From 98346ec9c10338e97b16669fef736642e448e690002cac3e77017351c032f334 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 1 Apr 2021 10:56:15 +0000 Subject: [PATCH 1/7] =?UTF-8?q?-=20The=20following=20CVEs=20have=20been=20?= =?UTF-8?q?fixed=20in=20upstream=20releases=20up=20to=20=20=20this=20point?= =?UTF-8?q?,=20but=20were=20not=20mentioned=20in=20the=20chane=20log=20so?= =?UTF-8?q?=20far:=20=20=20*=20bsc#1173641,=20CVE-2020-15358:=20heap-based?= =?UTF-8?q?=20buffer=20overflow=20in=20=20=20=20=20multiSelectOrderBy=20du?= =?UTF-8?q?e=20to=20mishandling=20of=20query-flattener=20=20=20=20=20optim?= =?UTF-8?q?ization=20=20=20*=20bsc#1164719,=20CVE-2020-9327:=20NULL=20poin?= =?UTF-8?q?ter=20dereference=20and=20=20=20=20=20segmentation=20fault=20be?= =?UTF-8?q?cause=20of=20generated=20column=20optimizations=20in=20=20=20?= =?UTF-8?q?=20=20isAuxiliaryVtabOperator=20=20=20*=20bsc#1160439,=20CVE-20?= =?UTF-8?q?19-20218:=20selectExpander=20in=20select.c=20proceeds=20=20=20?= =?UTF-8?q?=20=20with=20WITH=20stack=20unwinding=20even=20after=20a=20pars?= =?UTF-8?q?ing=20error=20=20=20*=20bsc#1160438,=20CVE-2019-19959:=20memory?= =?UTF-8?q?-management=20error=20via=20=20=20=20=20ext/misc/zipfile.c=20in?= =?UTF-8?q?volving=20embedded=20'=EF=BC=BC0'=20input=20=20=20*=20bsc#11603?= =?UTF-8?q?09,=20CVE-2019-19923:=20improper=20handling=20=20of=20=20certai?= =?UTF-8?q?n=20uses=20=20=20=20=20of=20SELECT=20DISTINCT=20in=20flattenSub?= =?UTF-8?q?query=20may=20lead=20to=20null=20pointer=20=20=20=20=20derefere?= =?UTF-8?q?nce=20=20=20*=20bsc#1159850,=20CVE-2019-19924:=20improper=20err?= =?UTF-8?q?or=20handling=20in=20=20=20=20=20sqlite3WindowRewrite()=20=20?= =?UTF-8?q?=20*=20bsc#1159847,=20CVE-2019-19925:=20improper=20handling=20o?= =?UTF-8?q?f=20NULL=20pathname=20=20=20=20=20during=20an=20update=20of=20a?= =?UTF-8?q?=20ZIP=20archive=20=20=20*=20bsc#1159715,=20CVE-2019-19926:=20i?= =?UTF-8?q?mproper=20handling=20=20of=20certain=20=20=20=20=20errors=20dur?= =?UTF-8?q?ing=20parsing=20=20multiSelect=20in=20select.c=20=20=20*=20bsc#?= =?UTF-8?q?1159491,=20CVE-2019-19880:=20exprListAppendList=20in=20window.c?= =?UTF-8?q?=20=20=20=20=20allows=20attackers=20to=20trigger=20an=20invalid?= =?UTF-8?q?=20pointer=20dereference=20=20=20*=20bsc#1158960,=20CVE-2019-19?= =?UTF-8?q?603:=20during=20handling=20of=20CREATE=20TABLE=20=20=20=20=20an?= =?UTF-8?q?d=20CREATE=20VIEW=20statements,=20does=20not=20consider=20confu?= =?UTF-8?q?sion=20with=20=20=20=20=20a=20shadow=20table=20name=20=20=20*?= =?UTF-8?q?=20bsc#1158959,=20CVE-2019-19646:=20pragma.c=20mishandles=20NOT?= =?UTF-8?q?=20NULL=20in=20an=20=20=20=20=20integrity=5Fcheck=20PRAGMA=20co?= =?UTF-8?q?mmand=20in=20certain=20cases=20of=20generated=20=20=20=20=20col?= =?UTF-8?q?umns=20=20=20*=20bsc#1158958,=20CVE-2019-19645:=20alter.c=20all?= =?UTF-8?q?ows=20attackers=20to=20trigger=20=20=20=20=20infinite=20recursi?= =?UTF-8?q?on=20via=20certain=20types=20of=20self-referential=20views=20?= =?UTF-8?q?=20=20=20=20in=20conjunction=20with=20ALTER=20TABLE=20statement?= =?UTF-8?q?s=20=20=20*=20bsc#1158812,=20CVE-2019-19317:=20lookupName=20in?= =?UTF-8?q?=20resolve.c=20omits=20bits=20=20=20=20=20from=20the=20colUsed?= =?UTF-8?q?=20bitmask=20in=20the=20case=20of=20a=20generated=20column,=20?= =?UTF-8?q?=20=20=20=20which=20allows=20attackers=20to=20cause=20a=20denia?= =?UTF-8?q?l=20of=20service=20=20=20*=20bsc#1157818,=20CVE-2019-19244:=20s?= =?UTF-8?q?qlite3,sqlite2,sqlite:=20The=20=20=20=20=20function=20sqlite3Se?= =?UTF-8?q?lect=20in=20select.c=20allows=20a=20crash=20if=20a=20=20=20=20?= =?UTF-8?q?=20sub-select=20uses=20both=20DISTINCT=20and=20window=20functio?= =?UTF-8?q?ns,=20and=20also=20=20=20=20=20has=20certain=20ORDER=20BY=20usa?= =?UTF-8?q?ge=20=20=20*=20bsc#928701,=20CVE-2015-3415:=20sqlite3VdbeExec?= =?UTF-8?q?=20comparison=20operator=20=20=20=20=20vulnerability=20=20=20*?= =?UTF-8?q?=20bsc#928700,=20CVE-2015-3414:=20sqlite3,sqlite2:=20dequoting?= =?UTF-8?q?=20of=20=20=20=20=20collation-sequence=20names=20=20=20*=20CVE-?= =?UTF-8?q?2018-20346,=20bsc#1119687:=20remote=20code=20execution=20=20=20?= =?UTF-8?q?=20=20vulnerability=20in=20FTS3=20(Magellan).?