1 |
commit: f97d093bbdf3d3b6057a3743c4f9f541e51fd435 |
2 |
Author: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org> |
3 |
AuthorDate: Mon Mar 9 16:30:41 2020 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Mar 9 19:26:42 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f97d093b |
7 |
|
8 |
dev-db/sqlite: Security fixes. |
9 |
|
10 |
Bug: https://bugs.gentoo.org/711526 |
11 |
Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org> |
12 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
13 |
|
14 |
...sqlite-3.31.1-full_archive-security_fixes.patch | 163 +++++++++++++++++++++ |
15 |
...ite-3.31.1-nonfull_archive-security_fixes.patch | 112 ++++++++++++++ |
16 |
dev-db/sqlite/sqlite-3.31.1.ebuild | 2 + |
17 |
3 files changed, 277 insertions(+) |
18 |
|
19 |
diff --git a/dev-db/sqlite/files/sqlite-3.31.1-full_archive-security_fixes.patch b/dev-db/sqlite/files/sqlite-3.31.1-full_archive-security_fixes.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..c0bb7144a67 |
22 |
--- /dev/null |
23 |
+++ b/dev-db/sqlite/files/sqlite-3.31.1-full_archive-security_fixes.patch |
24 |
@@ -0,0 +1,163 @@ |
25 |
+https://sqlite.org/cgi/src/info/9d0d4ab95dc0c56e |
26 |
+https://sqlite.org/cgi/src/info/abc473fb8fb99900 |
27 |
+https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5 |
28 |
+https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14 |
29 |
+https://sqlite.org/cgi/src/info/14d14eb537075c6a |
30 |
+https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6 |
31 |
+ |
32 |
+--- /src/expr.c |
33 |
++++ /src/expr.c |
34 |
+@@ -5463,19 +5463,25 @@ |
35 |
+ case TK_LT: |
36 |
+ case TK_LE: |
37 |
+ case TK_GT: |
38 |
+- case TK_GE: |
39 |
++ case TK_GE: { |
40 |
++ Expr *pLeft = pExpr->pLeft; |
41 |
++ Expr *pRight = pExpr->pRight; |
42 |
+ testcase( pExpr->op==TK_EQ ); |
43 |
+ testcase( pExpr->op==TK_NE ); |
44 |
+ testcase( pExpr->op==TK_LT ); |
45 |
+ testcase( pExpr->op==TK_LE ); |
46 |
+ testcase( pExpr->op==TK_GT ); |
47 |
+ testcase( pExpr->op==TK_GE ); |
48 |
+- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) |
49 |
+- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) |
50 |
++ /* The y.pTab=0 assignment in wherecode.c always happens after the |
51 |
++ ** impliesNotNullRow() test */ |
52 |
++ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) |
53 |
++ && IsVirtual(pLeft->y.pTab)) |
54 |
++ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) |
55 |
++ && IsVirtual(pRight->y.pTab)) |
56 |
+ ){ |
57 |
+- return WRC_Prune; |
58 |
++ return WRC_Prune; |
59 |
+ } |
60 |
+- |
61 |
++ } |
62 |
+ default: |
63 |
+ return WRC_Continue; |
64 |
+ } |
65 |
+--- /src/resolve.c |
66 |
++++ /src/resolve.c |
67 |
+@@ -1051,7 +1051,7 @@ |
68 |
+ assert( !ExprHasProperty(pExpr, EP_Reduced) ); |
69 |
+ /* Handle special cases of "x IS TRUE", "x IS FALSE", "x IS NOT TRUE", |
70 |
+ ** and "x IS NOT FALSE". */ |
71 |
+- if( pRight->op==TK_ID ){ |
72 |
++ if( pRight && pRight->op==TK_ID ){ |
73 |
+ int rc = resolveExprStep(pWalker, pRight); |
74 |
+ if( rc==WRC_Abort ) return WRC_Abort; |
75 |
+ if( pRight->op==TK_TRUEFALSE ){ |
76 |
+--- /src/select.c |
77 |
++++ /src/select.c |
78 |
+@@ -2806,6 +2806,7 @@ |
79 |
+ /* Generate code to take the intersection of the two temporary |
