From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9B6AF138359 for ; Sat, 4 Jul 2020 13:53:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 66B5AE09BF; Sat, 4 Jul 2020 13:53:15 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B3CAAE09BF for ; Sat, 4 Jul 2020 13:53:14 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 61BA634F1FE for ; Sat, 4 Jul 2020 13:53:13 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6559E2D1 for ; Sat, 4 Jul 2020 13:53:09 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1593870748.51cc692bb2bd55a85dd31fbcd972fe590879e429.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-db/sqlite/, dev-db/sqlite/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch dev-db/sqlite/sqlite-3.32.3.ebuild X-VCS-Directories: dev-db/sqlite/files/ dev-db/sqlite/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 51cc692bb2bd55a85dd31fbcd972fe590879e429 X-VCS-Branch: master Date: Sat, 4 Jul 2020 13:53:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: eba353b7-064e-49bf-bf71-0212c290c497 X-Archives-Hash: deda7e7fe178df2a9af939b734c901e7 commit: 51cc692bb2bd55a85dd31fbcd972fe590879e429 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Thu Jul 2 13:57:21 2020 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Sat Jul 4 13:52:28 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51cc692b dev-db/sqlite: Security fixes. Bug: https://bugs.gentoo.org/716748 Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org> Signed-off-by: Mike Gilbert gentoo.org> .../files/sqlite-3.32.3-security_fixes.patch | 146 +++++++++++++++++++++ dev-db/sqlite/sqlite-3.32.3.ebuild | 1 + 2 files changed, 147 insertions(+) diff --git a/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch b/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch new file mode 100644 index 00000000000..ad2a3bfe16d --- /dev/null +++ b/dev-db/sqlite/files/sqlite-3.32.3-security_fixes.patch @@ -0,0 +1,146 @@ +https://sqlite.org/src/info/cc888878ea8d5bc7 +https://sqlite.org/src/info/be545f85a6ef09cc +https://sqlite.org/src/info/6e0ffa2053124168 +https://sqlite.org/src/info/4d0cfb1236884349 + +--- /ext/fts3/fts3.c ++++ /ext/fts3/fts3.c +@@ -5208,10 +5208,12 @@ + ); + if( res ){ + nNew = (int)(pOut - pPhrase->doclist.pList) - 1; +- assert( pPhrase->doclist.pList[nNew]=='\0' ); +- assert( nNew<=pPhrase->doclist.nList && nNew>0 ); +- memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew); +- pPhrase->doclist.nList = nNew; ++ if( nNew>=0 ){ ++ assert( pPhrase->doclist.pList[nNew]=='\0' ); ++ assert( nNew<=pPhrase->doclist.nList && nNew>0 ); ++ memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew); ++ pPhrase->doclist.nList = nNew; ++ } + *paPoslist = pPhrase->doclist.pList; + *pnToken = pPhrase->nToken; + } +--- /ext/fts3/fts3_write.c ++++ /ext/fts3/fts3_write.c +@@ -341,7 +341,9 @@ + ** created by merging the oldest :2 segments from absolute level :1. See + ** function sqlite3Fts3Incrmerge() for details. */ + /* 29 */ "SELECT 2 * total(1 + leaves_end_block - start_block) " +- " FROM %Q.'%q_segdir' WHERE level = ? AND idx < ?", ++ " FROM (SELECT * FROM %Q.'