rpms
/
sqlite
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c9/sqlite-3.34.1-7.el9_3
rpms:imports/c8/sqlite-3.26.0-19.el8_9
rpms:imports/c8/sqlite-3.26.0-18.el8_8
rpms:imports/c9-beta/sqlite-3.34.1-6.el9_1
rpms:imports/c8-beta/sqlite-3.26.0-17.el8_7
rpms:imports/c9/sqlite-3.34.1-6.el9_1
rpms:imports/c8/sqlite-3.26.0-17.el8_7
rpms:imports/c8s/sqlite-3.26.0-17.el8_7
rpms:imports/c8/sqlite-3.26.0-16.el8_6
rpms:imports/c8s/sqlite-3.26.0-16.el8_6
rpms:imports/c9/sqlite-3.34.1-5.el9
rpms:imports/c9-beta/sqlite-3.34.1-5.el9
rpms:imports/c8/sqlite-3.26.0-15.el8
rpms:imports/c8-beta/sqlite-3.26.0-15.el8
rpms:imports/c8-beta/sqlite-3.26.0-13.el8
rpms:imports/c8-beta/sqlite-3.26.0-10.el8
rpms:imports/c8-beta/sqlite-3.26.0-4.el8
rpms:imports/c8-beta/sqlite-3.26.0-3.el8
rpms:imports/c8s/sqlite-3.26.0-15.el8
rpms:imports/c8s/sqlite-3.26.0-14.el8
rpms:imports/c8s/sqlite-3.26.0-13.el8
rpms:imports/c8s/sqlite-3.26.0-12.el8
rpms:imports/c8s/sqlite-3.26.0-11.el8
rpms:imports/c8/sqlite-3.26.0-13.el8
rpms:imports/c8/sqlite-3.26.0-11.el8
rpms:imports/c8/sqlite-3.26.0-6.el8
rpms:imports/c8/sqlite-3.26.0-4.el8_1
rpms:imports/c8/sqlite-3.26.0-3.el8
...
pull from: rpms:c9s
Branches Tags
rpms:c9
rpms:c9s
rpms:c8
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c9/sqlite-3.34.1-7.el9_3
rpms:imports/c8/sqlite-3.26.0-19.el8_9
rpms:imports/c8/sqlite-3.26.0-18.el8_8
rpms:imports/c9-beta/sqlite-3.34.1-6.el9_1
rpms:imports/c8-beta/sqlite-3.26.0-17.el8_7
rpms:imports/c9/sqlite-3.34.1-6.el9_1
rpms:imports/c8/sqlite-3.26.0-17.el8_7
rpms:imports/c8s/sqlite-3.26.0-17.el8_7
rpms:imports/c8/sqlite-3.26.0-16.el8_6
rpms:imports/c8s/sqlite-3.26.0-16.el8_6
rpms:imports/c9/sqlite-3.34.1-5.el9
rpms:imports/c9-beta/sqlite-3.34.1-5.el9
rpms:imports/c8/sqlite-3.26.0-15.el8
rpms:imports/c8-beta/sqlite-3.26.0-15.el8
rpms:imports/c8-beta/sqlite-3.26.0-13.el8
rpms:imports/c8-beta/sqlite-3.26.0-10.el8
rpms:imports/c8-beta/sqlite-3.26.0-4.el8
rpms:imports/c8-beta/sqlite-3.26.0-3.el8
rpms:imports/c8s/sqlite-3.26.0-15.el8
rpms:imports/c8s/sqlite-3.26.0-14.el8
rpms:imports/c8s/sqlite-3.26.0-13.el8
rpms:imports/c8s/sqlite-3.26.0-12.el8
rpms:imports/c8s/sqlite-3.26.0-11.el8
rpms:imports/c8/sqlite-3.26.0-13.el8
rpms:imports/c8/sqlite-3.26.0-11.el8
rpms:imports/c8/sqlite-3.26.0-6.el8
rpms:imports/c8/sqlite-3.26.0-4.el8_1
rpms:imports/c8/sqlite-3.26.0-3.el8

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

46 changed files with 287 additions and 3159 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

6
.gitignore vendored
View File

@ -1,3 +1,3 @@
SOURCES/sqlite-autoconf-3260000.tar.gz
SOURCES/sqlite-doc-3260000.zip
SOURCES/sqlite-src-3260000.zip
/sqlite-*.zip
/sqlite-autoconf-*.tar.gz
/sqlite-*/

6
.sqlite.metadata
View File

@ -1,3 +1,3 @@
9af2df1a6da5db6e2ecf3f463625f16740e036e9 SOURCES/sqlite-autoconf-3260000.tar.gz
13c48e0396d15f3f4978214e144445031a23d509 SOURCES/sqlite-doc-3260000.zip
a05429d6a8337d60ddc7c6381b49941059a55f68 SOURCES/sqlite-src-3260000.zip
5abb2e1f4962f0c67ab40df18793e9de890db85e sqlite-doc-3340100.zip
7bc3127488860a67b2437d46fdb8abfb46b36e7e sqlite-src-3340100.zip
c20286e11fe5c2e3712ce74890e1692417de6890 sqlite-autoconf-3340100.tar.gz

149
SOURCES/sqlite-3.26-CVE-2019-13752.patch
View File

@ -1,149 +0,0 @@
From 92b243715eea17997ed9707540757d0667ad9eb2 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 2 Jan 2020 09:54:41 +0100
Subject: [PATCH] Improved detection of corrupt shadow tables in FTS3. Enable
the debugging special-inserts for FTS3 for both SQLITE_DEBUG and SQLITE_TEST.
Resolves: CVE-2019-13752
---
ext/fts3/fts3.c | 2 +-
ext/fts3/fts3Int.h | 2 +-
ext/fts3/fts3_write.c | 42 +++++++++++++++++++++++++++---------------
3 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index f6fb931..6d6bd46 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -4304,7 +4304,7 @@ static int fts3EvalPhraseStart(Fts3Cursor *pCsr, int bOptOk, Fts3Phrase *p){
int bIncrOk = (bOptOk
&& pCsr->bDesc==pTab->bDescIdx
&& p->nToken<=MAX_INCR_PHRASE_TOKENS && p->nToken>0
-#ifdef SQLITE_TEST
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
&& pTab->bNoIncrDoclist==0
#endif
);
diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h
index 077bad7..6f5a7a0 100644
--- a/ext/fts3/fts3Int.h
+++ b/ext/fts3/fts3Int.h
@@ -283,7 +283,7 @@ struct Fts3Table {
int mxSavepoint; /* Largest valid xSavepoint integer */
#endif
-#ifdef SQLITE_TEST
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
/* True to disable the incremental doclist optimization. This is controled
** by special insert command 'test-no-incr-doclist'. */
int bNoIncrDoclist;
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 8fc6589..ee668aa 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -23,7 +23,7 @@
#include <string.h>
#include <assert.h>
#include <stdlib.h>
-
+#include <stdio.h>
#define FTS_MAX_APPENDABLE_HEIGHT 16
@@ -2021,6 +2021,11 @@ static int fts3NodeAddTerm(
nPrefix = fts3PrefixCompress(pTree->zTerm, pTree->nTerm, zTerm, nTerm);
nSuffix = nTerm-nPrefix;
+ /* If nSuffix is zero or less, then zTerm/nTerm must be a prefix of
+ ** pWriter->zTerm/pWriter->nTerm. i.e. must be equal to or less than when
+ ** compared with BINARY collation. This indicates corruption. */
+ if( nSuffix<=0 ) return FTS_CORRUPT_VTAB;
+
nReq += sqlite3Fts3VarintLen(nPrefix)+sqlite3Fts3VarintLen(nSuffix)+nSuffix;
if( nReq<=p->nNodeSize || !pTree->zTerm ){
@@ -2309,9 +2314,11 @@ static int fts3SegWriterAdd(
/* Append the prefix-compressed term and doclist to the buffer. */
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nPrefix);
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nSuffix);
+ assert( nSuffix>0 );
memcpy(&pWriter->aData[nData], &zTerm[nPrefix], nSuffix);
nData += nSuffix;
nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nDoclist);
+ assert( nDoclist>0 );
memcpy(&pWriter->aData[nData], aDoclist, nDoclist);
pWriter->nData = nData + nDoclist;
@@ -2331,6 +2338,7 @@ static int fts3SegWriterAdd(
pWriter->zTerm = zNew;
}
assert( pWriter->zTerm==pWriter->zMalloc );
+ assert( nTerm>0 );
memcpy(pWriter->zTerm, zTerm, nTerm);
}else{
pWriter->zTerm = (char *)zTerm;
@@ -2639,6 +2647,7 @@ static int fts3MsrBufferData(
pMsr->aBuffer = pNew;
}
+ assert( nList>0 );
memcpy(pMsr->aBuffer, pList, nList);
return SQLITE_OK;
}
@@ -3821,6 +3830,7 @@ static int fts3IncrmergePush(
** be added to. */
nPrefix = fts3PrefixCompress(pNode->key.a, pNode->key.n, zTerm, nTerm);
nSuffix = nTerm - nPrefix;
+ if( NEVER(nSuffix<=0) ) return FTS_CORRUPT_VTAB;
nSpace = sqlite3Fts3VarintLen(nPrefix);
nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
@@ -5300,7 +5310,7 @@ static int fts3DoIntegrityCheck(
** meaningful value to insert is the text 'optimize'.
*/
static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
- int rc; /* Return Code */
+ int rc = SQLITE_ERROR; /* Return Code */
const char *zVal = (const char *)sqlite3_value_text(pVal);
int nVal = sqlite3_value_bytes(pVal);
@@ -5316,21 +5326,23 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
rc = fts3DoIncrmerge(p, &zVal[6]);
}else if( nVal>10 && 0==sqlite3_strnicmp(zVal, "automerge=", 10) ){
rc = fts3DoAutoincrmerge(p, &zVal[10]);
-#ifdef SQLITE_TEST
- }else if( nVal>9 && 0==sqlite3_strnicmp(zVal, "nodesize=", 9) ){
- p->nNodeSize = atoi(&zVal[9]);
- rc = SQLITE_OK;
- }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){
- p->nMaxPendingData = atoi(&zVal[11]);
- rc = SQLITE_OK;
- }else if( nVal>21 && 0==sqlite3_strnicmp(zVal, "test-no-incr-doclist=", 21) ){
- p->bNoIncrDoclist = atoi(&zVal[21]);
- rc = SQLITE_OK;
-#endif
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
}else{
- rc = SQLITE_ERROR;
+ int v;
+ if( nVal>9 && 0==sqlite3_strnicmp(zVal, "nodesize=", 9) ){
+ v = atoi(&zVal[9]);
+ if( v>=24 && v<=p->nPgsz-35 ) p->nNodeSize = v;
+ rc = SQLITE_OK;
+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){
+ v = atoi(&zVal[11]);
+ if( v>=64 && v<=FTS3_MAX_PENDING_DATA ) p->nMaxPendingData = v;
+ rc = SQLITE_OK;
+ }else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
+ p->bNoIncrDoclist = atoi(&zVal[21]);
+ rc = SQLITE_OK;
+ }
+#endif
}
-
return rc;
}
--
2.19.1

25
SOURCES/sqlite-3.26-CVE-2019-13753.patch
View File

@ -1,25 +0,0 @@
From 0b3ba64a9c7f785f6b3f1c1c15c5b0f1e41e0461 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 2 Jan 2020 10:25:58 +0100
Subject: [PATCH] Remove a reachable NEVER() in FTS3.
---
ext/fts3/fts3_write.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index ee668aa..8624329 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -3830,7 +3830,7 @@ static int fts3IncrmergePush(
** be added to. */
nPrefix = fts3PrefixCompress(pNode->key.a, pNode->key.n, zTerm, nTerm);
nSuffix = nTerm - nPrefix;
- if( NEVER(nSuffix<=0) ) return FTS_CORRUPT_VTAB;
+ if(nSuffix<=0 ) return FTS_CORRUPT_VTAB;
nSpace = sqlite3Fts3VarintLen(nPrefix);
nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
--
2.19.1

107
SOURCES/sqlite-3.26.0-CVE-2019-13734.patch
View File

@ -1,107 +0,0 @@
From 5f4ce30babee8085fc36680c6103d9a06be49ef7 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 2 Jan 2020 11:58:39 +0100
Subject: [PATCH] More improvements to shadow table corruption detection in
FTS3.
---
ext/fts3/fts3.c | 4 ++++
ext/fts3/fts3Int.h | 10 ++++++++++
ext/fts3/fts3_write.c | 14 +++++++++++---
3 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index 6d6bd46..84fc8a5 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -1460,6 +1460,10 @@ static int fts3InitVtab(
fts3DatabasePageSize(&rc, p);
p->nNodeSize = p->nPgsz-35;
+#if defined(SQLITE_DEBUG)||defined(SQLITE_TEST)
+ p->nMergeCount = FTS3_MERGE_COUNT;
+#endif
+
/* Declare the table schema to SQLite. */
fts3DeclareVtab(&rc, p);
diff --git a/ext/fts3/fts3Int.h b/ext/fts3/fts3Int.h
index 6f5a7a0..0d1b491 100644
--- a/ext/fts3/fts3Int.h
+++ b/ext/fts3/fts3Int.h
@@ -287,9 +287,19 @@ struct Fts3Table {
/* True to disable the incremental doclist optimization. This is controled
** by special insert command 'test-no-incr-doclist'. */
int bNoIncrDoclist;
+
+ /* Number of segments in a level */
+ int nMergeCount;
#endif
};
+/* Macro to find the number of segments to merge */
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+# define MergeCount(P) ((P)->nMergeCount)
+#else
+# define MergeCount(P) FTS3_MERGE_COUNT
+#endif
+
/*
** When the core wants to read from the virtual table, it creates a
** virtual table cursor (an instance of the following structure) using
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 8624329..d57d265 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1152,7 +1152,7 @@ static int fts3AllocateSegdirIdx(
** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
*/
- if( iNext>=FTS3_MERGE_COUNT ){
+ if( iNext>=MergeCount(p) ){
fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
*piIdx = 0;
@@ -4259,6 +4259,10 @@ static int fts3IncrmergeLoad(
int i;
int nHeight = (int)aRoot[0];
NodeWriter *pNode;
+ if( nHeight<1 || nHeight>FTS_MAX_APPENDABLE_HEIGHT ){
+ sqlite3_reset(pSelect);
+ return FTS_CORRUPT_VTAB;
+ }
pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
pWriter->iStart = iStart;
@@ -5007,7 +5011,7 @@ static int fts3DoIncrmerge(
const char *zParam /* Nul-terminated string containing "A,B" */
){
int rc;
- int nMin = (FTS3_MERGE_COUNT / 2);
+ int nMin = (MergeCount(p) / 2);
int nMerge = 0;
const char *z = zParam;
@@ -5052,7 +5056,7 @@ static int fts3DoAutoincrmerge(
int rc = SQLITE_OK;
sqlite3_stmt *pStmt = 0;
p->nAutoincrmerge = fts3Getint(&zParam);
- if( p->nAutoincrmerge==1 || p->nAutoincrmerge>FTS3_MERGE_COUNT ){
+ if( p->nAutoincrmerge==1 || p->nAutoincrmerge>MergeCount(p) ){
p->nAutoincrmerge = 8;
}
if( !p->bHasStat ){
@@ -5340,6 +5344,10 @@ static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
}else if( nVal>21 && 0==sqlite3_strnicmp(zVal,"test-no-incr-doclist=",21) ){
p->bNoIncrDoclist = atoi(&zVal[21]);
rc = SQLITE_OK;
+ }else if( nVal>11 && 0==sqlite3_strnicmp(zVal,"mergecount=",11) ){
+ v = atoi(&zVal[11]);
+ if( v>=4 && v<=FTS3_MERGE_COUNT && (v&1)==0 ) p->nMergeCount = v;
+ rc = SQLITE_OK;
}
#endif
}
--
2.19.1

