diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-07-23 21:09:30 -0300 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-07-24 08:46:34 +0200 |
commit | 5752dce56c5b51a712767fdf310254e6782c50b7 (patch) | |
tree | fec981fa71b1ead169f10d65522cac008ccea6f4 /main | |
parent | cea68283f6fb219e133352b64b4e2f39cc002604 (diff) | |
download | aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.bz2 aports-5752dce56c5b51a712767fdf310254e6782c50b7.tar.xz |
main/sqlite: fix CVE-2019-8457
Fixes #10540
Diffstat (limited to 'main')
-rw-r--r-- | main/sqlite/APKBUILD | 21 | ||||
-rw-r--r-- | main/sqlite/CVE-2019-8457.patch | 71 |
2 files changed, 83 insertions, 9 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index ee26f82e4c..8ffc5f8737 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -2,8 +2,12 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # # secfixes: +# 3.25.3-r1: +# - CVE-2019-8457 +# 3.25.3-r0: +# - CVE-2018-20346 # 3.21.0-r1: -# - CVE-2018-8740 +# - CVE-2018-8740 # pkgname=sqlite pkgver=3.25.3 @@ -22,7 +26,7 @@ esac [ $_d -lt 10 ] && _d=0$_d _ver=${_a}${_b}${_c}${_d} -pkgrel=0 +pkgrel=1 pkgdesc="A C library that implements an SQL database engine" url="http://www.sqlite.org/" arch="all" @@ -30,9 +34,11 @@ options="!check" license="custom" depends="" makedepends="readline-dev" -source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz - license.txt" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs" +source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz + license.txt + CVE-2019-8457.patch + " _amalgamation="-DSQLITE_ENABLE_FTS4 \ -DSQLITE_ENABLE_FTS3_PARENTHESIS \ @@ -48,10 +54,6 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \ builddir="$srcdir/$pkgname-autoconf-$_ver" -# secfixes: -# 3.25.3-r0: -# - CVE-2018-20346 - build() { cd "$builddir" export CFLAGS="$CFLAGS $_amalgamation" @@ -88,4 +90,5 @@ libs() { } sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba sqlite-autoconf-3250300.tar.gz -5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt" +5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt +ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4 CVE-2019-8457.patch" diff --git a/main/sqlite/CVE-2019-8457.patch b/main/sqlite/CVE-2019-8457.patch new file mode 100644 index 0000000000..de1e30a2c5 --- /dev/null +++ b/main/sqlite/CVE-2019-8457.patch @@ -0,0 +1,71 @@ +diff --git a/sqlite3.c b/sqlite3.c +index c607252..2c133c5 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -181825,49 +181825,46 @@ rtreeInit_fail: + ** <num-dimension>*2 coordinates. + */ + static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ +- char *zText = 0; + RtreeNode node; + Rtree tree; + int ii; ++ int nData; ++ int errCode; ++ sqlite3_str *pOut; + + UNUSED_PARAMETER(nArg); + memset(&node, 0, sizeof(RtreeNode)); + memset(&tree, 0, sizeof(Rtree)); + tree.nDim = (u8)sqlite3_value_int(apArg[0]); ++ if( tree.nDim<1 || tree.nDim>5 ) return; + tree.nDim2 = tree.nDim*2; + tree.nBytesPerCell = 8 + 8 * tree.nDim; + node.zData = (u8 *)sqlite3_value_blob(apArg[1]); ++ nData = sqlite3_value_bytes(apArg[1]); ++ if( nData<4 ) return; ++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; + ++ pOut = sqlite3_str_new(0); + for(ii=0; ii<NCELL(&node); ii++){ +- char zCell[512]; +- int nCell = 0; + RtreeCell cell; + int jj; + + nodeGetCell(&tree, &node, ii, &cell); +- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); +- nCell = (int)strlen(zCell); ++ if( ii>0 ) sqlite3_str_append(pOut, " ", 1); ++ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid); + for(jj=0; jj<tree.nDim2; jj++){ + #ifndef SQLITE_RTREE_INT_ONLY +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", +- (double)cell.aCoord[jj].f); ++ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f); + #else +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", +- cell.aCoord[jj].i); ++ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i); + #endif +- nCell = (int)strlen(zCell); +- } +- +- if( zText ){ +- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); +- sqlite3_free(zText); +- zText = zTextNew; +- }else{ +- zText = sqlite3_mprintf("{%s}", zCell); + } ++ sqlite3_str_append(pOut, "}", 1); + } + +- sqlite3_result_text(ctx, zText, -1, sqlite3_free); ++ errCode = sqlite3_str_errcode(pOut); ++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); ++ sqlite3_result_error_code(ctx, errCode); + } + + /* This routine implements an SQL function that returns the "depth" parameter + |