
||||
RtreeCell cell;
|
||||
int jj;
|
||||
|
||||
nodeGetCell(&tree, &node, ii, &cell);
|
||||
- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
|
||||
- nCell = (int)strlen(zCell);
|
||||
+ if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
|
||||
+ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
|
||||
for(jj=0; jj<tree.nDim2; jj++){
|
||||
#ifndef SQLITE_RTREE_INT_ONLY
|
||||
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
|
||||
- (double)cell.aCoord[jj].f);
|
||||
+ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
|
||||
#else
|
||||
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
|
||||
- cell.aCoord[jj].i);
|
||||
+ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
|
||||
#endif
|
||||
- nCell = (int)strlen(zCell);
|
||||
- }
|
||||
-
|
||||
- if( zText ){
|
||||
- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
|
||||
- sqlite3_free(zText);
|
||||
- zText = zTextNew;
|
||||
- }else{
|
||||
- zText = sqlite3_mprintf("{%s}", zCell);
|
||||
}
|
||||
+ sqlite3_str_append(pOut, "}", 1);
|
||||
}
|
||||
|
||||
- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
|
||||
+ errCode = sqlite3_str_errcode(pOut);
|
||||
+ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
|
||||
+ sqlite3_result_error_code(ctx, errCode);
|
||||
}
|
||||
|
||||
/* This routine implements an SQL function that returns the "depth" parameter
|
||||
--
|
||||
2.19.1
|
||||
|
71
SOURCES/sqlite-3.26.0-zPath-covscan.patch
Normal file
71
SOURCES/sqlite-3.26.0-zPath-covscan.patch
Normal file
@ -0,0 +1,71 @@
|
||||
From 75525dbdf9b7ed003e343c42710e8b13f73a7607 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Thu, 23 Jan 2020 15:08:13 +0100
|
||||
Subject: [PATCH] Fix buffer underflows in the zipfile extension associated
|
||||
with zero-length or NULL filename in the ZIP archive. But report on the
|
||||
mailing list by Yongheng and Rui.
|
||||
|
||||
---
|
||||
ext/misc/zipfile.c | 14 +++++++++-----
|
||||
test/zipfile.test | 13 +++++++++++++
|
||||
2 files changed, 22 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
||||
index e6141ef..7fd4074 100644
|
||||
--- a/ext/misc/zipfile.c
|
||||
+++ b/ext/misc/zipfile.c
|
||||
@@ -1433,8 +1433,8 @@ static int zipfileGetMode(
|
||||
** identical, ignoring any trailing '/' character in either path. */
|
||||
static int zipfileComparePath(const char *zA, const char *zB, int nB){
|
||||
int nA = (int)strlen(zA);
|
||||
- if( zA[nA-1]=='/' ) nA--;
|
||||
- if( zB[nB-1]=='/' ) nB--;
|
||||
+ if( nA>0 && zA[nA-1]=='/' ) nA--;
|
||||
+ if( nB>0 && zB[nB-1]=='/' ) nB--;
|
||||
if( nA==nB && memcmp(zA, zB, nA)==0 ) return 0;
|
||||
return 1;
|
||||
}
|
||||
@@ -1628,11 +1628,15 @@ static int zipfileUpdate(
|
||||
** '/'. This appears to be required for compatibility with info-zip
|
||||
** (the unzip command on unix). It does not create directories
|
||||
** otherwise. */
|
||||
- if( zPath[nPath-1]!='/' ){
|
||||
+ if( nPath<=0 || zPath[nPath-1]!='/' ){
|
||||
zFree = sqlite3_mprintf("%s/", zPath);
|
||||
- if( zFree==0 ){ rc = SQLITE_NOMEM; }
|
||||
zPath = (const char*)zFree;
|
||||
- nPath = (int)strlen(zPath);
|
||||
+ if( zFree==0 ){
|
||||
+ rc = SQLITE_NOMEM;
|
||||
+ nPath = 0;
|
||||
+ }else{
|
||||
+ nPath = (int)strlen(zPath);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/test/zipfile.test b/test/zipfile.test
|
||||
index e4b8088..9f07c0a 100644
|
||||
--- a/test/zipfile.test
|
||||
+++ b/test/zipfile.test
|
||||
@@ -821,4 +821,17 @@ do_execsql_test 14.10 {
|
||||
PRAGMA integrity_check;
|
||||
} {3 ok}
|
||||
|
||||
+# 2019-12-26 More problems in zipfile from the Yongheng and Rui fuzzer
|
||||
+#
|
||||
+do_execsql_test 15.10 {
|
||||
+ DROP TABLE IF EXISTS t1;
|
||||
+ CREATE VIRTUAL TABLE t1 USING zipfile(null);
|
||||
+ REPLACE INTO t1 VALUES(null,null,0,null,null,null,null);
|
||||
+} {}
|
||||
+do_execsql_test 15.20 {
|
||||
+ DROP TABLE IF EXISTS t2;
|
||||
+ CREATE VIRTUAL TABLE t2 USING zipfile(null);
|
||||
+ REPLACE INTO t2 values(null,null,null,null,null,10,null);
|
||||
+} {}
|
||||
+
|
||||
finish_test
|
||||
--
|
||||
2.19.1
|
||||
|
42
SOURCES/sqlite-3.34.1-CVE-2023-7104.patch
Normal file
42
SOURCES/sqlite-3.34.1-CVE-2023-7104.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001
|
||||
From: dan <Dan Kennedy>
|
||||
Date: Thu, 7 Sep 2023 13:53:09 +0000
|
||||
Subject: [PATCH] Fix a buffer overread in the sessions extension that could
|
||||
occur when processing a corrupt changeset.