158
SOURCES/sqlite-3.26.0-CVE-2019-13750.patch
View File

@ -1,158 +0,0 @@
Subject: [PATCH] In defensive mode, do not allow shadow tables to be renamed
using ALTER TABLE and do not allow shadow tables to be dropped.
diff --git a/src/alter.c b/src/alter.c
index 0fa24c0..707472a 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -28,9 +28,16 @@
**
** Or, if zName is not a system table, zero is returned.
*/
-static int isSystemTable(Parse *pParse, const char *zName){
- if( 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
- sqlite3ErrorMsg(pParse, "table %s may not be altered", zName);
+static int isAlterableTable(Parse *pParse, Table *pTab){
+ if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7)
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+ || ( (pTab->tabFlags & TF_Shadow)
+ && (pParse->db->flags & SQLITE_Defensive)
+ && pParse->db->nVdbeExec==0
+ )
+#endif
+ ){
+ sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName);
return 1;
}
return 0;
@@ -129,7 +136,7 @@ void sqlite3AlterRenameTable(
/* Make sure it is not a system table being altered, or a reserved name
** that the table is being renamed to.
*/
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
goto exit_rename_table;
}
if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto
@@ -427,7 +434,7 @@ void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
goto exit_begin_add_column;
}
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
goto exit_begin_add_column;
}
@@ -529,7 +536,7 @@ void sqlite3AlterRenameColumn(
if( !pTab ) goto exit_rename_column;
/* Cannot alter a system table */
- if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
+ if( SQLITE_OK!=isAlterableTable(pParse, pTab) ) goto exit_rename_column;
if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;
/* Which schema holds the table to be altered */
diff --git a/src/build.c b/src/build.c
index 1dc2614..3412670 100644
--- a/src/build.c
+++ b/src/build.c
@@ -2661,6 +2661,22 @@ void sqlite3CodeDropTable(Parse *pParse, Table *pTab, int iDb, int isView){
sqliteViewResetAll(db, iDb);
}
+/*
+** Return true if it is not allowed to drop the given table
+*/
+static int tableMayNotBeDropped(Parse *pParse, Table *pTab){
+ if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 ){
+ if( sqlite3StrNICmp(pTab->zName+7, "stat", 4)==0 ) return 0;
+ if( sqlite3StrNICmp(pTab->zName+7, "parameters", 10)==0 ) return 0;
+ return 1;
+ }
+ if( pTab->tabFlags & TF_Shadow ){
+ sqlite3 *db = pParse->db;
+ if( (db->flags & SQLITE_Defensive)!=0 && db->nVdbeExec==0 ) return 1;
+ }
+ return 0;
+}
+
/*
** This routine is called to do the work of a DROP TABLE statement.
** pName is the name of the table to be dropped.
@@ -2730,8 +2746,7 @@ void sqlite3DropTable(Parse *pParse, SrcList *pName, int isView, int noErr){
}
}
#endif
- if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0
- && sqlite3StrNICmp(pTab->zName, "sqlite_stat", 11)!=0 ){
+ if( tableMayNotBeDropped(pParse, pTab) ){
sqlite3ErrorMsg(pParse, "table %s may not be dropped", pTab->zName);
goto exit_drop_table;
}
diff --git a/test/altertab.test b/test/altertab.test
index a364207..891b081 100644
--- a/test/altertab.test
+++ b/test/altertab.test
@@ -505,5 +505,62 @@ do_execsql_test 15.5 {
SELECT sql FROM sqlite_master WHERE name = 'y';
} {{CREATE VIEW y AS SELECT f2 AS f1 FROM x}}
+#-------------------------------------------------------------------------
+# Test that it is not possible to rename a shadow table in DEFENSIVE mode.
+#
+ifcapable fts3 {
+ proc vtab_command {method args} {
+ switch -- $method {
+ xConnect {
+ if {[info exists ::vtab_connect_sql]} {
+ execsql $::vtab_connect_sql
+ }
+ return "CREATE TABLE t1(a, b, c)"
+ }
+
+ xBestIndex {
+ set clist [lindex $args 0]
+ if {[llength $clist]!=1} { error "unexpected constraint list" }
+ catch { array unset C }
+ array set C [lindex $clist 0]
+ if {$C(usable)} {
+ return "omit 0 cost 0 rows 1 idxnum 555 idxstr eq!"
+ } else {
+ return "cost 1000000 rows 0 idxnum 0 idxstr scan..."
+ }
+ }
+ }
+
+ return {}
+ }
+
+ register_tcl_module db
+
+ sqlite3_db_config db DEFENSIVE 1
+
+ do_execsql_test 16.0 {
+ CREATE VIRTUAL TABLE y1 USING fts3;
+ }
+
+ do_catchsql_test 16.10 {
+ INSERT INTO y1_segments VALUES(1, X'1234567890');
+ } {1 {table y1_segments may not be modified}}
+
+ do_catchsql_test 16.20 {
+ ALTER TABLE y1_segments RENAME TO abc;
+ } {1 {table y1_segments may not be altered}}
+
+ do_catchsql_test 16.21 {
+ DROP TABLE y1_segments;
+ } {1 {table y1_segments may not be dropped}}
+
+ do_execsql_test 16.30 {
+ ALTER TABLE y1 RENAME TO z1;
+ }
+
+ do_execsql_test 16.40 {
+ SELECT * FROM z1_segments;
+ }
+}
finish_test

22
SOURCES/sqlite-3.26.0-CVE-2019-13751.patch
View File

@ -1,22 +0,0 @@
Subject: [PATCH] Further improve detection of corrupt records in fts3
---
ext/fts3/fts3_write.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index 5330b4c..0647bd7 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1376,7 +1376,7 @@ static int fts3SegReaderNext(
pNext += fts3GetVarint32(pNext, &nSuffix);
if( nSuffix<=0
|| (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
- || nPrefix>pReader->nTermAlloc
+ || nPrefix>pReader->nTerm
){
return FTS_CORRUPT_VTAB;
}
--
2.30.2

65
SOURCES/sqlite-3.26.0-CVE-2019-16168.patch
View File

@ -1,65 +0,0 @@
From ab17169870e985b062e520ecf95e6c79ad784f38 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 23 Apr 2020 11:25:13 +0200
Subject: [PATCH] fixed CVE-2019-16168 (rhbz#1826897)
---
src/analyze.c | 4 +++-
src/where.c | 1 +
test/analyzeC.test | 13 +++++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/analyze.c b/src/analyze.c
index 5075b57..e47c0f5 100644
--- a/src/analyze.c
+++ b/src/analyze.c
@@ -1497,7 +1497,9 @@ static void decodeIntArray(
if( sqlite3_strglob("unordered*", z)==0 ){
pIndex->bUnordered = 1;
}else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
+ int sz = sqlite3Atoi(z+3);
+ if( sz<2 ) sz = 2;
+ pIndex->szIdxRow = sqlite3LogEst(sz);
}else if( sqlite3_strglob("noskipscan*", z)==0 ){
pIndex->noSkipScan = 1;
}
diff --git a/src/where.c b/src/where.c
index 8e01660..1a4fa51 100644
--- a/src/where.c
+++ b/src/where.c
@@ -2655,6 +2655,7 @@ static int whereLoopAddBtreeIndex(
** it to pNew->rRun, which is currently set to the cost of the index
** seek only. Then, if this is a non-covering index, add the cost of
** visiting the rows in the main table. */
+ assert( pSrc->pTab->szTabRow>0 );
rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
diff --git a/test/analyzeC.test b/test/analyzeC.test
index 02faa9c..3595c9d 100644
--- a/test/analyzeC.test
+++ b/test/analyzeC.test
@@ -132,6 +132,19 @@ do_execsql_test 4.3 {
SELECT count(a) FROM t1;
} {/.*INDEX t1ca.*/}
+# 2019-08-15.
+# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901
+# The sz=N parameter in the sqlite_stat1 table needs to have a value of
+# 2 or more to avoid a division by zero in the query planner.
+#
+do_execsql_test 4.4 {
+ DROP TABLE IF EXISTS t44;
+ CREATE TABLE t44(a PRIMARY KEY);
+ INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0');
+ ANALYZE sqlite_master;
+ SELECT 0 FROM t44 WHERE a IN(1,2,3);
+} {}
+
# The sz=NNN parameter works even if there is other extraneous text
# in the sqlite_stat1.stat column.
--
2.24.1

124
SOURCES/sqlite-3.26.0-CVE-2019-19603.patch
View File

@ -1,124 +0,0 @@
Subject: [PATCH] Do not allow CREATE TABLE or CREATE VIEW of an object with a name
that looks like a shadow table name.
diff --git a/src/build.c b/src/build.c
index 3412670..f273394 100644
--- a/src/build.c
+++ b/src/build.c
@@ -814,6 +814,22 @@ int sqlite3WritableSchema(sqlite3 *db){
return (db->flags&(SQLITE_WriteSchema|SQLITE_Defensive))==SQLITE_WriteSchema;
}
+/*
+** Return TRUE if shadow tables should be read-only in the current
+** context.
+*/
+int sqlite3ReadOnlyShadowTables(sqlite3 *db){
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+ if( (db->flags & SQLITE_Defensive)!=0
+ && db->pVtabCtx==0
+ && db->nVdbeExec==0
+ ){
+ return 1;
+ }
+#endif
+ return 0;
+}
+
/*
** This routine is used to check if the UTF-8 string zName is a legal
** unqualified name for a new schema object (table, index, view or
@@ -822,9 +838,10 @@ int sqlite3WritableSchema(sqlite3 *db){
** is reserved for internal use.
*/
int sqlite3CheckObjectName(Parse *pParse, const char *zName){
- if( !pParse->db->init.busy && pParse->nested==0
+ if(( !pParse->db->init.busy && pParse->nested==0
&& sqlite3WritableSchema(pParse->db)==0
- && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
+ && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ) ||
+ (sqlite3ReadOnlyShadowTables(pParse->db) && sqlite3ShadowTableName(pParse->db, zName))){
sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", zName);
return SQLITE_ERROR;
}
@@ -1929,7 +1946,7 @@ int sqlite3IsShadowTableOf(sqlite3 *db, Table *pTab, const char *zName){
** zName is temporarily modified while this routine is running, but is
** restored to its original value prior to this routine returning.
*/
-static int isShadowTableName(sqlite3 *db, char *zName){
+int sqlite3ShadowTableName(sqlite3 *db, const char *zName){
char *zTail; /* Pointer to the last "_" in zName */
Table *pTab; /* Table that zName is a shadow of */
@@ -1942,8 +1959,6 @@ static int isShadowTableName(sqlite3 *db, char *zName){
if( !IsVirtual(pTab) ) return 0;
return sqlite3IsShadowTableOf(db, pTab, zName);
}
-#else
-# define isShadowTableName(x,y) 0
#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
/*
@@ -1985,7 +2000,7 @@ void sqlite3EndTable(
p = pParse->pNewTable;
if( p==0 ) return;
- if( pSelect==0 && isShadowTableName(db, p->zName) ){
+ if( pSelect==0 && sqlite3ShadowTableName(db, p->zName) ){
p->tabFlags |= TF_Shadow;
}
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 60b2ebd..e5ba8a0 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -4408,6 +4408,11 @@ void sqlite3AutoLoadExtensions(sqlite3*);
);
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+ int sqlite3ShadowTableName(sqlite3 *db, const char *zName);
+#else
+# define sqlite3ShadowTableName(A,B) 0
+#endif
#ifndef SQLITE_OMIT_VIRTUALTABLE
int sqlite3IsShadowTableOf(sqlite3*,Table*,const char*);
#else
diff --git a/test/altertab.test b/test/altertab.test
index 891b081..0705abc 100644
--- a/test/altertab.test
+++ b/test/altertab.test
@@ -547,13 +547,29 @@ ifcapable fts3 {
} {1 {table y1_segments may not be modified}}
do_catchsql_test 16.20 {
- ALTER TABLE y1_segments RENAME TO abc;
- } {1 {table y1_segments may not be altered}}
-
- do_catchsql_test 16.21 {
DROP TABLE y1_segments;
} {1 {table y1_segments may not be dropped}}
+ do_catchsql_test 16.20 {
+ ALTER TABLE y1_segments RENAME TO abc;
+ } {1 {table y1_segments may not be altered}}
+ sqlite3_db_config db DEFENSIVE 0
+ do_catchsql_test 16.22 {
+ ALTER TABLE y1_segments RENAME TO abc;
+ } {0 {}}
+ sqlite3_db_config db DEFENSIVE 1
+ do_catchsql_test 16.23 {
+ CREATE TABLE y1_segments AS SELECT * FROM abc;
+ } {1 {object name reserved for internal use: y1_segments}}
+ do_catchsql_test 16.24 {
+ CREATE VIEW y1_segments AS SELECT * FROM abc;
+ } {1 {object name reserved for internal use: y1_segments}}
+ sqlite3_db_config db DEFENSIVE 0
+ do_catchsql_test 16.25 {
+ ALTER TABLE abc RENAME TO y1_segments;
+ } {0 {}}
+ sqlite3_db_config db DEFENSIVE 1
+
do_execsql_test 16.30 {
ALTER TABLE y1 RENAME TO z1;
}

67
SOURCES/sqlite-3.26.0-CVE-2019-19923.patch
View File

@ -1,67 +0,0 @@
From 7d47517d579601bb6e59e33bf0896f0ed36aa0aa Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Jan 2020 09:34:41 +0100
Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of
check-in
by disallowing query flattening if the outer query is DISTINCT. Without this fix,
if an index scan is run on the table within the view on the right-hand side of the
LEFT JOIN, stale result registers might be accessed yielding incorrect results,
and/or an OP_IfNullRow opcode might be invoked on the un-opened table, resulting
in a NULL-pointer dereference. This problem was found by the Yongheng and Rui fuzzer.
---
src/select.c | 8 ++++++--
test/join.test | 13 +++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/select.c b/src/select.c
index c60ff27..0205a08 100644
--- a/src/select.c
+++ b/src/select.c
@@ -3569,6 +3569,7 @@ static void substSelect(
** (3b) the FROM clause of the subquery may not contain a virtual
** table and
** (3c) the outer query may not be an aggregate.
+** (3d) the outer query may not be DISTINCT.
**
** (4) The subquery can not be DISTINCT.
**
@@ -3765,8 +3766,11 @@ static int flattenSubquery(
*/
if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
isLeftJoin = 1;
- if( pSubSrc->nSrc>1 || isAgg || IsVirtual(pSubSrc->a[0].pTab) ){
- /* (3a) (3c) (3b) */
+ if( pSubSrc->nSrc>1 /* (3a) */
+ || isAgg /* (3b) */
+ || IsVirtual(pSubSrc->a[0].pTab) /* (3c) */
+ || (p->selFlags & SF_Distinct)!=0 /* (3d) */
+ ){
return 0;
}
}
diff --git a/test/join.test b/test/join.test
index 8c6f463..8c6a53d 100644
--- a/test/join.test
+++ b/test/join.test
@@ -844,4 +844,17 @@ do_execsql_test join-15.110 {
ORDER BY a1, a2, a3, a4, a5;
} {1 {} {} {} {} 1 11 {} {} {} 1 12 {} {} {} 1 12 121 {} {} 1 13 {} {} {}}
+# 2019-12-18 problem with a LEFT JOIN where the RHS is a view.
+# Detected by Yongheng and Rui.
+# Follows from the optimization attempt of check-in 41c27bc0ff1d3135
+# on 2017-04-18
+#
+reset_db
+do_execsql_test join-22.10 {
+ CREATE TABLE t0(a, b);
+ CREATE INDEX t0a ON t0(a);
+ INSERT INTO t0 VALUES(10,10),(10,11),(10,12);
+ SELECT DISTINCT c FROM t0 LEFT JOIN (SELECT a+1 AS c FROM t0) ORDER BY c ;
+} {11}
+
finish_test
--
2.19.1

60
SOURCES/sqlite-3.26.0-CVE-2019-19924.patch
View File

@ -1,60 +0,0 @@
From 6b06304c2a46e17a6dc4402eadc75ccac24da893 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Fri, 17 Jan 2020 13:03:54 +0100
Subject: [PATCH] When an error occurs while rewriting the parser tree for
window functions in the sqlite3WindowRewrite() routine, make sure that
pParse->nErr is set, and make sure that this shuts down any subsequent code
generation that might depend on the transformations that were implemented.
This fixes a problem discovered by the Yongheng and Rui fuzzer.
---
src/expr.c | 1 +
src/vdbeaux.c | 3 ++-
src/window.c | 5 +++++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/expr.c b/src/expr.c
index d4eb9de..b081ca2 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -344,6 +344,7 @@ static int codeCompare(
int addr;
CollSeq *p4;
+ if( pParse->nErr ) return 0;
p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight);
p5 = binaryCompareP5(pLeft, pRight, jumpIfNull);
addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1,
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index f1496a3..b74141b 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -1160,7 +1160,8 @@ void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
*/
static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
assert( p->nOp>0 || p->aOp==0 );
- assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
+ assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed
+ || p->pParse->nErr>0 );
if( p->nOp ){
assert( p->aOp );
sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
diff --git a/src/window.c b/src/window.c
index f5deae9..56c0145 100644
--- a/src/window.c
+++ b/src/window.c
@@ -843,6 +843,11 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
if( db->mallocFailed ) rc = SQLITE_NOMEM;
}
+ if( rc && pParse->nErr==0 ){
+ assert( pParse->db->mallocFailed );
+ return SQLITE_NOMEM;
+ }
+
return rc;
}
--
2.19.1

50
SOURCES/sqlite-3.26.0-CVE-2019-19925.patch
View File

@ -1,50 +0,0 @@
From 1986c6384122947b10804cbc5c4d7af85e097404 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Jan 2020 10:09:55 +0100
Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the
pathname of
the file being inserted is a NULL. Bug discovered by the
Yongheng and Rui fuzzer.
---
ext/misc/zipfile.c | 1 +
test/zipfile.test | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e57dc38..6f48d0f 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1618,6 +1618,7 @@ static int zipfileUpdate(
if( rc==SQLITE_OK ){
zPath = (const char*)sqlite3_value_text(apVal[2]);
+ if( zPath==0 ) zPath = "";
nPath = (int)strlen(zPath);
mTime = zipfileGetTime(apVal[4]);
}
diff --git a/test/zipfile.test b/test/zipfile.test
index 2bab066..5bca10b 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -795,4 +795,17 @@ if {$tcl_platform(platform)!="windows"} {
} {. ./x1.txt ./x2.txt}
}
+# 2019-12-18 Yongheng and Rui fuzzer
+#
+do_execsql_test 13.10 {
+ DROP TABLE IF EXISTS t0;
+ DROP TABLE IF EXISTS t1;
+ CREATE TABLE t0(a,b,c,d,e,f,g);
+ REPLACE INTO t0(c,b,f) VALUES(10,10,10);
+ CREATE VIRTUAL TABLE t1 USING zipfile('h.zip');
+ REPLACE INTO t1 SELECT * FROM t0;
+ SELECT quote(name),quote(mode),quote(mtime),quote(sz),quote(rawdata),
+ quote(data),quote(method) FROM t1;
+} {'' 10 10 2 X'3130' X'3130' 0}
+
finish_test
--
2.19.1

