aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-06-04 11:09:25 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-06-04 11:09:25 -0600
commit26d2a0e1d294cc9dd89f65e291a59b4a1a471a5c (patch)
tree9607b5626267fa2159cec1e8d7f3e28313a6ee93
parent4970f1f1c08d395a59bcdd0b1be81b6f4229f7dd (diff)
main/sqlite: add mitigations for CVE-2021-20227 and CVE-2020-15358
-rw-r--r--main/sqlite/APKBUILD15
-rw-r--r--main/sqlite/CVE-2020-15358.patch39
-rw-r--r--main/sqlite/CVE-2021-20227.patch14
3 files changed, 65 insertions, 3 deletions
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD
index 09eca93f43e..c5300f157e0 100644
--- a/main/sqlite/APKBUILD
+++ b/main/sqlite/APKBUILD
@@ -3,7 +3,7 @@
pkgname=sqlite
# NOTE: pkgver needs to correspond with sqlite-tcl
pkgver=3.32.1
-pkgrel=0
+pkgrel=1
pkgdesc="C library that implements an SQL database engine"
url="https://www.sqlite.org/"
arch="all"
@@ -30,9 +30,14 @@ _ver=${_a}${_b}${_c}$_d
builddir="$srcdir/$pkgname-autoconf-$_ver"
source="https://www.sqlite.org/2020/sqlite-autoconf-$_ver.tar.gz
license.txt
+ CVE-2021-20227.patch
+ CVE-2020-15358.patch
"
# secfixes:
+# 3.32.1-r1:
+# - CVE-2021-20227
+# - CVE-2020-15358
# 3.32.1-r0:
# - CVE-2020-13434
# - CVE-2020-13435
@@ -120,5 +125,9 @@ static() {
mv "$pkgdir"/usr/lib/lib*.a "$subpkgdir"/usr/lib/
}
-sha512sums="37d14f2dc2fc971dad2e2968408bd9cbe9014e823d7043db9e694f87d991933d5ccb9f20774c3c86360a85d0ad0df7f60ebe55b96b6beef1144a4fa676ff8453 sqlite-autoconf-3320100.tar.gz
-5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt"
+sha512sums="
+37d14f2dc2fc971dad2e2968408bd9cbe9014e823d7043db9e694f87d991933d5ccb9f20774c3c86360a85d0ad0df7f60ebe55b96b6beef1144a4fa676ff8453 sqlite-autoconf-3320100.tar.gz
+5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt
+76b76b35a873e96b52091dc205c02f0420617086d69bdab95683059c2d3d84b47488744325056e060fb46e2234e35b4dde210f6d1c1466548888c4a91358f26b CVE-2021-20227.patch
+799384113558cfef987c85da448a41e6ead33910a89e8f43fa04ead0dff0777acaf1ed7c6e0137ae038e4e12680c8f0c732010eb54f9eaf3869101a3968a0c77 CVE-2020-15358.patch
+"
diff --git a/main/sqlite/CVE-2020-15358.patch b/main/sqlite/CVE-2020-15358.patch
new file mode 100644
index 00000000000..f0ed328b1fb
--- /dev/null
+++ b/main/sqlite/CVE-2020-15358.patch
@@ -0,0 +1,39 @@
+diff -urN sqlite-autoconf-3320100.orig/sqlite3.c sqlite-autoconf-3320100/sqlite3.c
+--- sqlite-autoconf-3320100.orig/sqlite3.c 2021-06-04 11:03:34.785436848 -0600
++++ sqlite-autoconf-3320100/sqlite3.c 2021-06-04 11:06:04.846271391 -0600
+@@ -18462,6 +18462,7 @@
+ #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */
+ #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */
+ #define SF_View 0x0200000 /* SELECT statement is a view */
++#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
+
+ /*
+ ** The results of a SELECT can be distributed in several ways, as defined
+@@ -131551,9 +131552,7 @@
+ selectOpName(p->op)));
+ rc = sqlite3Select(pParse, p, &uniondest);
+ testcase( rc!=SQLITE_OK );
+- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
+- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
+- sqlite3ExprListDelete(db, p->pOrderBy);
++ assert( p->pOrderBy==0 );
+ pDelete = p->pPrior;
+ p->pPrior = pPrior;
+ p->pOrderBy = 0;
+@@ -132939,7 +132938,7 @@
+ ** We look at every expression in the outer query and every place we see
+ ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
+ */
+- if( pSub->pOrderBy ){
++ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
+ /* At this point, any non-zero iOrderByCol values indicate that the
+ ** ORDER BY column expression is identical to the iOrderByCol'th
+ ** expression returned by SELECT statement pSub. Since these values
+@@ -134623,6 +134622,7 @@
+ sqlite3ExprListDelete(db, p->pOrderBy);
+ p->pOrderBy = 0;
+ p->selFlags &= ~SF_Distinct;
++ p->selFlags |= SF_NoopOrderBy;
+ }
+ sqlite3SelectPrep(pParse, p, 0);
+ if( pParse->nErr || db->mallocFailed ){
diff --git a/main/sqlite/CVE-2021-20227.patch b/main/sqlite/CVE-2021-20227.patch
new file mode 100644
index 00000000000..7c8132f3ab3
--- /dev/null
+++ b/main/sqlite/CVE-2021-20227.patch
@@ -0,0 +1,14 @@
+diff -urN sqlite-autoconf-3320100.orig/sqlite3.c sqlite-autoconf-3320100/sqlite3.c
+--- sqlite-autoconf-3320100.orig/sqlite3.c 2021-06-04 10:59:22.370699672 -0600
++++ sqlite-autoconf-3320100/sqlite3.c 2021-06-04 11:00:27.537728782 -0600
+@@ -134387,7 +134387,9 @@
+ static int havingToWhereExprCb(Walker *pWalker, Expr *pExpr){
+ if( pExpr->op!=TK_AND ){
+ Select *pS = pWalker->u.pSelect;
+- if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ){
++ if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy)
++ && ExprAlwaysFalse(pExpr)==0
++ ){
+ sqlite3 *db = pWalker->pParse->db;
+ Expr *pNew = sqlite3Expr(db, TK_INTEGER, "1");
+ if( pNew ){