|
||||
|
||||
FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7
|
||||
|
||||
diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
|
||||
index 9f862f2465..0491549231 100644
|
||||
--- a/ext/session/sqlite3session.c
|
||||
+++ b/ext/session/sqlite3session.c
|
||||
@@ -2811,15 +2811,19 @@ static int sessionReadRecord(
|
||||
}
|
||||
}
|
||||
if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
|
||||
- sqlite3_int64 v = sessionGetI64(aVal);
|
||||
- if( eType==SQLITE_INTEGER ){
|
||||
- sqlite3VdbeMemSetInt64(apOut[i], v);
|
||||
+ if( (pIn->nData-pIn->iNext)<8 ){
|
||||
+ rc = SQLITE_CORRUPT_BKPT;
|
||||
}else{
|
||||
- double d;
|
||||
- memcpy(&d, &v, 8);
|
||||
- sqlite3VdbeMemSetDouble(apOut[i], d);
|
||||
+ sqlite3_int64 v = sessionGetI64(aVal);
|
||||
+ if( eType==SQLITE_INTEGER ){
|
||||
+ sqlite3VdbeMemSetInt64(apOut[i], v);
|
||||
+ }else{
|
||||
+ double d;
|
||||
+ memcpy(&d, &v, 8);
|
||||
+ sqlite3VdbeMemSetDouble(apOut[i], d);
|
||||
+ }
|
||||
+ pIn->iNext += 8;
|
||||
}
|
||||
- pIn->iNext += 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.43.0
|
||||
|
21
SOURCES/sqlite-3.6.23-lemon-system-template.patch
Normal file
21
SOURCES/sqlite-3.6.23-lemon-system-template.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -up sqlite-3.6.23/tool/lemon.c.system-template sqlite-3.6.23/tool/lemon.c
|
||||
--- sqlite-3.6.23/tool/lemon.c.system-template 2010-03-10 16:40:35.000000000 +0200
|
||||
+++ sqlite-3.6.23/tool/lemon.c 2010-03-10 16:40:39.000000000 +0200
|
||||
@@ -3363,6 +3363,8 @@ PRIVATE FILE *tplt_open(struct lemon *le
|
||||
tpltname = buf;
|
||||
}else if( access(templatename,004)==0 ){
|
||||
tpltname = templatename;
|
||||
+ }else if( access("/usr/share/lemon/lempar.c", R_OK)==0){
|
||||
+ tpltname = "/usr/share/lemon/lempar.c";
|
||||
}else{
|
||||
tpltname = pathsearch(lemp->argv0,templatename,0);
|
||||
}
|
||||
@@ -3374,7 +3376,7 @@ PRIVATE FILE *tplt_open(struct lemon *le
|
||||
}
|
||||
in = fopen(tpltname,"rb");
|
||||
if( in==0 ){
|
||||
- fprintf(stderr,"Can't open the template file \"%s\".\n",templatename);
|
||||
+ fprintf(stderr,"Can't open the template file \"%s\".\n",tpltname);
|
||||
lemp->errorcnt++;
|
||||
return 0;
|
||||
}
|
37
SOURCES/sqlite-3.7.7.1-stupid-openfiles-test.patch
Normal file
37
SOURCES/sqlite-3.7.7.1-stupid-openfiles-test.patch
Normal file
@ -0,0 +1,37 @@
|
||||
--- sqlite-src-3240000/test/oserror.test.old 2018-06-05 08:40:35.656122573 +0200
|
||||
+++ sqlite-src-3240000/test/oserror.test 2018-06-05 08:40:45.614935197 +0200
|
||||
@@ -51,20 +51,20 @@
|
||||
# a call to getcwd() may fail if there are no free file descriptors. So
|
||||
# an error may be reported for either open() or getcwd() here.
|
||||
#
|
||||
-if {![clang_sanitize_address]} {
|
||||
- do_test 1.1.1 {
|
||||
- set ::log [list]
|
||||
- list [catch {
|
||||
- for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
|
||||
- } msg] $msg
|
||||
- } {1 {unable to open database file}}
|
||||
- do_test 1.1.2 {
|
||||
- catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
|
||||
- } {1}
|
||||
- do_re_test 1.1.3 {
|
||||
- lindex $::log 0
|
||||
- } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
|
||||
-}
|
||||
+#if {![clang_sanitize_address]} {
|
||||
+# do_test 1.1.1 {
|
||||
+# set ::log [list]
|
||||
+# list [catch {
|
||||
+# for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
|
||||
+# } msg] $msg
|
||||
+# } {1 {unable to open database file}}
|
||||
+# do_test 1.1.2 {
|
||||
+# catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
|
||||
+# } {1}
|
||||
+# do_re_test 1.1.3 {
|
||||
+# lindex $::log 0
|
||||
+# } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
|
||||
+#}
|
||||
|
||||
|
||||
# Test a failure in open() due to the path being a directory.
|
15
SOURCES/sqlite-3.8.0-percentile-test.patch
Normal file
15
SOURCES/sqlite-3.8.0-percentile-test.patch
Normal file
@ -0,0 +1,15 @@
|
||||
# On i686 arch the removed test fails with result 2749999.50004681 instead of expected
|
||||
# 2749999.5. This patch is temporary workaround and should be dropped as soon as a valid
|
||||
# fix is found.
|
||||
|
||||
diff -up sqlite-src-3080002/test/percentile.test.broken sqlite-src-3080002/test/percentile.test
|
||||
--- sqlite-src-3080002/test/percentile.test.broken 2013-09-16 13:19:53.406004041 +0200
|
||||
+++ sqlite-src-3080002/test/percentile.test 2013-09-16 13:20:00.079024945 +0200
|
||||
@@ -195,7 +195,6 @@ ifcapable vtab {
|
||||
foreach {in out} {
|
||||
0 0.0
|
||||
100 9999990.0
|
||||
- 50 2749999.5
|
||||
10 99999.9
|
||||
} {
|
||||
do_test percentile-2.1.$in {
|
137
SOURCES/sqlite-3.8.10.1-tcl-regress-tests.patch
Normal file
137
SOURCES/sqlite-3.8.10.1-tcl-regress-tests.patch
Normal file
@ -0,0 +1,137 @@
|
||||
This patch disables a test which caused failed assertion in tcl 8.6.3.
|
||||
According to sqlite upstream[1], this should be fixed in tcl 8.6.5.
|
||||
|
||||
[1] http://mailinglists.sqlite.org/cgi-bin/mailman/private/sqlite-users/2015-May/059518.html
|
||||
|
||||
diff -up sqlite-src-3130000/test/shell1.test.orig sqlite-src-3130000/test/shell1.test
|
||||
--- sqlite-src-3140100/test/shell1.test.orig 2016-08-12 02:17:02.000000000 +0200
|
||||
+++ sqlite-src-3140100/test/shell1.test 2016-08-15 15:00:59.869664051 +0200
|
||||
@@ -855,67 +855,67 @@ do_test shell1-4.6 {
|
||||
|
||||
# Test using arbitrary byte data with the shell via standard input/output.
|
||||
#
|
||||
-do_test shell1-5.0 {
|
||||
- #
|
||||
- # NOTE: Skip NUL byte because it appears to be incompatible with command
|
||||
- # shell argument parsing.
|
||||
- #
|
||||
- for {set i 1} {$i < 256} {incr i} {
|
||||
- #
|
||||
- # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
|
||||
- # command channels opened for it as textual ones), the carriage
|
||||
- # return character (and on Windows, the end-of-file character)
|
||||
- # cannot be used here.
