main/sqlite: security fixes (CVE-2019-19242, CVE-2019-19244)

fixes #11015

3 files changed, 41 insertions, 2 deletions

diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD
index 36d27d5dd3..4fa92a78e1 100644
--- a/main/sqlite/APKBUILD
+++ b/main/sqlite/APKBUILD
@@ -2,7 +2,7 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 pkgname=sqlite
 pkgver=3.25.3
-pkgrel=2
+pkgrel=3
 pkgdesc="C library that implements an SQL database engine"
 url="http://www.sqlite.org"
 arch="all"
@@ -33,8 +33,15 @@ source="http://www.sqlite.org/2018/$pkgname-autoconf-$_ver.tar.gz
 	license.txt
 	CVE-2019-8457.patch
 	CVE-2019-16168.patch
+	CVE-2019-19242.patch
+	CVE-2019-19244.patch
 	"
 
+# secfixes:
+#   3.25.3-r3:
+#     - CVE-2019-19242
+#     - CVE-2019-19242
+
 # additional CFLAGS to set
 _amalgamation="-DSQLITE_ENABLE_FTS4 \
 	-DSQLITE_ENABLE_FTS3_PARENTHESIS \
@@ -98,4 +105,6 @@ libs() {
 sha512sums="5bc501d15367e097f4070185974b0c3a8246c06b205fb2258ed18870ff3fbf120ac5e0ba031a6744af89f7659206e28e7de2f0367bdb190b8412e453b43de4ba  sqlite-autoconf-3250300.tar.gz
 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9  license.txt
 ab795b18d5426ff9ccad20f413de4f46fce7b532ebbf72dfbafc7db2d2e46453541abe992535c7aea598ec69c8557b477008e58299e3426afd2e8ab458c859e4  CVE-2019-8457.patch
-19eb036e0d03543127a9ed67155522952cb7f3ce9da81ee49fba14a1c0bfc2cd0c86acab1b47b794043cac033959d861dce7ec97fca2293cb146a7ee1b83b8fa  CVE-2019-16168.patch"
+19eb036e0d03543127a9ed67155522952cb7f3ce9da81ee49fba14a1c0bfc2cd0c86acab1b47b794043cac033959d861dce7ec97fca2293cb146a7ee1b83b8fa  CVE-2019-16168.patch
+7fc69d4d9f38b1142d86d3061a4d0168c3eebda5771e07d71a127121d7770f436e361f3e1f11f9a037b2ce9687092c9e2c808719e6b45125b9d953c636f3f6ec  CVE-2019-19242.patch
+e7982014a62b4fa465918fd65384cec406ea09598f3e0511eb2b68f618983b2f29a932267397aff9b88b97367dc8e05c4074fa8e276e3f4294ac019df498a724  CVE-2019-19244.patch"
diff --git a/main/sqlite/CVE-2019-19242.patch b/main/sqlite/CVE-2019-19242.patch
new file mode 100644
index 0000000000..d4e9fab4f6
--- /dev/null
+++ b/main/sqlite/CVE-2019-19242.patch
@@ -0,0 +1,18 @@
+diff --git a/sqlite3.c b/sqlite3.c
+index c607252..968ffb0 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -99174,7 +99174,12 @@ expr_code_doover:
+         ** constant.
+         */
+         int iReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft,target);
+-        int aff = sqlite3TableColumnAffinity(pExpr->pTab, pExpr->iColumn);
++        int aff;
++        if( pExpr->pTab ){
++          aff = sqlite3TableColumnAffinity(pExpr->pTab, pExpr->iColumn);
++        }else{
++          aff = pExpr->affinity;
++        }
+         if( aff!=SQLITE_AFF_BLOB ){
+           static const char zAff[] = "B\000C\000D\000E";
+           assert( SQLITE_AFF_BLOB=='A' );
diff --git a/main/sqlite/CVE-2019-19244.patch b/main/sqlite/CVE-2019-19244.patch
new file mode 100644
index 0000000000..3d4e2df8e2
--- /dev/null
+++ b/main/sqlite/CVE-2019-19244.patch
@@ -0,0 +1,12 @@
+diff --git a/sqlite3.c b/sqlite3.c
+index 8fd740b..bd647ca 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select(
+   */
+   if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct 
+    && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0
++   && p->pWin==0
+   ){
+     p->selFlags &= ~SF_Distinct;
+     pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0);