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261 --- sqlite3.changes | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/sqlite3.changes b/sqlite3.changes index 3bb56ed..0cb42a8 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max + +- The following CVEs have been fixed in upstream releases up to + this point, but were not mentioned in the chane log so far: + * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in + multiSelectOrderBy due to mishandling of query-flattener + optimization + * bsc#1164719, CVE-2020-9327: NULL pointer dereference and + segmentation fault because of generated column optimizations in + isAuxiliaryVtabOperator + * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds + with WITH stack unwinding even after a parsing error + * bsc#1160438, CVE-2019-19959: memory-management error via + ext/misc/zipfile.c involving embedded '\0' input + * bsc#1160309, CVE-2019-19923: improper handling of certain uses + of SELECT DISTINCT in flattenSubquery may lead to null pointer + dereference + * bsc#1159850, CVE-2019-19924: improper error handling in + sqlite3WindowRewrite() + * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname + during an update of a ZIP archive + * bsc#1159715, CVE-2019-19926: improper handling of certain + errors during parsing multiSelect in select.c + * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c + allows attackers to trigger an invalid pointer dereference + * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE + and CREATE VIEW statements, does not consider confusion with + a shadow table name + * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an + integrity_check PRAGMA command in certain cases of generated + columns + * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger + infinite recursion via certain types of self-referential views + in conjunction with ALTER TABLE statements + * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits + from the colUsed bitmask in the case of a generated column, + which allows attackers to cause a denial of service + * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The + function sqlite3Select in select.c allows a crash if a + sub-select uses both DISTINCT and window functions, and also + has certain ORDER BY usage + * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator + vulnerability + * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of + collation-sequence names + ------------------------------------------------------------------- Fri Mar 19 14:53:04 UTC 2021 - Martin Liška @@ -334,6 +381,8 @@ Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger of the SQLite library itself * Increased robustness against malicious SQL that is run against a maliciously corrupted database + * CVE-2018-20346, bsc#1119687: remote code execution + vulnerability in FTS3 (Magellan). - drop sqlite3-btree02-100.patch ------------------------------------------------------------------- From c767c076fa39e1d8c6db195684817647d23390c08d00b5fbbe5cccc039581153 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 6 Apr 2021 14:56:53 +0000 Subject: [PATCH 2/7] Accepting request 882778 from home:AndreasStieger:branches:server:database SQLite 3.35.4 OBS-URL: https://build.opensuse.org/request/show/882778 OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=262 --- sqlite-doc-3350200.zip | 3 --- sqlite-doc-3350400.zip | 3 +++ sqlite-src-3350200.zip | 3 --- sqlite-src-3350400.zip | 3 +++ sqlite3.changes | 39 +++++++++++++++++++++++++++++++++++++++ sqlite3.spec | 4 ++-- 6 files changed, 47 insertions(+), 8 deletions(-) delete mode 100644 sqlite-doc-3350200.zip create mode 100644 sqlite-doc-3350400.zip delete mode 100644 sqlite-src-3350200.zip create mode 100644 sqlite-src-3350400.zip diff --git a/sqlite-doc-3350200.zip b/sqlite-doc-3350200.zip deleted file mode 100644 index 0a028be..0000000 --- a/sqlite-doc-3350200.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ae1e29f2dc4e13b787d4a074cf3844751fedab94b4304a4e89bf6e7bdb79b8d -size 10182547 diff --git a/sqlite-doc-3350400.zip b/sqlite-doc-3350400.zip new file mode 100644 index 0000000..e402597 --- /dev/null +++ b/sqlite-doc-3350400.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d001f9581d9858a37bf0f86007d6c103659ca9fc07414bbc965f94df43720c27 +size 10206227 diff --git a/sqlite-src-3350200.zip b/sqlite-src-3350200.zip deleted file mode 100644 index 3fbba2e..0000000 --- a/sqlite-src-3350200.