Updated to version 3.19.3

Better detection of CVE-2017-10989
Resolves: #1469673
This commit is contained in:
Petr Kubat 2017-07-12 08:48:49 +02:00
parent d3581336ba
commit a9f2f8dd0f
3 changed files with 61 additions and 6 deletions

View File

@ -1,3 +1,3 @@
SHA512 (sqlite-autoconf-3190100.tar.gz) = c38eb3131f8faad29c56c99167b813ce0b5f15a371d1e39b75f9327650c1d6b3220d787df71fa109fa8251f89c3435ab01c4742411a3a228b0d9e2261ffcf950 SHA512 (sqlite-src-3190300.zip) = 514c3de6346bdea359036a79c880133f0eeed4cdfc9e811d662dc343f91ea43edda0f9760405a48e7f61ea1dd3478980cc7d3b5409ef27adcb5311a06e36297e
SHA512 (sqlite-doc-3190100.zip) = e7c98bc2601ed51f22b479f9534c0988cf0b9c3a93a09f33e51daf2c8f538285c9a0bfb524e73579bba6993abdb8b10cd7eed6269d6782e62fafeaff68ba9994 SHA512 (sqlite-doc-3190300.zip) = 4f99b6797f76dab1859eaf4596c42d6b10a80a1ad9dcb33b82fcc4ef80a8e8299ac24c0d2a0f41debf9e82d43c9ecf9675547eb6163756f29afe847613ef75f3
SHA512 (sqlite-src-3190100.zip) = 560c414d7a9683a55145d09707097dc39e24b22ec6ef48e4c1ac0722cfafa120356f26d5662f0cb2bce6b2e6fe3cb10f61bb543aae9fc0c7108081e9aa239805 SHA512 (sqlite-autoconf-3190300.tar.gz) = 7896c99726da75818f1027d5675b24724bc89c738874c868868e60c09d4509ad5a6da93f54cfcecb3a1052e4f164f7cb864ede333b9ccfb4f6b811b052ca1d3d

View File

@ -0,0 +1,46 @@
Index: ext/rtree/rtree.c
==================================================================
--- ext/rtree/rtree.c
+++ ext/rtree/rtree.c
@@ -3435,10 +3435,14 @@
pRtree->zDb, pRtree->zName
);
rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
if( rc!=SQLITE_OK ){
*pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+ }else if( pRtree->iNodeSize<(512-64) ){
+ rc = SQLITE_CORRUPT;
+ *pzErr = sqlite3_mprintf("undersize RTree blobs in \"%q_node\"",
+ pRtree->zName);
}
}
sqlite3_free(zSql);
return rc;
Index: ext/rtree/rtreeA.test
==================================================================
--- ext/rtree/rtreeA.test
+++ ext/rtree/rtreeA.test
@@ -213,8 +213,21 @@
} {}
do_corruption_tests rtreeA-6.1 {
1 "DELETE FROM t1 WHERE rowid = 5"
2 "UPDATE t1 SET x1=x1+1, x2=x2+1"
}
+
+#-------------------------------------------------------------------------
+# Truncated blobs in the _node table.
+#
+create_t1
+populate_t1
+sqlite3 db test.db
+do_execsql_test rtreeA-7.100 {
+ UPDATE t1_node SET data=x'' WHERE rowid=1;
+} {}
+do_catchsql_test rtreeA-7.110 {
+ SELECT * FROM t1 WHERE x1>0 AND x1<100 AND x2>0 AND x2<100;
+} {1 {undersize RTree blobs in "t1_node"}}
finish_test

View File

@ -3,9 +3,9 @@
%bcond_with static %bcond_with static
%bcond_without check %bcond_without check
%define realver 3190100 %define realver 3190300
%define docver 3190100 %define docver 3190300
%define rpmver 3.19.1 %define rpmver 3.19.3
Summary: Library that implements an embeddable SQL database engine Summary: Library that implements an embeddable SQL database engine
Name: sqlite Name: sqlite
@ -34,6 +34,10 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
Patch7: sqlite-3.16-datetest-2.2c.patch Patch7: sqlite-3.16-datetest-2.2c.patch
# Modify sync2.test to pass with DIRSYNC turned off # Modify sync2.test to pass with DIRSYNC turned off
Patch8: sqlite-3.18.0-sync2-dirsync.patch Patch8: sqlite-3.18.0-sync2-dirsync.patch
# Upstream patch for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function
# This has been fixed since 3.17, the patch additionally provides earlier detection
# https://sqlite.org/src/info/66de6f4a
Patch9: sqlite-3.19.3-CVE-2017-10989.patch
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
BuildRequires: autoconf BuildRequires: autoconf
@ -137,6 +141,7 @@ This package contains the analysis program for %{name}.
%patch7 -p1 %patch7 -p1
%endif %endif
%patch8 -p1 %patch8 -p1
%patch9 -p0
autoconf # Rerun with new autoconf to add support for aarm64 autoconf # Rerun with new autoconf to add support for aarm64
@ -239,6 +244,10 @@ make test
%endif %endif
%changelog %changelog
* Wed Jul 12 2017 Petr Kubat <pkubat@redhat.com> - 3.19.3-1
- Updated to version 3.19.3 (https://sqlite.org/releaselog/3_19_3.html)
- Better detection of CVE-2017-10989 (#1469673)
* Thu May 25 2017 Petr Kubat <pkubat@redhat.com> - 3.19.1-1 * Thu May 25 2017 Petr Kubat <pkubat@redhat.com> - 3.19.1-1
- Updated to version 3.19.1 (https://sqlite.org/releaselog/3_19_1.html) - Updated to version 3.19.1 (https://sqlite.org/releaselog/3_19_1.html)