diff options
| -rw-r--r-- | main/sqlite/APKBUILD | 11 | ||||
| -rw-r--r-- | main/sqlite/CVE-2019-8457.patch | 71 |
2 files changed, 79 insertions, 3 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index 5c46330b6a..eefedb370d 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> pkgname=sqlite pkgver=3.25.3 -pkgrel=0 +pkgrel=1 pkgdesc="C library that implements an SQL database engine" url="http://www.sqlite.org" arch="all" @@ -30,7 +30,9 @@ _ver=${_a}${_b}${_c}${_d} # these variables depend on _ver being set builddir="$srcdir/$pkgname-autoconf-$_ver" source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz - license.txt" + license.txt + CVE-2019-8457.patch + " # additional CFLAGS to set _amalgamation="-DSQLITE_ENABLE_FTS4 \ @@ -46,6 +48,8 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \ -DSQLITE_ENABLE_JSON1" # secfixes: +# 3.25.3-r1: +# - CVE-2019-8457 # 3.25.3-r0: # - CVE-2018-20346 @@ -89,4 +93,5 @@ libs() { } sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba sqlite-autoconf-3250300.tar.gz -5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt" +5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt +ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4 CVE-2019-8457.patch" diff --git a/main/sqlite/CVE-2019-8457.patch b/main/sqlite/CVE-2019-8457.patch new file mode 100644 index 0000000000..de1e30a2c5 --- /dev/null +++ b/main/sqlite/CVE-2019-8457.patch @@ -0,0 +1,71 @@ +diff --git a/sqlite3.c b/sqlite3.c +index c607252..2c133c5 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -181825,49 +181825,46 @@ rtreeInit_fail: + ** <num-dimension>*2 coordinates. + */ + static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ +- char *zText = 0; + RtreeNode node; + Rtree tree; + int ii; ++ int nData; ++ int errCode; ++ sqlite3_str *pOut; + + UNUSED_PARAMETER(nArg); + memset(&node, 0, sizeof(RtreeNode)); + memset(&tree, 0, sizeof(Rtree)); + tree.nDim = (u8)sqlite3_value_int(apArg[0]); ++ if( tree.nDim<1 || tree.nDim>5 ) return; + tree.nDim2 = tree.nDim*2; + tree.nBytesPerCell = 8 + 8 * tree.nDim; + node.zData = (u8 *)sqlite3_value_blob(apArg[1]); ++ nData = sqlite3_value_bytes(apArg[1]); ++ if( nData<4 ) return; ++ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; + ++ pOut = sqlite3_str_new(0); + for(ii=0; ii<NCELL(&node); ii++){ +- char zCell[512]; +- int nCell = 0; + RtreeCell cell; + int jj; + + nodeGetCell(&tree, &node, ii, &cell); +- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); +- nCell = (int)strlen(zCell); ++ if( ii>0 ) sqlite3_str_append(pOut, " ", 1); ++ sqlite3_str_appendf(pOut, "{%lld", cell.iRowid); + for(jj=0; jj<tree.nDim2; jj++){ + #ifndef SQLITE_RTREE_INT_ONLY +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", +- (double)cell.aCoord[jj].f); ++ sqlite3_str_appendf(pOut, " %g", (double)cell.aCoord[jj].f); + #else +- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", +- cell.aCoord[jj].i); ++ sqlite3_str_appendf(pOut, " %d", cell.aCoord[jj].i); + #endif +- nCell = (int)strlen(zCell); +- } +- +- if( zText ){ +- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); +- sqlite3_free(zText); +- zText = zTextNew; +- }else{ +- zText = sqlite3_mprintf("{%s}", zCell); + } ++ sqlite3_str_append(pOut, "}", 1); + } + +- sqlite3_result_text(ctx, zText, -1, sqlite3_free); ++ errCode = sqlite3_str_errcode(pOut); ++ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); ++ sqlite3_result_error_code(ctx, errCode); + } + + /* This routine implements an SQL function that returns the "depth" parameter + |