63
SOURCES/sqlite-3.26.0-CVE-2019-19959.patch
View File

@ -1,63 +0,0 @@
From 16c5290d72cb8059e9dfe545613183b850fc44e4 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 20 Jan 2020 10:26:35 +0100
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
it is able to
deal with goofy filenames that contain embedded zeros.
---
ext/misc/zipfile.c | 4 ++--
test/zipfile.test | 13 +++++++++++++
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index 6f48d0f..e6141ef 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1632,7 +1632,7 @@ static int zipfileUpdate(
zFree = sqlite3_mprintf("%s/", zPath);
if( zFree==0 ){ rc = SQLITE_NOMEM; }
zPath = (const char*)zFree;
- nPath++;
+ nPath = (int)strlen(zPath);
}
}
@@ -2033,11 +2033,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
}else{
if( zName[nName-1]!='/' ){
zName = zFree = sqlite3_mprintf("%s/", zName);
- nName++;
if( zName==0 ){
rc = SQLITE_NOMEM;
goto zipfile_step_out;
}
+ nName = (int)strlen(zName);
}else{
while( nName>1 && zName[nName-2]=='/' ) nName--;
}
diff --git a/test/zipfile.test b/test/zipfile.test
index 5bca10b..e4b8088 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -808,4 +808,17 @@ do_execsql_test 13.10 {
quote(data),quote(method) FROM t1;
} {'' 10 10 2 X'3130' X'3130' 0}
+# 2019-12-23 Yongheng and Rui fuzzer
+# Run using valgrind to see the problem.
+#
+do_execsql_test 14.10 {
+ DROP TABLE t1;
+ CREATE TABLE t1(x char);
+ INSERT INTO t1(x) VALUES('1');
+ INSERT INTO t1(x) SELECT zipfile(x, 'xyz') FROM t1;
+ INSERT INTO t1(x) SELECT zipfile(x, 'uvw') FROM t1;
+ SELECT count(*) FROM t1;
+ PRAGMA integrity_check;
+} {3 ok}
+
finish_test
--
2.19.1

102
SOURCES/sqlite-3.26.0-CVE-2019-20218.patch
View File

@ -1,102 +0,0 @@
From ff5f246e41239cc4dd33ffa73883fa07f78674e1 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Fri, 7 Aug 2020 07:00:29 +0200
Subject: [PATCH] Do not attempt to unwind the WITH stack in the Parse object
following an error.
---
src/select.c | 5 ++++-
src/util.c | 1 +
test/altertab2.test | 20 ++++++++++++++++++++
test/with3.test | 10 +++++++++-
4 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/src/select.c b/src/select.c
index c46f177..a6d1757 100644
--- a/src/select.c
+++ b/src/select.c
@@ -4639,6 +4639,9 @@ static int withExpand(
With *pWith; /* WITH clause that pCte belongs to */
assert( pFrom->pTab==0 );
+ if( pParse->nErr ){
+ return SQLITE_ERROR;
+ }
pCte = searchWith(pParse->pWith, pFrom, &pWith);
if( pCte ){
@@ -4908,7 +4911,7 @@ static int selectExpander(Walker *pWalker, Select *p){
/* Process NATURAL keywords, and ON and USING clauses of joins.
*/
- if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){
+ if( pParse->nErr || db->mallocFailed || sqliteProcessJoin(pParse, p) ){
return WRC_Abort;
}
diff --git a/src/util.c b/src/util.c
index 54f9b93..96b0b14 100644
--- a/src/util.c
+++ b/src/util.c
@@ -222,6 +222,7 @@ void sqlite3ErrorMsg(Parse *pParse, const char *zFormat, ...){
sqlite3DbFree(db, pParse->zErrMsg);
pParse->zErrMsg = zMsg;
pParse->rc = SQLITE_ERROR;
+ pParse->pWith = 0;
}
}
diff --git a/test/altertab2.test b/test/altertab2.test
index 2e4212c..2102e02 100644
--- a/test/altertab2.test
+++ b/test/altertab2.test
@@ -85,5 +85,25 @@ do_execsql_test 2.3 {
{CREATE TABLE c3(x, FOREIGN KEY (x) REFERENCES "p3"(a))}
}
+#------------------------------------------------------------------------
+#
+reset_db
+do_execsql_test 3.0 {
+ CREATE TABLE v0 (a);
+ CREATE VIEW v2 (v3) AS
+ WITH x1 AS (SELECT * FROM v2)
+ SELECT v3 AS x, v3 AS y FROM v2;
+}
+
+do_catchsql_test 3.1 {
+ SELECT * FROM v2
+} {1 {view v2 is circularly defined}}
+
+db close
+sqlite3 db test.db
+
+do_catchsql_test 3.2 {
+ ALTER TABLE v0 RENAME TO t3 ;
+} {1 {error in view v2: view v2 is circularly defined}}
finish_test
diff --git a/test/with3.test b/test/with3.test
index de150b1..4a3a5a7 100644
--- a/test/with3.test
+++ b/test/with3.test
@@ -30,7 +30,15 @@ do_catchsql_test 1.0 {
SELECT 5 FROM t0 UNION SELECT 8 FROM m
)
SELECT * FROM i;
-} {1 {no such table: m}}
+} {1 {no such table: t0}}
+
+# 2019-11-09 dbfuzzcheck find
+do_catchsql_test 1.1 {
+ CREATE VIEW v1(x,y) AS
+ WITH t1(a,b) AS (VALUES(1,2))
+ SELECT * FROM nosuchtable JOIN t1;
+ SELECT * FROM v1;
+} {1 {no such table: main.nosuchtable}}
# Additional test cases that came out of the work to
# fix for Kostya's problem.
--
2.26.0

281
SOURCES/sqlite-3.26.0-CVE-2019-5018.patch
View File

@ -1,281 +0,0 @@
Subject: [PATCH] Prevent aliases of window functions expressions from being
used as arguments to aggregate or other window functions.
---
src/resolve.c | 21 ++++++---
src/sqliteInt.h | 2 +
test/windowerr.tcl | 59 ++++++++++++++++++++++++++
test/windowerr.test | 99 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 176 insertions(+), 5 deletions(-)
create mode 100644 test/windowerr.tcl
create mode 100644 test/windowerr.test
diff --git a/src/resolve.c b/src/resolve.c
index 0c7dfc0..cdcf4d9 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -436,6 +436,10 @@ static int lookupName(
sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
return WRC_Abort;
}
+ if( (pNC->ncFlags&NC_AllowWin)==0 && ExprHasProperty(pOrig, EP_Win) ){
+ sqlite3ErrorMsg(pParse, "misuse of aliased window function %s",zAs);
+ return WRC_Abort;
+ }
if( sqlite3ExprVectorSize(pOrig)!=1 ){
sqlite3ErrorMsg(pParse, "row value misused");
return WRC_Abort;
@@ -707,6 +711,7 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
const char *zId; /* The function name. */
FuncDef *pDef; /* Information about the function */
u8 enc = ENC(pParse->db); /* The database encoding */
+ int savedAllowFlags = (pNC->ncFlags & (NC_AllowAgg | NC_AllowWin));
assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
zId = pExpr->u.zToken;
@@ -828,8 +833,11 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
pNC->nErr++;
}
if( is_agg ){
+ /* Window functions may not be arguments of aggregate functions.
+ ** Or arguments of other window functions. But aggregate functions
+ ** may be arguments for window functions. */
#ifndef SQLITE_OMIT_WINDOWFUNC
- pNC->ncFlags &= ~(pExpr->y.pWin ? NC_AllowWin : NC_AllowAgg);
+ pNC->ncFlags &= ~(NC_AllowWin | (!pExpr->y.pWin ? NC_AllowAgg : 0));
#else
pNC->ncFlags &= ~NC_AllowAgg;
#endif
@@ -850,7 +858,7 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
pExpr->y.pWin->pNextWin = pSel->pWin;
pSel->pWin = pExpr->y.pWin;
}
- pNC->ncFlags |= NC_AllowWin;
+ pNC->ncFlags |= NC_HasWin;
}else
#endif /* SQLITE_OMIT_WINDOWFUNC */
{
@@ -868,8 +876,8 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
pNC2->ncFlags |= NC_HasAgg | (pDef->funcFlags & SQLITE_FUNC_MINMAX);
}
- pNC->ncFlags |= NC_AllowAgg;
}
+ pNC->ncFlags |= savedAllowFlags;
}
/* FIX ME: Compute pExpr->affinity based on the expected return
** type of the function
@@ -1573,8 +1581,8 @@ int sqlite3ResolveExprNames(
Walker w;
if( pExpr==0 ) return SQLITE_OK;
- savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg);
- pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg);
+ savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg|NC_HasWin);
+ pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg|NC_HasWin);
w.pParse = pNC->pParse;
w.xExprCallback = resolveExprStep;
w.xSelectCallback = resolveSelectStep;
@@ -1593,6 +1601,9 @@ int sqlite3ResolveExprNames(
if( pNC->ncFlags & NC_HasAgg ){
ExprSetProperty(pExpr, EP_Agg);
}
+ if( pNC->ncFlags & NC_HasWin ){
+ ExprSetProperty(pExpr, EP_Win);
+ }
pNC->ncFlags |= savedHasAgg;
return pNC->nErr>0 || w.pParse->nErr>0;
}
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 5f5f3cc..b7d3571 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -2517,6 +2517,7 @@ struct Expr {
#define EP_Alias 0x400000 /* Is an alias for a result set column */
#define EP_Leaf 0x800000 /* Expr.pLeft, .pRight, .u.pSelect all NULL */
#define EP_WinFunc 0x1000000 /* TK_FUNCTION with Expr.y.pWin set */
+#define EP_Win 0x8000000 /* Contains window functions */
/*
** The EP_Propagate mask is a set of properties that automatically propagate
@@ -2773,6 +2774,7 @@ struct NameContext {
#define NC_MinMaxAgg 0x1000 /* min/max aggregates seen. See note above */
#define NC_Complex 0x2000 /* True if a function or subquery seen */
#define NC_AllowWin 0x4000 /* Window functions are allowed here */
+#define NC_HasWin 0x8000 /* One or more window functions seen */
/*
** An instance of the following object describes a single ON CONFLICT
diff --git a/test/windowerr.tcl b/test/windowerr.tcl
new file mode 100644
index 0000000..80f464d
--- /dev/null
+++ b/test/windowerr.tcl
@@ -0,0 +1,59 @@
+# 2018 May 19
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+
+source [file join [file dirname $argv0] pg_common.tcl]
+
+#=========================================================================
+
+start_test windowerr "2019 March 01"
+ifcapable !windowfunc
+
+execsql_test 1.0 {
+ DROP TABLE IF EXISTS t1;
+ CREATE TABLE t1(a INTEGER, b INTEGER);
+ INSERT INTO t1 VALUES(1, 1);
+ INSERT INTO t1 VALUES(2, 2);
+ INSERT INTO t1 VALUES(3, 3);
+ INSERT INTO t1 VALUES(4, 4);
+ INSERT INTO t1 VALUES(5, 5);
+}
+
+foreach {tn frame} {
+ 1 "ORDER BY a ROWS BETWEEN -1 PRECEDING AND 1 FOLLOWING"
+ 2 "ORDER BY a ROWS BETWEEN 1 PRECEDING AND -1 FOLLOWING"
+
+ 3 "ORDER BY a RANGE BETWEEN -1 PRECEDING AND 1 FOLLOWING"
+ 4 "ORDER BY a RANGE BETWEEN 1 PRECEDING AND -1 FOLLOWING"
+
+ 5 "ORDER BY a GROUPS BETWEEN -1 PRECEDING AND 1 FOLLOWING"
+ 6 "ORDER BY a GROUPS BETWEEN 1 PRECEDING AND -1 FOLLOWING"
+
+ 7 "ORDER BY a,b RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING"
+
+ 8 "PARTITION BY a RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING"
+} {
+ errorsql_test 1.$tn "
+ SELECT a, sum(b) OVER (
+ $frame
+ ) FROM t1 ORDER BY 1
+ "
+}
+errorsql_test 2.1 {
+ SELECT sum( sum(a) OVER () ) FROM t1;
+}
+
+errorsql_test 2.2 {
+ SELECT sum(a) OVER () AS xyz FROM t1 ORDER BY sum(xyz);
+}
+
+
+finish_test
diff --git a/test/windowerr.test b/test/windowerr.test
new file mode 100644
index 0000000..97dae64
--- /dev/null
+++ b/test/windowerr.test
@@ -0,0 +1,99 @@
+# 2019 March 01
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for SQLite library.
+#
+
+####################################################
+# DO NOT EDIT! THIS FILE IS AUTOMATICALLY GENERATED!
+####################################################
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix windowerr
+
+ifcapable !windowfunc { finish_test ; return }
+do_execsql_test 1.0 {
+ DROP TABLE IF EXISTS t1;
+ CREATE TABLE t1(a INTEGER, b INTEGER);
+ INSERT INTO t1 VALUES(1, 1);
+ INSERT INTO t1 VALUES(2, 2);
+ INSERT INTO t1 VALUES(3, 3);
+ INSERT INTO t1 VALUES(4, 4);
+ INSERT INTO t1 VALUES(5, 5);
+} {}
+
+# PG says ERROR: frame starting offset must not be negative
+do_test 1.1 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a ROWS BETWEEN -1 PRECEDING AND 1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: frame ending offset must not be negative
+do_test 1.2 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a ROWS BETWEEN 1 PRECEDING AND -1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: invalid preceding or following size in window function
+do_test 1.3 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a RANGE BETWEEN -1 PRECEDING AND 1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: invalid preceding or following size in window function
+do_test 1.4 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a RANGE BETWEEN 1 PRECEDING AND -1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: frame starting offset must not be negative
+do_test 1.5 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a GROUPS BETWEEN -1 PRECEDING AND 1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: frame ending offset must not be negative
+do_test 1.6 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a GROUPS BETWEEN 1 PRECEDING AND -1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: RANGE with offset PRECEDING/FOLLOWING requires exactly one ORDER BY column
+do_test 1.7 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ ORDER BY a,b RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: RANGE with offset PRECEDING/FOLLOWING requires exactly one ORDER BY column
+do_test 1.8 { catch { execsql {
+ SELECT a, sum(b) OVER (
+ PARTITION BY a RANGE BETWEEN 1 PRECEDING AND 1 FOLLOWING
+ ) FROM t1 ORDER BY 1
+} } } 1
+
+# PG says ERROR: aggregate function calls cannot contain window function calls
+do_test 2.1 { catch { execsql {
+ SELECT sum( sum(a) OVER () ) FROM t1;
+} } } 1
+
+# PG says ERROR: column "xyz" does not exist
+do_test 2.2 { catch { execsql {
+ SELECT sum(a) OVER () AS xyz FROM t1 ORDER BY sum(xyz);
+} } } 1
+
+finish_test
--
2.24.1

