packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!51 [sync] PR-31: [Resolving] CVE-2021-20227

Browse Source 
Merge pull request !51 from 莫得感情的打包机器人/openEuler-20.03-LTS-SP3
This commit is contained in:
openeuler-ci-bot 2022-01-29 00:54:59 +00:00 committed by Gitee
commit 26516d72fc
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2021-20227.patch Normal file
View File

@ -0,0 +1,69 @@
Index: sqlite-src-3320300/src/select.c
==================================================================
--- sqlite-src-3320300/src/select.c
+++ sqlite-src-3320300/src/select.c
@@ -5613,11 +5613,13 @@
** within the HAVING expression with a constant "1".
*/
static int havingToWhereExprCb(Walker *pWalker, Expr *pExpr){
if( pExpr->op!=TK_AND ){
Select *pS = pWalker->u.pSelect;
- if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ){
+ if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy)
+ && ExprAlwaysFalse(pExpr)==0
+ ){
sqlite3 *db = pWalker->pParse->db;
Expr *pNew = sqlite3Expr(db, TK_INTEGER, "1");
if( pNew ){
Expr *pWhere = pS->pWhere;
SWAP(Expr, *pNew, *pExpr);
Index: sqlite-src-3320300/test/having.test
==================================================================
--- sqlite-src-3320300/test/having.test
+++ sqlite-src-3320300/test/having.test
@@ -63,12 +63,12 @@
"SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a HAVING sum(b)>5"
3 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING a=2"
"SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a COLLATE binary"
- 5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 0"
- "SELECT a, sum(b) FROM t1 WHERE 0 GROUP BY a COLLATE binary"
+ 5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 1"
+ "SELECT a, sum(b) FROM t1 WHERE 1 GROUP BY a COLLATE binary"
6 "SELECT count(*) FROM t1,t2 WHERE a=c GROUP BY b, d HAVING b=d"
"SELECT count(*) FROM t1,t2 WHERE a=c AND b=d GROUP BY b, d"
7 {
@@ -151,8 +151,28 @@
#
set ::nondeter_ret 0
do_execsql_test 4.3 {
SELECT a, sum(b) FROM t3 WHERE nondeter(a) GROUP BY a
} {1 4 2 2}
+
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 5.0 {
+ CREATE TABLE t1(a, b);
+ CREATE TABLE t2(x, y);
+ INSERT INTO t1 VALUES('a', 'b');
+}
+
+# The WHERE clause (a=2), uses an aggregate column from the outer query.
+# If the HAVING term (0) is moved into the WHERE clause in this case,
+# SQLite would at one point optimize (a=2 AND 0) to simply (0). Which
+# is logically correct, but happened to cause problems in aggregate
+# processing for the outer query. This test case verifies that those
+# problems are no longer present.
+do_execsql_test 5.1 {
+ SELECT min(b), (
+ SELECT x FROM t2 WHERE a=2 GROUP BY y HAVING 0
+ ) FROM t1;
+} {b {}}
finish_test

7
sqlite.spec
View File

@ -7,7 +7,7 @@
Name: sqlite
Version: 3.32.3
Release: 2
Release: 3
Summary: Embeded SQL database
License: Public Domain
URL: http://www.sqlite.org/
@ -18,6 +18,7 @@ Source2: https://www.sqlite.org/%{year}/sqlite-autoconf-%{extver}.tar.gz
Patch1: 0001-sqlite-no-malloc-usable-size.patch
Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
Patch3: CVE-2021-20227.patch
BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel
@ -62,6 +63,7 @@ This contains man files and HTML files for the using of sqlite.
%setup -q -a1 -n %{name}-src-%{extver}
%patch1 -p1
%patch2 -p1
%patch3 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -135,6 +137,9 @@ make test
%{_mandir}/man*/*
%changelog
* Mon Apr 26 2021 bzhaoop<bzhaojyathousandy@gmail.com> - 3.32.3-3
- Fix CVE-2021-20227
* Thu Sep 2 2020 lihaotian<lihaotian9@huawei.com> - 3.32.3-2
- update source0 url