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6af39632ed596ff3294f35caff4d671745f81894135f9789ceecf696dfc38703 -size 12815298 diff --git a/sqlite-src-3350400.zip b/sqlite-src-3350400.zip new file mode 100644 index 0000000..ef83680 --- /dev/null +++ b/sqlite-src-3350400.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:77007915a87ccc8a653d5f3d2d3a3cca89807641965c2a6e2958bea964ea02a4 +size 12818802 diff --git a/sqlite3.changes b/sqlite3.changes index 0cb42a8..8e84e03 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger + +- SQLite 3.35.4: + * Fix a defect in the query planner optimization + * Fix a defect in the new RETURNING syntax + * Fix the new RETURNING feature so that it raises an error if one + of the terms in the RETURNING clause references a unknown + table, instead of silently ignoring that error + * Fix an assertion associated with aggregate function processing + that was incorrectly triggered by the push-down optimization + ------------------------------------------------------------------- Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max @@ -45,6 +57,33 @@ Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names +------------------------------------------------------------------- +Sat Mar 27 11:52:17 UTC 2021 - Andreas Stieger + +- SQLite 3.35.3: + * Enhance the OP_OpenDup opcode of the bytecode engine so that + it works even if the cursor being duplicated itself came from + OP_OpenDup + * When materializing correlated common table expressions, do so + separately for each use case, as that is required for + correctness. This fixes a problem that was introduced by the + MATERIALIZED hint enhancement. + * Fix a problem in the filename normalizer of the unix VFS + * Fix the "box" output mode in the CLI so that it works with + statements that returns one or more rows of zero columns + (such as PRAGMA incremental_vacuum) + * Improvements to error messages generated by faulty common + table expressions + * Fix some incorrect assert() statements + * Fix to the SELECT statement syntax diagram so that the FROM + clause syntax is shown correctly + * Fix the EBCDIC character classifier so that it understands + newlines as whitespace + * Improvements the xBestIndex method in the implementation of the + (unsupported) wholenumber virtual table extension so that it + does a better job of convincing the query planner to avoid + trying to materialize a table with an infinite number of rows + ------------------------------------------------------------------- Fri Mar 19 14:53:04 UTC 2021 - Martin Liška diff --git a/sqlite3.spec b/sqlite3.spec index ec60879..1b1076c 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -17,10 +17,10 @@ %define oname sqlite -%define tarversion 3350200 +%define tarversion 3350400 %bcond_with icu Name: sqlite3 -Version: 3.35.2 +Version: 3.35.4 Release: 0 Summary: Embeddable SQL Database Engine License: SUSE-Public-Domain From 8b96f6cbba47622b1361254807a8a2ff3f9d87f056adc04610b5261edcd7e20a Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 6 Apr 2021 15:00:05 +0000 Subject: [PATCH 3/7] OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=263 --- sqlite3.changes | 51 +++++++++++++++++++++++++++++++++++++------------ sqlite3.spec | 7 +++++++ 2 files changed, 46 insertions(+), 12 deletions(-) diff --git a/sqlite3.changes b/sqlite3.changes index 8e84e03..c8a1060 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,17 +1,7 @@ ------------------------------------------------------------------- -Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger +Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max -- SQLite 3.35.4: - * Fix a defect in the query planner optimization - * Fix a defect in the new RETURNING syntax - * Fix the new RETURNING feature so that it raises an error if one - of the terms in the RETURNING clause references a unknown - table, instead of silently ignoring that error - * Fix an assertion associated with aggregate function processing - that was incorrectly triggered by the push-down optimization - -------------------------------------------------------------------- -Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max +- Sync Factory to SLE-12 and SLE-15. - The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the chane log so far: @@ -56,6 +46,38 @@ Thu Apr 1 10:27:58 UTC 2021 - Reinhard Max vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names + * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query + optimizer may cause a buffer overflow and application crash via + a crafted SQL statement. + * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the + rtreenode() function when handling invalid rtree tables. + * bsc#1132045, CVE-2017-10989: getNodeSize function in + ext/rtree/rtree.c issues + * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability + +- Fix build on SLE-12 and remove the following patches from there + which are all upstream: + * sqlite3-CVE-2017-10989.patch + * sqlite3-CVE-2017-2518.patch, + * sqlite3-CVE-2018-20346.patch, + * sqlite3-CVE-2018-8740.patch, + * sqlite3-CVE-2019-16168.patch (bsc#1019518), + * sqlite3-CVE-2019-8457.patch, + * sqlite3-journal-file.patch, + * sqlite3-xFetch-null.patch (bsc#1025034), + * sqlite3-CVE-2016-6153.patch + +------------------------------------------------------------------- +Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger + +- SQLite 3.35.4: + * Fix a defect in the query planner optimization + * Fix a defect in the new RETURNING syntax + * Fix the new RETURNING feature so that it raises an error if one + of the terms in the RETURNING clause references a unknown + table, instead of silently ignoring that error + * Fix an assertion associated with aggregate function processing + that was incorrectly triggered by the push-down optimization ------------------------------------------------------------------- Sat Mar 27 11:52:17 UTC 2021 - Andreas Stieger @@ -1320,6 +1342,11 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com analyzed. * sqlite3_memory_alarm() no-op. +------------------------------------------------------------------- +Tue Aug 11 09:20:25 UTC 2015 - max@suse.com +- Submit Factory package to SLE12-SP1 to enable the unlock notify + API (fate#317928). + ------------------------------------------------------------------- Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com diff --git a/sqlite3.spec b/sqlite3.spec index 1b1076c..bc16fa9 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -35,7 +35,14 @@ BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: tcl-devel BuildRequires: unzip +%if 0%{suse_version} < 1500 +# As of 2021 we still need to be able to compile this on SLE-12 +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: zlib-devel +%global make_build make +%else BuildRequires: pkgconfig(zlib) +%endif Provides: %{oname} = %{version} Obsoletes: %{oname} < %{version} %if %{with icu} From fe9c70dea41469ba9f14f3e0ce515300a0478b9b4950f0d2cfeecbad28b1edad Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 6 Apr 2021 17:22:46 +0000 Subject: [PATCH 4/7] More merges from SLE12 to the changes file OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=264 --- sqlite3.changes | 65 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 54 insertions(+), 11 deletions(-) diff --git a/sqlite3.changes b/sqlite3.changes index c8a1060..ecaa04a 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -46,14 +46,6 @@ Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names - * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query - optimizer may cause a buffer overflow and application crash via - a crafted SQL statement. - * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the - rtreenode() function when handling invalid rtree tables. - * bsc#1132045, CVE-2017-10989: getNodeSize function in - ext/rtree/rtree.c issues - * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability - Fix build on SLE-12 and remove the following patches from there which are all upstream: @@ -61,11 +53,15 @@ Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max * sqlite3-CVE-2017-2518.patch, * sqlite3-CVE-2018-20346.patch, * sqlite3-CVE-2018-8740.patch, - * sqlite3-CVE-2019-16168.patch (bsc#1019518), + * sqlite3-CVE-2019-16168.patch, * sqlite3-CVE-2019-8457.patch, * sqlite3-journal-file.patch, - * sqlite3-xFetch-null.patch (bsc#1025034), + * sqlite3-xFetch-null.patch, * sqlite3-CVE-2016-6153.patch + * The addition of these patches was also merged into the history + of Factory for log consistency reasons although they never + existed there, because Factory was always updated to a fixed + version instead of adding a patch. ------------------------------------------------------------------- Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger @@ -184,7 +180,7 @@ Wed Dec 2 09:08:39 UTC 2020 - Reinhard Max current transaction state of the database connection. * Enhance recursive common table expressions to support two or more recursive terms as is done by SQL Server, since this helps make - queries against graphs easier to write and faster to execute.\ + queries against graphs easier to write and faster to execute. * Improved error messages on CHECK constraint failures. * The .read dot-command now accepts a pipeline in addition to a filename. @@ -341,6 +337,13 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns function, exposed when running testsuite on i586: + sqlite3-avoid-truncation-error.patch +------------------------------------------------------------------- +Wed Nov 6 12:33:37 UTC 2019 - Reinhard Max + +- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch: + A use-after-free bug in the query optimizer may cause a buffer + overflow and application crash via a crafted SQL statement. + ------------------------------------------------------------------- Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger @@ -409,6 +412,13 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez + Add the long-standing ".testctrl" command to the ".help" menu. + Added the ".dbconfig" command +------------------------------------------------------------------- +Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max + +- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap + out-of-bound read in the rtreenode() function when handling + invalid rtree tables. + ------------------------------------------------------------------- Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max @@ -426,6 +436,21 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. +------------------------------------------------------------------- +Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max + +- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch: + getNodeSize function in ext/rtree/rtree.c issues +- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch: + Databases whose schema is corrupted using a CREATE TABLE AS + statement could cause a NULL pointer dereference. + +------------------------------------------------------------------- +Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max + +- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch: + Fix remote code execution vulnerability in FTS3 (Magellan). + ------------------------------------------------------------------- Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger @@ -791,6 +816,12 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com to avoid excess stack usage in the recursive descent parser. Fix for ticket 981329adeef51011052. +------------------------------------------------------------------- +Tue Apr 4 12:46:31 UTC 2017 - max@suse.com + +- Avoid calling sqlite3OsFetch() on a file-handle for which the + xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch). + ------------------------------------------------------------------- Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com @@ -887,6 +918,12 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com * Ensure that the sqlite3_blob_reopen() interface can correctly handle short rows. Fix for ticket e6e962d6b0f06f46e. +------------------------------------------------------------------- +Mon Jan 16 13:08:11 UTC 2017 - max@suse.com + +- Fix a segfault in the in-memory journal logic (bsc#1019518, + sqlite3-journal-file.patch). + ------------------------------------------------------------------- Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com @@ -1094,6 +1131,12 @@ Tue Aug 2 11:00:30 UTC 2016 - tchvatal@suse.com - Reduce the conditions a bit and sort with spec-cleaner - Remove condition for old sle10 ppc machines +------------------------------------------------------------------- +Tue Jul 5 15:51:09 UTC 2016 - max@suse.com + +- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153, + sqlite3-CVE-2016-6153.patch). + ------------------------------------------------------------------- Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com From 2b5cf2c7090f8f6730d1b92b453bea307a8f66a951a053b1a8b78051c567f019 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 13 Apr 2021 13:40:51 +0000 Subject: [PATCH 5/7] Revert the merging of SLE-12 bug references into the changes file OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=265 --- sqlite3.changes | 116 +----------------------------------------------- 1 file changed, 1 insertion(+), 115 deletions(-) diff --git a/sqlite3.changes b/sqlite3.changes index ecaa04a..9401a76 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,67 +1,7 @@ ------------------------------------------------------------------- Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max -- Sync Factory to SLE-12 and SLE-15. - -- The following CVEs have been fixed in upstream releases up to - this point, but were not mentioned in the chane log so far: - * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in - multiSelectOrderBy due to mishandling of query-flattener - optimization - * bsc#1164719, CVE-2020-9327: NULL pointer dereference and - segmentation fault because of generated column optimizations in - isAuxiliaryVtabOperator - * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds - with WITH stack unwinding even after a parsing error - * bsc#1160438, CVE-2019-19959: memory-management error via - ext/misc/zipfile.c involving embedded '\0' input - * bsc#1160309, CVE-2019-19923: improper handling of certain uses - of SELECT DISTINCT in flattenSubquery may lead to null pointer - dereference - * bsc#1159850, CVE-2019-19924: improper error handling in - sqlite3WindowRewrite() - * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname - during an update of a ZIP archive - * bsc#1159715, CVE-2019-19926: improper handling of certain - errors during parsing multiSelect in select.c - * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c - allows attackers to trigger an invalid pointer dereference - * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE - and CREATE VIEW statements, does not consider confusion with - a shadow table name - * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an - integrity_check PRAGMA command in certain cases of generated - columns - * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger - infinite recursion via certain types of self-referential views - in conjunction with ALTER TABLE statements - * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits - from the colUsed bitmask in the case of a generated column, - which allows attackers to cause a denial of service - * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The - function sqlite3Select in select.c allows a crash if a - sub-select uses both DISTINCT and window functions, and also - has certain ORDER BY usage - * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator - vulnerability - * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of - collation-sequence names - -- Fix build on SLE-12 and remove the following patches from there - which are all upstream: - * sqlite3-CVE-2017-10989.patch - * sqlite3-CVE-2017-2518.patch, - * sqlite3-CVE-2018-20346.patch, - * sqlite3-CVE-2018-8740.patch, - * sqlite3-CVE-2019-16168.patch, - * sqlite3-CVE-2019-8457.patch, - * sqlite3-journal-file.patch, - * sqlite3-xFetch-null.patch, - * sqlite3-CVE-2016-6153.patch - * The addition of these patches was also merged into the history - of Factory for log consistency reasons although they never - existed there, because Factory was always updated to a fixed - version instead of adding a patch. +- Fix build on SLE-12 ------------------------------------------------------------------- Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger @@ -337,13 +277,6 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns function, exposed when running testsuite on i586: + sqlite3-avoid-truncation-error.patch -------------------------------------------------------------------- -Wed Nov 6 12:33:37 