80 |
+ ** tables. |
81 |
+ */ |
82 |
++ if( rc ) break; |
83 |
+ assert( p->pEList ); |
84 |
+ iBreak = sqlite3VdbeMakeLabel(pParse); |
85 |
+ iCont = sqlite3VdbeMakeLabel(pParse); |
86 |
+@@ -5148,7 +5149,7 @@ |
87 |
+ pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); |
88 |
+ sqlite3TokenInit(&sColname, zColname); |
89 |
+ sqlite3ExprListSetName(pParse, pNew, &sColname, 0); |
90 |
+- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ |
91 |
++ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){ |
92 |
+ struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; |
93 |
+ sqlite3DbFree(db, pX->zEName); |
94 |
+ if( pSub ){ |
95 |
+--- /src/sqliteInt.h |
96 |
++++ /src/sqliteInt.h |
97 |
+@@ -2153,8 +2153,11 @@ |
98 |
+ */ |
99 |
+ #ifndef SQLITE_OMIT_VIRTUALTABLE |
100 |
+ # define IsVirtual(X) ((X)->nModuleArg) |
101 |
++# define ExprIsVtab(X) \ |
102 |
++ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) |
103 |
+ #else |
104 |
+ # define IsVirtual(X) 0 |
105 |
++# define ExprIsVtab(X) 0 |
106 |
+ #endif |
107 |
+ |
108 |
+ /* |
109 |
+--- /src/whereexpr.c |
110 |
++++ /src/whereexpr.c |
111 |
+@@ -377,7 +377,8 @@ |
112 |
+ ** MATCH(expression,vtab_column) |
113 |
+ */ |
114 |
+ pCol = pList->a[1].pExpr; |
115 |
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ |
116 |
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); |
117 |
++ if( ExprIsVtab(pCol) ){ |
118 |
+ for(i=0; i<ArraySize(aOp); i++){ |
119 |
+ if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ |
120 |
+ *peOp2 = aOp[i].eOp2; |
121 |
+@@ -399,7 +400,8 @@ |
122 |
+ ** with function names in an arbitrary case. |
123 |
+ */ |
124 |
+ pCol = pList->a[0].pExpr; |
125 |
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ |
126 |
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); |
127 |
++ if( ExprIsVtab(pCol) ){ |
128 |
+ sqlite3_vtab *pVtab; |
129 |
+ sqlite3_module *pMod; |
130 |
+ void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); |
131 |
+@@ -422,10 +424,12 @@ |
132 |
+ int res = 0; |
133 |
+ Expr *pLeft = pExpr->pLeft; |
134 |
+ Expr *pRight = pExpr->pRight; |
135 |
+- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ |
136 |
++ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); |
137 |
++ if( ExprIsVtab(pLeft) ){ |
138 |
+ res++; |
139 |
+ } |
140 |
+- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ |
141 |
++ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); |
142 |
++ if( pRight && ExprIsVtab(pRight) ){ |
143 |
+ res++; |
144 |
+ SWAP(Expr*, pLeft, pRight); |
145 |
+ } |
146 |
+--- /test/altertab.test |
147 |
++++ /test/altertab.test |
148 |
+@@ -613,4 +613,21 @@ |
149 |
+ SELECT sql FROM sqlite_master; |
150 |
+ } {{CREATE TABLE t0 (c1 INTEGER, PRIMARY KEY(c1))}} |
151 |
+ |
152 |
++# 2020-02-23 ticket f50af3e8a565776b |
153 |
++reset_db |
154 |
++do_execsql_test 19.100 { |
155 |
++ CREATE TABLE t1(x); |
156 |
++ CREATE VIEW t2 AS SELECT 1 FROM t1, (t1 AS a0, t1); |
157 |
++ ALTER TABLE t1 RENAME TO t3; |
158 |
++ SELECT sql FROM sqlite_master; |
159 |
++} {{CREATE TABLE "t3"(x)} {CREATE VIEW t2 AS SELECT 1 FROM "t3", ("t3" AS a0, "t3")}} |
160 |
++do_execsql_test 19.110 { |
161 |
++ INSERT INTO t3(x) VALUES(123); |
162 |
++ SELECT * FROM t2; |
