pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2021Q3]: pkgsrc/databases/sqlite3 Pullup ticket #6520 - reques...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b3e42e6c659d
branches:  pkgsrc-2021Q3
changeset: 768271:b3e42e6c659d
user:      tm <tm%pkgsrc.org@localhost>
date:      Sun Oct 17 10:12:02 2021 +0000

description:
Pullup ticket #6520 - requested by wiz
databases/sqlite3: segfault fix

Revisions pulled up:
- databases/sqlite3/Makefile                                    1.142
- databases/sqlite3/distinfo                                    1.173
- databases/sqlite3/patches/patch-shell.c                       1.1

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sun Oct 17 07:14:27 UTC 2021

   Modified Files:
        pkgsrc/databases/sqlite3: Makefile distinfo
   Added Files:
        pkgsrc/databases/sqlite3/patches: patch-shell.c

   Log Message:
   sqlite3: fix (disputed) CVE-2021-36690

   Bump PKGREVISION.

diffstat:

 databases/sqlite3/Makefile              |   3 +-
 databases/sqlite3/distinfo              |   3 +-
 databases/sqlite3/patches/patch-shell.c |  48 +++++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 2 deletions(-)

diffs (80 lines):

diff -r 0bf9d21fc001 -r b3e42e6c659d databases/sqlite3/Makefile
--- a/databases/sqlite3/Makefile        Sat Oct 16 20:55:38 2021 +0000
+++ b/databases/sqlite3/Makefile        Sun Oct 17 10:12:02 2021 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.141 2021/06/25 21:21:31 adam Exp $
+# $NetBSD: Makefile,v 1.141.2.1 2021/10/17 10:12:02 tm Exp $
 
 .include "Makefile.common"
 
 DISTNAME=      sqlite-autoconf-${SQLITE3_DISTVERSION}
 PKGNAME=       sqlite3-${SQLITE3_VERSION}
+PKGREVISION=   1
 CATEGORIES=    databases
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 0bf9d21fc001 -r b3e42e6c659d databases/sqlite3/distinfo
--- a/databases/sqlite3/distinfo        Sat Oct 16 20:55:38 2021 +0000
+++ b/databases/sqlite3/distinfo        Sun Oct 17 10:12:02 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.171 2021/06/25 21:21:31 adam Exp $
+$NetBSD: distinfo,v 1.171.2.1 2021/10/17 10:12:02 tm Exp $
 
 SHA1 (sqlite-autoconf-3360000.tar.gz) = a4bcf9e951bfb9745214241ba08476299fc2dc1e
 RMD160 (sqlite-autoconf-3360000.tar.gz) = ef34b98fbe1f3436fc0d1255ae2fa9a660011cb2
 SHA512 (sqlite-autoconf-3360000.tar.gz) = e59c57f421b4956c7759af528a2da929167e15179ab9d28267474683e2272f93c901203e5a648732f1a3d43e7be3ac4217c3cdd7adf108c378b9127b771a7cd0
 Size (sqlite-autoconf-3360000.tar.gz) = 2977080 bytes
 SHA1 (patch-configure) = c0aa83bddc20d090b3cd2fd840ac69031f4396e4
+SHA1 (patch-shell.c) = d20cddef6cf75753c78d95b7dd1ae928caba5df6
diff -r 0bf9d21fc001 -r b3e42e6c659d databases/sqlite3/patches/patch-shell.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlite3/patches/patch-shell.c   Sun Oct 17 10:12:02 2021 +0000
@@ -0,0 +1,48 @@
+$NetBSD: patch-shell.c,v 1.1.2.2 2021/10/17 10:12:03 tm Exp $
+
+Fix Segmentation fault in idxGetTableInfo (CVE-2021-36690)
+https://sqlite.org/src/info/b1e0c22ec981cf5f
+
+--- shell.c.orig       2021-06-18 18:52:24.000000000 +0000
++++ shell.c
+@@ -9852,11 +9852,13 @@ static int idxGetTableInfo(
+   rc = idxPrintfPrepareStmt(db, &p1, pzErrmsg, "PRAGMA table_xinfo=%Q", zTab);
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++    const char *zColSeq = 0;
+     nByte += 1 + STRLEN(zCol);
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+-    nByte += 1 + STRLEN(zCol);
++    if( zColSeq==0 ) zColSeq = "binary";
++    nByte += 1 + STRLEN(zColSeq);
+     nCol++;
+     nPk += (sqlite3_column_int(p1, 5)>0);
+   }
+@@ -9876,6 +9878,7 @@ static int idxGetTableInfo(
+   nCol = 0;
+   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
+     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
++    const char *zColSeq = 0;
+     int nCopy = STRLEN(zCol) + 1;
+     pNew->aCol[nCol].zName = pCsr;
+     pNew->aCol[nCol].iPk = (sqlite3_column_int(p1, 5)==1 && nPk==1);
+@@ -9883,12 +9886,13 @@ static int idxGetTableInfo(
+     pCsr += nCopy;
+ 
+     rc = sqlite3_table_column_metadata(
+-        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
++        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
+     );
+     if( rc==SQLITE_OK ){
+-      nCopy = STRLEN(zCol) + 1;
++      if( zColSeq==0 ) zColSeq = "binary";
++      nCopy = STRLEN(zColSeq) + 1;
+       pNew->aCol[nCol].zColl = pCsr;
+-      memcpy(pCsr, zCol, nCopy);
++      memcpy(pCsr, zColSeq, nCopy);
+       pCsr += nCopy;
+     }
+
Home | Main Index | Thread Index | Old Index