Updated to version 3.19.3

Better detection of CVE-2017-10989 Resolves: #1469673
2017-07-12 08:48:49 +02:00 · 2017-07-12 08:48:49 +02:00 · a9f2f8dd0f
parent d3581336ba
commit a9f2f8dd0f
3 changed files with 61 additions and 6 deletions
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (sqlite-autoconf-3190100.tar.gz) = c38eb3131f8faad29c56c99167b813ce0b5f15a371d1e39b75f9327650c1d6b3220d787df71fa109fa8251f89c3435ab01c4742411a3a228b0d9e2261ffcf950
-SHA512 (sqlite-doc-3190100.zip) = e7c98bc2601ed51f22b479f9534c0988cf0b9c3a93a09f33e51daf2c8f538285c9a0bfb524e73579bba6993abdb8b10cd7eed6269d6782e62fafeaff68ba9994
-SHA512 (sqlite-src-3190100.zip) = 560c414d7a9683a55145d09707097dc39e24b22ec6ef48e4c1ac0722cfafa120356f26d5662f0cb2bce6b2e6fe3cb10f61bb543aae9fc0c7108081e9aa239805
+SHA512 (sqlite-src-3190300.zip) = 514c3de6346bdea359036a79c880133f0eeed4cdfc9e811d662dc343f91ea43edda0f9760405a48e7f61ea1dd3478980cc7d3b5409ef27adcb5311a06e36297e
+SHA512 (sqlite-doc-3190300.zip) = 4f99b6797f76dab1859eaf4596c42d6b10a80a1ad9dcb33b82fcc4ef80a8e8299ac24c0d2a0f41debf9e82d43c9ecf9675547eb6163756f29afe847613ef75f3
+SHA512 (sqlite-autoconf-3190300.tar.gz) = 7896c99726da75818f1027d5675b24724bc89c738874c868868e60c09d4509ad5a6da93f54cfcecb3a1052e4f164f7cb864ede333b9ccfb4f6b811b052ca1d3d
--- a/sqlite-3.19.3-CVE-2017-10989.patch
+++ b/sqlite-3.19.3-CVE-2017-10989.patch
@ -0,0 +1,46 @@
+Index: ext/rtree/rtree.c
+==================================================================
+--- ext/rtree/rtree.c
+++ ext/rtree/rtree.c
+@@ -3435,10 +3435,14 @@
+         pRtree->zDb, pRtree->zName
+     );
+     rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
+     if( rc!=SQLITE_OK ){
+       *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    }else if( pRtree->iNodeSize<(512-64) ){
+      rc = SQLITE_CORRUPT;
+      *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
+                               pRtree->zName);
+     }
+   }
+ 
+   sqlite3_free(zSql);
+   return rc;
+
+Index: ext/rtree/rtreeA.test
+==================================================================
+--- ext/rtree/rtreeA.test
+++ ext/rtree/rtreeA.test
+@@ -213,8 +213,21 @@
+ } {}
+ do_corruption_tests rtreeA-6.1 {
+   1   "DELETE FROM t1 WHERE rowid = 5"
+   2   "UPDATE t1 SET x1=x1+1, x2=x2+1"
+ }
+
+#-------------------------------------------------------------------------
+# Truncated blobs in the _node table.
+#
+create_t1
+populate_t1
+sqlite3 db test.db
+do_execsql_test rtreeA-7.100 { 
+  UPDATE t1_node SET data=x'' WHERE rowid=1;
+} {}
+do_catchsql_test rtreeA-7.110 {
+  SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
+} {1 {undersize RTree blobs in "t1_node"}}
+ 
+ 
+ finish_test
--- a/sqlite.spec
+++ b/sqlite.spec
@ -3,9 +3,9 @@
 %bcond_with static
 %bcond_without check

-%define realver 3190100
-%define docver 3190100
-%define rpmver 3.19.1
+%define realver 3190300
+%define docver 3190300
+%define rpmver 3.19.3

 Summary: Library that implements an embeddable SQL database engine
 Name: sqlite
@ -34,6 +34,10 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
 Patch7: sqlite-3.16-datetest-2.2c.patch
 # Modify sync2.test to pass with DIRSYNC turned off
 Patch8: sqlite-3.18.0-sync2-dirsync.patch
+# Upstream patch for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function
+# This has been fixed since 3.17, the patch additionally provides earlier detection
+# https://sqlite.org/src/info/66de6f4a
+Patch9: sqlite-3.19.3-CVE-2017-10989.patch

 BuildRequires: ncurses-devel readline-devel glibc-devel
 BuildRequires: autoconf
@ -137,6 +141,7 @@ This package contains the analysis program for %{name}.
 %patch7 -p1
 %endif
 %patch8 -p1
+%patch9 -p0

 autoconf # Rerun with new autoconf to add support for aarm64

@ -239,6 +244,10 @@ make test
 %endif

 %changelog
+* Wed Jul 12 2017 Petr Kubat <pkubat@redhat.com> - 3.19.3-1
+- Updated to version 3.19.3 (https://sqlite.org/releaselog/3_19_3.html)
+- Better detection of CVE-2017-10989 (#1469673)
+
 * Thu May 25 2017 Petr Kubat <pkubat@redhat.com> - 3.19.1-1
 - Updated to version 3.19.1 (https://sqlite.org/releaselog/3_19_1.html)