From 989c4161c97749853974405c2fca81f6a0b17fb297e57919ec50e1dd5258f7e4 Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Tue, 13 Dec 2022 16:12:14 +0000
Subject: [PATCH] - bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:  
 relying on --safe for execution of an untrusted CLI script

OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=301
---
 sqlite-CVE-2022-46908.patch | 56 +++++++++++++++++++++++++++++++++++++
 sqlite3.changes             |  6 ++++
 sqlite3.spec                |  4 ++-
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 sqlite-CVE-2022-46908.patch

diff --git a/sqlite-CVE-2022-46908.patch b/sqlite-CVE-2022-46908.patch
new file mode 100644
index 0000000..719fcb0
--- /dev/null
+++ b/sqlite-CVE-2022-46908.patch
@@ -0,0 +1,56 @@
+Index: src/shell.c.in
+==================================================================
+--- src/shell.c.in
++++ src/shell.c.in
+@@ -1878,11 +1878,11 @@
+     "readfile",
+     "writefile",
+     "zipfile",
+     "zipfile_cds",
+   };
+-  UNUSED_PARAMETER(zA2);
++  UNUSED_PARAMETER(zA1);
+   UNUSED_PARAMETER(zA3);
+   UNUSED_PARAMETER(zA4);
+   switch( op ){
+     case SQLITE_ATTACH: {
+ #ifndef SQLITE_SHELL_FIDDLE
+@@ -1893,11 +1893,11 @@
+       break;
+     }
+     case SQLITE_FUNCTION: {
+       int i;
+       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
+-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
++        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
+           failIfSafeMode(p, "cannot use the %s() function in safe mode",
+                          azProhibitedFunctions[i]);
+         }
+       }
+       break;
+
+Index: test/shell2.test
+==================================================================
+--- test/shell2.test
++++ test/shell2.test
+@@ -188,7 +188,19 @@
+   catchcmd ":memory:" {
+  SELECT 'unclosed;}
+ } {1 {Parse error near line 2: unrecognized token: "'unclosed;"
+   SELECT 'unclosed;
+          ^--- error here}}
++
++# Verify that safe mode rejects certain UDFs
++# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
++do_test shell2-1.4.8 {
++  catchcmd "-safe :memory:" {
++ SELECT edit('DoNotCare');}
++} {1 {line 2: cannot use the edit() function in safe mode}}
++do_test shell2-1.4.9 {
++  catchcmd "-safe :memory:" {
++ SELECT writefile('DoNotCare', x'');}
++} {1 {line 2: cannot use the writefile() function in safe mode}}
++
+ 
+ finish_test
+
diff --git a/sqlite3.changes b/sqlite3.changes
index 65c2bb9..4e14d3d 100644
--- a/sqlite3.changes
+++ b/sqlite3.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <max@suse.com>
+
+- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
+  relying on --safe for execution of an untrusted CLI script
+
 -------------------------------------------------------------------
 Thu Nov 17 09:24:02 UTC 2022 - Reinhard Max <max@suse.com>
 
diff --git a/sqlite3.spec b/sqlite3.spec
index fa74f23..1cc82dc 100644
--- a/sqlite3.spec
+++ b/sqlite3.spec
@@ -31,6 +31,7 @@ Source0:        https://www.sqlite.org/2022/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip
 Patch0:         sqlite-src-3390000-func7-pg-181.patch
+Patch1:         sqlite-CVE-2022-46908.patch
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -128,7 +129,8 @@ other documentation found on sqlite.org. The files can be found in
 
 %prep
 %setup -q -n sqlite-src-%{tarversion} -a2
-%autopatch -p1
+%patch0 -p1
+%patch1
 
 rm -v sqlite-doc-%{tarversion}/releaselog/current.html
 ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html