442
SOURCES/sqlite-3.26.0-CVE-2019-5827.patch
View File

@ -1,442 +0,0 @@
Subject: [PATCH] Use the 64-bit memory allocator interfaces in extensions,
whenever possible and Enforce the SQLITE_LIMIT_COLUMN limit on virtual tables
---
ext/fts3/fts3_snippet.c | 7 ++++---
ext/fts3/fts3_test.c | 6 +++---
ext/fts3/fts3_tokenize_vtab.c | 2 +-
ext/fts3/fts3_tokenizer.c | 4 ++--
ext/fts3/fts3_write.c | 19 ++++++++++---------
ext/fts5/fts5_tokenize.c | 2 +-
ext/rtree/geopoly.c | 20 ++++++++++----------
src/build.c | 8 ++++----
src/expr.c | 2 +-
src/main.c | 2 +-
src/test_fs.c | 2 +-
src/util.c | 2 +-
src/vdbeaux.c | 8 +++++---
src/vdbesort.c | 4 ++--
src/vtab.c | 25 +++++++++++++++----------
15 files changed, 61 insertions(+), 52 deletions(-)
diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
index 5778620..efffff3 100644
--- a/ext/fts3/fts3_snippet.c
+++ b/ext/fts3/fts3_snippet.c
@@ -130,10 +130,11 @@ struct StrBuffer {
*/
static MatchinfoBuffer *fts3MIBufferNew(int nElem, const char *zMatchinfo){
MatchinfoBuffer *pRet;
- int nByte = sizeof(u32) * (2*nElem + 1) + sizeof(MatchinfoBuffer);
- int nStr = (int)strlen(zMatchinfo);
+ sqlite3_int64 nByte = sizeof(u32) * (2*(sqlite3_int64)nElem + 1)
+ + sizeof(MatchinfoBuffer);
+ sqlite3_int64 nStr = strlen(zMatchinfo);
- pRet = sqlite3_malloc(nByte + nStr+1);
+ pRet = sqlite3_malloc64(nByte + nStr+1);
if( pRet ){
memset(pRet, 0, nByte);
pRet->aMatchinfo[0] = (u8*)(&pRet->aMatchinfo[1]) - (u8*)pRet;
diff --git a/ext/fts3/fts3_test.c b/ext/fts3/fts3_test.c
index a48a556..0b4edcc 100644
--- a/ext/fts3/fts3_test.c
+++ b/ext/fts3/fts3_test.c
@@ -448,14 +448,14 @@ static int testTokenizerNext(
}else{
/* Advance to the end of the token */
const char *pToken = p;
- int nToken;
+ sqlite3_int64 nToken;
while( p<pEnd && testIsTokenChar(*p) ) p++;
- nToken = (int)(p-pToken);
+ nToken = (sqlite3_int64)(p-pToken);
/* Copy the token into the buffer */
if( nToken>pCsr->nBuffer ){
sqlite3_free(pCsr->aBuffer);
- pCsr->aBuffer = sqlite3_malloc(nToken);
+ pCsr->aBuffer = sqlite3_malloc64(nToken);
}
if( pCsr->aBuffer==0 ){
rc = SQLITE_NOMEM;
diff --git a/ext/fts3/fts3_tokenize_vtab.c b/ext/fts3/fts3_tokenize_vtab.c
index a3d24bc..5b4085b 100644
--- a/ext/fts3/fts3_tokenize_vtab.c
+++ b/ext/fts3/fts3_tokenize_vtab.c
@@ -346,7 +346,7 @@ static int fts3tokFilterMethod(
if( idxNum==1 ){
const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
int nByte = sqlite3_value_bytes(apVal[0]);
- pCsr->zInput = sqlite3_malloc(nByte+1);
+ pCsr->zInput = sqlite3_malloc64(nByte+1);
if( pCsr->zInput==0 ){
rc = SQLITE_NOMEM;
}else{
diff --git a/ext/fts3/fts3_tokenizer.c b/ext/fts3/fts3_tokenizer.c
index bfc36af..fe2003e 100644
--- a/ext/fts3/fts3_tokenizer.c
+++ b/ext/fts3/fts3_tokenizer.c
@@ -194,8 +194,8 @@ int sqlite3Fts3InitTokenizer(
int iArg = 0;
z = &z[n+1];
while( z<zEnd && (NULL!=(z = (char *)sqlite3Fts3NextToken(z, &n))) ){
- int nNew = sizeof(char *)*(iArg+1);
- char const **aNew = (const char **)sqlite3_realloc((void *)aArg, nNew);
+ sqlite3_int64 nNew = sizeof(char *)*(iArg+1);
+ char const **aNew = (const char **)sqlite3_realloc64((void *)aArg, nNew);
if( !aNew ){
sqlite3_free(zCopy);
sqlite3_free((void *)aArg);
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
index d57d265..5330b4c 100644
--- a/ext/fts3/fts3_write.c
+++ b/ext/fts3/fts3_write.c
@@ -1744,8 +1744,9 @@ int sqlite3Fts3SegReaderPending(
}
if( nElem>0 ){
- int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
- pReader = (Fts3SegReader *)sqlite3_malloc(nByte);
+ sqlite3_int64 nByte;
+ nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
+ pReader = (Fts3SegReader *)sqlite3_malloc64(nByte);
if( !pReader ){
rc = SQLITE_NOMEM;
}else{
@@ -3357,7 +3358,7 @@ static void fts3InsertDocsize(
int rc; /* Result code from subfunctions */
if( *pRC ) return;
- pBlob = sqlite3_malloc( 10*p->nColumn );
+ pBlob = sqlite3_malloc64( 10*(sqlite3_int64)p->nColumn );
if( pBlob==0 ){
*pRC = SQLITE_NOMEM;
return;
@@ -3407,7 +3408,7 @@ static void fts3UpdateDocTotals(
const int nStat = p->nColumn+2;
if( *pRC ) return;
- a = sqlite3_malloc( (sizeof(u32)+10)*nStat );
+ a = sqlite3_malloc64( (sizeof(u32)+10)*(sqlite3_int64)nStat );
if( a==0 ){
*pRC = SQLITE_NOMEM;
return;
@@ -3528,8 +3529,8 @@ static int fts3DoRebuild(Fts3Table *p){
}
if( rc==SQLITE_OK ){
- int nByte = sizeof(u32) * (p->nColumn+1)*3;
- aSz = (u32 *)sqlite3_malloc(nByte);
+ sqlite3_int64 nByte = sizeof(u32) * ((sqlite3_int64)p->nColumn+1)*3;
+ aSz = (u32 *)sqlite3_malloc64(nByte);
if( aSz==0 ){
rc = SQLITE_NOMEM;
}else{
@@ -3595,12 +3596,12 @@ static int fts3IncrmergeCsr(
){
int rc; /* Return Code */
sqlite3_stmt *pStmt = 0; /* Statement used to read %_segdir entry */
- int nByte; /* Bytes allocated at pCsr->apSegment[] */
+ sqlite3_int64 nByte; /* Bytes allocated at pCsr->apSegment[] */
/* Allocate space for the Fts3MultiSegReader.aCsr[] array */
memset(pCsr, 0, sizeof(*pCsr));
nByte = sizeof(Fts3SegReader *) * nSeg;
- pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc(nByte);
+ pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc64(nByte);
if( pCsr->apSegment==0 ){
rc = SQLITE_NOMEM;
@@ -5591,7 +5592,7 @@ int sqlite3Fts3UpdateMethod(
}
/* Allocate space to hold the change in document sizes */
- aSzDel = sqlite3_malloc( sizeof(aSzDel[0])*(p->nColumn+1)*2 );
+ aSzDel = sqlite3_malloc64(sizeof(aSzDel[0])*((sqlite3_int64)p->nColumn+1)*2);
if( aSzDel==0 ){
rc = SQLITE_NOMEM;
goto update_out;
diff --git a/ext/fts5/fts5_tokenize.c b/ext/fts5/fts5_tokenize.c
index af2bc22..029efc5 100644
--- a/ext/fts5/fts5_tokenize.c
+++ b/ext/fts5/fts5_tokenize.c
@@ -363,7 +363,7 @@ static int fts5UnicodeCreate(
p->bRemoveDiacritic = 1;
p->nFold = 64;
- p->aFold = sqlite3_malloc(p->nFold * sizeof(char));
+ p->aFold = sqlite3_malloc64(p->nFold * sizeof(char));
if( p->aFold==0 ){
rc = SQLITE_NOMEM;
}
diff --git a/ext/rtree/geopoly.c b/ext/rtree/geopoly.c
index f6a31f5..7b97f9b 100644
--- a/ext/rtree/geopoly.c
+++ b/ext/rtree/geopoly.c
@@ -261,7 +261,7 @@ static GeoPoly *geopolyParseJson(const unsigned char *z, int *pRc){
GeoPoly *pOut;
int x = 1;
s.nVertex--; /* Remove the redundant vertex at the end */
- pOut = sqlite3_malloc64( GEOPOLY_SZ(s.nVertex) );
+ pOut = sqlite3_malloc64( GEOPOLY_SZ((sqlite3_int64)s.nVertex) );
x = 1;
if( pOut==0 ) goto parse_json_err;
pOut->nVertex = s.nVertex;
@@ -644,7 +644,7 @@ static GeoPoly *geopolyBBox(
if( pRc ) *pRc = SQLITE_OK;
if( aCoord==0 ){
geopolyBboxFill:
- pOut = sqlite3_realloc(p, GEOPOLY_SZ(4));
+ pOut = sqlite3_realloc64(p, GEOPOLY_SZ(4));
if( pOut==0 ){
sqlite3_free(p);
if( context ) sqlite3_result_error_nomem(context);
@@ -1040,9 +1040,9 @@ static GeoSegment *geopolySortSegmentsByYAndC(GeoSegment *pList){
** Determine the overlap between two polygons
*/
static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
- int nVertex = p1->nVertex + p2->nVertex + 2;
+ sqlite3_int64 nVertex = p1->nVertex + p2->nVertex + 2;
GeoOverlap *p;
- int nByte;
+ sqlite3_int64 nByte;
GeoEvent *pThisEvent;
double rX;
int rc = 0;
@@ -1054,7 +1054,7 @@ static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
nByte = sizeof(GeoEvent)*nVertex*2
+ sizeof(GeoSegment)*nVertex
+ sizeof(GeoOverlap);
- p = sqlite3_malloc( nByte );
+ p = sqlite3_malloc64( nByte );
if( p==0 ) return -1;
p->aEvent = (GeoEvent*)&p[1];
p->aSegment = (GeoSegment*)&p->aEvent[nVertex*2];
@@ -1213,8 +1213,8 @@ static int geopolyInit(
){
int rc = SQLITE_OK;
Rtree *pRtree;
- int nDb; /* Length of string argv[1] */
- int nName; /* Length of string argv[2] */
+ sqlite3_int64 nDb; /* Length of string argv[1] */
+ sqlite3_int64 nName; /* Length of string argv[2] */
sqlite3_str *pSql;
char *zSql;
int ii;
@@ -1222,9 +1222,9 @@ static int geopolyInit(
sqlite3_vtab_config(db, SQLITE_VTAB_CONSTRAINT_SUPPORT, 1);
/* Allocate the sqlite3_vtab structure */
- nDb = (int)strlen(argv[1]);
- nName = (int)strlen(argv[2]);
- pRtree = (Rtree *)sqlite3_malloc(sizeof(Rtree)+nDb+nName+2);
+ nDb = strlen(argv[1]);
+ nName = strlen(argv[2]);
+ pRtree = (Rtree *)sqlite3_malloc64(sizeof(Rtree)+nDb+nName+2);
if( !pRtree ){
return SQLITE_NOMEM;
}
diff --git a/src/build.c b/src/build.c
index afe4171..1dc2614 100644
--- a/src/build.c
+++ b/src/build.c
@@ -3760,9 +3760,9 @@ void *sqlite3ArrayAllocate(
int *pIdx /* Write the index of a new slot here */
){
char *z;
- int n = *pnEntry;
+ sqlite3_int64 n = *pnEntry;
if( (n & (n-1))==0 ){
- int sz = (n==0) ? 1 : 2*n;
+ sqlite3_int64 sz = (n==0) ? 1 : 2*n;
void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
if( pNew==0 ){
*pIdx = -1;
@@ -3870,7 +3870,7 @@ SrcList *sqlite3SrcListEnlarge(
/* Allocate additional space if needed */
if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
SrcList *pNew;
- int nAlloc = pSrc->nSrc*2+nExtra;
+ sqlite3_int64 nAlloc = 2*(sqlite3_int64)pSrc->nSrc+nExtra;
int nGot;
pNew = sqlite3DbRealloc(db, pSrc,
sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
@@ -4612,7 +4612,7 @@ With *sqlite3WithAdd(
}
if( pWith ){
- int nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
+ sqlite3_int64 nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
pNew = sqlite3DbRealloc(db, pWith, nByte);
}else{
pNew = sqlite3DbMallocZero(db, sizeof(*pWith));
diff --git a/src/expr.c b/src/expr.c
index 5f98f76..d64b8eb 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -1547,7 +1547,7 @@ ExprList *sqlite3ExprListAppend(
}else if( (pList->nExpr & (pList->nExpr-1))==0 ){
ExprList *pNew;
pNew = sqlite3DbRealloc(db, pList,
- sizeof(*pList)+(2*pList->nExpr - 1)*sizeof(pList->a[0]));
+ sizeof(*pList)+(2*(sqlite3_int64)pList->nExpr-1)*sizeof(pList->a[0]));
if( pNew==0 ){
goto no_mem;
}
diff --git a/src/main.c b/src/main.c
index 46c8346..434b898 100644
--- a/src/main.c
+++ b/src/main.c
@@ -698,7 +698,7 @@ static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
pStart = 0;
}else if( pBuf==0 ){
sqlite3BeginBenignMalloc();
- pStart = sqlite3Malloc( sz*cnt ); /* IMP: R-61949-35727 */
+ pStart = sqlite3Malloc( sz*(sqlite3_int64)cnt ); /* IMP: R-61949-35727 */
sqlite3EndBenignMalloc();
if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
}else{
diff --git a/src/test_fs.c b/src/test_fs.c
index 8192beb..1feea46 100644
--- a/src/test_fs.c
+++ b/src/test_fs.c
@@ -744,7 +744,7 @@ static int fsColumn(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int i){
fstat(fd, &sbuf);
if( sbuf.st_size>=pCur->nAlloc ){
- int nNew = sbuf.st_size*2;
+ sqlite3_int64 nNew = sbuf.st_size*2;
char *zNew;
if( nNew<1024 ) nNew = 1024;
diff --git a/src/util.c b/src/util.c
index 96b0b14..7f2b977 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1572,7 +1572,7 @@ VList *sqlite3VListAdd(
assert( pIn==0 || pIn[0]>=3 ); /* Verify ok to add new elements */
if( pIn==0 || pIn[1]+nInt > pIn[0] ){
/* Enlarge the allocation */
- int nAlloc = (pIn ? pIn[0]*2 : 10) + nInt;
+ sqlite3_int64 nAlloc = (pIn ? 2*(sqlite3_int64)pIn[0] : 10) + nInt;
VList *pOut = sqlite3DbRealloc(db, pIn, nAlloc*sizeof(int));
if( pOut==0 ) return pIn;
if( pIn==0 ) pOut[1] = 2;
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index b74141b..ffc5d0b 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -125,9 +125,11 @@ static int growOpArray(Vdbe *v, int nOp){
** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
** size of the op array or add 1KB of space, whichever is smaller. */
#ifdef SQLITE_TEST_REALLOC_STRESS
- int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
+ sqlite3_int64 nNew = (p->nOpAlloc>=512 ? 2*(sqlite3_int64)p->nOpAlloc
+ : (sqlite3_int64)p->nOpAlloc+nOp);
#else
- int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
+ sqlite3_int64 nNew = (p->nOpAlloc ? 2*(sqlite3_int64)p->nOpAlloc
+ : (sqlite3_int64)1024/sizeof(Op));
UNUSED_PARAMETER(nOp);
#endif
@@ -875,7 +877,7 @@ void sqlite3VdbeScanStatus(
LogEst nEst, /* Estimated number of output rows */
const char *zName /* Name of table or index being scanned */
){
- int nByte = (p->nScan+1) * sizeof(ScanStatus);
+ sqlite3_int64 nByte = (p->nScan+1) * sizeof(ScanStatus);
ScanStatus *aNew;
aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
if( aNew ){
diff --git a/src/vdbesort.c b/src/vdbesort.c
index b30bc4e..d84a411 100644
--- a/src/vdbesort.c
+++ b/src/vdbesort.c
@@ -537,7 +537,7 @@ static int vdbePmaReadBlob(
/* Extend the p->aAlloc[] allocation if required. */
if( p->nAlloc<nByte ){
u8 *aNew;
- int nNew = MAX(128, p->nAlloc*2);
+ sqlite3_int64 nNew = MAX(128, 2*(sqlite3_int64)p->nAlloc);
while( nByte>nNew ) nNew = nNew*2;
aNew = sqlite3Realloc(p->aAlloc, nNew);
if( !aNew ) return SQLITE_NOMEM_BKPT;
@@ -1829,7 +1829,7 @@ int sqlite3VdbeSorterWrite(
if( nMin>pSorter->nMemory ){
u8 *aNew;
int iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
- int nNew = pSorter->nMemory * 2;
+ sqlite3_int64 nNew = 2 * (sqlite3_int64)pSorter->nMemory;
while( nNew < nMin ) nNew = nNew*2;
if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
if( nNew < nMin ) nNew = nMin;
diff --git a/src/vtab.c b/src/vtab.c
index 1b8d283..41c6093 100644
--- a/src/vtab.c
+++ b/src/vtab.c
@@ -302,9 +302,13 @@ void sqlite3VtabClear(sqlite3 *db, Table *p){
** string will be freed automatically when the table is
** deleted.
*/
-static void addModuleArgument(sqlite3 *db, Table *pTable, char *zArg){
- int nBytes = sizeof(char *)*(2+pTable->nModuleArg);
+static void addModuleArgument(Parse *pParse, Table *pTable, char *zArg){
+ sqlite3_int64 nBytes = sizeof(char *)*(2+pTable->nModuleArg);
char **azModuleArg;
+ sqlite3 *db = pParse->db;
+ if( pTable->nModuleArg+3>=db->aLimit[SQLITE_LIMIT_COLUMN] ){
+ sqlite3ErrorMsg(pParse, "too many columns on %s", pTable->zName);
+ }
azModuleArg = sqlite3DbRealloc(db, pTable->azModuleArg, nBytes);
if( azModuleArg==0 ){
sqlite3DbFree(db, zArg);
@@ -339,9 +343,9 @@ void sqlite3VtabBeginParse(
db = pParse->db;
assert( pTable->nModuleArg==0 );
- addModuleArgument(db, pTable, sqlite3NameFromToken(db, pModuleName));
- addModuleArgument(db, pTable, 0);
- addModuleArgument(db, pTable, sqlite3DbStrDup(db, pTable->zName));
+ addModuleArgument(pParse, pTable, sqlite3NameFromToken(db, pModuleName));
+ addModuleArgument(pParse, pTable, 0);
+ addModuleArgument(pParse, pTable, sqlite3DbStrDup(db, pTable->zName));
assert( (pParse->sNameToken.z==pName2->z && pName2->z!=0)
|| (pParse->sNameToken.z==pName1->z && pName2->z==0)
);
@@ -374,7 +378,7 @@ static void addArgumentToVtab(Parse *pParse){
const char *z = (const char*)pParse->sArg.z;
int n = pParse->sArg.n;
sqlite3 *db = pParse->db;
- addModuleArgument(db, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
+ addModuleArgument(pParse, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
}
}
@@ -663,7 +667,8 @@ static int growVTrans(sqlite3 *db){
/* Grow the sqlite3.aVTrans array if required */
if( (db->nVTrans%ARRAY_INCR)==0 ){
VTable **aVTrans;
- int nBytes = sizeof(sqlite3_vtab *) * (db->nVTrans + ARRAY_INCR);
+ sqlite3_int64 nBytes = sizeof(sqlite3_vtab*)*
+ ((sqlite3_int64)db->nVTrans + ARRAY_INCR);
aVTrans = sqlite3DbRealloc(db, (void *)db->aVTrans, nBytes);
if( !aVTrans ){
return SQLITE_NOMEM_BKPT;
@@ -1157,9 +1162,9 @@ int sqlite3VtabEponymousTableInit(Parse *pParse, Module *pMod){
pTab->pSchema = db->aDb[0].pSchema;
assert( pTab->nModuleArg==0 );
pTab->iPKey = -1;
- addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
- addModuleArgument(db, pTab, 0);
- addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
+ addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
+ addModuleArgument(pParse, pTab, 0);
+ addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
rc = vtabCallConstructor(db, pTab, pMod, pModule->xConnect, &zErr);
if( rc ){
sqlite3ErrorMsg(pParse, "%s", zErr);
--
2.30.2