|
||||
- #
|
||||
- if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
|
||||
- continue
|
||||
- }
|
||||
- if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
|
||||
- if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
|
||||
- set hex [format %02X $i]
|
||||
- set char [subst \\x$hex]; set oldChar $char
|
||||
- set escapes [list]
|
||||
- if {$tcl_platform(platform)=="windows"} {
|
||||
- #
|
||||
- # NOTE: On Windows, we need to escape all the whitespace characters,
|
||||
- # the alarm (\a) character, and those with special meaning to
|
||||
- # the SQLite shell itself.
|
||||
- #
|
||||
- set escapes [list \
|
||||
- \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
|
||||
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
|
||||
- } else {
|
||||
- #
|
||||
- # NOTE: On Unix, we need to escape most of the whitespace characters
|
||||
- # and those with special meaning to the SQLite shell itself.
|
||||
- # The alarm (\a), backspace (\b), and carriage-return (\r)
|
||||
- # characters do not appear to require escaping on Unix. For
|
||||
- # the alarm and backspace characters, this is probably due to
|
||||
- # differences in the command shell. For the carriage-return,
|
||||
- # it is probably due to differences in how Tcl handles command
|
||||
- # channel end-of-line translations.
|
||||
- #
|
||||
- set escapes [list \
|
||||
- \t \\t \n \\n \v \\v \f \\f \
|
||||
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
|
||||
- }
|
||||
- set char [string map $escapes $char]
|
||||
- set x [catchcmdex test.db ".print $char\n"]
|
||||
- set code [lindex $x 0]
|
||||
- set res [lindex $x 1]
|
||||
- if {$code ne "0"} {
|
||||
- error "failed with error: $res"
|
||||
- }
|
||||
- if {$res ne "$oldChar\n"} {
|
||||
- if {[llength $res] > 0} {
|
||||
- set got [format %02X [scan $res %c]]
|
||||
- } else {
|
||||
- set got <empty>
|
||||
- }
|
||||
- error "failed with byte $hex mismatch, got $got"
|
||||
- }
|
||||
- }
|
||||
-} {}
|
||||
+#do_test shell1-5.0 {
|
||||
+# #
|
||||
+# # NOTE: Skip NUL byte because it appears to be incompatible with command
|
||||
+# # shell argument parsing.
|
||||
+# #
|
||||
+# for {set i 1} {$i < 256} {incr i} {
|
||||
+# #
|
||||
+# # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
|
||||
+# # command channels opened for it as textual ones), the carriage
|
||||
+# # return character (and on Windows, the end-of-file character)
|
||||
+# # cannot be used here.
|
||||
+# #
|
||||
+# if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
|
||||
+# continue
|
||||
+# }
|
||||
+# if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
|
||||
+# if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
|
||||
+# set hex [format %02X $i]
|
||||
+# set char [subst \\x$hex]; set oldChar $char
|
||||
+# set escapes [list]
|
||||
+# if {$tcl_platform(platform)=="windows"} {
|
||||
+# #
|
||||
+# # NOTE: On Windows, we need to escape all the whitespace characters,
|
||||
+# # the alarm (\a) character, and those with special meaning to
|
||||
+# # the SQLite shell itself.
|
||||
+# #
|
||||
+# set escapes [list \
|
||||
+# \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
|
||||
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
|
||||
+# } else {
|
||||
+# #
|
||||
+# # NOTE: On Unix, we need to escape most of the whitespace characters
|
||||
+# # and those with special meaning to the SQLite shell itself.
|
||||
+# # The alarm (\a), backspace (\b), and carriage-return (\r)
|
||||
+# # characters do not appear to require escaping on Unix. For
|
||||
+# # the alarm and backspace characters, this is probably due to
|
||||
+# # differences in the command shell. For the carriage-return,
|
||||
+# # it is probably due to differences in how Tcl handles command
|
||||
+# # channel end-of-line translations.
|
||||
+# #
|
||||
+# set escapes [list \
|
||||
+# \t \\t \n \\n \v \\v \f \\f \
|
||||
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
|
||||
+# }
|
||||
+# set char [string map $escapes $char]
|
||||
+# set x [catchcmdex test.db ".print $char\n"]
|
||||
+# set code [lindex $x 0]
|
||||
+# set res [lindex $x 1]
|
||||
+# if {$code ne "0"} {
|
||||
+# error "failed with error: $res"
|
||||
+# }
|
||||
+# if {$res ne "$oldChar\n"} {
|
||||
+# if {[llength $res] > 0} {
|
||||
+# set got [format %02X [scan $res %c]]
|
||||
+# } else {
|
||||
+# set got <empty>
|
||||
+# }
|
||||
+# error "failed with byte $hex mismatch, got $got"
