diff --git a/SOURCES/sqlite-3.26.0-CVE-2019-19645.patch b/SOURCES/sqlite-3.26.0-CVE-2019-19645.patch deleted file mode 100644 index 3320f1c..0000000 --- a/SOURCES/sqlite-3.26.0-CVE-2019-19645.patch +++ /dev/null @@ -1,112 +0,0 @@ -Subject: [PATCH] Avoid infinite recursion in the ALTER TABLE code when a view -contains an unused CTE that references, directly or indirectly, the view itself. - -diff --git a/src/alter.c b/src/alter.c -index 707472a..132c821 100644 ---- a/src/alter.c -+++ b/src/alter.c -@@ -796,6 +796,7 @@ static void renameTokenFind(Parse *pParse, struct RenameCtx *pCtx, void *pPtr){ - ** descend into sub-select statements. - */ - static int renameColumnSelectCb(Walker *pWalker, Select *p){ -+ if( p->selFlags & SF_View ) return WRC_Prune; - UNUSED_PARAMETER(pWalker); - UNUSED_PARAMETER(p); - return WRC_Continue; -@@ -1258,8 +1259,9 @@ static void renameColumnFunc( - if( sParse.pNewTable ){ - Select *pSelect = sParse.pNewTable->pSelect; - if( pSelect ){ -+ pSelect->selFlags &= ~SF_View; - sParse.rc = SQLITE_OK; -- sqlite3SelectPrep(&sParse, sParse.pNewTable->pSelect, 0); -+ sqlite3SelectPrep(&sParse, pSelect, 0); - rc = (db->mallocFailed ? SQLITE_NOMEM : sParse.rc); - if( rc==SQLITE_OK ){ - sqlite3WalkSelect(&sWalker, pSelect); -@@ -1368,6 +1370,7 @@ static int renameTableSelectCb(Walker *pWalker, Select *pSelect){ - int i; - RenameCtx *p = pWalker->u.pRename; - SrcList *pSrc = pSelect->pSrc; -+ if( pSelect->selFlags & SF_View ) return WRC_Prune; - for(i=0; inSrc; i++){ - struct SrcList_item *pItem = &pSrc->a[i]; - if( pItem->pTab==p->pTab ){ -@@ -1442,10 +1445,13 @@ static void renameTableFunc( - - if( pTab->pSelect ){ - if( isLegacy==0 ){ -+ Select *pSelect = pTab->pSelect; - NameContext sNC; - memset(&sNC, 0, sizeof(sNC)); - sNC.pParse = &sParse; - -+ assert( pSelect->selFlags & SF_View ); -+ pSelect->selFlags &= ~SF_View; - sqlite3SelectPrep(&sParse, pTab->pSelect, &sNC); - if( sParse.nErr ) rc = sParse.rc; - sqlite3WalkSelect(&sWalker, pTab->pSelect); -diff --git a/src/build.c b/src/build.c -index f273394..7d73893 100644 ---- a/src/build.c -+++ b/src/build.c -@@ -2266,6 +2266,7 @@ void sqlite3CreateView( - ** allocated rather than point to the input string - which means that - ** they will persist after the current sqlite3_exec() call returns. - */ -+ pSelect->selFlags |= SF_View; - if( IN_RENAME_OBJECT ){ - p->pSelect = pSelect; - pSelect = 0; -diff --git a/src/sqliteInt.h b/src/sqliteInt.h -index e5ba8a0..1cf6937 100644 ---- a/src/sqliteInt.h -+++ b/src/sqliteInt.h -@@ -2875,6 +2875,7 @@ struct Select { - #define SF_IncludeHidden 0x20000 /* Include hidden columns in output */ - #define SF_ComplexResult 0x40000 /* Result contains subquery or function */ - #define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */ -+#define SF_View 0x0200000 /* SELECT statement is a view */ - - /* - ** The results of a SELECT can be distributed in several ways, as defined -diff --git a/test/altertab2.test b/test/altertab2.test -index 2102e02..f2fa5ee 100644 ---- a/test/altertab2.test -+++ b/test/altertab2.test -@@ -106,4 +106,35 @@ do_catchsql_test 3.2 { - ALTER TABLE v0 RENAME TO t3 ; - } {1 {error in view v2: view v2 is circularly defined}} - -+#------------------------------------------------------------------------ -+# -+reset_db -+do_execsql_test 4.1 { -+ CREATE TABLE t1(a); -+ CREATE VIEW v2(b) AS SELECT * FROM v2; -+} -+ -+do_catchsql_test 4.2 { -+ ALTER TABLE t1 RENAME TO t4; -+} {1 {error in view v2: view v2 is circularly defined}} -+ -+do_execsql_test 4.3 { -+ DROP VIEW v2; -+ CREATE VIEW v2(b) AS WITH t3 AS (SELECT b FROM v2) SELECT * FROM t3; -+} -+ -+breakpoint -+do_catchsql_test 4.4 { -+ ALTER TABLE t1 RENAME TO t4; -+} {1 {error in view v2: view v2 is circularly defined}} -+ -+do_execsql_test 4.5 { -+ DROP VIEW v2; -+ CREATE VIEW v2(b) AS WITH t3 AS (SELECT b FROM v2) VALUES(1); -+} -+ -+do_catchsql_test 4.6 { -+ ALTER TABLE t1 RENAME TO t4; -+} {0 {}} -+ - finish_test diff --git a/SOURCES/sqlite-3.26.0-CVE-2019-19880.patch b/SOURCES/sqlite-3.26.0-CVE-2019-19880.patch deleted file mode 100644 index 0a0dfe4..0000000 --- a/SOURCES/sqlite-3.26.0-CVE-2019-19880.patch +++ /dev/null @@ -1,17 +0,0 @@ -Subject: [PATCH] When processing constant integer values in ORDER BY clauses of -window definitions (see check-in [7e4809eadfe99ebf]) be sure to fully disable -the constant value to avoid an invalid pointer dereference if the expression -is ever duplicated. - -diff --git a/src/window.c b/src/window.c -index 56c0145..c65eadd 100644 ---- a/src/window.c -+++ b/src/window.c -@@ -730,6 +730,7 @@ static ExprList *exprListAppendList( - int nInit = pList ? pList->nExpr : 0; - for(i=0; inExpr; i++){ - Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0); -+ assert( pDup == NULL || !ExprHasProperty(pDup, EP_MemToken) ); - pList = sqlite3ExprListAppend(pParse, pList, pDup); - if( pList ) pList->a[nInit+i].sortOrder = pAppend->a[i].sortOrder; - } diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec index b778572..a5d61eb 100644 --- a/SPECS/sqlite.spec +++ b/SPECS/sqlite.spec @@ -10,7 +10,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 14%{?dist} +Release: 15%{?dist} License: Public Domain Group: Applications/Databases URL: http://www.sqlite.org/ @@ -89,17 +89,10 @@ Patch30: sqlite-3.26.0-CVE-2019-13751.patch # Fix for CVE-2019-19603 # https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 Patch31: sqlite-3.26.0-CVE-2019-19603.patch -# Fix for CVE-2019-19645 -# https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 -Patch32: sqlite-3.26.0-CVE-2019-19645.patch -# Fix for CVE-2019-19880 -# https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 -Patch33: sqlite-3.26.0-CVE-2019-19880.patch # Fix for CVE-2020-13435 # https://www.sqlite.org/src/info/ad7bb70af9bb68d1 Patch34: sqlite-3.26.0-CVE-2020-13435.patch - BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: autoconf %if %{with tcl} @@ -227,8 +220,6 @@ This package contains the analysis program for %{name}. %patch29 -p1 %patch30 -p1 %patch31 -p1 -%patch32 -p1 -%patch33 -p1 %patch34 -p1 @@ -331,13 +322,15 @@ make test %endif %changelog +* Tue May 18 2021 Petr Kubat - 3.26.0-15 +- Removing fix for CVE-2019-19645 (unaffected) +- Removing fix for CVE-2019-19880 (unaffected) + * Thu Apr 15 2021 Ondrej Dubaj - 3.26.0-14 - Fixed CVE-2019-5827 (#1710184) - Fixed CVE-2019-13750 (#1786510) - Fixed CVE-2019-13751 (#1786522) - Fixed CVE-2019-19603 (#1792013) -- Fixed CVE-2019-19645 (#1787525) -- Fixed CVE-2019-19880 (#1787529) - Fixed CVE-2020-13435 (#1841233) * Tue Dec 01 2020 Ondrej Dubaj - 3.26.0-13