UTC 2019 - Reinhard Max - -- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch: - A use-after-free bug in the query optimizer may cause a buffer - overflow and application crash via a crafted SQL statement. - ------------------------------------------------------------------- Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger @@ -412,13 +345,6 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez + Add the long-standing ".testctrl" command to the ".help" menu. + Added the ".dbconfig" command -------------------------------------------------------------------- -Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max - -- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap - out-of-bound read in the rtreenode() function when handling - invalid rtree tables. - ------------------------------------------------------------------- Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max @@ -436,21 +362,6 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. -------------------------------------------------------------------- -Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max - -- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch: - getNodeSize function in ext/rtree/rtree.c issues -- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch: - Databases whose schema is corrupted using a CREATE TABLE AS - statement could cause a NULL pointer dereference. - -------------------------------------------------------------------- -Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max - -- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch: - Fix remote code execution vulnerability in FTS3 (Magellan). - ------------------------------------------------------------------- Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger @@ -467,8 +378,6 @@ Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger of the SQLite library itself * Increased robustness against malicious SQL that is run against a maliciously corrupted database - * CVE-2018-20346, bsc#1119687: remote code execution - vulnerability in FTS3 (Magellan). - drop sqlite3-btree02-100.patch ------------------------------------------------------------------- @@ -816,12 +725,6 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com to avoid excess stack usage in the recursive descent parser. Fix for ticket 981329adeef51011052. -------------------------------------------------------------------- -Tue Apr 4 12:46:31 UTC 2017 - max@suse.com - -- Avoid calling sqlite3OsFetch() on a file-handle for which the - xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch). - ------------------------------------------------------------------- Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com @@ -918,12 +821,6 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com * Ensure that the sqlite3_blob_reopen() interface can correctly handle short rows. Fix for ticket e6e962d6b0f06f46e. -------------------------------------------------------------------- -Mon Jan 16 13:08:11 UTC 2017 - max@suse.com - -- Fix a segfault in the in-memory journal logic (bsc#1019518, - sqlite3-journal-file.patch). - ------------------------------------------------------------------- Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com @@ -1131,12 +1028,6 @@ Tue Aug 2 11:00:30 UTC 2016 - tchvatal@suse.com - Reduce the conditions a bit and sort with spec-cleaner - Remove condition for old sle10 ppc machines -------------------------------------------------------------------- -Tue Jul 5 15:51:09 UTC 2016 - max@suse.com - -- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153, - sqlite3-CVE-2016-6153.patch). - ------------------------------------------------------------------- Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com @@ -1385,11 +1276,6 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com analyzed. * sqlite3_memory_alarm() no-op. -------------------------------------------------------------------- -Tue Aug 11 09:20:25 UTC 2015 - max@suse.com -- Submit Factory package to SLE12-SP1 to enable the unlock notify - API (fate#317928). - ------------------------------------------------------------------- Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com From 291d62e19109f96f32099f7603f2a85a92f59bf6803aba4f07b2675820f8b484 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Tue, 20 Apr 2021 08:14:11 +0000 Subject: [PATCH 6/7] Accepting request 886908 from home:dirkmueller:Factory - use https urls OBS-URL: https://build.opensuse.org/request/show/886908 OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=266 --- sqlite3.changes | 5 +++++ sqlite3.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/sqlite3.changes b/sqlite3.changes index 9401a76..a20392a 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -3,6 +3,11 @@ Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max - Fix build on SLE-12 +------------------------------------------------------------------- +Tue Apr 6 01:59:48 UTC 2021 - Dirk Müller + +- use https urls + ------------------------------------------------------------------- Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger diff --git a/sqlite3.spec b/sqlite3.spec index bc16fa9..a586efe 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -26,9 +26,9 @@ Summary: Embeddable SQL Database Engine License: SUSE-Public-Domain Group: Productivity/Databases/Servers URL: https://www.sqlite.org/ -Source0: http://www.sqlite.org/2021/sqlite-src-%{tarversion}.zip +Source0: https://www.sqlite.org/2021/sqlite-src-%{tarversion}.zip Source1: baselibs.conf -Source2: http://www.sqlite.org/2021/sqlite-doc-%{tarversion}.zip +Source2: https://www.sqlite.org/2021/sqlite-doc-%{tarversion}.zip BuildRequires: automake BuildRequires: libtool BuildRequires: pkgconfig From 4c5ecbbdea9ec2075d44ab8d96583fcd80b7c31448388c0bef0a00817e838ee4 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Wed, 21 Apr 2021 10:08:49 +0000 Subject: [PATCH 7/7] Accepting request 886927 from home:AndreasStieger:branches:server:database SQLite3 3.35.5 OBS-URL: https://build.opensuse.org/request/show/886927 OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=267 --- sqlite-doc-3350400.zip | 3 --- sqlite-doc-3350500.zip | 3 +++ sqlite-src-3350400.zip | 3 --- sqlite-src-3350500.zip | 3 +++ sqlite3.changes | 9 +++++++++ sqlite3.spec | 4 ++-- 6 files changed, 17 insertions(+), 8 deletions(-) delete mode 100644 sqlite-doc-3350400.zip create mode 100644 sqlite-doc-3350500.zip delete mode 100644 sqlite-src-3350400.zip create mode 100644 sqlite-src-3350500.zip diff --git a/sqlite-doc-3350400.zip b/sqlite-doc-3350400.zip deleted file mode 100644 index e402597..0000000 --- a/sqlite-doc-3350400.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d001f9581d9858a37bf0f86007d6c103659ca9fc07414bbc965f94df43720c27 -size 10206227 diff --git a/sqlite-doc-3350500.zip b/sqlite-doc-3350500.zip new file mode 100644 index 0000000..ba5a9a6 --- /dev/null +++ b/sqlite-doc-3350500.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:098257e33eb50254cccd31333b09eeafd5843fdd446e1c856c4b48b758573cb9 +size 10205830 diff --git a/sqlite-src-3350400.zip b/sqlite-src-3350400.zip deleted file mode 100644 index ef83680..0000000 --- a/sqlite-src-3350400.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:77007915a87ccc8a653d5f3d2d3a3cca89807641965c2a6e2958bea964ea02a4 -size 12818802 diff --git a/sqlite-src-3350500.zip b/sqlite-src-3350500.zip new file mode 100644 index 0000000..65b0c20 --- /dev/null +++ b/sqlite-src-3350500.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4beeca5595c33ab5031a920d9c9fd65fe693bad2b16320c3a6a6950e66d3b11 +size 12819198 diff --git a/sqlite3.changes b/sqlite3.changes index a20392a..e33332d 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Apr 20 08:52:23 UTC 2021 - Andreas Stieger + +- SQLite3 3.35.5: + * Fix defects in the new ALTER TABLE DROP COLUMN feature that + could corrupt the database file + * Fix an obscure query optimizer problem that might cause an + incorrect query result + ------------------------------------------------------------------- Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max diff --git a/sqlite3.spec b/sqlite3.spec index a586efe..a1f55b4 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -17,10 +17,10 @@ %define oname sqlite -%define tarversion 3350400 +%define tarversion 3350500 %bcond_with icu Name: sqlite3 -Version: 3.35.4 +Version: 3.35.5 Release: 0 Summary: Embeddable SQL Database Engine License: SUSE-Public-Domain