diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-12-17 15:17:36 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-12-17 15:18:10 +0000 |
commit | 8fe3109377cfbec22f6613be0b559e1751bd1db6 (patch) | |
tree | 2f8c691444fd2a9790990852c65b109fd5cda0b0 | |
parent | 6f62242d5794308f322c4276657785c6ffec86cd (diff) | |
download | alpine_aports-8fe3109377cfbec22f6613be0b559e1751bd1db6.tar.bz2 alpine_aports-8fe3109377cfbec22f6613be0b559e1751bd1db6.tar.xz alpine_aports-8fe3109377cfbec22f6613be0b559e1751bd1db6.zip |
main/sqlite: security fixes (CVE-2019-19242, CVE-2019-19244)
ref #11015
-rw-r--r-- | main/sqlite/APKBUILD | 15 | ||||
-rw-r--r-- | main/sqlite/CVE-2019-19242.patch | 18 | ||||
-rw-r--r-- | main/sqlite/CVE-2019-19244.patch | 12 |
3 files changed, 41 insertions, 4 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index 9feb10ded2..7beca97288 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Contributor: Łukasz Jendrysik <scadu@yandex.com> | 2 | # Contributor: Łukasz Jendrysik <scadu@yandex.com> |
3 | pkgname=sqlite | 3 | pkgname=sqlite |
4 | pkgver=3.30.1 | 4 | pkgver=3.30.1 |
5 | pkgrel=0 | 5 | pkgrel=1 |
6 | pkgdesc="C library that implements an SQL database engine" | 6 | pkgdesc="C library that implements an SQL database engine" |
7 | url="https://www.sqlite.org/" | 7 | url="https://www.sqlite.org/" |
8 | arch="all" | 8 | arch="all" |
@@ -29,12 +29,17 @@ _ver=${_a}${_b}${_c}${_d} | |||
29 | builddir="$srcdir/$pkgname-autoconf-$_ver" | 29 | builddir="$srcdir/$pkgname-autoconf-$_ver" |
30 | source="https://www.sqlite.org/2019/$pkgname-autoconf-$_ver.tar.gz | 30 | source="https://www.sqlite.org/2019/$pkgname-autoconf-$_ver.tar.gz |
31 | license.txt | 31 | license.txt |
32 | CVE-2019-19242.patch | ||
33 | CVE-2019-19244.patch | ||
32 | " | 34 | " |
33 | 35 | ||
34 | # secfixes: | 36 | # secfixes: |
37 | # 3.30.1-r1: | ||
38 | # - CVE-2019-19242 | ||
39 | # - CVE-2019-19242 | ||
35 | # 3.28.0-r0: | 40 | # 3.28.0-r0: |
36 | # - CVE-2019-5018 | 41 | # - CVE-2019-5018 |
37 | # - CVE-2019-8457 | 42 | # - CVE-2019-8457 |
38 | 43 | ||
39 | # additional CFLAGS to set | 44 | # additional CFLAGS to set |
40 | _amalgamation="-DSQLITE_ENABLE_FTS4 \ | 45 | _amalgamation="-DSQLITE_ENABLE_FTS4 \ |
@@ -103,4 +108,6 @@ static() { | |||
103 | } | 108 | } |
104 | 109 | ||
105 | sha512sums="9ec0283c417fb0323b0e43550af2a49e9a63988e4212c27ea62cc9da3534caa6faf5bdc7e051b6772c4ce61560a433b3d3288b68e05e9ba8495f61a3bcebda3e sqlite-autoconf-3300100.tar.gz | 110 | sha512sums="9ec0283c417fb0323b0e43550af2a49e9a63988e4212c27ea62cc9da3534caa6faf5bdc7e051b6772c4ce61560a433b3d3288b68e05e9ba8495f61a3bcebda3e sqlite-autoconf-3300100.tar.gz |
106 | 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt" | 111 | 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt |
112 | c4e8123da7d85d59c9d2d1d07e443185cbc82102805361f2dd24da0482b683da57b7032f2c27273b46e6ed1b12f3714590cfc1258720bcb4e8405f67da214fe6 CVE-2019-19242.patch | ||
113 | e7982014a62b4fa465918fd65384cec406ea09598f3e0511eb2b68f618983b2f29a932267397aff9b88b97367dc8e05c4074fa8e276e3f4294ac019df498a724 CVE-2019-19244.patch" | ||
diff --git a/main/sqlite/CVE-2019-19242.patch b/main/sqlite/CVE-2019-19242.patch new file mode 100644 index 0000000000..6c2e79f063 --- /dev/null +++ b/main/sqlite/CVE-2019-19242.patch | |||
@@ -0,0 +1,18 @@ | |||
1 | diff --git a/sqlite3.c b/sqlite3.c | ||
2 | index 8fd740b..c67f4fe 100644 | ||
3 | --- a/sqlite3.c | ||
4 | +++ b/sqlite3.c | ||
5 | @@ -101055,7 +101055,12 @@ expr_code_doover: | ||
6 | ** constant. | ||
7 | */ | ||
8 | int iReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft,target); | ||
9 | - int aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); | ||
10 | + int aff; | ||
11 | + if( pExpr->y.pTab ){ | ||
12 | + aff = sqlite3TableColumnAffinity(pExpr->y.pTab, pExpr->iColumn); | ||
13 | + }else{ | ||
14 | + aff = pExpr->affExpr; | ||
15 | + } | ||
16 | if( aff>SQLITE_AFF_BLOB ){ | ||
17 | static const char zAff[] = "B\000C\000D\000E"; | ||
18 | assert( SQLITE_AFF_BLOB=='A' ); | ||
diff --git a/main/sqlite/CVE-2019-19244.patch b/main/sqlite/CVE-2019-19244.patch new file mode 100644 index 0000000000..3d4e2df8e2 --- /dev/null +++ b/main/sqlite/CVE-2019-19244.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | diff --git a/sqlite3.c b/sqlite3.c | ||
2 | index 8fd740b..bd647ca 100644 | ||
3 | --- a/sqlite3.c | ||
4 | +++ b/sqlite3.c | ||
5 | @@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select( | ||
6 | */ | ||
7 | if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct | ||
8 | && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0 | ||
9 | + && p->pWin==0 | ||
10 | ){ | ||
11 | p->selFlags &= ~SF_Distinct; | ||
12 | pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0); | ||