|
||||
+# }
|
||||
+# }
|
||||
+#} {}
|
||||
|
||||
# These test cases do not work on MinGW
|
||||
if 0 {
|
@ -1,29 +1,111 @@
|
||||
# bcond default logic is nicely backwards...
|
||||
%bcond_without tcl
|
||||
%bcond_without sqldiff
|
||||
%bcond_with static
|
||||
%bcond_without check
|
||||
|
||||
%define realver 3460100
|
||||
%define docver 3460100
|
||||
%define rpmver 3.46.1
|
||||
%define year 2024
|
||||
%define realver 3260000
|
||||
%define docver 3260000
|
||||
%define rpmver 3.26.0
|
||||
|
||||
Summary: Library that implements an embeddable SQL database engine
|
||||
Name: sqlite
|
||||
Version: %{rpmver}
|
||||
Release: 2%{?dist}
|
||||
License: blessing
|
||||
Release: 19%{?dist}
|
||||
License: Public Domain
|
||||
Group: Applications/Databases
|
||||
URL: http://www.sqlite.org/
|
||||
|
||||
Source0: http://www.sqlite.org/%{year}/sqlite-src-%{realver}.zip
|
||||
Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{docver}.zip
|
||||
Source2: http://www.sqlite.org/%{year}/sqlite-autoconf-%{realver}.tar.gz
|
||||
Source0: http://www.sqlite.org/2017/sqlite-src-%{realver}.zip
|
||||
Source1: http://www.sqlite.org/2017/sqlite-doc-%{docver}.zip
|
||||
Source2: http://www.sqlite.org/2017/sqlite-autoconf-%{realver}.tar.gz
|
||||
# Support a system-wide lemon template
|
||||
Patch1: sqlite-3.6.23-lemon-system-template.patch
|
||||
# Shut up stupid tests depending on system settings of allowed open fd's
|
||||
Patch2: sqlite-3.7.7.1-stupid-openfiles-test.patch
|
||||
# sqlite >= 3.7.10 is buggy if malloc_usable_size() is detected, disable it:
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=801981
|
||||
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665363
|
||||
Patch3: sqlite-3.12.2-no-malloc-usable-size.patch
|
||||
# Temporary workaround for failed percentile test, see patch for details
|
||||
Patch4: sqlite-3.8.0-percentile-test.patch
|
||||
# Disable test failing due to tcl regression. Details in patch file.
|
||||
Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
|
||||
# Disable test date-2.2c on i686
|
||||
Patch7: sqlite-3.16-datetest-2.2c.patch
|
||||
# Modify sync2.test to pass with DIRSYNC turned off
|
||||
Patch8: sqlite-3.18.0-sync2-dirsync.patch
|
||||
# Fix for CVE-2019-8457 (rhbz#1723338)
|
||||
# https://www.sqlite.org/src/info/90acdbfce9c08858
|
||||
Patch9: sqlite-3.26.0-out-of-bounds-read.patch
|
||||
# Fix for CVE-2019-13752
|
||||
Patch10: sqlite-3.26-CVE-2019-13752.patch
|
||||
# Fix for CVE-2019-13753
|
||||
Patch11: sqlite-3.26-CVE-2019-13753.patch
|
||||
# Fix for CVE-2019-13734
|
||||
Patch12: sqlite-3.26.0-CVE-2019-13734.patch
|
||||
# Fix for CVE-2019-19924
|
||||
Patch13: sqlite-3.26.0-CVE-2019-19924.patch
|
||||
# Fix for CVE-2019-19923
|
||||
Patch14: sqlite-3.26.0-CVE-2019-19923.patch
|
||||
# Fix for CVE-2019-19925
|
||||
Patch15: sqlite-3.26.0-CVE-2019-19925.patch
|
||||
# Fix for CVE-2019-19959
|
||||
Patch16: sqlite-3.26.0-CVE-2019-19959.patch
|
||||
# Fix for issues found by covscan
|
||||
Patch17: sqlite-3.26.0-zPath-covscan.patch
|
||||
# Fix for CVE-2019-20218
|
||||
Patch18: sqlite-3.26.0-CVE-2019-20218.patch
|
||||
# Fix for CVE-2020-6405
|
||||
Patch19: sqlite-3.26.0-CVE-2020-6405.patch
|
||||
# Fix for CVE-2020-9327
|
||||
Patch20: sqlite-3.26.0-CVE-2020-9327.patch
|
||||
# Fix for CVE-2019-16168
|
||||
Patch21: sqlite-3.26.0-CVE-2019-16168.patch
|
||||
# Fix for CVE-2019-5018
|
||||
Patch22: sqlite-3.26.0-CVE-2019-5018.patch
|
||||
# Fix for CVE-2020-13632
|
||||
Patch23: sqlite-3.26.0-CVE-2020-13632.patch
|
||||
# Fix for CVE-2020-13631
|
||||
Patch24: sqlite-3.26.0-CVE-2020-13631.patch
|
||||
# Fix for CVE-2020-13630
|
||||
Patch25: sqlite-3.26.0-CVE-2020-13630.patch
|
||||
# Fix for CVE-2020-13434
|
||||
# upstream commit: https://www.sqlite.org/src/info/d08d3405878d394e
|
||||
Patch26: sqlite-3.26.0-CVE-2020-13434.patch
|
||||
# Fix for CVE-2020-15358
|
||||
# upstream commit: https://www.sqlite.org/src/info/10fa79d00f8091e5
|
||||
Patch27: sqlite-3.26.0-CVE-2020-15358.patch
|
||||
# Fix for CVE-2019-5827
|
||||
# https://www.sqlite.org/src/info/0b6ae032c28e7fe3
|
||||
# https://www.sqlite.org/src/info/07ee06fd390bfebe
|
||||
Patch28: sqlite-3.26.0-CVE-2019-5827.patch
|
||||
# Fix for CVE-2019-13750
|
||||
# https://github.com/sqlite/sqlite/commit/397a78d4a1864111f488a51d296810e7ef037893
|
||||
# https://www.sqlite.org/src/info/70390bbca49e7066
|
||||
Patch29: sqlite-3.26.0-CVE-2019-13750.patch
|
||||
# Fix for CVE-2019-13751
|
||||
# https://github.com/sqlite/sqlite/commit/70d1a1a3ed64d7bd82fd90268e4c9cf208ca1be0
|
||||
Patch30: sqlite-3.26.0-CVE-2019-13751.patch
|
||||
# Fix for CVE-2019-19603
|
||||
# https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
|
||||
Patch31: sqlite-3.26.0-CVE-2019-19603.patch
|
||||
# Fix for CVE-2020-13435
|
||||
# https://www.sqlite.org/src/info/ad7bb70af9bb68d1
|
||||
Patch34: sqlite-3.26.0-CVE-2020-13435.patch
|
||||
# Fix for CVE-2020-35527
|
||||
# https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
|
||||
Patch35: sqlite-3.26.0-CVE-2020-35527.patch
|
||||
# Fix for CVE-2020-35525
|
||||
# https://www.sqlite.org/src/info/a67cf5b7d37d5b14
|
||||
Patch36: sqlite-3.26.0-CVE-2020-35525.patch
|
||||
# Fix for CVE-2022-35737
|
||||
# https://www.sqlite.org/src/info/26db4fc22fe66658
|
||||
Patch37: sqlite-3.26.0-CVE-2022-35737.patch
|
||||
# Fix for CVE-2020-24736
|
||||
# https://www.sqlite.org/src/info/579b66eaa0816561
|
||||
Patch38: sqlite-3.26.0-CVE-2020-24736.patch
|
||||
Patch39: sqlite-3.34.1-CVE-2023-7104.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: ncurses-devel readline-devel glibc-devel
|
||||
BuildRequires: autoconf
|
||||
%if %{with tcl}
|
||||
@ -34,7 +116,6 @@ BuildRequires: tcl-devel
|
||||
%endif
|
||||
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Provides: %{name}3 = %{version}-%{release}
|
||||
|
||||
# Ensure updates from pre-split work on multi-lib systems
|
||||
Obsoletes: %{name} < 3.11.0-1
|
||||
@ -51,7 +132,9 @@ are named to permit each to be installed on a single host
|
||||
|
||||
%package devel
|
||||
Summary: Development tools for the sqlite3 embeddable SQL database engine
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
|
||||
%description devel
|
||||
@ -61,6 +144,7 @@ to install %{name}-devel.
|
||||
|
||||
%package libs
|
||||
Summary: Shared library for the sqlite3 embeddable SQL database engine.
|
||||
Group: Development/Libraries
|
||||
|
||||
# Ensure updates from pre-split work on multi-lib systems
|
||||
Obsoletes: %{name} < 3.11.0-1
|
||||
@ -71,6 +155,7 @@ This package contains the shared library for %{name}.
