!1410 update sqlite patch by CVE

Merge pull request !1410 from guozhijian/update_sqlite_patch
This commit is contained in:
mindspore-ci-bot 2020-05-25 14:17:22 +08:00 committed by Gitee
commit c8f69f5db2
7 changed files with 433 additions and 42 deletions

View File

@ -4,7 +4,7 @@ if (WIN32)
LIBS sqlite3
URL https://sqlite.org/2020/sqlite-amalgamation-3310100.zip
MD5 2b7bfcdd97dc281903a9aee966213fe4
PATCHES ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.windows.patch001
PATCHES ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.windows.patch001 ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.windows.patch002 ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.windows.patch003
CMAKE_OPTION " "
)
@ -22,7 +22,7 @@ else ()
LIBS sqlite3
URL https://github.com/sqlite/sqlite/archive/version-3.31.1.tar.gz
MD5 5f4e7b4016c15f4fb5855615279819da
PATCHES ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.patch001
PATCHES ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.patch001 ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.patch002 ${CMAKE_SOURCE_DIR}/third_party/patch/sqlite/sqlite.patch003
CONFIGURE_COMMAND ./configure --enable-shared=no --disable-tcl --disable-editline --enable-json1)
endif ()

View File

@ -1,14 +1,6 @@
diff -Npur -x .git sqlite.3.31.1/manifest sqlite/manifest
--- sqlite.3.31.1/manifest 2020-02-28 16:47:53.931041525 +0800
+++ sqlite/manifest 2020-02-28 17:29:15.553920054 +0800
@@ -1,5 +1,5 @@
-C Version\s3.31.1
-D 2020-01-27T19:55:54.490
+C A\sbetter\s(smaller\sand\sfaster)\ssolution\sto\sticket\s[4374860b29383380].
+D 2020-02-17T19:25:07.592
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
diff -Npur -x .git sqlite.3.31.1/manifest sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest
--- sqlite.3.31.1/manifest 2020-04-20 10:21:03.622574899 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest 2020-04-20 11:05:54.613993594 +0800
@@ -482,8 +482,8 @@ F src/ctime.c 1b0724e66f95f33b160b1af85c
F src/date.c 6c408fdd2e9ddf6e8431aba76315a2d061bea2cec8fbb75e25d7c1ba08274712
F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a
@ -42,30 +34,30 @@ diff -Npur -x .git sqlite.3.31.1/manifest sqlite/manifest
F src/window.c f8ba2ee12a19b51d3ba42c16277c74185ee9215306bc0d5a03974ade8b5bc98f
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
@@ -1857,10 +1857,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91
@@ -1857,10 +1857,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 6fb9a8fb85486a8fccc462856316ef523450c23a7a7a81c8dfb323fbe809f8f5
-R bf075f6bcc1758c5c1ecd13052997456
-T +bgcolor * #d0c0ff
-T +sym-release *
-T +sym-version-3.31.1 *
