From 1833ad9258bf53ebd1f42ccecc5bbf2696c7e19a Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Fri, 11 Oct 2019 16:32:12 -0300
Subject: main/sqlite: fix CVE-2019-16168

ref #10868

Closes !421
---
 main/sqlite/APKBUILD             | 15 ++++++++++++---
 main/sqlite/CVE-2019-16168.patch | 24 ++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 main/sqlite/CVE-2019-16168.patch

diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD
index 8ffc5f8737..2864c8107f 100644
--- a/main/sqlite/APKBUILD
+++ b/main/sqlite/APKBUILD
@@ -26,7 +26,7 @@ esac
 [ $_d -lt 10 ] && _d=0$_d
 _ver=${_a}${_b}${_c}${_d}
 
-pkgrel=1
+pkgrel=2
 pkgdesc="A C library that implements an SQL database engine"
 url="http://www.sqlite.org/"
 arch="all"
@@ -38,7 +38,9 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"
 source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz
 	license.txt
 	CVE-2019-8457.patch
+	CVE-2019-16168.patch
 	"
+builddir="$srcdir/$pkgname-autoconf-$_ver"
 
 _amalgamation="-DSQLITE_ENABLE_FTS4 \
 	-DSQLITE_ENABLE_FTS3_PARENTHESIS \
@@ -52,7 +54,13 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \
 	-DSQLITE_MAX_VARIABLE_NUMBER=250000 \
 	-DSQLITE_ENABLE_JSON1"
 
-builddir="$srcdir/$pkgname-autoconf-$_ver"
+# secfixes:
+#   3.25.3-r2:
+#     - CVE-2018-20346
+#   3.25.3-r1:
+#     - CVE-2019-8457
+#   3.25.3-r0:
+#     - CVE-2018-20346
 
 build() {
 	cd "$builddir"
@@ -91,4 +99,5 @@ libs() {
 
 sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba  sqlite-autoconf-3250300.tar.gz
 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9  license.txt
-ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4  CVE-2019-8457.patch"
+ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4  CVE-2019-8457.patch
+19eb036e0d03543127a9ed67155522952cb7f3ce9da81ee49fba14a1c0bfc2cd0c86acab1b47b794043cac033959d861dce7ec97fca2293cb146a7ee1b83b8fa  CVE-2019-16168.patch"
diff --git a/main/sqlite/CVE-2019-16168.patch b/main/sqlite/CVE-2019-16168.patch
new file mode 100644
index 0000000000..d1be258aec
--- /dev/null
+++ b/main/sqlite/CVE-2019-16168.patch
@@ -0,0 +1,24 @@
+diff --git a/sqlite3.c b/sqlite3.c
+index c607252..7c01bbf 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -104242,7 +104242,9 @@ static void decodeIntArray(
+       if( sqlite3_strglob("unordered*", z)==0 ){
+         pIndex->bUnordered = 1;
+       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
++        int sz = sqlite3Atoi(z+3);
++        if( sz<2 ) sz = 2;
++        pIndex->szIdxRow = sqlite3LogEst(sz);
+       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+         pIndex->noSkipScan = 1;
+       }
+@@ -141020,6 +141022,7 @@ static int whereLoopAddBtreeIndex(
+     ** it to pNew->rRun, which is currently set to the cost of the index
+     ** seek only. Then, if this is a non-covering index, add the cost of
+     ** visiting the rows in the main table.  */
++    assert( pSrc->pTab->szTabRow>0 );
+     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+
-- 
cgit v1.2.3