|
||||
|
||||
%package doc
|
||||
Summary: Documentation for sqlite
|
||||
Group: Documentation
|
||||
BuildArch: noarch
|
||||
|
||||
%description doc
|
||||
@ -80,6 +165,7 @@ C/C++ interface specs and other miscellaneous documentation.
|
||||
|
||||
%package -n lemon
|
||||
Summary: A parser generator
|
||||
Group: Development/Tools
|
||||
|
||||
%description -n lemon
|
||||
Lemon is an LALR(1) parser generator for C or C++. It does the same
|
||||
@ -92,21 +178,12 @@ that can be used to eliminate resource leaks, making is suitable for
|
||||
use in long-running programs such as graphical user interfaces or
|
||||
embedded controllers.
|
||||
|
||||
%if %{with sqldiff}
|
||||
%package tools
|
||||
Summary: %{name} tools
|
||||
Group: Development/Tools
|
||||
|
||||
%description tools
|
||||
%{name} related tools. Currently contains only sqldiff.
|
||||
- sqldiff: The sqldiff binary is a command-line utility program
|
||||
that displays the differences between SQLite databases.
|
||||
%endif
|
||||
|
||||
%if %{with tcl}
|
||||
%package tcl
|
||||
Summary: Tcl module for the sqlite3 embeddable SQL database engine
|
||||
Group: Development/Languages
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: tcl(abi) = %{tcl_version}
|
||||
|
||||
%description tcl
|
||||
@ -114,6 +191,7 @@ This package contains the tcl modules for %{name}.
|
||||
|
||||
%package analyzer
|
||||
Summary: An analysis program for sqlite3 database files
|
||||
Group: Development/Tools
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: tcl(abi) = %{tcl_version}
|
||||
|
||||
@ -124,63 +202,78 @@ This package contains the analysis program for %{name}.
|
||||
%prep
|
||||
%setup -q -a1 -n %{name}-src-%{realver}
|
||||
%patch -P 1 -p1
|
||||
|
||||
# The atof test is failing on the i686 architecture, when binary configured with
|
||||
# --enable-rtree option. Failing part is text->real conversion and
|
||||
# text->real->text conversion in lower significant values after decimal point in a number.
|
||||
# func4 tests fail for i686 on float<->int conversions.
|
||||
%ifarch == i686
|
||||
rm test/atof1.test
|
||||
rm test/func4.test
|
||||
%patch -P 2 -p1
|
||||
%patch -P 3 -p1
|
||||
%patch -P 4 -p1
|
||||
%patch -P 6 -p1
|
||||
%ifarch %{ix86}
|
||||
%patch -P 7 -p1
|
||||
%endif
|
||||
%patch -P 8 -p1
|
||||
%patch -P 9 -p1
|
||||
%patch -P 10 -p1
|
||||
%patch -P 11 -p1
|
||||
%patch -P 12 -p1
|
||||
%patch -P 13 -p1
|
||||
%patch -P 14 -p1
|
||||
%patch -P 15 -p1
|
||||
%patch -P 16 -p1
|
||||
%patch -P 17 -p1
|
||||
%patch -P 18 -p1
|
||||
%patch -P 19 -p1
|
||||
%patch -P 20 -p1
|
||||
%patch -P 21 -p1
|
||||
%patch -P 22 -p1
|
||||
%patch -P 23 -p1
|
||||
%patch -P 24 -p1
|
||||
%patch -P 25 -p1
|
||||
%patch -P 26 -p1
|
||||
%patch -P 27 -p1
|
||||
%patch -P 28 -p1
|
||||
%patch -P 29 -p1
|
||||
%patch -P 30 -p1
|
||||
%patch -P 31 -p1
|
||||
%patch -P 34 -p1
|
||||
%patch -P 35 -p1
|
||||
%patch -P 36 -p1
|
||||
%patch -P 37 -p1
|
||||
%patch -P 38 -p1
|
||||
%patch -P 39 -p1
|
||||
|
||||
|
||||
# Remove backup-file
|
||||
rm -f %{name}-doc-%{docver}/sqlite.css~ || :
|
||||
|
||||
autoupdate
|
||||
autoconf # Rerun with new autoconf to add support for aarm64
|
||||
|
||||
%build
|
||||
# following CFLAGS are not possible to set via the configure script
|
||||
export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS \
|
||||
-DSQLITE_ENABLE_COLUMN_METADATA=1 \
|
||||
-DSQLITE_DISABLE_DIRSYNC=1 \
|
||||
-DSQLITE_SECURE_DELETE=1 \
|
||||
export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
|
||||
-DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
|
||||
-DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
|
||||
-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \
|
||||
-DSQLITE_ENABLE_FTS3_PARENTHESIS=1 \
|
||||
-DSQLITE_ENABLE_DBPAGE_VTAB \
|
||||
-DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \
|
||||
-Wall -fno-strict-aliasing"
|
||||
|
||||
%configure %{!?with_tcl:--disable-tcl} \
|
||||
--enable-rtree \
|
||||
--enable-fts3 \
|
||||
--enable-fts4 \
|
||||
--enable-fts5 \
|
||||
--enable-threadsafe \
|
||||
--enable-threads-override-locks \
|
||||
--enable-load-extension \
|
||||
%{?with_tcl:TCLLIBDIR=%{tcl_sitearch}/sqlite3}
|
||||
|
||||
|
||||
# rpath removal
|
||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
||||
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||
|
||||
%make_build
|
||||
make %{?_smp_mflags}
|
||||
|
||||
# Build sqlite3_analyzer
|
||||
# depends on tcl
|
||||
%if %{with tcl}
|
||||
%make_build sqlite3_analyzer
|
||||
%endif
|
||||
|
||||
# Build sqldiff
|
||||
%if %{with sqldiff}
|
||||
%make_build sqldiff
|
||||
make %{?_smp_mflags} sqlite3_analyzer
|
||||
%endif
|
||||
|
||||
%install
|
||||
%make_install
|
||||
make DESTDIR=${RPM_BUILD_ROOT} install
|
||||
|
||||
install -D -m0644 sqlite3.1 $RPM_BUILD_ROOT/%{_mandir}/man1/sqlite3.1
|
||||
install -D -m0755 lemon $RPM_BUILD_ROOT/%{_bindir}/lemon
|
||||
@ -193,11 +286,6 @@ chmod 0755 ${RPM_BUILD_ROOT}/%{tcl_sitearch}/sqlite3/*.so
|
||||
install -D -m0755 sqlite3_analyzer $RPM_BUILD_ROOT/%{_bindir}/sqlite3_analyzer
|
||||
%endif
|
||||
|
||||
# Install sqldiff
|
||||
%if %{with sqldiff}
|
||||
install -D -m0755 sqldiff $RPM_BUILD_ROOT/%{_bindir}/sqldiff
|
||||
%endif
|
||||
|
||||
%if ! %{with static}
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.{la,a}
|
||||
%endif
|
||||
@ -215,7 +303,7 @@ rm test/csv01.test
|
||||
%endif
|
||||
|
||||
make test
|
||||
%endif #with check
|
||||
%endif # with check
|
||||
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
@ -225,8 +313,7 @@ make test
|
||||
|
||||
%files libs
|
||||
%doc README.md
|
||||
%{_libdir}/*.so.0.8.6
|
||||
%{_libdir}/*.so.0
|
||||
%{_libdir}/*.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/*.h
|
||||
@ -248,265 +335,85 @@ make test
|
||||
%files tcl
|
||||
%{tcl_sitearch}/sqlite3
|
||||
|
||||
%if %{with sqldiff}
|
||||
%files tools
|
||||
%{_bindir}/sqldiff
|
||||
%endif
|
||||
|
||||
%files analyzer
|
||||
%{_bindir}/sqlite3_analyzer