163 |
++} {1} |
164 |
++do_execsql_test 19.120 { |
165 |
++ INSERT INTO t3(x) VALUES('xyz'); |
166 |
++ SELECT * FROM t2; |
167 |
++} {1 1 1 1 1 1 1 1} |
168 |
++ |
169 |
+ finish_test |
170 |
+--- /test/windowfault.test |
171 |
++++ /test/windowfault.test |
172 |
+@@ -263,4 +263,15 @@ |
173 |
+ faultsim_test_result {0 {}} |
174 |
+ } |
175 |
+ |
176 |
++do_faultsim_test 11 -faults oom* -prep { |
177 |
++} -body { |
178 |
++ execsql { |
179 |
++ VALUES(false),(current_date collate binary) |
180 |
++ intersect |
181 |
++ values(count() not like group_concat(cast(cast(0e00 as text) as integer) <= NULL || 0.4e-0 || 0x8 & true ) over () collate rtrim); |
182 |
++ } |
183 |
++} -test { |
184 |
++ faultsim_test_result {0 {}} |
185 |
++} |
186 |
++ |
187 |
+ finish_test |
188 |
|
189 |
diff --git a/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch b/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch |
190 |
new file mode 100644 |
191 |
index 00000000000..3bbbbf7c8dd |
192 |
--- /dev/null |
193 |
+++ b/dev-db/sqlite/files/sqlite-3.31.1-nonfull_archive-security_fixes.patch |
194 |
@@ -0,0 +1,112 @@ |
195 |
+https://sqlite.org/cgi/src/info/9d0d4ab95dc0c56e |
196 |
+https://sqlite.org/cgi/src/info/abc473fb8fb99900 |
197 |
+https://sqlite.org/cgi/src/info/5aeb5a2d295e10d5 |
198 |
+https://sqlite.org/cgi/src/info/a67cf5b7d37d5b14 |
199 |
+https://sqlite.org/cgi/src/info/c431b3fd8fd0f6a6 |
200 |
+ |
201 |
+--- /sqlite3.c |
202 |
++++ /sqlite3.c |
203 |
+@@ -17428,8 +17428,11 @@ |
204 |
+ */ |
205 |
+ #ifndef SQLITE_OMIT_VIRTUALTABLE |
206 |
+ # define IsVirtual(X) ((X)->nModuleArg) |
207 |
++# define ExprIsVtab(X) \ |
208 |
++ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) |
209 |
+ #else |
210 |
+ # define IsVirtual(X) 0 |
211 |
++# define ExprIsVtab(X) 0 |
212 |
+ #endif |
213 |
+ |
214 |
+ /* |
215 |
+@@ -97816,7 +97819,7 @@ |
216 |
+ assert( !ExprHasProperty(pExpr, EP_Reduced) ); |
217 |
+ /* Handle special cases of "x IS TRUE", "x IS FALSE", "x IS NOT TRUE", |
218 |
+ ** and "x IS NOT FALSE". */ |
219 |
+- if( pRight->op==TK_ID ){ |
220 |
++ if( pRight && pRight->op==TK_ID ){ |
221 |
+ int rc = resolveExprStep(pWalker, pRight); |
222 |
+ if( rc==WRC_Abort ) return WRC_Abort; |
223 |
+ if( pRight->op==TK_TRUEFALSE ){ |
224 |
+@@ -104133,19 +104136,25 @@ |
225 |
+ case TK_LT: |
226 |
+ case TK_LE: |
227 |
+ case TK_GT: |
228 |
+- case TK_GE: |
229 |
++ case TK_GE: { |
230 |
++ Expr *pLeft = pExpr->pLeft; |
231 |
++ Expr *pRight = pExpr->pRight; |
232 |
+ testcase( pExpr->op==TK_EQ ); |
233 |
+ testcase( pExpr->op==TK_NE ); |
234 |
+ testcase( pExpr->op==TK_LT ); |
235 |
+ testcase( pExpr->op==TK_LE ); |
236 |
+ testcase( pExpr->op==TK_GT ); |
237 |
+ testcase( pExpr->op==TK_GE ); |
238 |
+- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) |
239 |
+- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) |
240 |
++ /* The y.pTab=0 assignment in wherecode.c always happens after the |
241 |
++ ** impliesNotNullRow() test */ |
242 |
++ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) |
243 |
++ && IsVirtual(pLeft->y.pTab)) |
244 |
++ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) |
245 |
++ && IsVirtual(pRight->y.pTab)) |
246 |
+ ){ |
247 |
+- return WRC_Prune; |