+P 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454
+R 1c052b7cdf4947664b7043564b643ac3
T +bgcolor * #d0c0ff
T +sym-release *
T +sym-version-3.31.1 *
U drh
-Z 7c50801eed3eaef969e028ef5a0a641a
+Z e960557a43b001a47933dacf8bc1d10e
diff -Npur -x .git sqlite.3.31.1/manifest.uuid sqlite/manifest.uuid
--- sqlite.3.31.1/manifest.uuid 2020-02-28 16:47:53.931041525 +0800
+++ sqlite/manifest.uuid 2020-02-28 17:29:26.233919583 +0800
diff -Npur -x .git sqlite.3.31.1/manifest.uuid sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid
--- sqlite.3.31.1/manifest.uuid 2020-04-20 10:21:03.630574843 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid 2020-04-20 11:05:54.613993594 +0800
@@ -1 +1 @@
-3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6
\ No newline at end of file
\ 文件尾没有换行符
+abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d
diff -Npur -x .git sqlite.3.31.1/src/expr.c sqlite/src/expr.c
--- sqlite.3.31.1/src/expr.c 2020-02-28 16:47:53.939041525 +0800
+++ sqlite/src/expr.c 2020-02-28 17:29:15.537920055 +0800
diff -Npur -x .git sqlite.3.31.1/src/expr.c sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/expr.c
--- sqlite.3.31.1/src/expr.c 2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/expr.c 2020-04-20 11:05:54.617993541 +0800
@@ -5463,19 +5463,25 @@ static int impliesNotNullRow(Walker *pWa
case TK_LT:
case TK_LE:
@ -97,9 +89,9 @@ diff -Npur -x .git sqlite.3.31.1/src/expr.c sqlite/src/expr.c
default:
return WRC_Continue;
}
diff -Npur -x .git sqlite.3.31.1/src/sqliteInt.h sqlite/src/sqliteInt.h
--- sqlite.3.31.1/src/sqliteInt.h 2020-02-28 16:47:53.959041524 +0800
+++ sqlite/src/sqliteInt.h 2020-02-28 17:29:15.517920056 +0800
diff -Npur -x .git sqlite.3.31.1/src/sqliteInt.h sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/sqliteInt.h
--- sqlite.3.31.1/src/sqliteInt.h 2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/sqliteInt.h 2020-04-20 11:05:54.617993541 +0800
@@ -2153,8 +2153,11 @@ struct Table {
*/
#ifndef SQLITE_OMIT_VIRTUALTABLE
@ -112,9 +104,9 @@ diff -Npur -x .git sqlite.3.31.1/src/sqliteInt.h sqlite/src/sqliteInt.h
#endif
/*
diff -Npur -x .git sqlite.3.31.1/src/whereexpr.c sqlite/src/whereexpr.c
--- sqlite.3.31.1/src/whereexpr.c 2020-02-28 16:47:53.991041522 +0800
+++ sqlite/src/whereexpr.c 2020-02-28 17:29:15.493920057 +0800
diff -Npur -x .git sqlite.3.31.1/src/whereexpr.c sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/whereexpr.c
--- sqlite.3.31.1/src/whereexpr.c 2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/whereexpr.c 2020-04-20 11:05:54.617993541 +0800
@@ -377,7 +377,8 @@ static int isAuxiliaryVtabOperator(
** MATCH(expression,vtab_column)
*/

