3 changed files with 35 additions and 203 deletions
--- a/SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
+++ b/SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
@ -1,114 +0,0 @@
-From f030b376820102ff6cda49565c8b8173b2d44606 Mon Sep 17 00:00:00 2001
-From: dan <dan@noemail.net>
-Date: Fri, 22 Feb 2019 19:24:16 +0000
-Subject: [PATCH] Internally, remove all references to a Window object that
- belongs to an expression in an ORDER BY clause if that expression is
- converted to an alias of a result-set expression. Fix for [4feb3159c6].
-
-FossilOrigin-Name: 579b66eaa0816561c6e47ea116b46f229188f0fc84c1173bfe0d21df2dff9a9a
---
- src/resolve.c     | 49 ++++++++++++++++++++++++++++++++++-------------
- test/window1.test | 20 +++++++++++++++++++
- 2 files changed, 56 insertions(+), 13 deletions(-)
-
-diff --git a/src/resolve.c b/src/resolve.c
-index 9410bc020..fd2cf539a 100644
--- a/src/resolve.c
-+++ b/src/resolve.c
-@@ -1243,6 +1243,38 @@ int sqlite3ResolveOrderGroupBy(
-   return 0;
- }
- 
-+#ifndef SQLITE_OMIT_WINDOWFUNC
-+/*
-+** Walker callback for resolveRemoveWindows().
-+*/
-+static int resolveRemoveWindowsCb(Walker *pWalker, Expr *pExpr){
-+  if( ExprHasProperty(pExpr, EP_WinFunc) ){
-+    Window **pp;
-+    for(pp=&pWalker->u.pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
-+      if( *pp==pExpr->y.pWin ){
-+        *pp = (*pp)->pNextWin;
-+        break;
-+      }    
-+    }
-+  }
-+  return WRC_Continue;
-+}
-+
-+/*
-+** Remove any Window objects owned by the expression pExpr from the
-+** Select.pWin list of Select object pSelect.
-+*/
-+static void resolveRemoveWindows(Select *pSelect, Expr *pExpr){
-+  Walker sWalker;
-+  memset(&sWalker, 0, sizeof(Walker));
-+  sWalker.xExprCallback = resolveRemoveWindowsCb;
-+  sWalker.u.pSelect = pSelect;
-+  sqlite3WalkExpr(&sWalker, pExpr);
-+}
-+#else
-+# define resolveRemoveWindows(x,y)
-+#endif
-+
- /*
- ** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
- ** The Name context of the SELECT statement is pNC.  zType is either
-@@ -1309,19 +1341,10 @@ static int resolveOrderGroupBy(
-     }
-     for(j=0; j<pSelect->pEList->nExpr; j++){
-       if( sqlite3ExprCompare(0, pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
-#ifndef SQLITE_OMIT_WINDOWFUNC
-        if( ExprHasProperty(pE, EP_WinFunc) ){
-          /* Since this window function is being changed into a reference
-          ** to the same window function the result set, remove the instance
-          ** of this window function from the Select.pWin list. */
-          Window **pp;
-          for(pp=&pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
-            if( *pp==pE->y.pWin ){
-              *pp = (*pp)->pNextWin;
-            }    
-          }
-        }
-#endif
-+        /* Since this expresion is being changed into a reference
-+        ** to an identical expression in the result set, remove all Window
-+        ** objects belonging to the expression from the Select.pWin list. */
-+        resolveRemoveWindows(pSelect, pE);
-         pItem->u.x.iOrderByCol = j+1;
-       }
-     }
-diff --git a/test/window1.test b/test/window1.test
-index 2c504205e..b3073985b 100644
--- a/test/window1.test
-+++ b/test/window1.test
-@@ -594,6 +594,26 @@
- } {
- }
-
-+#-------------------------------------------------------------------------
-+do_execsql_test 17.0 {
-+  CREATE TABLE t8(a);
-+  INSERT INTO t8 VALUES(1), (2), (3);
-+}
-+
-+do_execsql_test 17.1 {
-+  SELECT +sum(0) OVER () ORDER BY +sum(0) OVER ();
-+} {0}
-+
-+do_execsql_test 17.2 {
-+  select +sum(a) OVER () FROM t8 ORDER BY +sum(a) OVER () DESC;
-+} {6 6 6}
-+
-+do_execsql_test 17.3 {
-+  SELECT 10+sum(a) OVER (ORDER BY a)
-+  FROM t8
-+  ORDER BY 10+sum(a) OVER (ORDER BY a) DESC;
-+} {16 13 11}
-+
- # 2020-05-23
- # ticket 7a5279a25c57adf1
- #
-- 
-2.39.2
-
--- a/SOURCES/sqlite-3.34.1-CVE-2023-7104.patch
+++ b/SOURCES/sqlite-3.34.1-CVE-2023-7104.patch
@ -1,42 +0,0 @@
-From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001
-From: dan <Dan Kennedy>
-Date: Thu, 7 Sep 2023 13:53:09 +0000
-Subject: [PATCH] Fix a buffer overread in the sessions extension that could
- occur when processing a corrupt changeset.
-
-FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7
-
-diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
-index 9f862f2465..0491549231 100644
--- a/ext/session/sqlite3session.c
-+++ b/ext/session/sqlite3session.c
-@@ -2811,15 +2811,19 @@ static int sessionReadRecord(
-         }
-       }
-       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
-        sqlite3_int64 v = sessionGetI64(aVal);
-        if( eType==SQLITE_INTEGER ){
-          sqlite3VdbeMemSetInt64(apOut[i], v);
-+        if( (pIn->nData-pIn->iNext)<8 ){
-+          rc = SQLITE_CORRUPT_BKPT;
-         }else{
-          double d;
-          memcpy(&d, &v, 8);
-          sqlite3VdbeMemSetDouble(apOut[i], d);
-+          sqlite3_int64 v = sessionGetI64(aVal);
-+          if( eType==SQLITE_INTEGER ){
-+            sqlite3VdbeMemSetInt64(apOut[i], v);
-+          }else{
-+            double d;
-+            memcpy(&d, &v, 8);
-+            sqlite3VdbeMemSetDouble(apOut[i], d);
-+          }
-+          pIn->iNext += 8;
-         }
-        pIn->iNext += 8;
-       }
-     }
-   }
-- 
-2.43.0
-
--- a/SPECS/sqlite.spec
+++ b/SPECS/sqlite.spec
@ -10,7 +10,7 @@
 Summary: Library that implements an embeddable SQL database engine
 Name: sqlite
 Version: %{rpmver}
-Release: 19%{?dist}
+Release: 17%{?dist}
 License: Public Domain
 Group: Applications/Databases
 URL: http://www.sqlite.org/
@ -101,10 +101,6 @@ Patch36: sqlite-3.26.0-CVE-2020-35525.patch
 # Fix for CVE-2022-35737
 # https://www.sqlite.org/src/info/26db4fc22fe66658
 Patch37: sqlite-3.26.0-CVE-2022-35737.patch
-# Fix for CVE-2020-24736
-# https://www.sqlite.org/src/info/579b66eaa0816561
-Patch38: sqlite-3.26.0-CVE-2020-24736.patch
-Patch39: sqlite-3.34.1-CVE-2023-7104.patch