73
SOURCES/sqlite-3.26.0-CVE-2020-13434.patch
View File

@ -1,73 +0,0 @@
Subject: [PATCH] Limit the "precision" of floating-point to text conversions
in the printf() function to 100,000,000.
---
src/printf.c | 12 ++++++++++++
test/printf.test | 16 +++++++++++++---
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/src/printf.c b/src/printf.c
index 7bce83f..260bf79 100644
--- a/src/printf.c
+++ b/src/printf.c
@@ -165,6 +165,13 @@ static char *getTextArg(PrintfArguments *p){
#endif
#define etBUFSIZE SQLITE_PRINT_BUF_SIZE /* Size of the output buffer */
+/*
+** Hard limit on the precision of floating-point conversions.
+*/
+#ifndef SQLITE_PRINTF_PRECISION_LIMIT
+# define SQLITE_FP_PRECISION_LIMIT 100000000
+#endif
+
/*
** Render a string given by "fmt" into the StrAccum object.
*/
@@ -471,6 +478,11 @@ void sqlite3_str_vappendf(
length = 0;
#else
if( precision<0 ) precision = 6; /* Set default precision */
+#ifdef SQLITE_FP_PRECISION_LIMIT
+ if( precision>SQLITE_FP_PRECISION_LIMIT ){
+ precision = SQLITE_FP_PRECISION_LIMIT;
+ }
+#endif
if( realvalue<0.0 ){
realvalue = -realvalue;
prefix = '-';
diff --git a/test/printf.test b/test/printf.test
index d768898..a2b5e2a 100644
--- a/test/printf.test
+++ b/test/printf.test
@@ -538,9 +538,11 @@ do_test printf-2.1.2.8 {
do_test printf-2.1.2.9 {
sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20
} {abc: 1 1 (1e-20) :xyz}
-do_test printf-2.1.2.10 {
- sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
-} {abc: }
+if {$SQLITE_MAX_LENGTH<=[expr 1000*1000*1000]} {
+ do_test printf-2.1.2.10 {
+ sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
+ } {}
+}
do_test printf-2.1.3.1 {
sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 1.0
} {abc: (1.0) :xyz}
@@ -3777,4 +3779,12 @@ foreach ::iRepeat {0 1} {
}
}
+# 2020-05-23
+# ticket 23439ea582241138
+#
+do_execsql_test printf-16.1 {
+ SELECT printf('%.*g',2147483647,0.01);
+} {0.01}
+
+
finish_test
--
2.24.1

144
SOURCES/sqlite-3.26.0-CVE-2020-13435.patch
View File

@ -1,144 +0,0 @@
Subject: [PATCH] When rewriting a query for window functions, if the rewrite
changes the depth of TK_AGG_FUNCTION nodes, be sure to adjust the Expr.op2
field appropriately.
diff --git a/src/resolve.c b/src/resolve.c
index cdcf4d9..c47f6bb 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -24,6 +24,8 @@
**
** incrAggFunctionDepth(pExpr,n) is the main routine. incrAggDepth(..)
** is a helper function - a callback for the tree walker.
+**
+** See also the sqlite3WindowExtraAggFuncDepth() routine in window.c
*/
static int incrAggDepth(Walker *pWalker, Expr *pExpr){
if( pExpr->op==TK_AGG_FUNCTION ) pExpr->op2 += pWalker->u.n;
diff --git a/src/select.c b/src/select.c
index a6d1757..6f5570c 100644
--- a/src/select.c
+++ b/src/select.c
@@ -1961,7 +1961,7 @@ int sqlite3ColumnsFromExprList(
assert( pColExpr!=0 );
}
assert( pColExpr->op!=TK_AGG_COLUMN );
- if( pColExpr->op==TK_COLUMN ){
+ if( pColExpr->op==TK_COLUMN && pColExpr->y.pTab ){
/* For columns use the column name name */
int iCol = pColExpr->iColumn;
Table *pTab = pColExpr->y.pTab;
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 1cf6937..ea9a7ae 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -3579,6 +3579,8 @@ void sqlite3WindowUpdate(Parse*, Window*, Window*, FuncDef*);
Window *sqlite3WindowDup(sqlite3 *db, Expr *pOwner, Window *p);
Window *sqlite3WindowListDup(sqlite3 *db, Window *p);
void sqlite3WindowFunctions(void);
+int sqlite3WalkerDepthIncrease(Walker*,Select*);
+void sqlite3WalkerDepthDecrease(Walker*,Select*);
#else
# define sqlite3WindowDelete(a,b)
# define sqlite3WindowFunctions()
diff --git a/src/walker.c b/src/walker.c
index c31d94f..8cd3b65 100644
--- a/src/walker.c
+++ b/src/walker.c
@@ -165,3 +165,16 @@ int sqlite3WalkSelect(Walker *pWalker, Select *p){
}while( p!=0 );
return WRC_Continue;
}
+
+/* Increase the walkerDepth when entering a subquery, and
+** descrease when leaving the subquery.
+*/
+int sqlite3WalkerDepthIncrease(Walker *pWalker, Select *pSelect){
+ UNUSED_PARAMETER(pSelect);
+ pWalker->walkerDepth++;
+ return WRC_Continue;
+}
+void sqlite3WalkerDepthDecrease(Walker *pWalker, Select *pSelect){
+ UNUSED_PARAMETER(pSelect);
+ pWalker->walkerDepth--;
+}
\ No newline at end of file
diff --git a/src/window.c b/src/window.c
index c65eadd..48d8090 100644
--- a/src/window.c
+++ b/src/window.c
@@ -738,6 +738,23 @@ static ExprList *exprListAppendList(
return pList;
}
+/*
+** When rewriting a query, if the new subquery in the FROM clause
+** contains TK_AGG_FUNCTION nodes that refer to an outer query,
+** then we have to increase the Expr->op2 values of those nodes
+** due to the extra subquery layer that was added.
+**
+** See also the incrAggDepth() routine in resolve.c
+*/
+static int sqlite3WindowExtraAggFuncDepth(Walker *pWalker, Expr *pExpr){
+ if( pExpr->op==TK_AGG_FUNCTION
+ && pExpr->op2>=pWalker->walkerDepth
+ ){
+ pExpr->op2++;
+ }
+ return WRC_Continue;
+}
+
/*
** If the SELECT statement passed as the second argument does not invoke
** any SQL window functions, this function is a no-op. Otherwise, it
@@ -827,14 +844,24 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
p->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
assert( p->pSrc || db->mallocFailed );
if( p->pSrc ){
+ Table *pTab2;
+ Walker w;
p->pSrc->a[0].pSelect = pSub;
sqlite3SrcListAssignCursors(pParse, p->pSrc);
- if( sqlite3ExpandSubquery(pParse, &p->pSrc->a[0]) ){
+ pTab2 = sqlite3ResultSetOfSelect(pParse, pSub);
+ if( pTab2==0 ){
rc = SQLITE_NOMEM;
}else{
pSub->selFlags |= SF_Expanded;
p->selFlags &= ~SF_Aggregate;
sqlite3SelectPrep(pParse, pSub, 0);
+ pTab2->tabFlags |= TF_Ephemeral;
+ p->pSrc->a[0].pTab = pTab2;
+ memset(&w, 0, sizeof(w));
+ w.xExprCallback = sqlite3WindowExtraAggFuncDepth;
+ w.xSelectCallback = sqlite3WalkerDepthIncrease;
+ w.xSelectCallback2 = sqlite3WalkerDepthDecrease;
+ sqlite3WalkSelect(&w, pSub);
}
sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pMWin->iEphCsr, pSublist->nExpr);
diff --git a/test/window1.test b/test/window1.test
index a8399a8..13ecc32 100644
--- a/test/window1.test
+++ b/test/window1.test
@@ -594,4 +594,20 @@ do_execsql_test 13.5 {
} {
}
+# 2020-05-23
+# ticket 7a5279a25c57adf1
+#
+reset_db
+do_execsql_test 53.0 {
+ CREATE TABLE a(c UNIQUE);
+ INSERT INTO a VALUES(4),(0),(9),(-9);
+ SELECT a.c
+ FROM a
+ JOIN a AS b ON a.c=4
+ JOIN a AS e ON a.c=e.c
+ WHERE a.c=(SELECT (SELECT coalesce(lead(2) OVER(),0) + sum(d.c))
+ FROM a AS d
+ WHERE a.c);
+} {4 4 4 4}
+
finish_test

88
SOURCES/sqlite-3.26.0-CVE-2020-13630.patch
View File

@ -1,88 +0,0 @@
Subject: [PATCH] Fix a use-after-free bug in the fts3 snippet() function.
---
ext/fts3/fts3.c | 1 +
test/fts3snippet2.test | 59 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 60 insertions(+)
create mode 100644 test/fts3snippet2.test
diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index 84fc8a5..9ddd201 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -5213,6 +5213,7 @@ static void fts3EvalNextRow(
fts3EvalNextRow(pCsr, pLeft, pRc);
}
}
+ pRight->bEof = pLeft->bEof = 1;
}
}
break;
diff --git a/test/fts3snippet2.test b/test/fts3snippet2.test
new file mode 100644
index 0000000..607b01e
--- /dev/null
+++ b/test/fts3snippet2.test
@@ -0,0 +1,59 @@
+# 2020-05-14
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#*************************************************************************
+#
+# The tests in this file test the FTS3 auxillary functions offsets(),
+# snippet() and matchinfo() work. At time of writing, running this file
+# provides full coverage of fts3_snippet.c.
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix fts3snippet
+
+# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
+ifcapable !fts3 { finish_test ; return }
+source $testdir/fts3_common.tcl
+
+set sqlite_fts3_enable_parentheses 1
+#-------------------------------------------------------------------------
+# Request a snippet from a query with more than 64 phrases.
+#
+reset_db
+do_execsql_test 1.0 {
+ CREATE VIRTUAL TABLE f USING fts3(b);
+ INSERT INTO f VALUES ( x'746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218');
+}
+
+do_execsql_test 1.1 {
+ SELECT length(snippet(f))>0 FROM f WHERE b MATCH x'1065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a010f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c2a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e082a011065616e656d655a616c702a2f65732e0f42014001380230018218021001081e0a3d746e6e6d64612e0f42';
+} {1}
+
+reset_db
+do_execsql_test 2.0 {
+ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
+ INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH x'0a4d4d4d4d320a4f52d70a310a310a4e4541520a0a31f6ce0a4f520a0a310a310a310a4f520a75fc2a242424' ;
+} {<b>1</b>}
+
+reset_db
+do_execsql_test 2.1 {
+ CREATE VIRTUAL TABLE t0 USING fts3(
+ col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY
+ );
+ INSERT INTO t0 VALUES ('one', '1234','aaaa','bbbb');
+}
+do_execsql_test 2.2 {
+ SELECT snippet(t0) FROM t0 WHERE t0 MATCH
+ '(def AND (one NEAR abc)) OR one'
+} {<b>one</b>}
+
+set sqlite_fts3_enable_parentheses 0
+finish_test
--
2.24.1

98
SOURCES/sqlite-3.26.0-CVE-2020-13631.patch
View File

@ -1,98 +0,0 @@
Subject: [PATCH] Do not allow a virtual table to be renamed into the name of
one of its shadows.
---
src/alter.c | 5 ++++-
src/build.c | 29 +++++++++++++++++++++++------
src/sqliteInt.h | 5 +++++
3 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/src/alter.c b/src/alter.c
index 1280e90..0fa24c0 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -117,7 +117,10 @@ void sqlite3AlterRenameTable(
/* Check that a table or index named 'zName' does not already exist
** in database iDb. If so, this is an error.
*/
- if( sqlite3FindTable(db, zName, zDb) || sqlite3FindIndex(db, zName, zDb) ){
+ if( sqlite3FindTable(db, zName, zDb)
+ || sqlite3FindIndex(db, zName, zDb)
+ || sqlite3IsShadowTableOf(db, pTab, zName)
+ ){
sqlite3ErrorMsg(pParse,
"there is already another table or index with this name: %s", zName);
goto exit_rename_table;
diff --git a/src/build.c b/src/build.c
index e0fed8a..afe4171 100644
--- a/src/build.c
+++ b/src/build.c
@@ -1899,6 +1899,28 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
recomputeColumnsNotIndexed(pPk);
}
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Return true if pTab is a virtual table and zName is a shadow table name
+** for that virtual table.
+*/
+int sqlite3IsShadowTableOf(sqlite3 *db, Table *pTab, const char *zName){
+ int nName; /* Length of zName */
+ Module *pMod; /* Module for the virtual table */
+
+ if( !IsVirtual(pTab) ) return 0;
+ nName = sqlite3Strlen30(pTab->zName);
+ if( sqlite3_strnicmp(zName, pTab->zName, nName)!=0 ) return 0;
+ if( zName[nName]!='_' ) return 0;
+ pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
+ if( pMod==0 ) return 0;
+ if( pMod->pModule->iVersion<3 ) return 0;
+ if( pMod->pModule->xShadowName==0 ) return 0;
+ return pMod->pModule->xShadowName(zName+nName+1);
+}
+#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
+
#ifndef SQLITE_OMIT_VIRTUALTABLE
/*
** Return true if zName is a shadow table name in the current database
@@ -1910,7 +1932,6 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
static int isShadowTableName(sqlite3 *db, char *zName){
char *zTail; /* Pointer to the last "_" in zName */
Table *pTab; /* Table that zName is a shadow of */
- Module *pMod; /* Module for the virtual table */
zTail = strrchr(zName, '_');
if( zTail==0 ) return 0;
@@ -1919,11 +1940,7 @@ static int isShadowTableName(sqlite3 *db, char *zName){
*zTail = '_';
if( pTab==0 ) return 0;
if( !IsVirtual(pTab) ) return 0;
- pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
- if( pMod==0 ) return 0;
- if( pMod->pModule->iVersion<3 ) return 0;
- if( pMod->pModule->xShadowName==0 ) return 0;
- return pMod->pModule->xShadowName(zTail+1);
+ return sqlite3IsShadowTableOf(db, pTab, zName);
}
#else
# define isShadowTableName(x,y) 0
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index b7d3571..76337f7 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -4407,6 +4407,11 @@ void sqlite3AutoLoadExtensions(sqlite3*);
);
# define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+ int sqlite3IsShadowTableOf(sqlite3*,Table*,const char*);
+#else
+# define sqlite3IsShadowTableOf(A,B,C) 0
+#endif
int sqlite3VtabEponymousTableInit(Parse*,Module*);
void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
void sqlite3VtabMakeWritable(Parse*,Table*);
--
2.24.1

67
SOURCES/sqlite-3.26.0-CVE-2020-13632.patch
View File

@ -1,67 +0,0 @@
Subject: [PATCH] Fix a null pointer deference that can occur on a strange
matchinfo() query.
---
ext/fts3/fts3_snippet.c | 2 +-
test/fts3matchinfo2.test | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
create mode 100644 test/fts3matchinfo2.test
diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
index a0771c0..5778620 100644
--- a/ext/fts3/fts3_snippet.c
+++ b/ext/fts3/fts3_snippet.c
@@ -869,7 +869,7 @@ static void fts3ExprLHits(
iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
}
- while( 1 ){
+ if( pIter ) while( 1 ){
int nHit = fts3ColumnlistCount(&pIter);
if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
if( p->flag==FTS3_MATCHINFO_LHITS ){
diff --git a/test/fts3matchinfo2.test b/test/fts3matchinfo2.test
new file mode 100644
index 0000000..d6b3ad0
--- /dev/null
+++ b/test/fts3matchinfo2.test
@@ -0,0 +1,35 @@
+# 2020-05-14
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for the FTS3 module. The focus
+# of this file is tables created with the "matchinfo=fts3" option.
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+# If SQLITE_ENABLE_FTS3 is not defined, omit this file.
+ifcapable !fts3 { finish_test ; return }
+
+set sqlite_fts3_enable_parentheses 1
+
+# Crash case found by cyg0810 at gmail.com 2020-05-14. Reported to
+# chromium (which is not vulnerable) who kindly referred it to us.
+#
+do_execsql_test 1.0 {
+ CREATE TABLE t_content(col0 INTEGER);
+ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY);
+ INSERT INTO t0 VALUES (1, '1234','aaaa','bbbb');
+ SELECT hex(matchinfo(t0,'yxy')) FROM t0 WHERE t0 MATCH x'2b0a312b0a312a312a2a0b5d0a0b0b0a312a0a0b0b0a312a0b310a392a0b0a27312a2a0b5d0a312a0b310a31315d0b310a312a316d2a0b313b15bceaa50a312a0b0a27312a2a0b5d0a312a0b310a312b0b2a310a312a0b2a0b2a0b2e5d0a0bff313336e34a2a312a0b0a3c310b0a0b4b4b0b4b2a4bec40322b2a0b310a0a312a0a0a0a0a0a0a0a0a0b310a312a2a2a0b5d0a0b0b0a312a0b310a312a0b0a4e4541530b310a5df5ced70a0a0a0a0a4f520a0a0a0a0a0a0a312a0b0a4e4541520b310a5d616161610a0a0a0a4f520a0a0a0a0a0a312b0a312a312a0a0a0a0a0a0a004a0b0a310b220a0b0a310a4a22310a0b0a7e6fe0e0e030e0e0e0e0e01176e02000e0e0e0e0e01131320226310a0b0a310a4a22310a0b0a310a766f8b8b4ee0e0300ae0090909090909090909090909090909090909090909090909090909090909090947aaaa540b09090909090909090909090909090909090909090909090909090909090909fae0e0f2f22164e0e0f273e07fefefef7d6dfafafafa6d6d6d6d';
+} {/000000.*0000000/}
+
+
+set sqlite_fts3_enable_parentheses 0
+finish_test
\ No newline at end of file
--
2.24.1

