Commit 63ebe945 authored by Natanael Copa's avatar Natanael Copa

main/sqlite: security upgrade to 3.25.3 (CVE-2018-20346)

fixes #9793
parent e575c907
......@@ -6,7 +6,7 @@
# - CVE-2018-8740
#
pkgname=sqlite
pkgver=3.21.0
pkgver=3.25.3
_a=${pkgver%%.*}
_b=${pkgver#${_a}.}
_b=${_b%%.*}
......@@ -22,7 +22,7 @@ esac
[ $_d -lt 10 ] && _d=0$_d
_ver=${_a}${_b}${_c}${_d}
pkgrel=1
pkgrel=0
pkgdesc="A C library that implements an SQL database engine"
url="http://www.sqlite.org/"
arch="all"
......@@ -31,7 +31,6 @@ license="custom"
depends=""
makedepends="readline-dev"
source="http://www.sqlite.org/2017/$pkgname-autoconf-$_ver.tar.gz
CVE-2018-8740.patch
license.txt"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"
......@@ -48,6 +47,11 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \
-DSQLITE_ENABLE_JSON1"
builddir="$srcdir/$pkgname-autoconf-$_ver"
# secfixes:
# 3.25.3-r0:
# - CVE-2018-20346
build() {
cd "$builddir"
export CFLAGS="$CFLAGS $_amalgamation"
......@@ -83,6 +87,5 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
sha512sums="8f00708965eacef171620c49538f75768d350ec3f2bfef412a5c70af865ab03b6a64ce1e65d9fdb3d66f4d00262a30fc162b01fd69f63c05c14d5243374b6298 sqlite-autoconf-3210000.tar.gz
95c21d066f514f47765d81352b7e0651b2acd6f91631c7a3dcc032aefce0b6148545ecb961aad4fd64851e12f95db9c8eb76be3197874ed5304471da78ab277a CVE-2018-8740.patch
sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba sqlite-autoconf-3250300.tar.gz
5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt"
This patch is based on https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b.
See-Also: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -102551,8 +102551,6 @@
p = pParse->pNewTable;
if( p==0 ) return;
- assert( !db->init.busy || !pSelect );
-
/* If the db->init.busy is 1 it means we are reading the SQL off the
** "sqlite_master" or "sqlite_temp_master" table on the disk.
** So do not write to the disk again. Extract the root page number
@@ -102563,6 +102561,10 @@
** table itself. So mark it read-only.
*/
if( db->init.busy ){
+ if( pSelect ){
+ sqlite3ErrorMsg(pParse, "");
+ return;
+ }
p->tnum = db->init.newTnum;
if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
}
@@ -116817,7 +116819,7 @@
char *z;
if( zObj==0 ) zObj = "?";
z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
+ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
sqlite3DbFree(db, *pData->pzErrMsg);
*pData->pzErrMsg = z;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment