diff --git a/SOURCES/sqlite-3.26.0-CVE-2022-35737.patch b/SOURCES/sqlite-3.26.0-CVE-2022-35737.patch new file mode 100644 index 0000000..963e119 --- /dev/null +++ b/SOURCES/sqlite-3.26.0-CVE-2022-35737.patch @@ -0,0 +1,31 @@ +From 077e17b59a98eb8839ecfef661e7305fdb3e898d Mon Sep 17 00:00:00 2001 +From: drh <> +Date: Mon, 18 Jul 2022 15:02:00 +0000 +Subject: [PATCH] Increase the size of loop variables in the printf() + implementation to avoid harmless compiler warnings. + +FossilOrigin-Name: aab790a16e1bdff78759f9c9ae87a2559ba82dd34ef3dedfb66035a0db7067a7 +--- + manifest | 12 ++++++------ + manifest.uuid | 2 +- + src/printf.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/printf.c b/src/printf.c +index f0bfa5327..3602e1fcb 100644 +--- a/src/printf.c ++++ b/src/printf.c +@@ -803,8 +803,8 @@ void sqlite3_str_vappendf( + case etSQLESCAPE: /* %q: Escape ' characters */ + case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */ + case etSQLESCAPE3: { /* %w: Escape " characters */ +- int i, j, k, n, isnull; +- int needQuote; ++ i64 i, j, k, n; ++ int needQuote, isnull; + char ch; + char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */ + char *escarg; +-- +2.38.1 + diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec index b9d06ca..5cfc43b 100644 --- a/SPECS/sqlite.spec +++ b/SPECS/sqlite.spec @@ -12,7 +12,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 5%{?dist} +Release: 6%{?dist} License: Public Domain URL: http://www.sqlite.org/ @@ -33,6 +33,8 @@ Patch4: sqlite-3.16-datetest-2.2c.patch Patch5: sqlite-3.18.0-sync2-dirsync.patch # Fixed covscan issues for rhel-9 Patch6: sqlite-3.34.1-covscan-rhel-9.patch +# Fixed CVE-2022-35737 +Patch7: sqlite-3.26.0-CVE-2022-35737.patch BuildRequires: make BuildRequires: gcc @@ -142,6 +144,7 @@ This package contains the analysis program for %{name}. %endif %patch5 -p1 %patch6 -p1 +%patch7 -p1 # Remove backup-file rm -f %{name}-doc-%{docver}/sqlite.css~ || : @@ -259,6 +262,9 @@ make test %endif %changelog +* Fri Nov 18 2022 Zuzana Miklankova - 3.34.1-6 +- Fixes CVE-2022-35737 + * Tue Aug 10 2021 Mohan Boddu - 3.34.1-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688