88
SOURCES/sqlite-3.26.0-CVE-2020-15358.patch
View File

@ -1,88 +0,0 @@
Subject: [PATCH] Fix a defect in the query-flattener optimization
---
src/select.c | 8 ++++----
src/sqliteInt.h | 1 +
test/selectA.test | 22 ++++++++++++++++++++++
3 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/src/select.c b/src/select.c
index 88a43df..a513d36 100644
--- a/src/select.c
+++ b/src/select.c
@@ -2686,9 +2686,7 @@ static int multiSelect(
selectOpName(p->op)));
rc = sqlite3Select(pParse, p, &uniondest);
testcase( rc!=SQLITE_OK );
- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
- sqlite3ExprListDelete(db, p->pOrderBy);
+ assert( p->pOrderBy==0 );
pDelete = p->pPrior;
p->pPrior = pPrior;
p->pOrderBy = 0;
@@ -4010,7 +4008,7 @@ static int flattenSubquery(
** We look at every expression in the outer query and every place we see
** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
*/
- if( pSub->pOrderBy ){
+ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
/* At this point, any non-zero iOrderByCol values indicate that the
** ORDER BY column expression is identical to the iOrderByCol'th
** expression returned by SELECT statement pSub. Since these values
@@ -5633,6 +5631,8 @@ int sqlite3Select(
sqlite3ExprListDelete(db, p->pOrderBy);
p->pOrderBy = 0;
p->selFlags &= ~SF_Distinct;
+ p->selFlags |= SF_NoopOrderBy;
+
}
sqlite3SelectPrep(pParse, p, 0);
if( pParse->nErr || db->mallocFailed ){
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 76337f7..60b2ebd 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -2874,6 +2874,7 @@ struct Select {
#define SF_Converted 0x10000 /* By convertCompoundSelectToSubquery() */
#define SF_IncludeHidden 0x20000 /* Include hidden columns in output */
#define SF_ComplexResult 0x40000 /* Result contains subquery or function */
+#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
/*
** The results of a SELECT can be distributed in several ways, as defined
diff --git a/test/selectA.test b/test/selectA.test
index 838e5f4..2626008 100644
--- a/test/selectA.test
+++ b/test/selectA.test
@@ -1446,5 +1446,27 @@ do_execsql_test 6.1 {
SELECT * FROM (SELECT a FROM t1 UNION SELECT b FROM t2) WHERE a=a;
} {12345}
+# 2020-06-15 ticket 8f157e8010b22af0
+#
+reset_db
+do_execsql_test 7.1 {
+ CREATE TABLE t1(c1); INSERT INTO t1 VALUES(12),(123),(1234),(NULL),('abc');
+ CREATE TABLE t2(c2); INSERT INTO t2 VALUES(44),(55),(123);
+ CREATE TABLE t3(c3,c4); INSERT INTO t3 VALUES(66,1),(123,2),(77,3);
+ CREATE VIEW t4 AS SELECT c3 FROM t3;
+ CREATE VIEW t5 AS SELECT c3 FROM t3 ORDER BY c4;
+}
+do_execsql_test 7.2 {
+ SELECT * FROM t1, t2 WHERE c1=(SELECT 123 INTERSECT SELECT c2 FROM t4) AND c1=123;
+} {123 123}
+do_execsql_test 7.3 {
+ SELECT * FROM t1, t2 WHERE c1=(SELECT 123 INTERSECT SELECT c2 FROM t5) AND c1=123;
+} {123 123}
+do_execsql_test 7.4 {
+ CREATE TABLE a(b);
+ CREATE VIEW c(d) AS SELECT b FROM a ORDER BY b;
+ SELECT sum(d) OVER( PARTITION BY(SELECT 0 FROM c JOIN a WHERE b =(SELECT b INTERSECT SELECT d FROM c) AND b = 123)) FROM c;
+} {}
+
finish_test
--
2.24.1

114
SOURCES/sqlite-3.26.0-CVE-2020-24736.patch
View File

@ -1,114 +0,0 @@
From f030b376820102ff6cda49565c8b8173b2d44606 Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Fri, 22 Feb 2019 19:24:16 +0000
Subject: [PATCH] Internally, remove all references to a Window object that
belongs to an expression in an ORDER BY clause if that expression is
converted to an alias of a result-set expression. Fix for [4feb3159c6].
FossilOrigin-Name: 579b66eaa0816561c6e47ea116b46f229188f0fc84c1173bfe0d21df2dff9a9a
---
src/resolve.c | 49 ++++++++++++++++++++++++++++++++++-------------
test/window1.test | 20 +++++++++++++++++++
2 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/src/resolve.c b/src/resolve.c
index 9410bc020..fd2cf539a 100644
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -1243,6 +1243,38 @@ int sqlite3ResolveOrderGroupBy(
return 0;
}
+#ifndef SQLITE_OMIT_WINDOWFUNC
+/*
+** Walker callback for resolveRemoveWindows().
+*/
+static int resolveRemoveWindowsCb(Walker *pWalker, Expr *pExpr){
+ if( ExprHasProperty(pExpr, EP_WinFunc) ){
+ Window **pp;
+ for(pp=&pWalker->u.pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
+ if( *pp==pExpr->y.pWin ){
+ *pp = (*pp)->pNextWin;
+ break;
+ }
+ }
+ }
+ return WRC_Continue;
+}
+
+/*
+** Remove any Window objects owned by the expression pExpr from the
+** Select.pWin list of Select object pSelect.
+*/
+static void resolveRemoveWindows(Select *pSelect, Expr *pExpr){
+ Walker sWalker;
+ memset(&sWalker, 0, sizeof(Walker));
+ sWalker.xExprCallback = resolveRemoveWindowsCb;
+ sWalker.u.pSelect = pSelect;
+ sqlite3WalkExpr(&sWalker, pExpr);
+}
+#else
+# define resolveRemoveWindows(x,y)
+#endif
+
/*
** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
** The Name context of the SELECT statement is pNC. zType is either
@@ -1309,19 +1341,10 @@ static int resolveOrderGroupBy(
}
for(j=0; j<pSelect->pEList->nExpr; j++){
if( sqlite3ExprCompare(0, pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
-#ifndef SQLITE_OMIT_WINDOWFUNC
- if( ExprHasProperty(pE, EP_WinFunc) ){
- /* Since this window function is being changed into a reference
- ** to the same window function the result set, remove the instance
- ** of this window function from the Select.pWin list. */
- Window **pp;
- for(pp=&pSelect->pWin; *pp; pp=&(*pp)->pNextWin){
- if( *pp==pE->y.pWin ){
- *pp = (*pp)->pNextWin;
- }
- }
- }
-#endif
+ /* Since this expresion is being changed into a reference
+ ** to an identical expression in the result set, remove all Window
+ ** objects belonging to the expression from the Select.pWin list. */
+ resolveRemoveWindows(pSelect, pE);
pItem->u.x.iOrderByCol = j+1;
}
}
diff --git a/test/window1.test b/test/window1.test
index 2c504205e..b3073985b 100644
--- a/test/window1.test
+++ b/test/window1.test
@@ -594,6 +594,26 @@
} {
}
+#-------------------------------------------------------------------------
+do_execsql_test 17.0 {
+ CREATE TABLE t8(a);
+ INSERT INTO t8 VALUES(1), (2), (3);
+}
+
+do_execsql_test 17.1 {
+ SELECT +sum(0) OVER () ORDER BY +sum(0) OVER ();
+} {0}
+
+do_execsql_test 17.2 {
+ select +sum(a) OVER () FROM t8 ORDER BY +sum(a) OVER () DESC;
+} {6 6 6}
+
+do_execsql_test 17.3 {
+ SELECT 10+sum(a) OVER (ORDER BY a)
+ FROM t8
+ ORDER BY 10+sum(a) OVER (ORDER BY a) DESC;
+} {16 13 11}
+
# 2020-05-23
# ticket 7a5279a25c57adf1
#
--
2.39.2

26
SOURCES/sqlite-3.26.0-CVE-2020-35525.patch
View File

@ -1,26 +0,0 @@
From 5f69512404cd2e5153ddf90ea277fbba6dd58ab7 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 20 Feb 2020 14:08:51 +0000
Subject: [PATCH] Early-out on the INTERSECT query processing following an
error.
FossilOrigin-Name: a67cf5b7d37d5b1484be32092635faafd8f76e5881898cd9435517c4b287d663
---
src/select.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/select.c b/src/select.c
index c60ff2700..b3ae9f415 100644
--- a/src/select.c
+++ b/src/select.c
@@ -2775,6 +2775,7 @@ static int multiSelect(
/* Generate code to take the intersection of the two temporary
** tables.
*/
+ if( rc ) break;
assert( p->pEList );
iBreak = sqlite3VdbeMakeLabel(v);
iCont = sqlite3VdbeMakeLabel(v);
--
2.37.3

55
SOURCES/sqlite-3.26.0-CVE-2020-35527.patch
View File

@ -1,55 +0,0 @@
From 0990c415f65d2556a5e4122cbe5727d500411aeb Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Sun, 23 Feb 2020 17:34:45 +0000
Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
FROM clause. Ticket [f50af3e8a565776b].
FossilOrigin-Name: c431b3fd8fd0f6a6974bba3e9366b0430ec003d570e7ce70ceefbcff5fe4b6fa
---
src/select.c | 2 +-
test/altertab.test | 17 +++++++++++++++++
4 files changed, 18 insertions(+), 1 deletions(-)
diff --git a/src/select.c b/src/select.c
index c60ff2700..fe0229ca8 100644
--- a/src/select.c
+++ b/src/select.c
@@ -5046,7 +5046,7 @@ static int selectExpander(Walker *pWalker, Select *p){
pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
sqlite3TokenInit(&sColname, zColname);
sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT){
struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
if( pSub ){
pX->zSpan = sqlite3DbStrDup(db, pSub->pEList->a[j].zSpan);
diff --git a/test/altertab.test b/test/altertab.test
index a3642070e..520502c3d 100644
--- a/test/altertab.test
+++ b/test/altertab.test
@@ -578,5 +578,21 @@ ifcapable fts3 {
SELECT * FROM z1_segments;
}
}
+# 2020-02-23 ticket f50af3e8a565776b
+reset_db
+do_execsql_test 19.100 {
+ CREATE TABLE t1(x);
+ CREATE VIEW t2 AS SELECT 1 FROM t1, (t1 AS a0, t1);
+ ALTER TABLE t1 RENAME TO t3;
+ SELECT sql FROM sqlite_master;
+} {{CREATE TABLE "t3"(x)} {CREATE VIEW t2 AS SELECT 1 FROM "t3", ("t3" AS a0, "t3")}}
+do_execsql_test 19.110 {
+ INSERT INTO t3(x) VALUES(123);
+ SELECT * FROM t2;
+} {1}
+do_execsql_test 19.120 {
+ INSERT INTO t3(x) VALUES('xyz');
+ SELECT * FROM t2;
+} {1 1 1 1 1 1 1 1}
finish_test
--
2.37.3

27
SOURCES/sqlite-3.26.0-CVE-2020-6405.patch
View File

@ -1,27 +0,0 @@
From 1668926bc3c7da0b2870a60382b179a0e3edb5de Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 26 Mar 2020 08:14:29 +0100
Subject: [PATCH] Do not allow the constant-propagation optimization to apple
to ON/USING clause terms as it does not help and it might cause downstream
problems.
---
src/select.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/select.c b/src/select.c
index bbd13a4..88a43df 100644
--- a/src/select.c
+++ b/src/select.c
@@ -4171,7 +4171,7 @@ static int propagateConstantExprRewrite(Walker *pWalker, Expr *pExpr){
int i;
WhereConst *pConst;
if( pExpr->op!=TK_COLUMN ) return WRC_Continue;
- if( ExprHasProperty(pExpr, EP_FixedCol) ) return WRC_Continue;
+ if( ExprHasProperty(pExpr, EP_FixedCol|EP_FromJoin) ) return WRC_Continue;
pConst = pWalker->u.pConst;
for(i=0; i<pConst->nConst; i++){
Expr *pColumn = pConst->apExpr[i*2];
--
2.24.1

106
SOURCES/sqlite-3.26.0-CVE-2020-9327.patch
View File

@ -1,106 +0,0 @@
From 2d788539b0018d34d3cabb328387ba6bec41ec42 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 26 Mar 2020 09:43:43 +0100
Subject: [PATCH] NULL pointer dereference and segmentation fault because of
generated column optimizations
Take care when checking the table of a TK_COLUMN expression node to
see if the table is a virtual table to first ensure that the
Expr.y.pTab pointer is not null due to generated column optimizations.
---
src/expr.c | 13 ++++++++++---
src/sqliteInt.h | 3 +++
src/whereexpr.c | 12 ++++++++----
3 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/src/expr.c b/src/expr.c
index b081ca2..5f98f76 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -4901,18 +4901,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){
case TK_LT:
case TK_LE:
case TK_GT:
- case TK_GE:
+ case TK_GE: {
+ Expr *pLeft = pExpr->pLeft;
+ Expr *pRight = pExpr->pRight;
testcase( pExpr->op==TK_EQ );
testcase( pExpr->op==TK_NE );
testcase( pExpr->op==TK_LT );
testcase( pExpr->op==TK_LE );
testcase( pExpr->op==TK_GT );
testcase( pExpr->op==TK_GE );
- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))
- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))
+ /* The y.pTab=0 assignment in wherecode.c always happens after the
+ ** impliesNotNullRow() test */
+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)
+ && IsVirtual(pLeft->y.pTab))
+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)
+ && IsVirtual(pRight->y.pTab))
){
return WRC_Prune;
}
+ }
default:
return WRC_Continue;
}
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 051aa40..5f5f3cc 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -2014,8 +2014,11 @@ struct Table {
*/
#ifndef SQLITE_OMIT_VIRTUALTABLE
# define IsVirtual(X) ((X)->nModuleArg)
+# define ExprIsVtab(X) \
+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)
#else
# define IsVirtual(X) 0
+# define ExprIsVtab(X) 0
#endif
/*
diff --git a/src/whereexpr.c b/src/whereexpr.c
index dbb7f0d..9d2813a 100644
--- a/src/whereexpr.c
+++ b/src/whereexpr.c
@@ -382,7 +382,8 @@ static int isAuxiliaryVtabOperator(
** MATCH(expression,vtab_column)
*/
pCol = pList->a[1].pExpr;
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+ if( ExprIsVtab(pCol) ){
for(i=0; i<ArraySize(aOp); i++){
if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
*peOp2 = aOp[i].eOp2;
@@ -404,7 +405,8 @@ static int isAuxiliaryVtabOperator(
** with function names in an arbitrary case.
*/
pCol = pList->a[0].pExpr;
- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+ if( ExprIsVtab(pCol) ){
sqlite3_vtab *pVtab;
sqlite3_module *pMod;
void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
@@ -427,10 +429,12 @@ static int isAuxiliaryVtabOperator(
int res = 0;
Expr *pLeft = pExpr->pLeft;
Expr *pRight = pExpr->pRight;
- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){
+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );
+ if( ExprIsVtab(pLeft) ){
res++;
}
- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){
+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );
+ if( pRight && ExprIsVtab(pRight) ){
res++;
SWAP(Expr*, pLeft, pRight);
}
--
2.24.1

89
SOURCES/sqlite-3.26.0-out-of-bounds-read.patch
View File

@ -1,89 +0,0 @@
From eca47c8481b0c2f09a7818ed2bce0ad27b1dae27 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Wed, 26 Jun 2019 12:25:10 +0200
Subject: [PATCH] Fixed out of bounds heap read in function rtreenode()
Enhance the rtreenode() function of rtree (used for
testing) so that it uses the newer sqlite3_str object
for better performance and improved error reporting.
Test cases added to TH3.
Resolves: #1723338
Version: 3.26.0-4
---
ext/rtree/rtree.c | 35 ++++++++++++++++-------------------
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
index 4b044cb..87d0de0 100644
--- a/ext/rtree/rtree.c
+++ b/ext/rtree/rtree.c
@@ -3711,49 +3711,46 @@ rtreeInit_fail:
** <num-dimension>*2 coordinates.
*/
static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
- char *zText = 0;
RtreeNode node;
Rtree tree;
int ii;
+ int nData;
+ int errCode;
+ sqlite3_str *pOut;
UNUSED_PARAMETER(nArg);
memset(&node, 0, sizeof(RtreeNode));
memset(&tree, 0, sizeof(Rtree));
tree.nDim = (u8)sqlite3_value_int(apArg[0]);
+ if( tree.nDim<1 || tree.nDim>5 ) return;
tree.nDim2 = tree.nDim*2;
tree.nBytesPerCell = 8 + 8 * tree.nDim;
node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
+ nData = sqlite3_value_bytes(apArg[1]);
+ if( nData<4 ) return;
+ if( nData<NCELL(&node)*tree.nBytesPerCell ) return;
+ pOut = sqlite3_str_new(0);
for(ii=0; ii<NCELL(&node); ii++){
- char zCell[512];
- int nCell = 0;
RtreeCell cell;
int jj;
nodeGetCell(&tree, &node, ii, &cell);
- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
- nCell = (int)strlen(zCell);
+ if( ii>0 ) sqlite3_str_append(pOut, " ", 1);
+ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid);
for(jj=0; jj<tree.nDim2; jj++){
#ifndef SQLITE_RTREE_INT_ONLY
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
- (double)cell.aCoord[jj].f);
+ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f);
#else
- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
- cell.aCoord[jj].i);
+ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i);
#endif
- nCell = (int)strlen(zCell);
- }
-
- if( zText ){
- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
- sqlite3_free(zText);
- zText = zTextNew;
- }else{
- zText = sqlite3_mprintf("{%s}", zCell);
}
+ sqlite3_str_append(pOut, "}", 1);
}
- sqlite3_result_text(ctx, zText, -1, sqlite3_free);
+ errCode = sqlite3_str_errcode(pOut);
+ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free);
+ sqlite3_result_error_code(ctx, errCode);
}
/* This routine implements an SQL function that returns the "depth" parameter
--
2.19.1

