Fixed CVE-2018-8740

Resolves: #1558809

sources

@@ -1,3 +1,3 @@
-SHA512 (sqlite-src-3190300.zip) = 514c3de6346bdea359036a79c880133f0eeed4cdfc9e811d662dc343f91ea43edda0f9760405a48e7f61ea1dd3478980cc7d3b5409ef27adcb5311a06e36297e
-SHA512 (sqlite-doc-3190300.zip) = 4f99b6797f76dab1859eaf4596c42d6b10a80a1ad9dcb33b82fcc4ef80a8e8299ac24c0d2a0f41debf9e82d43c9ecf9675547eb6163756f29afe847613ef75f3
-SHA512 (sqlite-autoconf-3190300.tar.gz) = 7896c99726da75818f1027d5675b24724bc89c738874c868868e60c09d4509ad5a6da93f54cfcecb3a1052e4f164f7cb864ede333b9ccfb4f6b811b052ca1d3d
+SHA512 (sqlite-doc-3200100.zip) = 518ca59644cecfcd67f511268112e421c5d7bbd77ef1e33304bf306ef110becf1e2a7fe37c506ec6892edb9d5c6ee77657b374c2e061f49890d18af062dea2b3
+SHA512 (sqlite-autoconf-3200100.tar.gz) = 56e3d326ea2225cadc628c3518d46d9f7c4bafa0e3612f2b7ab0dc0d79fcbb7e095f6d84a9a48e1c6d83adcdc8706ad5ac4404f0f622c7fe38cfde3a7e7e69f0
+SHA512 (sqlite-src-3200100.zip) = 845a0d64c9356aadf178c04dd716bbd37a7353526b06cfa8e8f65653cf6a1893a5c5e8c78d20b43910c34d9167272cf517749c91ed0ba7686977e3d0327e8939

sqlite-3.22.0-corrupt-schema.patch

@@ -0,0 +1,51 @@
+Index: src/build.c
+==================================================================
+--- src/build.c
++++ src/build.c
+@@ -1868,12 +1868,10 @@
+   }
+   assert( !db->mallocFailed );
+   p = pParse->pNewTable;
+   if( p==0 ) return;
+ 
+-  assert( !db->init.busy || !pSelect );
+-
+   /* If the db->init.busy is 1 it means we are reading the SQL off the
+   ** "sqlite_master" or "sqlite_temp_master" table on the disk.
+   ** So do not write to the disk again.  Extract the root page number
+   ** for the table from the db->init.newTnum field.  (The page number
+   ** should have been put there by the sqliteOpenCb routine.)
+@@ -1880,10 +1878,14 @@
+   **
+   ** If the root page number is 1, that means this is the sqlite_master
+   ** table itself.  So mark it read-only.
+   */
+   if( db->init.busy ){
++    if( pSelect ){
++      sqlite3ErrorMsg(pParse, "");
++      return;
++    }
+     p->tnum = db->init.newTnum;
+     if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
+   }
+ 
+   /* Special processing for WITHOUT ROWID Tables */
+
+Index: src/prepare.c
+==================================================================
+--- src/prepare.c
++++ src/prepare.c
+@@ -27,11 +27,11 @@
+   sqlite3 *db = pData->db;
+   if( !db->mallocFailed && (db->flags & SQLITE_WriteSchema)==0 ){
+     char *z;
+     if( zObj==0 ) zObj = "?";
+     z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
+-    if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
++    if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+     sqlite3DbFree(db, *pData->pzErrMsg);
+     *pData->pzErrMsg = z;
+   }
+   pData->rc = db->mallocFailed ? SQLITE_NOMEM_BKPT : SQLITE_CORRUPT_BKPT;
+ }
+

sqlite.spec

@@ -3,14 +3,14 @@
 %bcond_with static
 %bcond_without check
 
-%define realver 3190300
-%define docver 3190300
-%define rpmver 3.19.3
+%define realver 3200100
+%define docver 3200100
+%define rpmver 3.20.1
 
 Summary: Library that implements an embeddable SQL database engine
 Name: sqlite
 Version: %{rpmver}
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Public Domain
 Group: Applications/Databases
 URL: http://www.sqlite.org/
@@ -34,10 +34,8 @@ Patch6: sqlite-3.8.10.1-tcl-regress-tests.patch
 Patch7: sqlite-3.16-datetest-2.2c.patch
 # Modify sync2.test to pass with DIRSYNC turned off
 Patch8: sqlite-3.18.0-sync2-dirsync.patch
-# Upstream patch for CVE-2017-10989: Heap-buffer overflow in the getNodeSize function
-# This has been fixed since 3.17, the patch additionally provides earlier detection
-# https://sqlite.org/src/info/66de6f4a
-Patch9: sqlite-3.19.3-CVE-2017-10989.patch
+# Upstream: https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema
+Patch9: sqlite-3.22.0-corrupt-schema.patch
 
 BuildRequires: ncurses-devel readline-devel glibc-devel
 BuildRequires: autoconf
@@ -153,6 +151,7 @@ export CFLAGS="$RPM_OPT_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_ENABLE_FTS3_PARENTHESIS=1 -DSQLITE_ENABLE_JSON1=1 \
                -Wall -fno-strict-aliasing"
 %configure %{!?with_tcl:--disable-tcl} \
+           --enable-fts5 \
            --enable-threadsafe \
            --enable-threads-override-locks \
            --enable-load-extension \
@@ -244,6 +243,19 @@ make test
 %endif
 
 %changelog
+* Wed Mar 21 2018 Petr Kubat <pkubat@redhat.com> - 3.20.1-2
+- Fixed CVE-2018-8740 (#1558809)
+
+* Mon Aug 28 2017 Petr Kubat <pkubat@redhat.com> - 3.20.1-1
+- Updated to version 3.20.1 (https://sqlite.org/releaselog/3_20_1.html)
+
+* Tue Aug 22 2017 Kalev Lember <klember@redhat.com> - 3.20.0-2
+- Build with --enable-fts5
+
+* Wed Aug 02 2017 Petr Kubat <pkubat@redhat.com> - 3.20.0-1
+- Updated to version 3.20.0 (https://sqlite.org/releaselog/3_20_0.html)
+- Fixes CVE-2017-7000 (#1478785)
+
 * Wed Jul 12 2017 Petr Kubat <pkubat@redhat.com> - 3.19.3-1
 - Updated to version 3.19.3 (https://sqlite.org/releaselog/3_19_3.html)
 - Better detection of CVE-2017-10989 (#1469673)