View File

@ -0,0 +1,85 @@
diff -Npur -x .git sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest
--- sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest 2020-04-20 11:05:54.613993594 +0800
+++ sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest 2020-05-25 09:50:05.352246036 +0800
@@ -1,5 +1,5 @@
C Version\s3.31.1
-D 2020-01-27T19:55:54.490
+D 2020-04-03T13:19:03.054
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -529,11 +529,11 @@ F src/pragma.h 9f86a3a3a0099e651189521c8
F src/prepare.c 6049beb71385f017af6fc320d2c75a4e50b75e280c54232442b785fbb83df057
F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4
F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
-F src/resolve.c f0781c9e180028b279bc4ff079ad54f4727223d470c8d2343643fcaf79b67740
-F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
-F src/select.c 3f7aecf64b08b018b89e4fe16ea621cc9a0e3f3801e9e5638cfe1a6035fa1581
-F src/shell.c.in c2e20c43a44fb5588a6c27ce60589538fbf4794fd7686f5b2598eca22eaae1fa
-F src/sqlite.h.in 75d0304247a2154122d6d06f12219c1e29291d72304f0eeef4c1ec6b1409b443
+F src/resolve.c 5c3b3b18e096353ee2794a8f8a6227c301a57ea771814c158546265d9ef2087e
+F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92
+F src/select.c fd38aa7f87ad0fc93577df6ef1d6cf2b9e5f6186b93c04271f5248c6c4be088c
+F src/shell.c.in 759bb4a283651955ff2ddb104541b1805b1fff915017083bdd39975cd4e223aa
+F src/sqlite.h.in cc7d0949ac32bb68ed97acdb3e7ae91cd413a24d32d6ff049ef8308d620a4367
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
F src/sqlite3ext.h 27951f294f29cd875c6027f2707d644ef99f469bd97514568b5a8581a114db8c
F src/sqliteInt.h d736043dc6291d3af289d911237da0801b6c05be086ae322eedd47a089ae8d2f
@@ -1718,7 +1718,7 @@ F test/win32heap.test 10fd891266bd00af68
F test/win32lock.test fbf107c91d8f5512be5a5b87c4c42ab9fdd54972
F test/win32longpath.test 169c75a3b2e43481f4a62122510210c67b08f26d
F test/win32nolock.test ac4f08811a562e45a5755e661f45ca85892bdbbc
-F test/window1.test cec56b9a0a2e7ca4bd63b30590c7b049dce9acfd87478e2597e13b67152bd821
+F test/window1.test ec792f92e63ee457447c5c04de8f8d42f4a94b842b5bac1f403ac38a6d867c22
F test/window2.tcl 492c125fa550cda1dd3555768a2303b3effbeceee215293adf8871efc25f1476
F test/window2.test e466a88bd626d66edc3d352d7d7e1d5531e0079b549ba44efb029d1fbff9fd3c
F test/window3.tcl acea6e86a4324a210fd608d06741010ca83ded9fde438341cb978c49928faf03
@@ -1857,10 +1857,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454
-R 1c052b7cdf4947664b7043564b643ac3
+P 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026
+R dbb40938a904f2e39c11078dcedb87b0
T +bgcolor * #d0c0ff
T +sym-release *
T +sym-version-3.31.1 *
U drh
-Z e960557a43b001a47933dacf8bc1d10e
+Z 1c021fc7d9ac6b5d0e31d06cd9bb3304
diff -Npur -x .git sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest.uuid
--- sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid 2020-04-20 11:05:54.613993594 +0800
+++ sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest.uuid 2020-05-25 09:50:19.076317552 +0800
@@ -1 +1 @@
-abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d
+4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441
diff -Npur -x .git sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/select.c sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/select.c
--- sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/select.c 2020-04-20 11:05:54.613993594 +0800
+++ sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/select.c 2020-05-25 09:48:15.975677012 +0800
@@ -5352,6 +5352,7 @@ static void resetAccumulator(Parse *pPar
struct AggInfo_func *pFunc;
int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
if( nReg==0 ) return;
+ if( pParse->nErr ) return;
#ifdef SQLITE_DEBUG
/* Verify that all AggInfo registers are within the range specified by
** AggInfo.mnReg..AggInfo.mxReg */
diff -Npur -x .git sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/test/window1.test sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/test/window1.test
--- sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/test/window1.test 2020-04-20 11:05:54.673992813 +0800
+++ sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/test/window1.test 2020-05-25 09:50:46.824462220 +0800
@@ -1594,4 +1594,14 @@ do_execsql_test 48.1 {
} {2 2 2}
+# 2020-04-03 ticket af4556bb5c285c08
+#
+reset_db
+do_catchsql_test 51.1 {
+ CREATE TABLE a(b, c);
+ SELECT c FROM a GROUP BY c
+ HAVING(SELECT(sum(b) OVER(ORDER BY b),
+ sum(b) OVER(PARTITION BY min(DISTINCT c), c ORDER BY b)));
+} {1 {row value misused}}
+
finish_test

