Fix CVE-2021-20227

Signed-off-by: herengui <herengui@uniontech.com>

CVE-2021-20227.patch

@@ -0,0 +1,69 @@
+Index: sqlite-src-3320300/src/select.c
+==================================================================
+--- sqlite-src-3320300/src/select.c
++++ sqlite-src-3320300/src/select.c
+@@ -5613,11 +5613,13 @@
+ ** within the HAVING expression with a constant "1".
+ */
+ static int havingToWhereExprCb(Walker *pWalker, Expr *pExpr){
+   if( pExpr->op!=TK_AND ){
+     Select *pS = pWalker->u.pSelect;
+-    if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) ){
++    if( sqlite3ExprIsConstantOrGroupBy(pWalker->pParse, pExpr, pS->pGroupBy) 
++     && ExprAlwaysFalse(pExpr)==0
++    ){
+       sqlite3 *db = pWalker->pParse->db;
+       Expr *pNew = sqlite3Expr(db, TK_INTEGER, "1");
+       if( pNew ){
+         Expr *pWhere = pS->pWhere;
+         SWAP(Expr, *pNew, *pExpr);
+
+Index: sqlite-src-3320300/test/having.test
+==================================================================
+--- sqlite-src-3320300/test/having.test
++++ sqlite-src-3320300/test/having.test
+@@ -63,12 +63,12 @@
+     "SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a HAVING sum(b)>5"
+ 
+   3 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING a=2"
+     "SELECT a, sum(b) FROM t1 WHERE a=2 GROUP BY a COLLATE binary"
+ 
+-  5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 0"
+-    "SELECT a, sum(b) FROM t1 WHERE 0 GROUP BY a COLLATE binary"
++  5 "SELECT a, sum(b) FROM t1 GROUP BY a COLLATE binary HAVING 1"
++    "SELECT a, sum(b) FROM t1 WHERE 1 GROUP BY a COLLATE binary"
+ 
+   6 "SELECT count(*) FROM t1,t2 WHERE a=c GROUP BY b, d HAVING b=d"
+     "SELECT count(*) FROM t1,t2 WHERE a=c AND b=d GROUP BY b, d"
+ 
+   7 {
+@@ -151,8 +151,28 @@
+ #
+ set ::nondeter_ret 0
+ do_execsql_test 4.3 {
+   SELECT a, sum(b) FROM t3 WHERE nondeter(a) GROUP BY a
+ } {1 4 2 2}
++
++#-------------------------------------------------------------------------
++reset_db
++do_execsql_test 5.0 {
++  CREATE TABLE t1(a, b);
++  CREATE TABLE t2(x, y);
++  INSERT INTO t1 VALUES('a', 'b');
++}
++
++# The WHERE clause (a=2), uses an aggregate column from the outer query.
++# If the HAVING term (0) is moved into the WHERE clause in this case,
++# SQLite would at one point optimize (a=2 AND 0) to simply (0). Which
++# is logically correct, but happened to cause problems in aggregate
++# processing for the outer query. This test case verifies that those 
++# problems are no longer present.
++do_execsql_test 5.1 {
++  SELECT min(b), (
++    SELECT x FROM t2 WHERE a=2 GROUP BY y HAVING 0
++  ) FROM t1;
++} {b {}}
+ 
+ 
+ finish_test
+

sqlite.spec

@@ -7,7 +7,7 @@
 
 Name:    sqlite
 Version: 3.32.3
-Release: 2
+Release: 3
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@@ -18,6 +18,7 @@ Source2: https://www.sqlite.org/%{year}/sqlite-autoconf-%{extver}.tar.gz
 
 Patch1: 0001-sqlite-no-malloc-usable-size.patch
 Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
+Patch3: CVE-2021-20227.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -62,6 +63,7 @@ This contains man files and HTML files for the using of sqlite.
 %setup -q -a1 -n %{name}-src-%{extver}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@@ -135,6 +137,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Mon Apr 26 2021 bzhaoop<bzhaojyathousandy@gmail.com> - 3.32.3-3
+- Fix CVE-2021-20227
+
 * Thu Sep 2 2020 lihaotian<lihaotian9@huawei.com> - 3.32.3-2
 - update source0 url