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.46.1-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
* Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-19
|
||||
- Fixed CVE-2023-7104
|
||||
|
||||
* Tue Aug 20 2024 Ales Nezbeda <anezbeda@redhat.com> - 3.46.1-1
|
||||
- Update to 3.46.1
|
||||
- https://www.sqlite.org/releaselog/3_46_1.html
|
||||
* Fri Apr 14 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-18
|
||||
- Fixed CVE-2022-24736
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.45.1-3
|
||||
- Bump release for June 2024 mass rebuild
|
||||
* Tue Nov 15 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-17
|
||||
- Fixed CVE-2022-35737
|
||||
|
||||
* Wed Jan 31 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.45.1-1
|
||||
- Updated to version 3.45.1 (https://sqlite.org/releaselog/3_45_1.html)
|
||||
* Mon Sep 05 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-16
|
||||
- Fixed CVE-2020-35527
|
||||
- Fixed CVE-2020-35525
|
||||
|
||||
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.45.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
* Tue May 18 2021 Petr Kubat <pkubat@redhat.com> - 3.26.0-15
|
||||
- Removing fix for CVE-2019-19645 (unaffected)
|
||||
- Removing fix for CVE-2019-19880 (unaffected)
|
||||
|
||||
* Tue Jan 16 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.45.0-1
|
||||
- Updated to version 3.45.0 (https://sqlite.org/releaselog/3_45_0.html)
|
||||
- List versioned soname in files, preventing unnoticed soname bumps
|
||||
- Disable func4 tests for i686 arch due to failing float<->int conversions
|
||||
* Thu Apr 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-14
|
||||
- Fixed CVE-2019-5827 (#1710184)
|
||||
- Fixed CVE-2019-13750 (#1786510)
|
||||
- Fixed CVE-2019-13751 (#1786522)
|
||||
- Fixed CVE-2019-19603 (#1792013)
|
||||
- Fixed CVE-2020-13435 (#1841233)
|
||||
|
||||
* Thu Dec 07 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.44.2-1
|
||||
- Updated to version 3.44.2 (https://sqlite.org/releaselog/3_44_2.html)
|
||||
* Tue Dec 01 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-13
|
||||
- enabled fts3conf.test on s390x and ppc64 architectures
|
||||
|
||||
* Thu Nov 23 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.44.1-1
|
||||
- Updated to version 3.44.1 (https://sqlite.org/releaselog/3_44_1.html)
|
||||
* Mon Aug 17 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-12
|
||||
- Fixed CVE-2020-13434 (#1845843)
|
||||
- Fixed CVE-2020-15358 (#1855208)
|
||||
|
||||
* Wed Nov 01 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.44.0-1
|
||||
- Updated to version 3.44.0 (https://sqlite.org/releaselog/3_44_0.html)
|
||||
* Fri Aug 07 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-11
|
||||
- Fixed bug in CVE-2019-20218 (#1791592)
|
||||
|
||||
* Mon Oct 23 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.43.2-1
|
||||
- Updated to version 3.43.2 (https://sqlite.org/releaselog/3_43_2.html)
|
||||
* Wed Jun 10 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-10
|
||||
- Fixed CVE-2020-13632 (#1845572)
|
||||
- Fixed CVE-2020-13631 (#1845474)
|
||||
- Fixed CVE-2020-13630 (#1845153)
|
||||
|
||||
* Tue Sep 12 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.43.1-1
|
||||
- Updated to version 3.43.1 (https://sqlite.org/releaselog/3_43_1.html)
|
||||
* Tue Jun 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-9
|
||||
- Fixed CVE-2019-5018 (#1721509)
|
||||
|
||||
* Mon Aug 28 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.43.0-1
|
||||
- Updated to version 3.43.0 (https://sqlite.org/releaselog/3_43_0.html)
|
||||
* Thu Apr 23 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-8
|
||||
- Fixed CVE-2019-16168 (#1826897)
|
||||
|
||||
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.42.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
* Tue Mar 24 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-7
|
||||
- Fixed CVE-2019-20218 (#1791592)
|
||||
- Fixed CVE-2020-6405 (#1804823)
|
||||
- Fixed CVE-2020-0327 (#1816572)
|
||||
|
||||
* Thu Jul 13 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-6
|
||||
- remove patch5 - adjusting sync test
|
||||
* Thu Jan 23 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-6
|
||||
- Fixed issues found by covscan
|
||||
|
||||
* Thu Jul 13 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-5
|
||||
- remove patch4 - disabling datetime test
|
||||
* Thu Jan 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-5
|
||||
- Fixed CVE-2019-13752 (#1786529)
|
||||
- Fixed CVE-2019-13753 (#1786535)
|
||||
- Fixed CVE-2019-13734 (#1786509)
|
||||
- Fixed CVE-2019-19924 (#1789776)
|
||||
- Fixed CVE-2019-19923 (#1789812)
|
||||
- Fixed CVE-2019-19925 (#1789808)
|
||||
- Fixed CVE-2019-19959 (#1789823)
|
||||
|
||||
* Thu Jul 13 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-4
|
||||
- remove patch3 - temporary workaround for percentile test
|
||||
* Wed Jun 26 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-4
|
||||
- Fixed CVE-2019-8457 (#1723338)
|
||||
|
||||
* Thu Jul 13 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-3
|
||||
- remove patch2 - no-malloc-usable-size, #801981
|
||||
* Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-3
|
||||
- Rebuild to pick up latest test sources by the CI
|
||||
|
||||
* Thu Jul 13 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-2
|
||||
- Updated to version 3.42.0 (https://sqlite.org/releaselog/3_42_0.html)
|
||||
* Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-2
|
||||
- Add explicit sqlite-libs requires to tcl and devel subpackages
|
||||
|
||||
* Fri Jun 23 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.41.2-3
|
||||
- revert to version 3.41.2 as the 3.42.0 does not correctly work with dnf
|
||||
|
||||
* Wed Jun 21 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.42.0-1
|
||||
- Updated to version 3.42.0 (https://sqlite.org/releaselog/3_42_0.html)
|
||||
- Use %patch -P N instead of deprecated %patchN
|
||||
|
||||
* Thu May 25 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 3.41.2-2
|
||||
- Drop duplicate -mbranch-protection.