169
third_party/patch/sqlite/sqlite.patch003 vendored Normal file
View File

@ -0,0 +1,169 @@
diff -Npur -x .git sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/manifest
--- sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest 2020-05-25 09:50:05.352246036 +0800
+++ sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/manifest 2020-05-25 10:00:45.272851274 +0800
@@ -1,5 +1,5 @@
C Version\s3.31.1
-D 2020-04-03T13:19:03.054
+D 2020-04-03T11:52:59.198
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -465,9 +465,9 @@ F spec.template 86a4a43b99ebb3e75e6b9a73
F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
-F src/alter.c f48a4423c8f198d7f1ae4940f74b606707d05384ac79fb219be8e3323af2a2de
-F src/analyze.c b3ceec3fc052df8a96ca8a8c858d455dc5029ba681b4be98bb5c5a9162cfa58c
-F src/attach.c df0ead9091042c68964856ecc08dba55d5403ad5f3ca865d9d396d71528c511a
+F src/alter.c ac9d737cace62b5cd88bff5310e53e299bc0919f08b5934a2bd0f8e8e65d770e
+F src/analyze.c 831bb090988477a00d3b4c000746e1b0454dcc93b10b793e6ebe1c47f25d193a
+F src/attach.c ff2daea0fe62080192e3f262670e4f61f5a86c1e7bea9cec34e960fe79852aa1
F src/auth.c a3d5bfdba83d25abed1013a8c7a5f204e2e29b0c25242a56bc02bb0c07bf1e06
F src/backup.c f70077d40c08b7787bfe934e4d1da8030cb0cc57d46b345fba2294b7d1be23ab
F src/bitvec.c 17ea48eff8ba979f1f5b04cc484c7bb2be632f33
@@ -639,7 +639,7 @@ F test/altercol.test 1d6a6fe698b81e626ba
F test/alterlegacy.test 82022721ce0de29cedc9a7af63bc9fcc078b0ee000f8283b4b6ea9c3eab2f44b
F test/altermalloc.test 167a47de41b5c638f5f5c6efb59784002b196fff70f98d9b4ed3cd74a3fb80c9
F test/altermalloc2.test fa7b1c1139ea39b8dec407cf1feb032ca8e0076bd429574969b619175ad0174b
-F test/altertab.test bd61e5b73d495ec4707133db91b07f09d57e339d988de5ec5a76d34a2198e8f2
+F test/altertab.test 523ba6368e0da19f462f7c05563c569675736d946724cac1c4ae848f76783434
F test/altertab2.test b0d62f323ca5dab42b0bc028c52e310ebdd13e655e8fac070fe622bad7852c2b
F test/altertab3.test 155b8dc225ce484454a7fb4c8ba745680b6fa0fc3e08919cbbc19f9309d128ff
F test/amatch1.test b5ae7065f042b7f4c1c922933f4700add50cdb9f
@@ -1857,10 +1857,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026
-R dbb40938a904f2e39c11078dcedb87b0
+P d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906
+R 800f7c7b57166aa2318c88ff52f2e7ab
T +bgcolor * #d0c0ff
T +sym-release *
T +sym-version-3.31.1 *
-U drh
-Z 1c021fc7d9ac6b5d0e31d06cd9bb3304
+U dan
+Z 369e72d27cf5a202a4749d0a2e3d428e
diff -Npur -x .git sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest.uuid sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/manifest.uuid
--- sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/manifest.uuid 2020-05-25 09:50:19.076317552 +0800
+++ sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/manifest.uuid 2020-05-25 10:01:03.568710038 +0800
@@ -1 +1 @@
-4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441
+684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026
diff -Npur -x .git sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/alter.c sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/src/alter.c
--- sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/alter.c 2020-05-25 09:43:54.350324669 +0800
+++ sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/src/alter.c 2020-05-25 09:57:36.168219061 +0800
@@ -756,6 +756,21 @@ static void renameWalkWith(Walker *pWalk
}
/*
+** Unmap all tokens in the IdList object passed as the second argument.
+*/
+static void unmapColumnIdlistNames(
