- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:

relying on --safe for execution of an untrusted CLI script OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=301
2022-12-13 16:12:14 +00:00 · 2022-12-13 16:12:14 +00:00 · 989c4161c9
commit 989c4161c9
parent a5f1dd051c
3 changed files with 65 additions and 1 deletions
--- a/sqlite-CVE-2022-46908.patch
+++ b/sqlite-CVE-2022-46908.patch
@ -0,0 +1,56 @@
+Index: src/shell.c.in
+==================================================================
+--- src/shell.c.in
+++ src/shell.c.in
+@@ -1878,11 +1878,11 @@
+     "readfile",
+     "writefile",
+     "zipfile",
+     "zipfile_cds",
+   };
+-  UNUSED_PARAMETER(zA2);
+  UNUSED_PARAMETER(zA1);
+   UNUSED_PARAMETER(zA3);
+   UNUSED_PARAMETER(zA4);
+   switch( op ){
+     case SQLITE_ATTACH: {
+ #ifndef SQLITE_SHELL_FIDDLE
+@@ -1893,11 +1893,11 @@
+       break;
+     }
+     case SQLITE_FUNCTION: {
+       int i;
+       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
+-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
+        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
+           failIfSafeMode(p, "cannot use the %s() function in safe mode",
+                          azProhibitedFunctions[i]);
+         }
+       }
+       break;
+
+Index: test/shell2.test
+==================================================================
+--- test/shell2.test
+++ test/shell2.test
+@@ -188,7 +188,19 @@
+   catchcmd ":memory:" {
+  SELECT 'unclosed;}
+ } {1 {Parse error near line 2: unrecognized token: "'unclosed;"
+   SELECT 'unclosed;
+          ^--- error here}}
+
+# Verify that safe mode rejects certain UDFs
+# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
+do_test shell2-1.4.8 {
+  catchcmd "-safe :memory:" {
+ SELECT edit('DoNotCare');}
+} {1 {line 2: cannot use the edit() function in safe mode}}
+do_test shell2-1.4.9 {
+  catchcmd "-safe :memory:" {
+ SELECT writefile('DoNotCare', x'');}
+} {1 {line 2: cannot use the writefile() function in safe mode}}
+
+ 
+ finish_test
+
--- a/sqlite3.changes
+++ b/sqlite3.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <max@suse.com>
+
+- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
+  relying on --safe for execution of an untrusted CLI script
+
 -------------------------------------------------------------------
 Thu Nov 17 09:24:02 UTC 2022 - Reinhard Max <max@suse.com>

--- a/sqlite3.spec
+++ b/sqlite3.spec
@ -31,6 +31,7 @@ Source0:        https://www.sqlite.org/2022/sqlite-src-%{tarversion}.zip
 Source1:        baselibs.conf
 Source2:        https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip
 Patch0:         sqlite-src-3390000-func7-pg-181.patch
+Patch1:         sqlite-CVE-2022-46908.patch
 BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -128,7 +129,8 @@ other documentation found on sqlite.org. The files can be found in

 %prep
 %setup -q -n sqlite-src-%{tarversion} -a2
-%autopatch -p1
+%patch0 -p1
+%patch1

 rm -v sqlite-doc-%{tarversion}/releaselog/current.html
 ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html