diff --git a/sources b/sources index 8aaf16a..37dbe8d 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (sqlite-autoconf-3190100.tar.gz) = c38eb3131f8faad29c56c99167b813ce0b5f15a371d1e39b75f9327650c1d6b3220d787df71fa109fa8251f89c3435ab01c4742411a3a228b0d9e2261ffcf950 -SHA512 (sqlite-doc-3190100.zip) = e7c98bc2601ed51f22b479f9534c0988cf0b9c3a93a09f33e51daf2c8f538285c9a0bfb524e73579bba6993abdb8b10cd7eed6269d6782e62fafeaff68ba9994 -SHA512 (sqlite-src-3190100.zip) = 560c414d7a9683a55145d09707097dc39e24b22ec6ef48e4c1ac0722cfafa120356f26d5662f0cb2bce6b2e6fe3cb10f61bb543aae9fc0c7108081e9aa239805 +SHA512 (sqlite-src-3190300.zip) = 514c3de6346bdea359036a79c880133f0eeed4cdfc9e811d662dc343f91ea43edda0f9760405a48e7f61ea1dd3478980cc7d3b5409ef27adcb5311a06e36297e +SHA512 (sqlite-doc-3190300.zip) = 4f99b6797f76dab1859eaf4596c42d6b10a80a1ad9dcb33b82fcc4ef80a8e8299ac24c0d2a0f41debf9e82d43c9ecf9675547eb6163756f29afe847613ef75f3 +SHA512 (sqlite-autoconf-3190300.tar.gz) = 7896c99726da75818f1027d5675b24724bc89c738874c868868e60c09d4509ad5a6da93f54cfcecb3a1052e4f164f7cb864ede333b9ccfb4f6b811b052ca1d3d diff --git a/sqlite-3.19.3-CVE-2017-10989.patch b/sqlite-3.19.3-CVE-2017-10989.patch new file mode 100644 index 0000000..5bb9c76 --- /dev/null +++ b/sqlite-3.19.3-CVE-2017-10989.patch @@ -0,0 +1,46 @@ +Index: ext/rtree/rtree.c +================================================================== +--- ext/rtree/rtree.c ++++ ext/rtree/rtree.c +@@ -3435,10 +3435,14 @@ + pRtree->zDb, pRtree->zName + ); + rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize); + if( rc!=SQLITE_OK ){ + *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db)); ++ }else if( pRtree->iNodeSize<(512-64) ){ ++ rc = SQLITE_CORRUPT; ++ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"", ++ pRtree->zName); + } + } + + sqlite3_free(zSql); + return rc; + +Index: ext/rtree/rtreeA.test +================================================================== +--- ext/rtree/rtreeA.test ++++ ext/rtree/rtreeA.test +@@ -213,8 +213,21 @@ + } {} + do_corruption_tests rtreeA-6.1 { + 1 "DELETE FROM t1 WHERE rowid = 5" + 2 "UPDATE t1 SET x1=x1+1, x2=x2+1" + } ++ ++#------------------------------------------------------------------------- ++# Truncated blobs in the _node table. ++# ++create_t1 ++populate_t1 ++sqlite3 db test.db ++do_execsql_test rtreeA-7.100 { ++ UPDATE t1_node SET data=x'' WHERE rowid=1; ++} {} ++do_catchsql_test rtreeA-7.110 { ++ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100; ++} {1 {undersize RTree blobs in "t1_node"}} + + + finish_test diff --git a/sqlite.spec b/sqlite.spec index 19a2227..d93e1ec 100644 --- a/sqlite.spec +++ b/sqlite.spec @@ -3,9 +3,9 @@ %bcond_with static %bcond_without check -%define realver 3190100 -%define docver 3190100 -%define rpmver 3.19.1 +%define realver 3190300 +%define docver 3190300 +%define rpmver 3.19.3 Summary: Library that implements an embeddable SQL database engine Name: sqlite @@ -34,6 +34,10 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch Patch7: sqlite-3.16-datetest-2.2c.patch # Modify sync2.test to pass with DIRSYNC turned off Patch8: sqlite-3.18.0-sync2-dirsync.patch +# Upstream patch for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function +# This has been fixed since 3.17, the patch additionally provides earlier detection +# https://sqlite.org/src/info/66de6f4a +Patch9: sqlite-3.19.3-CVE-2017-10989.patch BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: autoconf @@ -137,6 +141,7 @@ This package contains the analysis program for %{name}. %patch7 -p1 %endif %patch8 -p1 +%patch9 -p0 autoconf # Rerun with new autoconf to add support for aarm64 @@ -239,6 +244,10 @@ make test %endif %changelog +* Wed Jul 12 2017 Petr Kubat - 3.19.3-1 +- Updated to version 3.19.3 (https://sqlite.org/releaselog/3_19_3.html) +- Better detection of CVE-2017-10989 (#1469673) + * Thu May 25 2017 Petr Kubat - 3.19.1-1 - Updated to version 3.19.1 (https://sqlite.org/releaselog/3_19_1.html)