Fix CVE-2023-7104

Resolves: RHEL-20479

.fmf/version

@@ -0,0 +1 @@
+1

.sqlite.metadata

@@ -0,0 +1,3 @@
+5abb2e1f4962f0c67ab40df18793e9de890db85e sqlite-doc-3340100.zip
+7bc3127488860a67b2437d46fdb8abfb46b36e7e sqlite-src-3340100.zip
+c20286e11fe5c2e3712ce74890e1692417de6890 sqlite-autoconf-3340100.tar.gz

ci.fmf

@@ -0,0 +1,10 @@
+/test:
+  summary:
+      Basic set of quick tests for sqlite.
+  discover:
+    - name: fedora
+      how: fmf
+      url: "https://src.fedoraproject.org/tests/sqlite.git"
+      ref: main
+  execute:
+      how: tmt

sqlite-3.34.1-CVE-2023-7104.patch

@@ -0,0 +1,42 @@
+From 09f1652f36c5c4e8a6a640ce887f9ea0f48a7958 Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index 9f862f2465..0491549231 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -2811,15 +2811,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.43.0
+

sqlite.spec

@@ -12,7 +12,7 @@
 Summary: Library that implements an embeddable SQL database engine
 Name: sqlite
 Version: %{rpmver}
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: Public Domain
 URL: http://www.sqlite.org/
 
@@ -35,6 +35,7 @@ Patch5: sqlite-3.18.0-sync2-dirsync.patch
 Patch6: sqlite-3.34.1-covscan-rhel-9.patch
 # Fixed CVE-2022-35737
 Patch7: sqlite-3.26.0-CVE-2022-35737.patch
+Patch8: sqlite-3.34.1-CVE-2023-7104.patch
 
 BuildRequires: make
 BuildRequires:  gcc
@@ -136,15 +137,16 @@ This package contains the analysis program for %{name}.
 
 %prep
 %setup -q -a1 -n %{name}-src-%{realver}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
 %ifarch %{ix86}
-%patch4 -p1
+%patch -P 4 -p1
 %endif
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
+%patch -P 8 -p1
 
 # Remove backup-file
 rm -f %{name}-doc-%{docver}/sqlite.css~ || :
@@ -262,6 +264,9 @@ make test
 %endif
 
 %changelog
+* Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-7
+- Fixes CVE-2023-7104
+
 * Fri Nov 18 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-6
 - Fixes CVE-2022-35737
 

tests/basic/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/sqlite3/Sanity/basic
-#   Description: Basic test for python and sqlite3 DB
-#   Author: Branislav Nater <bnater@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/sqlite3/Sanity/basic
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE sqlite3-test.py
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Branislav Nater <bnater@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Basic test for python and sqlite DB" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          sqlite3" >> $(METADATA)
-	@echo "Requires:        python sqlite" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/basic/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/sqlite3/Sanity/basic
-Description: Basic test for python and sqlite3 DB
-Author: Branislav Nater <bnater@redhat.com>

tests/basic/runtest.sh

@@ -1,57 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/sqlite3/Sanity/basic
-#   Description: Basic test for python and sqlite3 DB
-#   Author: Branislav Nater <bnater@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include rhts environment
-. /usr/bin/rhts-environment.sh
-. /usr/lib/beakerlib/beakerlib.sh
-
-PACKAGES=${PACKAGES:-"python2 sqlite"}
-REQUIRES=${REQUIRES:-sqlite}
-PYTHON=${PYTHON:-python}
-
-rlJournalStart
-  rlPhaseStartSetup
-    rlAssertRpm --all
-    rlAssertBinaryOrigin $PYTHON
-    rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-    rlRun "cp sqlite3-test.py $TmpDir" 0 "Copy test script to $TmpDir"
-    rlRun "pushd $TmpDir"
-  rlPhaseEnd
-
-  rlGetTestState && {
-    rlPhaseStartTest
-        rlRun "$PYTHON sqlite3-test.py"
-    rlPhaseEnd
-  }
-
-  rlPhaseStartCleanup
-    rlRun "popd"
-    rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-  rlPhaseEnd
-rlJournalEnd
-rlJournalPrintText

tests/basic/sqlite3-test.py

@@ -1,37 +0,0 @@
-#!/usr/bin/python
-
-import sqlite3
-import sys
-
-conn = None
-
-try:
-    conn = sqlite3.connect('test.db')
-
-    cur = conn.cursor()
-
-    cur.execute('SELECT SQLITE_VERSION()')
-    ver = cur.fetchone()
-    print("SQLite version: %s" % ver)
-
-    # Create a new table 'Writers'
-    cur.execute("CREATE TABLE Writers(Id INTEGER PRIMARY KEY AUTOINCREMENT, \
-             Name VARCHAR(25))")
-    cur.execute("INSERT INTO Writers(Name) VALUES('Jack London')")
-    cur.execute("INSERT INTO Writers(Name) VALUES('Honore de Balzac')")
-    cur.execute("INSERT INTO Writers(Name) VALUES('Lion Feuchtwanger')")
-
-    # Retrieve data
-    for row in cur.execute("SELECT * FROM Writers"):
-        print(row)
-
-    cur.execute("DROP TABLE Writers")
-
-except (sqlite3.Error) as e:
-    print("Error %s:" % e.args[0])
-    sys.exit(1)
-
-finally:
-
-    if conn:
-        conn.close()

tests/tests.yml

@@ -1,16 +0,0 @@
----
-# Tests to run in a classic environment
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    - container
-    tests:
-    - basic
-    required_packages:
-    - findutils         # beakerlib needs find command
-    - which
-    - python2
-    - sqlite
-