 BuildRequires: ncurses-devel readline-devel glibc-devel
 BuildRequires: autoconf
@ -201,44 +197,42 @@ This package contains the analysis program for %{name}.

 %prep
 %setup -q -a1 -n %{name}-src-%{realver}
-%patch -P 1 -p1
-%patch -P 2 -p1
-%patch -P 3 -p1
-%patch -P 4 -p1
-%patch -P 6 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch6 -p1
 %ifarch %{ix86}
-%patch -P 7 -p1
+%patch7 -p1
 %endif
-%patch -P 8 -p1
-%patch -P 9 -p1
-%patch -P 10 -p1
-%patch -P 11 -p1
-%patch -P 12 -p1
-%patch -P 13 -p1
-%patch -P 14 -p1
-%patch -P 15 -p1
-%patch -P 16 -p1
-%patch -P 17 -p1
-%patch -P 18 -p1
-%patch -P 19 -p1
-%patch -P 20 -p1
-%patch -P 21 -p1
-%patch -P 22 -p1
-%patch -P 23 -p1
-%patch -P 24 -p1
-%patch -P 25 -p1
-%patch -P 26 -p1
-%patch -P 27 -p1
-%patch -P 28 -p1
-%patch -P 29 -p1
-%patch -P 30 -p1
-%patch -P 31 -p1
-%patch -P 34 -p1
-%patch -P 35 -p1
-%patch -P 36 -p1
-%patch -P 37 -p1
-%patch -P 38 -p1
-%patch -P 39 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch21 -p1
+%patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
+%patch31 -p1
+%patch34 -p1
+%patch35 -p1
+%patch36 -p1
+%patch37 -p1


 # Remove backup-file
@ -340,12 +334,6 @@ make test
 %endif

 %changelog
-* Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-19
- Fixed CVE-2023-7104
-
-* Fri Apr 14 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-18
- Fixed CVE-2022-24736
-
 * Tue Nov 15 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-17
 - Fixed CVE-2022-35737