diff --git a/SOURCES/sqlite-3.26.0-CVE-2019-20218.patch b/SOURCES/sqlite-3.26.0-CVE-2019-20218.patch index cda14f1..befc39b 100644 --- a/SOURCES/sqlite-3.26.0-CVE-2019-20218.patch +++ b/SOURCES/sqlite-3.26.0-CVE-2019-20218.patch @@ -1,18 +1,31 @@ -From 8fd3688e01f5839120d7477ca94e013f5809edcf Mon Sep 17 00:00:00 2001 +From ff5f246e41239cc4dd33ffa73883fa07f78674e1 Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj -Date: Tue, 24 Mar 2020 11:33:04 +0100 +Date: Fri, 7 Aug 2020 07:00:29 +0200 Subject: [PATCH] Do not attempt to unwind the WITH stack in the Parse object following an error. --- - src/select.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + src/select.c | 5 ++++- + src/util.c | 1 + + test/altertab2.test | 20 ++++++++++++++++++++ + test/with3.test | 10 +++++++++- + 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/src/select.c b/src/select.c -index 0205a08..bbd13a4 100644 +index c46f177..a6d1757 100644 --- a/src/select.c +++ b/src/select.c -@@ -4910,7 +4910,7 @@ static int selectExpander(Walker *pWalker, Select *p){ +@@ -4639,6 +4639,9 @@ static int withExpand( + With *pWith; /* WITH clause that pCte belongs to */ + + assert( pFrom->pTab==0 ); ++ if( pParse->nErr ){ ++ return SQLITE_ERROR; ++ } + + pCte = searchWith(pParse->pWith, pFrom, &pWith); + if( pCte ){ +@@ -4908,7 +4911,7 @@ static int selectExpander(Walker *pWalker, Select *p){ /* Process NATURAL keywords, and ON and USING clauses of joins. */ @@ -21,6 +34,69 @@ index 0205a08..bbd13a4 100644 return WRC_Abort; } +diff --git a/src/util.c b/src/util.c +index 54f9b93..96b0b14 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -222,6 +222,7 @@ void sqlite3ErrorMsg(Parse *pParse, const char *zFormat, ...){ + sqlite3DbFree(db, pParse->zErrMsg); + pParse->zErrMsg = zMsg; + pParse->rc = SQLITE_ERROR; ++ pParse->pWith = 0; + } + } + +diff --git a/test/altertab2.test b/test/altertab2.test +index 2e4212c..2102e02 100644 +--- a/test/altertab2.test ++++ b/test/altertab2.test +@@ -85,5 +85,25 @@ do_execsql_test 2.3 { + {CREATE TABLE c3(x, FOREIGN KEY (x) REFERENCES "p3"(a))} + } + ++#------------------------------------------------------------------------ ++# ++reset_db ++do_execsql_test 3.0 { ++ CREATE TABLE v0 (a); ++ CREATE VIEW v2 (v3) AS ++ WITH x1 AS (SELECT * FROM v2) ++ SELECT v3 AS x, v3 AS y FROM v2; ++} ++ ++do_catchsql_test 3.1 { ++ SELECT * FROM v2 ++} {1 {view v2 is circularly defined}} ++ ++db close ++sqlite3 db test.db ++ ++do_catchsql_test 3.2 { ++ ALTER TABLE v0 RENAME TO t3 ; ++} {1 {error in view v2: view v2 is circularly defined}} + + finish_test +diff --git a/test/with3.test b/test/with3.test +index de150b1..4a3a5a7 100644 +--- a/test/with3.test ++++ b/test/with3.test +@@ -30,7 +30,15 @@ do_catchsql_test 1.0 { + SELECT 5 FROM t0 UNION SELECT 8 FROM m + ) + SELECT * FROM i; +-} {1 {no such table: m}} ++} {1 {no such table: t0}} ++ ++# 2019-11-09 dbfuzzcheck find ++do_catchsql_test 1.1 { ++ CREATE VIEW v1(x,y) AS ++ WITH t1(a,b) AS (VALUES(1,2)) ++ SELECT * FROM nosuchtable JOIN t1; ++ SELECT * FROM v1; ++} {1 {no such table: main.nosuchtable}} + + # Additional test cases that came out of the work to + # fix for Kostya's problem. -- -2.24.1 +2.26.0 diff --git a/SPECS/sqlite.spec b/SPECS/sqlite.spec index 526fe90..c6a8107 100644 --- a/SPECS/sqlite.spec +++ b/SPECS/sqlite.spec @@ -10,7 +10,7 @@ Summary: Library that implements an embeddable SQL database engine Name: sqlite Version: %{rpmver} -Release: 10%{?dist} +Release: 11%{?dist} License: Public Domain Group: Applications/Databases URL: http://www.sqlite.org/ @@ -295,6 +295,9 @@ make test %endif %changelog +* Fri Aug 07 2020 Ondrej Dubaj - 3.26.0-11 +- Fixed bug in CVE-2019-20218 (#1791592) + * Wed Jun 10 2020 Ondrej Dubaj - 3.26.0-10 - Fixed CVE-2020-13632 (#1845572) - Fixed CVE-2020-13631 (#1845474)