diff options
author | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-04 11:09:25 -0600 |
---|---|---|
committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-04 11:09:25 -0600 |
commit | 26d2a0e1d294cc9dd89f65e291a59b4a1a471a5c (patch) | |
tree | 9607b5626267fa2159cec1e8d7f3e28313a6ee93 | |
parent | 4970f1f1c08d395a59bcdd0b1be81b6f4229f7dd (diff) |
main/sqlite: add mitigations for CVE-2021-20227 and CVE-2020-15358
-rw-r--r-- | main/sqlite/APKBUILD | 15 | ||||
-rw-r--r-- | main/sqlite/CVE-2020-15358.patch | 39 | ||||
-rw-r--r-- | main/sqlite/CVE-2021-20227.patch | 14 |
3 files changed, 65 insertions, 3 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index 09eca93f43e..c5300f157e0 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -3,7 +3,7 @@ pkgname=sqlite # NOTE: pkgver needs to correspond with sqlite-tcl pkgver=3.32.1 -pkgrel=0 +pkgrel=1 pkgdesc="C library that implements an SQL database engine" url="https://www.sqlite.org/" arch="all" @@ -30,9 +30,14 @@ _ver=${_a}${_b}${_c}$_d builddir="$srcdir/$pkgname-autoconf-$_ver" source="https://www.sqlite.org/2020/sqlite-autoconf-$_ver.tar.gz license.txt + CVE-2021-20227.patch + CVE-2020-15358.patch " # secfixes: +# 3.32.1-r1: +# - CVE-2021-20227 +# - CVE-2020-15358 # 3.32.1-r0: # - CVE-2020-13434 # - CVE-2020-13435 @@ -120,5 +125,9 @@ static() { mv "$pkgdir"/usr/lib/lib*.a "$subpkgdir"/usr/lib/ } -sha512sums="37d14f2dc2fc971dad2e2968408bd9cbe9014e823d7043db9e694f87d991933d5ccb9f20774c3c86360a85d0ad0df7f60ebe55b96b6beef1144a4fa676ff8453 sqlite-autoconf-3320100.tar.gz -5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt" +sha512sums=" +37d14f2dc2fc971dad2e2968408bd9cbe9014e823d7043db9e694f87d991933d5ccb9f20774c3c86360a85d0ad0df7f60ebe55b96b6beef1144a4fa676ff8453 sqlite-autoconf-3320100.tar.gz +5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt +76b76b35a873e96b52091dc205c02f0420617086d69bdab95683059c2d3d84b47488744325056e060fb46e2234e35b4dde210f6d1c1466548888c4a91358f26b CVE-2021-20227.patch +799384113558cfef987c85da448a41e6ead33910a89e8f43fa04ead0dff0777acaf1ed7c6e0137ae038e4e12680c8f0c732010eb54f9eaf3869101a3968a0c77 CVE-2020-15358.patch +" diff --git a/main/sqlite/CVE-2020-15358.patch b/main/sqlite/CVE-2020-15358.patch new file mode 100644 index 00000000000..f0ed328b1fb --- /dev/null +++ b/main/sqlite/CVE-2020-15358.patch @@ -0,0 +1,39 @@ +diff -urN sqlite-autoconf-3320100.orig/sqlite3.c sqlite-autoconf-3320100/sqlite3.c +--- sqlite-autoconf-3320100.orig/sqlite3.c 2021-06-04 11:03:34.785436848 -0600 ++++ sqlite-autoconf-3320100/sqlite3.c 2021-06-04 11:06:04.846271391 -0600 +@@ -18462,6 +18462,7 @@ + #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */ + #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */ + #define SF_View 0x0200000 /* SELECT statement is a view */ ++#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */ + + /* + ** The results of a SELECT can be distributed in several ways, as defined +@@ -131551,9 +131552,7 @@ + selectOpName(p->op))); + rc = sqlite3Select(pParse, p, &uniondest); + testcase( rc!=SQLITE_OK ); +- /* Query flattening in sqlite3Select() might refill p->pOrderBy. +- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */ +- sqlite3ExprListDelete(db, p->pOrderBy); ++ assert( p->pOrderBy==0 ); + pDelete = p->pPrior; + p->pPrior = pPrior; + p->pOrderBy = 0; +@@ -132939,7 +132938,7 @@ + ** We look at every expression in the outer query and every place we see + ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10". + */ +- if( pSub->pOrderBy ){ ++ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){ + /* At this point, any non-zero iOrderByCol values indicate that the + ** ORDER BY column expression is identical to the iOrderByCol'th + ** expression returned by SELECT statement pSub. Since these values +@@ -134623,6 +134622,7 @@ + sqlite3ExprListDelete(db, p->pOrderBy); + p->pOrderBy = 0; + p->selFlags &= ~SF_Distinct; ++ p->selFlags |= SF_NoopOrderBy; + } + sqlite3SelectPrep(pParse, p, 0); + if( pParse->nErr || db->mallocFailed ){ diff --git a/main/sqlite/CVE-2021-20227.patch b/main/sqlite/CVE-2021-20227.patch new file mode 100644 index 00000000000..7c8132f3ab3 --- /dev/null +++ b/main/sqlite/CVE-2021-20227.patch @@ -0,0 +1,14 @@ +diff -urN sqlite-autoconf-3320100.orig/sqlite3.c sqlite-autoconf-3320100/sqlite3.c +--- sqlite-autoconf-3320100.orig/sqlite3.c 2021-06-04 10:59:22.370699672 -0600 ++++ sqlite-autoconf-3320100/sqlite3.c 2021-06-04 11:00:27.537728782 -0600 +@@ -134387,7 +134387,9 @@ + static int havingToWhereExprCb(Walker *pWalker, Expr *pExpr){ + if( pExpr->op!=TK_AND ){ + Select *pS = pWalker->u.pSelect; +- if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ){ ++ if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ++ && ExprAlwaysFalse(pExpr)==0 ++ ){ + sqlite3 *db = pWalker->pParse->db; + Expr *pNew = sqlite3Expr(db, TK_INTEGER, "1"); + if( pNew ){ |