main/sqlite: security upgrade to 3.25.3 (CVE-2018-20346)

fixes #9793

main/sqlite: security upgrade to 3.25.3 (CVE-2018-20346)
fixes #9793
63ebe945 · Natanael Copa · e575c907 · 63ebe945 · e575c907
Commit 63ebe945 authored Dec 31, 2018 by Natanael Copa
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 40 deletions

main/sqlite/APKBUILD main/sqlite/APKBUILD +8 -5

main/sqlite/CVE-2018-8740.patch main/sqlite/CVE-2018-8740.patch +0 -35

No files found.
--- a/main/sqlite/APKBUILD
+++ b/main/sqlite/APKBUILD
@@ -6,7 +6,7 @@
 #   - CVE-2018-8740
 #
 pkgname=sqlite
-pkgver=3.21.0
+pkgver=3.25.3
 _a=${pkgver%%.*}
 _b=${pkgver#${_a}.}
 _b=${_b%%.*}
@@ -22,7 +22,7 @@ esac
 [ $_d -lt 10 ] && _d=0$_d
 _ver=${_a}${_b}${_c}${_d}

-pkgrel=1
+pkgrel=0
 pkgdesc="A C library that implements an SQL database engine"
 url="http://www.sqlite.org/"
 arch="all"
@@ -31,7 +31,6 @@ license="custom"
 depends=""
 makedepends="readline-dev"
 source="http://www.sqlite.org/2017/$pkgname-autoconf-$_ver.tar.gz
-	CVE-2018-8740.patch
 	license.txt"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"

@@ -48,6 +47,11 @@ _amalgamation="-DSQLITE_ENABLE_FTS4 \
 	-DSQLITE_ENABLE_JSON1"

 builddir="$srcdir/$pkgname-autoconf-$_ver"
+
+# secfixes:
+#   3.25.3-r0:
+#   - CVE-2018-20346
+
 build() {
 	cd "$builddir"
 	export CFLAGS="$CFLAGS $_amalgamation"
@@ -83,6 +87,5 @@ libs() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
 }

-sha512sums="8f00708965eacef171620c49538f75768d350ec3f2bfef412a5c70af865ab03b6a64ce1e65d9fdb3d66f4d00262a30fc162b01fd69f63c05c14d5243374b6298  sqlite-autoconf-3210000.tar.gz
-95c21d066f514f47765d81352b7e0651b2acd6f91631c7a3dcc032aefce0b6148545ecb961aad4fd64851e12f95db9c8eb76be3197874ed5304471da78ab277a  CVE-2018-8740.patch
+sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba  sqlite-autoconf-3250300.tar.gz
 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9  license.txt"
--- a/main/sqlite/CVE-2018-8740.patch
+++ b/main/sqlite/CVE-2018-8740.patch
-This patch is based on https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b.
-
-See-Also: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
-
--- a/sqlite3.c
-+++ b/sqlite3.c
-@@ -102551,8 +102551,6 @@
-   p = pParse->pNewTable;
-   if( p==0 ) return;
- 
-  assert( !db->init.busy || !pSelect );
-
-   /* If the db->init.busy is 1 it means we are reading the SQL off the
-   ** "sqlite_master" or "sqlite_temp_master" table on the disk.
-   ** So do not write to the disk again.  Extract the root page number
-@@ -102563,6 +102561,10 @@
-   ** table itself.  So mark it read-only.
-   */
-   if( db->init.busy ){
-+    if( pSelect ){
-+      sqlite3ErrorMsg(pParse, "");
-+      return;
-+    }
-     p->tnum = db->init.newTnum;
-     if( p->tnum==1 ) p->tabFlags |= TF_Readonly;
-   }
-@@ -116817,7 +116819,7 @@
-     char *z;
-     if( zObj==0 ) zObj = "?";
-     z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
-    if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
-+    if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
-     sqlite3DbFree(db, *pData->pzErrMsg);
-     *pData->pzErrMsg = z;
-   }