248 |
++ return WRC_Prune; |
249 |
+ } |
250 |
+- |
251 |
++ } |
252 |
+ default: |
253 |
+ return WRC_Continue; |
254 |
+ } |
255 |
+@@ -130673,6 +130682,7 @@ |
256 |
+ /* Generate code to take the intersection of the two temporary |
257 |
+ ** tables. |
258 |
+ */ |
259 |
++ if( rc ) break; |
260 |
+ assert( p->pEList ); |
261 |
+ iBreak = sqlite3VdbeMakeLabel(pParse); |
262 |
+ iCont = sqlite3VdbeMakeLabel(pParse); |
263 |
+@@ -133015,7 +133025,7 @@ |
264 |
+ pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); |
265 |
+ sqlite3TokenInit(&sColname, zColname); |
266 |
+ sqlite3ExprListSetName(pParse, pNew, &sColname, 0); |
267 |
+- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ |
268 |
++ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){ |
269 |
+ struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; |
270 |
+ sqlite3DbFree(db, pX->zEName); |
271 |
+ if( pSub ){ |
272 |
+@@ -142593,7 +142603,8 @@ |
273 |
+ ** MATCH(expression,vtab_column) |
274 |
+ */ |
275 |
+ pCol = pList->a[1].pExpr; |
276 |
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ |
277 |
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); |
278 |
++ if( ExprIsVtab(pCol) ){ |
279 |
+ for(i=0; i<ArraySize(aOp); i++){ |
280 |
+ if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ |
281 |
+ *peOp2 = aOp[i].eOp2; |
282 |
+@@ -142615,7 +142626,8 @@ |
283 |
+ ** with function names in an arbitrary case. |
284 |
+ */ |
285 |
+ pCol = pList->a[0].pExpr; |
286 |
+- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ |
287 |
++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); |
288 |
++ if( ExprIsVtab(pCol) ){ |
289 |
+ sqlite3_vtab *pVtab; |
290 |
+ sqlite3_module *pMod; |
291 |
+ void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); |
292 |
+@@ -142638,10 +142650,12 @@ |
293 |
+ int res = 0; |
294 |
+ Expr *pLeft = pExpr->pLeft; |
295 |
+ Expr *pRight = pExpr->pRight; |
296 |
+- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ |
297 |
++ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); |
298 |
++ if( ExprIsVtab(pLeft) ){ |
299 |
+ res++; |
300 |
+ } |
301 |
+- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ |
302 |
++ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); |
303 |
++ if( pRight && ExprIsVtab(pRight) ){ |
304 |
+ res++; |
305 |
+ SWAP(Expr*, pLeft, pRight); |
306 |
+ } |
307 |
|
308 |
diff --git a/dev-db/sqlite/sqlite-3.31.1.ebuild b/dev-db/sqlite/sqlite-3.31.1.ebuild |
309 |
index 13c2752f2c9..56401e10744 100644 |
310 |
--- a/dev-db/sqlite/sqlite-3.31.1.ebuild |
311 |
+++ b/dev-db/sqlite/sqlite-3.31.1.ebuild |
312 |
@@ -126,6 +126,7 @@ src_prepare() { |
313 |
if full_archive; then |
314 |
eapply "${FILESDIR}/${PN}-3.31.0-full_archive-build.patch" |
315 |
eapply "${FILESDIR}/${PN}-3.31.1-full_archive-architectures.patch" |
316 |
+ eapply "${FILESDIR}/${PN}-3.31.1-full_archive-security_fixes.patch" |
317 |
|
318 |
eapply_user |
319 |
|
320 |
@@ -135,6 +136,7 @@ src_prepare() { |
321 |
else |
322 |
eapply "${FILESDIR}/${PN}-3.25.0-nonfull_archive-build.patch" |
323 |
eapply "${FILESDIR}/${PN}-3.31.1-nonfull_archive-architectures.patch" |
324 |
+ eapply "${FILESDIR}/${PN}-3.31.1-nonfull_archive-security_fixes.patch" |
325 |
|
326 |
eapply_user |