+ Parse *pParse,
+ IdList *pIdList
+){
+ if( pIdList ){
+ int ii;
+ for(ii=0; ii<pIdList->nId; ii++){
+ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName);
+ }
+ }
+}
+
+/*
** Walker callback used by sqlite3RenameExprUnmap().
*/
static int renameUnmapSelectCb(Walker *pWalker, Select *p){
@@ -776,6 +791,7 @@ static int renameUnmapSelectCb(Walker *p
for(i=0; i<pSrc->nSrc; i++){
sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName);
if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort;
+ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing);
}
}
@@ -984,6 +1000,7 @@ static void renameColumnIdlistNames(
}
}
+
/*
** Parse the SQL statement zSql using Parse object (*p). The Parse object
** is initialized by this function before it is used.
diff -Npur -x .git sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/resolve.c sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/src/resolve.c
--- sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/src/resolve.c 2020-05-25 09:43:54.362324731 +0800
+++ sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/src/resolve.c 2020-05-25 10:00:02.705658443 +0800
@@ -1177,7 +1177,7 @@ static int resolveOrderByTermToExprList(
nc.nErr = 0;
db = pParse->db;
savedSuppErr = db->suppressErr;
- db->suppressErr = 1;
+ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1;
rc = sqlite3ResolveExprNames(&nc, pE);
db->suppressErr = savedSuppErr;
if( rc ) return 0;
diff -Npur -x .git sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/test/altertab.test sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/test/altertab.test
--- sqlite.3.31.1_CVE-2020-11655_c415d910_patch002/test/altertab.test 2020-05-25 09:43:54.462325244 +0800
+++ sqlite.3.31.1_CVE-2020-11656_fb99e388_4db7ab53_patch003/test/altertab.test 2020-05-25 10:00:02.697658682 +0800
@@ -594,7 +594,6 @@ reset_db
do_execsql_test 18.1.0 {
CREATE TABLE t0 (c0 INTEGER, PRIMARY KEY(c0)) WITHOUT ROWID;
}
-breakpoint
do_execsql_test 18.1.1 {
ALTER TABLE t0 RENAME COLUMN c0 TO c1;
}
@@ -613,4 +612,51 @@ do_execsql_test 18.2.2 {
SELECT sql FROM sqlite_master;
} {{CREATE TABLE t0 (c1 INTEGER, PRIMARY KEY(c1))}}
+# 2020-02-23 ticket f50af3e8a565776b
+reset_db
+do_execsql_test 19.100 {
+ CREATE TABLE t1(x);
+ CREATE VIEW t2 AS SELECT 1 FROM t1, (t1 AS a0, t1);
+ ALTER TABLE t1 RENAME TO t3;
+ SELECT sql FROM sqlite_master;
+} {{CREATE TABLE "t3"(x)} {CREATE VIEW t2 AS SELECT 1 FROM "t3", ("t3" AS a0, "t3")}}
+do_execsql_test 19.110 {
+ INSERT INTO t3(x) VALUES(123);
+ SELECT * FROM t2;
+} {1}
+do_execsql_test 19.120 {
+ INSERT INTO t3(x) VALUES('xyz');
+ SELECT * FROM t2;
+} {1 1 1 1 1 1 1 1}
+
+# Ticket 4722bdab08cb14
+reset_db
+do_execsql_test 20.0 {
+ CREATE TABLE a(a);
+ CREATE VIEW b AS SELECT(SELECT *FROM c JOIN a USING(d, a, a, a) JOIN a) IN();
+}
+do_execsql_test 20.1 {
+ ALTER TABLE a RENAME a TO e;
+} {}
+
+reset_db
+do_execsql_test 21.0 {
+ CREATE TABLE a(b);
+ CREATE VIEW c AS
+ SELECT NULL INTERSECT
+ SELECT NULL ORDER BY
+ likelihood(NULL, (d, (SELECT c)));
+} {}
+do_catchsql_test 21.1 {
+ SELECT likelihood(NULL, (d, (SELECT c)));
+} {1 {second argument to likelihood() must be a constant between 0.0 and 1.0}}
+do_catchsql_test 21.2 {
+ SELECT * FROM c;
+} {1 {1st ORDER BY term does not match any column in the result set}}
+
+do_catchsql_test 21.3 {
+ ALTER TABLE a RENAME TO e;
+} {1 {error in view c: 1st ORDER BY term does not match any column in the result set}}
+
+
finish_test