71
SOURCES/sqlite-3.26.0-zPath-covscan.patch
View File

@ -1,71 +0,0 @@
From 75525dbdf9b7ed003e343c42710e8b13f73a7607 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 23 Jan 2020 15:08:13 +0100
Subject: [PATCH] Fix buffer underflows in the zipfile extension associated
with zero-length or NULL filename in the ZIP archive. But report on the
mailing list by Yongheng and Rui.
---
ext/misc/zipfile.c | 14 +++++++++-----
test/zipfile.test | 13 +++++++++++++
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e6141ef..7fd4074 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1433,8 +1433,8 @@ static int zipfileGetMode(
** identical, ignoring any trailing '/' character in either path. */
static int zipfileComparePath(const char *zA, const char *zB, int nB){
int nA = (int)strlen(zA);
- if( zA[nA-1]=='/' ) nA--;
- if( zB[nB-1]=='/' ) nB--;
+ if( nA>0 && zA[nA-1]=='/' ) nA--;
+ if( nB>0 && zB[nB-1]=='/' ) nB--;
if( nA==nB && memcmp(zA, zB, nA)==0 ) return 0;
return 1;
}
@@ -1628,11 +1628,15 @@ static int zipfileUpdate(
** '/'. This appears to be required for compatibility with info-zip
** (the unzip command on unix). It does not create directories
** otherwise. */
- if( zPath[nPath-1]!='/' ){
+ if( nPath<=0 || zPath[nPath-1]!='/' ){
zFree = sqlite3_mprintf("%s/", zPath);
- if( zFree==0 ){ rc = SQLITE_NOMEM; }
zPath = (const char*)zFree;
- nPath = (int)strlen(zPath);
+ if( zFree==0 ){
+ rc = SQLITE_NOMEM;
+ nPath = 0;
+ }else{
+ nPath = (int)strlen(zPath);
+ }
}
}
diff --git a/test/zipfile.test b/test/zipfile.test
index e4b8088..9f07c0a 100644
--- a/test/zipfile.test
+++ b/test/zipfile.test
@@ -821,4 +821,17 @@ do_execsql_test 14.10 {
PRAGMA integrity_check;
} {3 ok}
+# 2019-12-26 More problems in zipfile from the Yongheng and Rui fuzzer
+#
+do_execsql_test 15.10 {
+ DROP TABLE IF EXISTS t1;
+ CREATE VIRTUAL TABLE t1 USING zipfile(null);
+ REPLACE INTO t1 VALUES(null,null,0,null,null,null,null);
+} {}
+do_execsql_test 15.20 {
+ DROP TABLE IF EXISTS t2;
+ CREATE VIRTUAL TABLE t2 USING zipfile(null);
+ REPLACE INTO t2 values(null,null,null,null,null,10,null);
+} {}
+
finish_test
--
2.19.1

21
SOURCES/sqlite-3.6.23-lemon-system-template.patch
View File

@ -1,21 +0,0 @@
diff -up sqlite-3.6.23/tool/lemon.c.system-template sqlite-3.6.23/tool/lemon.c
--- sqlite-3.6.23/tool/lemon.c.system-template 2010-03-10 16:40:35.000000000 +0200
+++ sqlite-3.6.23/tool/lemon.c 2010-03-10 16:40:39.000000000 +0200
@@ -3363,6 +3363,8 @@ PRIVATE FILE *tplt_open(struct lemon *le
tpltname = buf;
}else if( access(templatename,004)==0 ){
tpltname = templatename;
+ }else if( access("/usr/share/lemon/lempar.c", R_OK)==0){
+ tpltname = "/usr/share/lemon/lempar.c";
}else{
tpltname = pathsearch(lemp->argv0,templatename,0);
}
@@ -3374,7 +3376,7 @@ PRIVATE FILE *tplt_open(struct lemon *le
}
in = fopen(tpltname,"rb");
if( in==0 ){
- fprintf(stderr,"Can't open the template file \"%s\".\n",templatename);
+ fprintf(stderr,"Can't open the template file \"%s\".\n",tpltname);
lemp->errorcnt++;
return 0;
}

37
SOURCES/sqlite-3.7.7.1-stupid-openfiles-test.patch
View File

@ -1,37 +0,0 @@
--- sqlite-src-3240000/test/oserror.test.old 2018-06-05 08:40:35.656122573 +0200
+++ sqlite-src-3240000/test/oserror.test 2018-06-05 08:40:45.614935197 +0200
@@ -51,20 +51,20 @@
# a call to getcwd() may fail if there are no free file descriptors. So
# an error may be reported for either open() or getcwd() here.
#
-if {![clang_sanitize_address]} {
- do_test 1.1.1 {
- set ::log [list]
- list [catch {
- for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
- } msg] $msg
- } {1 {unable to open database file}}
- do_test 1.1.2 {
- catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
- } {1}
- do_re_test 1.1.3 {
- lindex $::log 0
- } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
-}
+#if {![clang_sanitize_address]} {
+# do_test 1.1.1 {
+# set ::log [list]
+# list [catch {
+# for {set i 0} {$i < 20000} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
+# } msg] $msg
+# } {1 {unable to open database file}}
+# do_test 1.1.2 {
+# catch { for {set i 0} {$i < 20000} {incr i} { dbh_$i close } }
+# } {1}
+# do_re_test 1.1.3 {
+# lindex $::log 0
+# } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
+#}
# Test a failure in open() due to the path being a directory.

137
SOURCES/sqlite-3.8.10.1-tcl-regress-tests.patch
View File

@ -1,137 +0,0 @@
This patch disables a test which caused failed assertion in tcl 8.6.3.
According to sqlite upstream[1], this should be fixed in tcl 8.6.5.
[1] http://mailinglists.sqlite.org/cgi-bin/mailman/private/sqlite-users/2015-May/059518.html
diff -up sqlite-src-3130000/test/shell1.test.orig sqlite-src-3130000/test/shell1.test
--- sqlite-src-3140100/test/shell1.test.orig 2016-08-12 02:17:02.000000000 +0200
+++ sqlite-src-3140100/test/shell1.test 2016-08-15 15:00:59.869664051 +0200
@@ -855,67 +855,67 @@ do_test shell1-4.6 {
# Test using arbitrary byte data with the shell via standard input/output.
#
-do_test shell1-5.0 {
- #
- # NOTE: Skip NUL byte because it appears to be incompatible with command
- # shell argument parsing.
- #
- for {set i 1} {$i < 256} {incr i} {
- #
- # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
- # command channels opened for it as textual ones), the carriage
- # return character (and on Windows, the end-of-file character)
- # cannot be used here.
- #
- if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
- continue
- }
- if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
- if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
- set hex [format %02X $i]
- set char [subst \\x$hex]; set oldChar $char
- set escapes [list]
- if {$tcl_platform(platform)=="windows"} {
- #
- # NOTE: On Windows, we need to escape all the whitespace characters,
- # the alarm (\a) character, and those with special meaning to
- # the SQLite shell itself.
- #
- set escapes [list \
- \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
- } else {
- #
- # NOTE: On Unix, we need to escape most of the whitespace characters
- # and those with special meaning to the SQLite shell itself.
- # The alarm (\a), backspace (\b), and carriage-return (\r)
- # characters do not appear to require escaping on Unix. For
- # the alarm and backspace characters, this is probably due to
- # differences in the command shell. For the carriage-return,
- # it is probably due to differences in how Tcl handles command
- # channel end-of-line translations.
- #
- set escapes [list \
- \t \\t \n \\n \v \\v \f \\f \
- " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
- }
- set char [string map $escapes $char]
- set x [catchcmdex test.db ".print $char\n"]
- set code [lindex $x 0]
- set res [lindex $x 1]
- if {$code ne "0"} {
- error "failed with error: $res"
- }
- if {$res ne "$oldChar\n"} {
- if {[llength $res] > 0} {
- set got [format %02X [scan $res %c]]
- } else {
- set got <empty>
- }
- error "failed with byte $hex mismatch, got $got"
- }
- }
-} {}
+#do_test shell1-5.0 {
+# #
+# # NOTE: Skip NUL byte because it appears to be incompatible with command
+# # shell argument parsing.
+# #
+# for {set i 1} {$i < 256} {incr i} {
+# #
+# # NOTE: Due to how the Tcl [exec] command works (i.e. where it treats
+# # command channels opened for it as textual ones), the carriage
+# # return character (and on Windows, the end-of-file character)
+# # cannot be used here.
+# #
+# if {$i==0x0D || ($tcl_platform(platform)=="windows" && $i==0x1A)} {
+# continue
+# }
+# if {$i>=0xE0 && $tcl_platform(os)=="OpenBSD"} continue
+# if {$i>=0xE0 && $i<=0xEF && $tcl_platform(os)=="Linux"} continue
+# set hex [format %02X $i]
+# set char [subst \\x$hex]; set oldChar $char
+# set escapes [list]
+# if {$tcl_platform(platform)=="windows"} {
+# #
+# # NOTE: On Windows, we need to escape all the whitespace characters,
+# # the alarm (\a) character, and those with special meaning to
+# # the SQLite shell itself.
+# #
+# set escapes [list \
+# \a \\a \b \\b \t \\t \n \\n \v \\v \f \\f \r \\r \
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
+# } else {
+# #
+# # NOTE: On Unix, we need to escape most of the whitespace characters
+# # and those with special meaning to the SQLite shell itself.
+# # The alarm (\a), backspace (\b), and carriage-return (\r)
+# # characters do not appear to require escaping on Unix. For
+# # the alarm and backspace characters, this is probably due to
+# # differences in the command shell. For the carriage-return,
+# # it is probably due to differences in how Tcl handles command
+# # channel end-of-line translations.
+# #
+# set escapes [list \
+# \t \\t \n \\n \v \\v \f \\f \
+# " " "\" \"" \" \\\" ' \"'\" \\ \\\\]
+# }
+# set char [string map $escapes $char]
+# set x [catchcmdex test.db ".print $char\n"]
+# set code [lindex $x 0]
+# set res [lindex $x 1]
+# if {$code ne "0"} {
+# error "failed with error: $res"
+# }
+# if {$res ne "$oldChar\n"} {
+# if {[llength $res] > 0} {
+# set got [format %02X [scan $res %c]]
+# } else {
+# set got <empty>
+# }
+# error "failed with byte $hex mismatch, got $got"
+# }
+# }
+#} {}
# These test cases do not work on MinGW
if 0 {

23
STAGE2-sqlite Normal file
View File

@ -0,0 +1,23 @@
#####################################################
# sqlite is choking on sqlite_int64 definition
#####################################################
mcd $BUILDDIR/sqlite
export CFLAGS="$RPM_OPT_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -Wall -fno-strict-aliasing"
$SRC/sqlite-*/configure --disable-tcl --enable-threadsafe --enable-threads-override-locks --enable-load-extension $TCONFIGARGS
# the compile would fail here, so on a host you need to run
# tclsh ../../rpmbuild/BUILD/sqlite-src-3070500/tool/mksqlite3h.tcl ../../rpmbuild/BUILD/sqlite-src-3070500 > sqlite3.h
cp ../../rpmbuild/BUILD/sqlite-src-*/sqlite3.h.stage1 sqlite3.h
# Also possibly add -ldl to TLIB in the Makefile
if egrep '^TLIBS.*ldl' Makefile > /dev/null
then
true
else
sed 's/^\(TLIBS = .*\)/\1 -ldl/' Makefile > Makefile.stage2
mv Makefile.stage2 Makefile
fi
make $J
make $J install

10
ci.fmf Normal file
View File

@ -0,0 +1,10 @@
/test:
summary:
Basic set of quick tests for sqlite.
discover:
- name: fedora
how: fmf
url: "https://src.fedoraproject.org/tests/sqlite.git"
ref: main
execute:
how: tmt

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

3
sources Normal file
View File

@ -0,0 +1,3 @@
SHA512 (sqlite-doc-3340100.zip) = 20cbb9f05cd329bf7aa2877431781e46192544806042f4104e4eb0e87d84cd2dfc02c7ff226d4bef9bb2c6a69cc612201844d116abe99b0cfed9602adf243a60
SHA512 (sqlite-src-3340100.zip) = 5ed02fe609b3d08c3297cc43b21e6ee3f56fb51a6616ac391a0e50cd1677dbad03c6bf9bf9c8409cf94b83b16fe6b6e4a112640b18c7d4fd95328066da3c3943
SHA512 (sqlite-autoconf-3340100.tar.gz) = adaa306ebacfbeeea6efe71aa964b1dee4a05ade794c55c7afad8693ed291354e9daa2449226c4dc50fbfa5919dfc9a17dea946f01171ff63d472af78cbed987

0
SOURCES/sqlite-3.12.2-no-malloc-usable-size.patch → sqlite-3.12.2-no-malloc-usable-size.patch
View File

0
SOURCES/sqlite-3.16-datetest-2.2c.patch → sqlite-3.16-datetest-2.2c.patch
View File

0
SOURCES/sqlite-3.18.0-sync2-dirsync.patch → sqlite-3.18.0-sync2-dirsync.patch
View File

0
SOURCES/sqlite-3.26.0-CVE-2022-35737.patch → sqlite-3.26.0-CVE-2022-35737.patch
View File

0
SOURCES/sqlite-3.34.1-CVE-2023-7104.patch → sqlite-3.34.1-CVE-2023-7104.patch
View File

76
sqlite-3.34.1-covscan-rhel-9.patch Normal file
View File

@ -0,0 +1,76 @@
Subject: [PATCH] * Fix a potential memory leak following OOM in the decimal
extension. * Fix minor coverity warnings in the CLI.
---
ext/misc/decimal.c | 9 +++++----
src/shell.c.in | 10 +++++-----
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/ext/misc/decimal.c b/ext/misc/decimal.c
index a8d68ac..79fc91f 100644
--- a/ext/misc/decimal.c
+++ b/ext/misc/decimal.c
@@ -459,10 +459,11 @@ static void decimalSubFunc(
Decimal *pA = decimal_new(context, argv[0], 0, 0);
Decimal *pB = decimal_new(context, argv[1], 0, 0);
UNUSED_PARAMETER(argc);
- if( pB==0 ) return;
- pB->sign = !pB->sign;
- decimal_add(pA, pB);
- decimal_result(context, pA);
+ if( pB ) {
+ pB->sign = !pB->sign;
+ decimal_add(pA, pB);
+ decimal_result(context, pA);
+ }
decimal_free(pA);
decimal_free(pB);
}
diff --git a/src/shell.c.in b/src/shell.c.in
index 2d98d23..8258687 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -6715,6 +6715,7 @@ static void shellExec(sqlite3 *db, int *pRc, const char *zSql){
if( rc!=SQLITE_OK ){
raw_printf(stderr, "SQL error: %s\n", zErr);
}
+ sqlite3_free(zErr);
*pRc = rc;
}
}
@@ -8017,7 +8018,6 @@ static int do_meta_command(char *zLine, ShellState *p){
if( c=='f' && strncmp(azArg[0], "fullschema", n)==0 ){
ShellState data;
- char *zErrMsg = 0;
int doStats = 0;
memcpy(&data, p, sizeof(data));
data.showHeader = 0;
@@ -8039,7 +8039,7 @@ static int do_meta_command(char *zLine, ShellState *p){
" SELECT sql, type, tbl_name, name, rowid FROM sqlite_temp_schema) "
"WHERE type!='meta' AND sql NOTNULL AND name NOT LIKE 'sqlite_%' "
"ORDER BY rowid",
- callback, &data, &zErrMsg
+ callback, &data, 0
);
if( rc==SQLITE_OK ){
sqlite3_stmt *pStmt;
@@ -8055,12 +8055,12 @@ static int do_meta_command(char *zLine, ShellState *p){
}else{
raw_printf(p->out, "ANALYZE sqlite_schema;\n");
sqlite3_exec(p->db, "SELECT 'ANALYZE sqlite_schema'",
- callback, &data, &zErrMsg);
+ callback, &data, 0);
data.cMode = data.mode = MODE_Insert;
data.zDestTable = "sqlite_stat1";
- shell_exec(&data, "SELECT * FROM sqlite_stat1", &zErrMsg);
+ shell_exec(&data, "SELECT * FROM sqlite_stat1", 0);
data.zDestTable = "sqlite_stat4";
- shell_exec(&data, "SELECT * FROM sqlite_stat4", &zErrMsg);
+ shell_exec(&data, "SELECT * FROM sqlite_stat4", 0);
raw_printf(p->out, "ANALYZE sqlite_schema;\n");
}
}else
--
2.31.1

13
sqlite-3.6.23-lemon-system-template.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/tool/lemon.c b/tool/lemon.c
index 54c8946..ac14a06 100644
--- a/tool/lemon.c
+++ b/tool/lemon.c
@@ -3668,6 +3668,8 @@ PRIVATE FILE *tplt_open(struct lemon *lemp)
tpltname = buf;
}else if( access(templatename,004)==0 ){
tpltname = templatename;
+ }else if( access("/usr/share/lemon/lempar.c", R_OK)==0){
+ tpltname = "/usr/share/lemon/lempar.c";
}else{
toFree = tpltname = pathsearch(lemp->argv0,templatename,0);
}

