From 180cfc41ac157acdef701417fc1909ebfd8e3a3a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 14 2020 22:43:59 +0000 Subject: import sqlite-3.26.0-8.el8 --- diff --git a/SOURCES/sqlite-3.26.0-CVE-2019-16168.patch b/SOURCES/sqlite-3.26.0-CVE-2019-16168.patch new file mode 100644 index 0000000..d968605 --- /dev/null +++ b/SOURCES/sqlite-3.26.0-CVE-2019-16168.patch @@ -0,0 +1,65 @@ +From ab17169870e985b062e520ecf95e6c79ad784f38 Mon Sep 17 00:00:00 2001 +From: Ondrej Dubaj +Date: Thu, 23 Apr 2020 11:25:13 +0200 +Subject: [PATCH] fixed CVE-2019-16168 (rhbz#1826897) + +--- + src/analyze.c | 4 +++- + src/where.c | 1 + + test/analyzeC.test | 13 +++++++++++++ + 3 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/src/analyze.c b/src/analyze.c +index 5075b57..e47c0f5 100644 +--- a/src/analyze.c ++++ b/src/analyze.c +@@ -1497,7 +1497,9 @@ static void decodeIntArray( + if( sqlite3_strglob("unordered*", z)==0 ){ + pIndex->bUnordered = 1; + }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ +- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); ++ int sz = sqlite3Atoi(z+3); ++ if( sz<2 ) sz = 2; ++ pIndex->szIdxRow = sqlite3LogEst(sz); + }else if( sqlite3_strglob("noskipscan*", z)==0 ){ + pIndex->noSkipScan = 1; + } +diff --git a/src/where.c b/src/where.c +index 8e01660..1a4fa51 100644 +--- a/src/where.c ++++ b/src/where.c +@@ -2655,6 +2655,7 @@ static int whereLoopAddBtreeIndex( + ** it to pNew->rRun, which is currently set to the cost of the index + ** seek only. Then, if this is a non-covering index, add the cost of + ** visiting the rows in the main table. */ ++ assert( pSrc->pTab->szTabRow>0 ); + rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; + pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); + if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ +diff --git a/test/analyzeC.test b/test/analyzeC.test +index 02faa9c..3595c9d 100644 +--- a/test/analyzeC.test ++++ b/test/analyzeC.test +@@ -132,6 +132,19 @@ do_execsql_test 4.3 { + SELECT count(a) FROM t1; + } {/.*INDEX t1ca.*/} + ++# 2019-08-15. ++# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901 ++# The sz=N parameter in the sqlite_stat1 table needs to have a value of ++# 2 or more to avoid a division by zero in the query planner. ++# ++do_execsql_test 4.4 { ++ DROP TABLE IF EXISTS t44; ++ CREATE TABLE t44(a PRIMARY KEY); ++ INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0'); ++ ANALYZE sqlite_master; ++ SELECT 0 FROM t44 WHERE a IN(1,2,3); ++} {} ++ + + # The sz=NNN parameter works even if there is other extraneous text + # in the sqlite_stat1.stat column. +-- +2.24.1 + diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec index d586e91..e1f717a 100644 --- a/SPECS/sqlite.spec +++ b/SPECS/sqlite.spec @@ -10,7 +10,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 7%{?dist} +Release: 8%{?dist} License: Public Domain Group: Applications/Databases URL: http://www.sqlite.org/ @@ -59,6 +59,8 @@ Patch18: sqlite-3.26.0-CVE-2019-20218.patch Patch19: sqlite-3.26.0-CVE-2020-6405.patch # Fix for CVE-2020-9327 Patch20: sqlite-3.26.0-CVE-2020-9327.patch +# Fix for CVE-2019-16168 +Patch21: sqlite-3.26.0-CVE-2019-16168.patch BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: autoconf @@ -176,6 +178,7 @@ This package contains the analysis program for %{name}. %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 # Remove backup-file rm -f %{name}-doc-%{docver}/sqlite.css~ || : @@ -280,6 +283,9 @@ make test %endif %changelog +* Thu Apr 23 2020 Ondrej Dubaj - 3.26.0-8 +- Fixed CVE-2019-16168 (#1826897) + * Tue Mar 24 2020 Ondrej Dubaj - 3.26.0-7 - Fixed CVE-2019-20218 (#1791592) - Fixed CVE-2020-6405 (#1804823)