|
||||
|
||||
* Mon Mar 27 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.41.2-1
|
||||
- Updated to version 3.41.2 (https://sqlite.org/releaselog/3_41_2.html)
|
||||
- Migrated to SPDX license
|
||||
|
||||
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.40.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Mon Jan 02 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.40.1-1
|
||||
- Updated to version 3.40.1 (https://sqlite.org/releaselog/3_40_1.html)
|
||||
|
||||
* Fri Nov 18 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.40.0-1
|
||||
- Updated to version 3.40.0 (https://sqlite.org/releaselog/3_40_0.html)
|
||||
|
||||
* Wed Oct 19 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.39.4-1
|
||||
- Updated to version 3.39.4 (https://sqlite.org/releaselog/3_39_4.html)
|
||||
|
||||
* Tue Sep 06 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.39.3-1
|
||||
- Updated to version 3.39.3 (https://sqlite.org/releaselog/3_39_3.html)
|
||||
|
||||
* Fri Jul 29 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.39.2-1
|
||||
- Updated to version 3.39.2 (https://sqlite.org/releaselog/3_39_2.html)
|
||||
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.39.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Mon Jul 18 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.39.1-1
|
||||
- Updated to version 3.39.1 (https://sqlite.org/releaselog/3_39_1.html)
|
||||
|
||||
* Mon Jun 27 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.39.0-1
|
||||
- Updated to version 3.39.0 (https://sqlite.org/releaselog/3_39_0.html)
|
||||
|
||||
* Thu Jun 09 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.5-2
|
||||
- Fix build error --without sqldiff
|
||||
- Fix typo in changelog
|
||||
|
||||
* Mon May 09 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.5-1
|
||||
- Updated to version 3.38.5 (https://sqlite.org/releaselog/3_38_5.html)
|
||||
|
||||
* Mon May 02 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.3-2
|
||||
- add flag -mbranch-protection=standard for aarch64
|
||||
- remove configure flag --enable-json1, as this is default from 3.38.0
|
||||
- run autoupdate before autoconf in %prep
|
||||
|
||||
* Thu Apr 28 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.3-1
|
||||
- Updated to version 3.38.3 (https://sqlite.org/releaselog/3_38_3.html)
|
||||
|
||||
* Thu Apr 07 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.2-1
|
||||
- Updated to version 3.38.2 (https://sqlite.org/releaselog/3_38_2.html)
|
||||
|
||||
* Wed Mar 23 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.1-1
|
||||
- Updated to version 3.38.1 (https://sqlite.org/releaselog/3_38_1.html)
|
||||
|
||||
* Thu Mar 03 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.38.0-1
|
||||
- Updated to version 3.38.0 (https://sqlite.org/releaselog/3_38_0.html)
|
||||
- Set flags with configure script, whenever possible
|
||||
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Wed Aug 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.36.0-4
|
||||
- Enabled SQLITE_DBPAGE virtual table (#1973454)
|
||||
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Mon Jul 12 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.36.0-2
|
||||
- Support SHA-1 algorithms in sqlite (revert)
|
||||
|
||||
* Thu Jul 01 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.36.0-1
|
||||
- Updated to version 3.36.0 (https://sqlite.org/releaselog/3_36_0.html)
|
||||
|
||||
* Tue Apr 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.5-1
|
||||
- Updated to version 3.35.5 (https://sqlite.org/releaselog/3_35_5.html)
|
||||
|
||||
* Thu Apr 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.4-3
|
||||
- Remove SHA-1 algorithms according to its deprecation in RHEL-9 (#1935442)
|
||||
|
||||
* Wed Apr 14 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.4-2
|
||||
- Fixed handling LIKE experrsion in WHERE clause (#1947883)
|
||||
|
||||
* Tue Apr 06 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.4-1
|
||||
- Updated to version 3.35.4 (https://sqlite.org/releaselog/3_35_4.html)
|
||||
|
||||
* Fri Mar 26 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.3-1
|
||||
- Updated to version 3.35.3 (https://sqlite.org/releaselog/3_35_3.html)
|
||||
|
||||
* Thu Mar 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.2-1
|
||||
- Updated to version 3.35.2 (https://sqlite.org/releaselog/3_35_2.html)
|
||||
|
||||
* Tue Mar 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.1-1
|
||||
- Updated to version 3.35.1 (https://sqlite.org/releaselog/3_35_1.html)
|
||||
|
||||
* Mon Mar 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.35.0-1
|
||||
- Updated to version 3.35.0 (https://sqlite.org/releaselog/3_35_0.html)
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.34.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Thu Jan 21 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.34.1-1
|
||||
- Updated to version 3.34.1 (https://sqlite.org/releaselog/3_34_1.html)
|
||||
|
||||
* Wed Dec 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.34.0-1
|
||||
- Updated to version 3.34.0 (https://sqlite.org/releaselog/3_34_0.html)
|
||||
- Enabled fts3conf.test on s390x and ppc64 architectures
|
||||
|
||||
* Fri Oct 09 2020 Sheng Mao <shngmao@gmail.com> - 3.33.0-2
|
||||
- Enable FTS4 extensions (rhbz#1887106)
|
||||
|
||||
* Fri Aug 14 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.33.0-1
|
||||
- Updated to version 3.33.0 (https://sqlite.org/releaselog/3_33_0.html)
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.32.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.32.3-2
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Fri Jun 19 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.3-1
|
||||
- Updated to version 3.32.3 (https://sqlite.org/releaselog/3_32_3.html)
|
||||
|
||||
* Fri Jun 05 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.2-1