0
SOURCES/sqlite-3.8.0-percentile-test.patch → sqlite-3.8.0-percentile-test.patch
View File

346
SPECS/sqlite.spec → sqlite.spec
View File

@ -1,111 +1,44 @@
# bcond default logic is nicely backwards...
%bcond_without tcl
%bcond_without sqldiff
%bcond_with static
%bcond_without check
%define realver 3260000
%define docver 3260000
%define rpmver 3.26.0
%define realver 3340100
%define docver 3340100
%define rpmver 3.34.1
%define year 2021
Summary: Library that implements an embeddable SQL database engine
Name: sqlite
Version: %{rpmver}
Release: 19%{?dist}
Release: 7%{?dist}
License: Public Domain
Group: Applications/Databases
URL: http://www.sqlite.org/
Source0: http://www.sqlite.org/2017/sqlite-src-%{realver}.zip
Source1: http://www.sqlite.org/2017/sqlite-doc-%{docver}.zip
Source2: http://www.sqlite.org/2017/sqlite-autoconf-%{realver}.tar.gz
Source0: http://www.sqlite.org/%{year}/sqlite-src-%{realver}.zip
Source1: http://www.sqlite.org/%{year}/sqlite-doc-%{docver}.zip
Source2: http://www.sqlite.org/%{year}/sqlite-autoconf-%{realver}.tar.gz
# Support a system-wide lemon template
Patch1: sqlite-3.6.23-lemon-system-template.patch
# Shut up stupid tests depending on system settings of allowed open fd's
Patch2: sqlite-3.7.7.1-stupid-openfiles-test.patch
# sqlite >= 3.7.10 is buggy if malloc_usable_size() is detected, disable it:
# https://bugzilla.redhat.com/show_bug.cgi?id=801981
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665363
Patch3: sqlite-3.12.2-no-malloc-usable-size.patch
Patch2: sqlite-3.12.2-no-malloc-usable-size.patch
# Temporary workaround for failed percentile test, see patch for details
Patch4: sqlite-3.8.0-percentile-test.patch
# Disable test failing due to tcl regression. Details in patch file.
Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
Patch3: sqlite-3.8.0-percentile-test.patch
# Disable test date-2.2c on i686
Patch7: sqlite-3.16-datetest-2.2c.patch
Patch4: sqlite-3.16-datetest-2.2c.patch
# Modify sync2.test to pass with DIRSYNC turned off
Patch8: sqlite-3.18.0-sync2-dirsync.patch
# Fix for CVE-2019-8457 (rhbz#1723338)
# https://www.sqlite.org/src/info/90acdbfce9c08858
Patch9: sqlite-3.26.0-out-of-bounds-read.patch
# Fix for CVE-2019-13752
Patch10: sqlite-3.26-CVE-2019-13752.patch
# Fix for CVE-2019-13753
Patch11: sqlite-3.26-CVE-2019-13753.patch
# Fix for CVE-2019-13734
Patch12: sqlite-3.26.0-CVE-2019-13734.patch
# Fix for CVE-2019-19924
Patch13: sqlite-3.26.0-CVE-2019-19924.patch
# Fix for CVE-2019-19923
Patch14: sqlite-3.26.0-CVE-2019-19923.patch
# Fix for CVE-2019-19925
Patch15: sqlite-3.26.0-CVE-2019-19925.patch
# Fix for CVE-2019-19959
Patch16: sqlite-3.26.0-CVE-2019-19959.patch
# Fix for issues found by covscan
Patch17: sqlite-3.26.0-zPath-covscan.patch
# Fix for CVE-2019-20218
Patch18: sqlite-3.26.0-CVE-2019-20218.patch
# Fix for CVE-2020-6405
Patch19: sqlite-3.26.0-CVE-2020-6405.patch
# Fix for CVE-2020-9327
Patch20: sqlite-3.26.0-CVE-2020-9327.patch
# Fix for CVE-2019-16168
Patch21: sqlite-3.26.0-CVE-2019-16168.patch
# Fix for CVE-2019-5018
Patch22: sqlite-3.26.0-CVE-2019-5018.patch
# Fix for CVE-2020-13632
Patch23: sqlite-3.26.0-CVE-2020-13632.patch
# Fix for CVE-2020-13631
Patch24: sqlite-3.26.0-CVE-2020-13631.patch
# Fix for CVE-2020-13630
Patch25: sqlite-3.26.0-CVE-2020-13630.patch
# Fix for CVE-2020-13434
# upstream commit: https://www.sqlite.org/src/info/d08d3405878d394e
Patch26: sqlite-3.26.0-CVE-2020-13434.patch
# Fix for CVE-2020-15358
# upstream commit: https://www.sqlite.org/src/info/10fa79d00f8091e5
Patch27: sqlite-3.26.0-CVE-2020-15358.patch
# Fix for CVE-2019-5827
# https://www.sqlite.org/src/info/0b6ae032c28e7fe3
# https://www.sqlite.org/src/info/07ee06fd390bfebe
Patch28: sqlite-3.26.0-CVE-2019-5827.patch
# Fix for CVE-2019-13750
# https://github.com/sqlite/sqlite/commit/397a78d4a1864111f488a51d296810e7ef037893
# https://www.sqlite.org/src/info/70390bbca49e7066
Patch29: sqlite-3.26.0-CVE-2019-13750.patch
# Fix for CVE-2019-13751
# https://github.com/sqlite/sqlite/commit/70d1a1a3ed64d7bd82fd90268e4c9cf208ca1be0
Patch30: sqlite-3.26.0-CVE-2019-13751.patch
# Fix for CVE-2019-19603
# https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
Patch31: sqlite-3.26.0-CVE-2019-19603.patch
# Fix for CVE-2020-13435
# https://www.sqlite.org/src/info/ad7bb70af9bb68d1
Patch34: sqlite-3.26.0-CVE-2020-13435.patch
# Fix for CVE-2020-35527
# https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
Patch35: sqlite-3.26.0-CVE-2020-35527.patch
# Fix for CVE-2020-35525
# https://www.sqlite.org/src/info/a67cf5b7d37d5b14
Patch36: sqlite-3.26.0-CVE-2020-35525.patch
# Fix for CVE-2022-35737
# https://www.sqlite.org/src/info/26db4fc22fe66658
Patch37: sqlite-3.26.0-CVE-2022-35737.patch
# Fix for CVE-2020-24736
# https://www.sqlite.org/src/info/579b66eaa0816561
Patch38: sqlite-3.26.0-CVE-2020-24736.patch
Patch39: sqlite-3.34.1-CVE-2023-7104.patch
Patch5: sqlite-3.18.0-sync2-dirsync.patch
# Fixed covscan issues for rhel-9
Patch6: sqlite-3.34.1-covscan-rhel-9.patch
# Fixed CVE-2022-35737
Patch7: sqlite-3.26.0-CVE-2022-35737.patch
Patch8: sqlite-3.34.1-CVE-2023-7104.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: ncurses-devel readline-devel glibc-devel
BuildRequires: autoconf
%if %{with tcl}
@ -132,9 +65,7 @@ are named to permit each to be installed on a single host
%package devel
Summary: Development tools for the sqlite3 embeddable SQL database engine
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
%description devel
@ -144,7 +75,6 @@ to install %{name}-devel.
%package libs
Summary: Shared library for the sqlite3 embeddable SQL database engine.
Group: Development/Libraries
# Ensure updates from pre-split work on multi-lib systems
Obsoletes: %{name} < 3.11.0-1
@ -155,7 +85,6 @@ This package contains the shared library for %{name}.
%package doc
Summary: Documentation for sqlite
Group: Documentation
BuildArch: noarch
%description doc
@ -165,7 +94,6 @@ C/C++ interface specs and other miscellaneous documentation.
%package -n lemon
Summary: A parser generator
Group: Development/Tools
%description -n lemon
Lemon is an LALR(1) parser generator for C or C++. It does the same
@ -178,12 +106,21 @@ that can be used to eliminate resource leaks, making is suitable for
use in long-running programs such as graphical user interfaces or
embedded controllers.
%if %{with sqldiff}
%package tools
Summary: %{name} tools
Group: Development/Tools
%description tools
%{name} related tools. Currently contains only sqldiff.
- sqldiff: The sqldiff binary is a command-line utility program
that displays the differences between SQLite databases.
%endif
%if %{with tcl}
%package tcl
Summary: Tcl module for the sqlite3 embeddable SQL database engine
Group: Development/Languages
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Requires: tcl(abi) = %{tcl_version}
%description tcl
@ -191,7 +128,6 @@ This package contains the tcl modules for %{name}.
%package analyzer
Summary: An analysis program for sqlite3 database files
Group: Development/Tools
Requires: %{name} = %{version}-%{release}
Requires: tcl(abi) = %{tcl_version}
@ -204,42 +140,13 @@ This package contains the analysis program for %{name}.
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 6 -p1
%ifarch %{ix86}
%patch -P 7 -p1
%patch -P 4 -p1
%endif
%patch -P 5 -p1
%patch -P 6 -p1
%patch -P 7 -p1
%patch -P 8 -p1
%patch -P 9 -p1
%patch -P 10 -p1
%patch -P 11 -p1
%patch -P 12 -p1
%patch -P 13 -p1
%patch -P 14 -p1
%patch -P 15 -p1
%patch -P 16 -p1
%patch -P 17 -p1
%patch -P 18 -p1
%patch -P 19 -p1
%patch -P 20 -p1
%patch -P 21 -p1
%patch -P 22 -p1
%patch -P 23 -p1
%patch -P 24 -p1
%patch -P 25 -p1
%patch -P 26 -p1
%patch -P 27 -p1
%patch -P 28 -p1
%patch -P 29 -p1
%patch -P 30 -p1
%patch -P 31 -p1
%patch -P 34 -p1
%patch -P 35 -p1
%patch -P 36 -p1
%patch -P 37 -p1
%patch -P 38 -p1
%patch -P 39 -p1
# Remove backup-file
rm -f %{name}-doc-%{docver}/sqlite.css~ || :
@ -248,12 +155,14 @@ autoconf # Rerun with new autoconf to add support for aarm64
%build
export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
-DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
-DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=1 \
-DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1 \
-DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \
-DSQLITE_ENABLE_FTS4=1 \
-Wall -fno-strict-aliasing"
%configure %{!?with_tcl:--disable-tcl} \
--enable-fts4 \
--enable-fts5 \
--enable-threadsafe \
--enable-threads-override-locks \
@ -264,16 +173,21 @@ export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags}
%make_build
# Build sqlite3_analyzer
# depends on tcl
%if %{with tcl}
make %{?_smp_mflags} sqlite3_analyzer
%make_build sqlite3_analyzer
%endif
# Build sqldiff
%if %{with tcl}
%make_build sqldiff
%endif
%install
make DESTDIR=${RPM_BUILD_ROOT} install
%make_install
install -D -m0644 sqlite3.1 $RPM_BUILD_ROOT/%{_mandir}/man1/sqlite3.1
install -D -m0755 lemon $RPM_BUILD_ROOT/%{_bindir}/lemon
@ -286,6 +200,11 @@ chmod 0755 ${RPM_BUILD_ROOT}/%{tcl_sitearch}/sqlite3/*.so
install -D -m0755 sqlite3_analyzer $RPM_BUILD_ROOT/%{_bindir}/sqlite3_analyzer
%endif
# Install sqldiff
%if %{with tcl}
install -D -m0755 sqldiff $RPM_BUILD_ROOT/%{_bindir}/sqldiff
%endif
%if ! %{with static}
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.{la,a}
%endif
@ -303,7 +222,7 @@ rm test/csv01.test
%endif
make test
%endif # with check
%endif #with check
%ldconfig_scriptlets libs
@ -335,85 +254,118 @@ make test
%files tcl
%{tcl_sitearch}/sqlite3
%if %{with sqldiff}
%files tools
%{_bindir}/sqldiff
%endif
%files analyzer
%{_bindir}/sqlite3_analyzer
%endif
%changelog
* Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-19
- Fixed CVE-2023-7104
* Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-7
- Fixes CVE-2023-7104
* Fri Apr 14 2023 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-18
- Fixed CVE-2022-24736
* Fri Nov 18 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-6
- Fixes CVE-2022-35737
* Tue Nov 15 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-17
- Fixed CVE-2022-35737
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.34.1-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Sep 05 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.26.0-16
- Fixed CVE-2020-35527
- Fixed CVE-2020-35525
* Tue May 18 2021 Petr Kubat <pkubat@redhat.com> - 3.26.0-15
- Removing fix for CVE-2019-19645 (unaffected)
- Removing fix for CVE-2019-19880 (unaffected)
* Thu Apr 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-14
- Fixed CVE-2019-5827 (#1710184)
- Fixed CVE-2019-13750 (#1786510)
- Fixed CVE-2019-13751 (#1786522)
- Fixed CVE-2019-19603 (#1792013)
- Fixed CVE-2020-13435 (#1841233)
* Tue Dec 01 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-13
- enabled fts3conf.test on s390x and ppc64 architectures
* Mon Aug 17 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-12
- Fixed CVE-2020-13434 (#1845843)
- Fixed CVE-2020-15358 (#1855208)
* Fri Aug 07 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-11
- Fixed bug in CVE-2019-20218 (#1791592)
* Wed Jun 10 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-10
- Fixed CVE-2020-13632 (#1845572)
- Fixed CVE-2020-13631 (#1845474)
- Fixed CVE-2020-13630 (#1845153)
* Tue Jun 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-9
- Fixed CVE-2019-5018 (#1721509)
* Thu Apr 23 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-8
- Fixed CVE-2019-16168 (#1826897)
* Tue Mar 24 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-7
- Fixed CVE-2019-20218 (#1791592)
- Fixed CVE-2020-6405 (#1804823)
- Fixed CVE-2020-0327 (#1816572)
* Thu Jan 23 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-6
* Fri Jul 09 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.34.1-4
- Fixed issues found by covscan
* Thu Jan 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-5
- Fixed CVE-2019-13752 (#1786529)
- Fixed CVE-2019-13753 (#1786535)
- Fixed CVE-2019-13734 (#1786509)
- Fixed CVE-2019-19924 (#1789776)
- Fixed CVE-2019-19923 (#1789812)
- Fixed CVE-2019-19925 (#1789808)
- Fixed CVE-2019-19959 (#1789823)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.34.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jun 26 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.26.0-4
- Fixed CVE-2019-8457 (#1723338)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.34.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-3
- Rebuild to pick up latest test sources by the CI
* Thu Jan 21 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.34.1-1
- Updated to version 3.34.1 (https://sqlite.org/releaselog/3_34_1.html)
* Thu Jan 03 2019 Petr Kubat <pkubat@redhat.com> - 3.26.0-2
- Add explicit sqlite-libs requires to tcl and devel subpackages
* Wed Dec 02 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.34.0-1
- Updated to version 3.34.0 (https://sqlite.org/releaselog/3_34_0.html)
- Enabled fts3conf.test on s390x and ppc64 architectures
* Mon Dec 17 2018 Petr Kubat <pkubat@redhat.com> - 3.26.0-1
* Fri Oct 09 2020 Sheng Mao <shngmao@gmail.com> - 3.33.0-2
- Enable FTS4 extensions (rhbz#1887106)
* Fri Aug 14 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.33.0-1
- Updated to version 3.33.0 (https://sqlite.org/releaselog/3_33_0.html)
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.32.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.32.3-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Fri Jun 19 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.3-1
- Updated to version 3.32.3 (https://sqlite.org/releaselog/3_32_3.html)
* Fri Jun 05 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.2-1
- Updated to version 3.32.2 (https://sqlite.org/releaselog/3_32_2.html)
* Tue May 26 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.1-1
- Updated to version 3.32.1 (https://sqlite.org/releaselog/3_32_1.html)
* Mon May 25 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.32.0-1
- Updated to version 3.32.0 (https://sqlite.org/releaselog/3_32_0.html)
* Wed Feb 05 2020 Ondrej Dubaj <odubaj@redhat.com> - 3.31.1-1
- Updated to version 3.31.1 (https://sqlite.org/releaselog/3_31_1.html)
- updated spec file, deleted useless patches
- Resolved s390 arch incompatibility
- Modified FTS tests to support big endian platforms
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.30.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 20 2020 Petr Kubat <pkubat@redhat.com> - 3.30.1-3
- introduce sqlite-tools package
* Thu Jan 9 2020 Tom Callaway <spot@fedoraproject.org> - 3.30.1-2
- apply upstream fix for CVE-2019-19926 (bz1789441)
* Mon Oct 14 2019 Petr Kubat <pkubat@redhat.com> - 3.30.1-1
- Updated to version 3.30.1 (https://sqlite.org/releaselog/3_30_1.html)
* Mon Oct 07 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.30.0-1
- Updated to version 3.30.0 (https://sqlite.org/releaselog/3_30_0.html)
- updated spec file, deleted useless patches
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.29.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 16 2019 Petr Kubat <pkubat@redhat.com> - 3.29.0-1
- Updated to version 3.29.0 (https://sqlite.org/releaselog/3_29_0.html)
- Remove stupid-openfiles-test patch as the upstream test should now
work properly even on systems with larger number of file descriptors
Related: https://sqlite.org/src/info/a27b0b880d76c683
* Mon May 13 2019 Petr Kubat <pkubat@redhat.com> - 3.28.0-1
- Updated to version 3.28.0 (https://sqlite.org/releaselog/3_28_0.html)
* Thu Feb 28 2019 Petr Kubat <pkubat@redhat.com> - 3.27.2-1
- Updated to version 3.27.2 (https://sqlite.org/releaselog/3_27_2.html)
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.26.0-3
- Rebuild for readline 8.0
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.26.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Dec 12 2018 Petr Kubat <pkubat@redhat.com> - 3.26.0-1
- Updated to version 3.26.0 (https://sqlite.org/releaselog/3_26_0.html)
Fixes fts3/4 corrupt database exploit (#1659684)
* Thu Oct 11 2018 Petr Kubat <pkubat@redhat.com> - 3.25.2-1
- Updated to version 3.25.2 (https://sqlite.org/releaselog/3_25_2.html)
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.24.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 05 2018 Petr Kubat <pkubat@redhat.com> - 3.24.0-1
- Updated to version 3.24.0 (https://sqlite.org/releaselog/3_24_0.html)