Browse code
sqlite : Apply patch for CVE-2018-8740
Change-Id: I686f30bde6952b09cc9f3bdbdb03c7eb3e52c386
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5017
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Xiaolin Li authored on 2018/04/18 07:21:12Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,32 @@ |
| 0 |
+diff --git a/sqlite3.c b/sqlite3.c |
|
| 1 |
+index 73c69ef..e2a3ad2 100644 |
|
| 2 |
+--- a/sqlite3.c |
|
| 3 |
+@@ -103474,7 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable( |
|
| 4 |
+ p = pParse->pNewTable; |
|
| 5 |
+ if( p==0 ) return; |
|
| 6 |
+ |
|
| 7 |
+- assert( !db->init.busy || !pSelect ); |
|
| 8 |
+ |
|
| 9 |
+ /* If the db->init.busy is 1 it means we are reading the SQL off the |
|
| 10 |
+ ** "sqlite_master" or "sqlite_temp_master" table on the disk. |
|
| 11 |
+@@ -103486,6 +103485,10 @@ SQLITE_PRIVATE void sqlite3EndTable( |
|
| 12 |
+ ** table itself. So mark it read-only. |
|
| 13 |
+ */ |
|
| 14 |
+ if( db->init.busy ){
|
|
| 15 |
++ if( pSelect ){
|
|
| 16 |
++ sqlite3ErrorMsg(pParse, ""); |
|
| 17 |
++ return; |
|
| 18 |
++ } |
|
| 19 |
+ p->tnum = db->init.newTnum; |
|
| 20 |
+ if( p->tnum==1 ) p->tabFlags |= TF_Readonly; |
|
| 21 |
+ } |
|
| 22 |
+@@ -117813,7 +117816,7 @@ static void corruptSchema( |
|
| 23 |
+ char *z; |
|
| 24 |
+ if( zObj==0 ) zObj = "?"; |
|
| 25 |
+ z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj); |
|
| 26 |
+- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); |
|
| 27 |
++ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); |
|
| 28 |
+ sqlite3DbFree(db, *pData->pzErrMsg); |
|
| 29 |
+ *pData->pzErrMsg = z; |
|
| 30 |
+ } |
| ... | ... |
@@ -1,8 +1,8 @@ |
| 1 | 1 |
%define sourcever 3220000 |
| 2 |
-Summary: A portable, high level programming interface to various calling conventions |
|
| 2 |
+Summary: A portable, high level programming interface to various calling conventions |
|
| 3 | 3 |
Name: sqlite |
| 4 | 4 |
Version: 3.22.0 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: Public Domain |
| 7 | 7 |
URL: http://www.sqlite.org |
| 8 | 8 |
Group: System Environment/GeneralLibraries |
| ... | ... |
@@ -10,6 +10,7 @@ Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://sqlite.org/2018/%{name}-autoconf-%{sourcever}.tar.gz
|
| 12 | 12 |
%define sha1 sqlite=2fb24ec12001926d5209d2da90d252b9825366ac |
| 13 |
+Patch0: sqlite-3.22.0-CVE-2018-8740.patch |
|
| 13 | 14 |
Obsoletes: sqlite-autoconf |
| 14 | 15 |
Requires: sqlite-libs = %{version}-%{release}
|
| 15 | 16 |
Provides: sqlite3 |
| ... | ... |
@@ -37,6 +38,7 @@ The sqlite3 library. |
| 37 | 37 |
|
| 38 | 38 |
%prep |
| 39 | 39 |
%setup -q -n %{name}-autoconf-%{sourcever}
|
| 40 |
+%patch0 -p1 |
|
| 40 | 41 |
|
| 41 | 42 |
%build |
| 42 | 43 |
./configure \ |
| ... | ... |
@@ -88,6 +90,8 @@ rm -rf %{buildroot}/*
|
| 88 | 88 |
%{_libdir}/libsqlite3.so.0.8.6
|
| 89 | 89 |
|
| 90 | 90 |
%changelog |
| 91 |
+* Tue Apr 17 2018 Xiaolin Li <xiaolinl@vmware.com> 3.22.0-2 |
|
| 92 |
+- Apply patch for CVE-2018-8740 |
|
| 91 | 93 |
* Tue Feb 20 2018 Xiaolin Li <xiaolinl@vmware.com> 3.22.0-1 |
| 92 | 94 |
- Upgrade to version 3.22.0 |
| 93 | 95 |
* Fri Nov 10 2017 Xiaolin Li <xiaolinl@vmware.com> 3.21.0-1 |