diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-12-31 08:49:07 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-01-01 13:12:16 +0100 |
commit | 91728ec7bae0fc5f0a2669ad3d8edcdb8f37e4ac (patch) | |
tree | 00c347e33a8cccadf95709f9e87e587595c62dbc | |
parent | b02bbf085421c6efa07378f71077a1a317428866 (diff) | |
download | aports-91728ec7bae0fc5f0a2669ad3d8edcdb8f37e4ac.tar.bz2 aports-91728ec7bae0fc5f0a2669ad3d8edcdb8f37e4ac.tar.xz |
main/sqlite: security upgrade to 3.25.3 (CVE-2018-20346)
fixes #9794
-rw-r--r-- | main/sqlite/APKBUILD | 15 | ||||
-rw-r--r-- | main/sqlite/CVE-2017-15286.patch | 17 | ||||
-rw-r--r-- | main/sqlite/CVE-2018-8740.patch | 35 |
3 files changed, 7 insertions, 60 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index c79902a8ad..369e12e317 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> # Contributor: Ćukasz Jendrysik <scadu@yandex.com> pkgname=sqlite -pkgver=3.20.1 +pkgver=3.25.3 _a=${pkgver%%.*} _b=${pkgver#${_a}.} _b=${_b%%.*} @@ -17,16 +17,14 @@ esac [ $_d -lt 10 ] && _d=0$_d _ver=${_a}${_b}${_c}${_d} -pkgrel=2 +pkgrel=0 pkgdesc="A C library that implements an SQL database engine" url="http://www.sqlite.org/" arch="all" license="custom" depends="" makedepends="readline-dev" -source="http://www.sqlite.org/2017/$pkgname-autoconf-$_ver.tar.gz - CVE-2017-15286.patch - CVE-2018-8740.patch +source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz license.txt" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs" @@ -43,6 +41,8 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \ -DSQLITE_ENABLE_JSON1" # secfixes: +# 3.25.3-r0: +# - CVE-2018-20346 # 3.20.1-r2: # - CVE-2018-8740 # 3.20.1-r1: @@ -51,6 +51,7 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \ # - CVE-2017-10989 builddir="$srcdir/$pkgname-autoconf-$_ver" + build() { cd "$builddir" export CFLAGS="$CFLAGS $_amalgamation" @@ -87,7 +88,5 @@ libs() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ } -sha512sums="56e3d326ea2225cadc628c3518d46d9f7c4bafa0e3612f2b7ab0dc0d79fcbb7e095f6d84a9a48e1c6d83adcdc8706ad5ac4404f0f622c7fe38cfde3a7e7e69f0 sqlite-autoconf-3200100.tar.gz -7baa7a2ed60a6b3b2400d9d11de8e6f7bc6d648e3337020efc2915c1ec17f49747d784333aee984248d590e12987f8e530e868316ce9106ce261c2e5af7f652a CVE-2017-15286.patch -95c21d066f514f47765d81352b7e0651b2acd6f91631c7a3dcc032aefce0b6148545ecb961aad4fd64851e12f95db9c8eb76be3197874ed5304471da78ab277a CVE-2018-8740.patch +sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba sqlite-autoconf-3250300.tar.gz 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt" diff --git a/main/sqlite/CVE-2017-15286.patch b/main/sqlite/CVE-2017-15286.patch deleted file mode 100644 index ea88b3c3ca..0000000000 --- a/main/sqlite/CVE-2017-15286.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: src/shell.c -================================================================== ---- src/shell.c -+++ src/shell.c -@@ -3799,10 +3799,11 @@ - isIPK = 0; - } - } - } - sqlite3_finalize(pStmt); -+ if( azCol==0 ) return 0; - azCol[0] = 0; - azCol[nCol+1] = 0; - - /* The decision of whether or not a rowid really needs to be preserved - ** is tricky. We never need to preserve a rowid for a WITHOUT ROWID table - diff --git a/main/sqlite/CVE-2018-8740.patch b/main/sqlite/CVE-2018-8740.patch deleted file mode 100644 index 04cca7ff50..0000000000 --- a/main/sqlite/CVE-2018-8740.patch +++ /dev/null @@ -1,35 +0,0 @@ -This patch is based on https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b. - -See-Also: https://nvd.nist.gov/vuln/detail/CVE-2018-8740 - ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -102551,8 +102551,6 @@ - p = pParse->pNewTable; - if( p==0 ) return; - -- assert( !db->init.busy || !pSelect ); -- - /* If the db->init.busy is 1 it means we are reading the SQL off the - ** "sqlite_master" or "sqlite_temp_master" table on the disk. - ** So do not write to the disk again. Extract the root page number -@@ -102563,6 +102561,10 @@ - ** table itself. So mark it read-only. - */ - if( db->init.busy ){ -+ if( pSelect ){ -+ sqlite3ErrorMsg(pParse, ""); -+ return; -+ } - p->tnum = db->init.newTnum; - if( p->tnum==1 ) p->tabFlags |= TF_Readonly; - } -@@ -116817,7 +116819,7 @@ - char *z; - if( zObj==0 ) zObj = "?"; - z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj); -- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); -+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); - sqlite3DbFree(db, *pData->pzErrMsg); - *pData->pzErrMsg = z; - } |