|
||||
- Updated to version 3.32.2 (https://sqlite.org/releaselog/3_32_2.html)
|
||||
|
||||
* Tue May 26 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.1-1
|
||||
- Updated to version 3.32.1 (https://sqlite.org/releaselog/3_32_1.html)
|
||||
|
||||
* Mon May 25 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.0-1
|
||||
- Updated to version 3.32.0 (https://sqlite.org/releaselog/3_32_0.html)
|
||||
|
||||
* Wed Feb 05 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.31.1-1
|
||||
- Updated to version 3.31.1 (https://sqlite.org/releaselog/3_31_1.html)
|
||||
- updated spec file, deleted useless patches
|
||||
- Resolved s390 arch incompatibility
|
||||
- Modified FTS tests to support big endian platforms
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.30.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 20 2020 Petr Kubat <pkubat@redhat.com> - 3.30.1-3
|
||||
- introduce sqlite-tools package
|
||||
|
||||
* Thu Jan 9 2020 Tom Callaway <spot@fedoraproject.org> - 3.30.1-2
|
||||
- apply upstream fix for CVE-2019-19926 (bz1789441)
|
||||
|
||||
* Mon Oct 14 2019 Petr Kubat <pkubat@redhat.com> - 3.30.1-1
|
||||
- Updated to version 3.30.1 (https://sqlite.org/releaselog/3_30_1.html)
|
||||
|
||||
* Mon Oct 07 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.30.0-1
|
||||
- Updated to version 3.30.0 (https://sqlite.org/releaselog/3_30_0.html)
|
||||
- updated spec file, deleted useless patches
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.29.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Jul 16 2019 Petr Kubat <pkubat@redhat.com> - 3.29.0-1
|
||||
- Updated to version 3.29.0 (https://sqlite.org/releaselog/3_29_0.html)
|
||||
- Remove stupid-openfiles-test patch as the upstream test should now
|
||||
work properly even on systems with larger number of file descriptors
|
||||
Related: https://sqlite.org/src/info/a27b0b880d76c683
|
||||
|
||||
* Mon May 13 2019 Petr Kubat <pkubat@redhat.com> - 3.28.0-1
|
||||
- Updated to version 3.28.0 (https://sqlite.org/releaselog/3_28_0.html)
|
||||
|
||||
* Thu Feb 28 2019 Petr Kubat <pkubat@redhat.com> - 3.27.2-1
|
||||
- Updated to version 3.27.2 (https://sqlite.org/releaselog/3_27_2.html)
|
||||
|
||||
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.26.0-3
|
||||
- Rebuild for readline 8.0
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.26.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Dec 12 2018 Petr Kubat <pkubat@redhat.com> - 3.26.0-1
|
||||
* Mon Dec 17 2018 Petr Kubat <pkubat@redhat.com> - 3.26.0-1
|
||||
- Updated to version 3.26.0 (https://sqlite.org/releaselog/3_26_0.html)
|
||||
|
||||
* Thu Oct 11 2018 Petr Kubat <pkubat@redhat.com> - 3.25.2-1
|
||||
- Updated to version 3.25.2 (https://sqlite.org/releaselog/3_25_2.html)
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.24.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
Fixes fts3/4 corrupt database exploit (#1659684)
|
||||
|
||||
* Tue Jun 05 2018 Petr Kubat <pkubat@redhat.com> - 3.24.0-1
|
||||
- Updated to version 3.24.0 (https://sqlite.org/releaselog/3_24_0.html)
|
@ -1,23 +0,0 @@
|
||||
#####################################################
|
||||
# sqlite is choking on sqlite_int64 definition
|
||||
#####################################################
|
||||
mcd $BUILDDIR/sqlite
|
||||
|
||||
export CFLAGS="$RPM_OPT_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -Wall -fno-strict-aliasing"
|
||||
|
||||
$SRC/sqlite-*/configure --disable-tcl --enable-threadsafe --enable-threads-override-locks --enable-load-extension $TCONFIGARGS
|
||||
# the compile would fail here, so on a host you need to run
|
||||
# tclsh ../../rpmbuild/BUILD/sqlite-src-3070500/tool/mksqlite3h.tcl ../../rpmbuild/BUILD/sqlite-src-3070500 > sqlite3.h
|
||||
cp ../../rpmbuild/BUILD/sqlite-src-*/sqlite3.h.stage1 sqlite3.h
|
||||
|
||||
# Also possibly add -ldl to TLIB in the Makefile
|
||||
if egrep '^TLIBS.*ldl' Makefile > /dev/null
|
||||
then
|
||||
true
|
||||
else
|
||||
sed 's/^\(TLIBS = .*\)/\1 -ldl/' Makefile > Makefile.stage2
|
||||
mv Makefile.stage2 Makefile
|
||||
fi
|
||||
|
||||
make $J
|
||||
make $J install
|
10
ci.fmf
10
ci.fmf
@ -1,10 +0,0 @@
|
||||
/test:
|
||||
summary:
|
||||
Basic set of quick tests for sqlite.
|
||||
discover:
|
||||
- name: fedora
|
||||
how: fmf
|
||||
url: "https://src.fedoraproject.org/tests/sqlite.git"
|
||||
ref: main
|
||||
execute:
|
||||
how: tmt
|
@ -1,7 +0,0 @@
|
||||
#gating rhel
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-*
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
|
@ -1,10 +0,0 @@
|
||||
summary: Internal Tier1 tests plan
|
||||
discover:
|
||||
how: fmf
|
||||
filter: 'tier: 1'
|
||||
url: https://pkgs.devel.redhat.com/git/tests/sqlite
|
||||
execute:
|
||||
how: tmt
|
||||
adjust:
|
||||
enabled: false
|
||||
when: distro == centos-stream or distro == fedora
|
3
sources
3
sources
@ -1,3 +0,0 @@
|
||||
SHA512 (sqlite-src-3460100.zip) = 6d32a0db9f95d3cec34f02f3fd45b453bf7c422d4d4d9570790f641e7d190b8b31be8e8715afacc1b6e4417f15a4d15a0b28e608ae0b4b5f3054b075783b916e
|
||||
SHA512 (sqlite-doc-3460100.zip) = 1ad7dfc938d182f69ea9367b4f5ead1d48b991626521249e8b58c9fb4c2553e348ce402de9cc81b0ad699d4c45c467de56a98ee39f9c3555c6fafff15fba41ce
|
||||
SHA512 (sqlite-autoconf-3460100.tar.gz) = a5ba5af9c8d6440d39ba67e3d5903c165df3f1d111e299efbe7c1cca4876d4d5aecd722e0133670daa6eb5cbf8a85c6a3d9852ab507a393615fb5245a3e1a743
|
@ -1,11 +0,0 @@
|
||||
--- a/tool/lemon.c
|
||||
+++ b/tool/lemon.c
|
||||
@@ -3686,6 +3686,8 @@
|
||||
tpltname = buf;
|
||||
}else if( access(templatename,004)==0 ){
|
||||
tpltname = templatename;
|
||||
+ }else if( access("/usr/share/lemon/lempar.c", R_OK)==0){
|
||||
+ tpltname = "/usr/share/lemon/lempar.c";
|
||||
}else{
|
||||
toFree = tpltname = pathsearch(lemp->argv[0],templatename,0);
|
||||
}
|
Loading…
Reference in New Issue
Block a user