%q_segdir' " ++ " WHERE level = ? ORDER BY idx ASC LIMIT ?" ++ " )", + + /* SQL_DELETE_SEGDIR_ENTRY + ** Delete the %_segdir entry on absolute level :1 with index :2. */ +@@ -2853,6 +2855,19 @@ + return SQLITE_OK; + } + ++static int fts3GrowSegReaderBuffer(Fts3MultiSegReader *pCsr, int nReq){ ++ if( nReq>pCsr->nBuffer ){ ++ char *aNew; ++ pCsr->nBuffer = nReq*2; ++ aNew = sqlite3_realloc(pCsr->aBuffer, pCsr->nBuffer); ++ if( !aNew ){ ++ return SQLITE_NOMEM; ++ } ++ pCsr->aBuffer = aNew; ++ } ++ return SQLITE_OK; ++} ++ + + int sqlite3Fts3SegReaderStep( + Fts3Table *p, /* Virtual table handle */ +@@ -2987,15 +3002,9 @@ + } + + nByte = sqlite3Fts3VarintLen(iDelta) + (isRequirePos?nList+1:0); +- if( nDoclist+nByte>pCsr->nBuffer ){ +- char *aNew; +- pCsr->nBuffer = (nDoclist+nByte)*2; +- aNew = sqlite3_realloc(pCsr->aBuffer, pCsr->nBuffer); +- if( !aNew ){ +- return SQLITE_NOMEM; +- } +- pCsr->aBuffer = aNew; +- } ++ ++ rc = fts3GrowSegReaderBuffer(pCsr, nByte+nDoclist); ++ if( rc ) return rc; + + if( isFirst ){ + char *a = &pCsr->aBuffer[nDoclist]; +@@ -3020,6 +3029,9 @@ + fts3SegReaderSort(apSegment, nMerge, j, xCmp); + } + if( nDoclist>0 ){ ++ rc = fts3GrowSegReaderBuffer(pCsr, nDoclist+FTS3_NODE_PADDING); ++ if( rc ) return rc; ++ memset(&pCsr->aBuffer[nDoclist], 0, FTS3_NODE_PADDING); + pCsr->aDoclist = pCsr->aBuffer; + pCsr->nDoclist = nDoclist; + rc = SQLITE_ROW; +--- /src/expr.c ++++ /src/expr.c +@@ -4272,7 +4272,9 @@ + int nCol; + testcase( op==TK_EXISTS ); + testcase( op==TK_SELECT ); +- if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){ ++ if( pParse->db->mallocFailed ){ ++ return 0; ++ }else if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){ + sqlite3SubselectError(pParse, nCol, 1); + }else{ + return sqlite3CodeSubselect(pParse, pExpr); +--- /test/fts3corrupt4.test ++++ /test/fts3corrupt4.test +@@ -6123,4 +6123,44 @@ + SELECT offsets(t1) FROM t1 WHERE t1 MATCH 'rtree ner "json1^enable"'; + } + ++#------------------------------------------------------------------------- ++do_execsql_test 42.1 { ++ CREATE VIRTUAL TABLE f USING fts3(a, b); ++} ++do_execsql_test 42.2 { ++ INSERT INTO f_segdir VALUES(0,2,1111,0,0,X'00'); ++ INSERT INTO f_segdir VALUES(0,3,0 ,0,0,X'00013003010200'); ++} ++do_execsql_test 42.3 { ++ INSERT INTO f(f) VALUES ('merge=107,2'); ++} ++ ++#------------------------------------------------------------------------- ++reset_db ++set saved $sqlite_fts3_enable_parentheses ++set sqlite_fts3_enable_parentheses 1 ++do_execsql_test 43.1 { ++ CREATE VIRTUAL TABLE def USING fts3(xyz); ++ INSERT INTO def_segdir VALUES(0,0,0,0,0, X'0001310301c9000103323334050d81'); ++} {} ++ ++do_execsql_test 43.2 { ++ SELECT rowid FROM def WHERE def MATCH '1 NEAR 1' ++} {1} ++ ++set sqlite_fts3_enable_parentheses $saved ++ ++#------------------------------------------------------------------------- ++reset_db ++do_execsql_test 44.1 { ++ CREATE VIRTUAL TABLE t0 USING fts3(col0 INTEGER PRIMARY KEY,col1 VARCHAR(8),col2 BINARY,col3 BINARY); ++ INSERT INTO t0_content VALUES(0,NULL,NULL,NULL,NULL); ++ INSERT INTO t0_segdir VALUES(0,0,0,0,'0 42',X'00013103010200010332333405010201ba00000461616161050101020200000462626262050101030200'); ++} ++ ++do_execsql_test 44.2 { ++ SELECT matchinfo(t0, t0) IS NULL FROM t0 WHERE t0 MATCH '1*' ++} {0} ++ ++ + finish_test diff --git a/dev-db/sqlite/sqlite-3.32.3.ebuild b/dev-db/sqlite/sqlite-3.32.3.ebuild index 837ec066c9e..d23c7e7cd72 100644 --- a/dev-db/sqlite/sqlite-3.32.3.ebuild +++ b/dev-db/sqlite/sqlite-3.32.3.ebuild @@ -101,6 +101,7 @@ src_unpack() { src_prepare() { eapply "${FILESDIR}/${PN}-3.32.1-full_archive-build_1.patch" eapply "${FILESDIR}/${PN}-3.32.1-full_archive-build_2.patch" + eapply "${FILESDIR}/${PN}-3.32.3-security_fixes.patch" eapply_user