View File

@ -1,6 +1,6 @@
diff -uprN sqlite-amalgamation-3310100/CMakeLists.txt sqlite-patch/CMakeLists.txt
diff -uprN sqlite-amalgamation-3310100/CMakeLists.txt sqlite-patch001/CMakeLists.txt
--- sqlite-amalgamation-3310100/CMakeLists.txt 1970-01-01 08:00:00.000000000 +0800
+++ sqlite-patch/CMakeLists.txt 2020-04-18 09:16:28.258637600 +0800
+++ sqlite-patch001/CMakeLists.txt 2020-05-25 10:47:36.902007755 +0800
@@ -0,0 +1,6 @@
+cmake_minimum_required(VERSION 3.14)
+project (Sqlite[C])
@ -8,15 +8,15 @@ diff -uprN sqlite-amalgamation-3310100/CMakeLists.txt sqlite-patch/CMakeLists.tx
+set_target_properties(sqlite3 PROPERTIES PUBLIC_HEADER "sqlite3.h;sqlite3ext.h")
+include(GNUInstallDirs)
+install(TARGETS sqlite3 PUBLIC_HEADER)
diff -uprN sqlite-amalgamation-3310100/sqlite3.c sqlite-patch/sqlite3.c
--- sqlite-amalgamation-3310100/sqlite3.c 2020-01-28 03:25:14.000000000 +0800
+++ sqlite-patch/sqlite3.c 2020-04-17 15:40:21.005440300 +0800
diff -uprN sqlite-amalgamation-3310100/sqlite3.c sqlite-patch001/sqlite3.c
--- sqlite-amalgamation-3310100/sqlite3.c 2020-01-28 04:25:14.000000000 +0800
+++ sqlite-patch001/sqlite3.c 2020-05-25 10:49:04.057117196 +0800
@@ -1167,7 +1167,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6"
+#define SQLITE_SOURCE_ID "2020-02-17 19:25:07 387240fc85ea3549ff8a6ed060ef07c6184548457fb91cd7c6fc39ddb678alt1"
+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt1"
/*
** CAPI3REF: Run-Time Library Version Numbers
@ -103,7 +103,7 @@ diff -uprN sqlite-amalgamation-3310100/sqlite3.c sqlite-patch/sqlite3.c
assert( nArg==0 );
UNUSED_PARAM2(nArg, apUnused);
- sqlite3_result_text(pCtx, "fts5: 2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6", -1, SQLITE_TRANSIENT);
+ sqlite3_result_text(pCtx, "fts5: 2020-02-17 19:25:07 abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d", -1, SQLITE_TRANSIENT);
+ sqlite3_result_text(pCtx, "fts5: 2020-01-27 19:55:54 abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d", -1, SQLITE_TRANSIENT);
}
/*
@ -115,19 +115,19 @@ diff -uprN sqlite-amalgamation-3310100/sqlite3.c sqlite-patch/sqlite3.c
+#if __LINE__!=228456
#undef SQLITE_SOURCE_ID
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt2"
+#define SQLITE_SOURCE_ID "2020-02-17 19:25:07 387240fc85ea3549ff8a6ed060ef07c6184548457fb91cd7c6fc39ddb678alt2"
+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt2"
#endif
/* Return the source-id for this library */
SQLITE_API const char *sqlite3_sourceid(void){ return SQLITE_SOURCE_ID; }
diff -uprN sqlite-amalgamation-3310100/sqlite3.h sqlite-patch/sqlite3.h
--- sqlite-amalgamation-3310100/sqlite3.h 2020-01-28 03:25:14.000000000 +0800
+++ sqlite-patch/sqlite3.h 2020-04-17 15:40:21.005440300 +0800
diff -uprN sqlite-amalgamation-3310100/sqlite3.h sqlite-patch001/sqlite3.h
--- sqlite-amalgamation-3310100/sqlite3.h 2020-01-28 04:25:14.000000000 +0800
+++ sqlite-patch001/sqlite3.h 2020-05-25 10:49:17.932970790 +0800
@@ -125,7 +125,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6"
+#define SQLITE_SOURCE_ID "2020-02-17 19:25:07 387240fc85ea3549ff8a6ed060ef07c6184548457fb91cd7c6fc39ddb678alt1"
+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt1"
/*
** CAPI3REF: Run-Time Library Version Numbers

View File

@ -0,0 +1,53 @@
diff -uprN sqlite-patch001/sqlite3.c sqlite-patch002/sqlite3.c
--- sqlite-patch001/sqlite3.c 2020-05-25 10:49:04.057117196 +0800
+++ sqlite-patch002/sqlite3.c 2020-05-25 10:56:21.120064808 +0800
@@ -1167,7 +1167,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt1"
+#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt1"
/*
** CAPI3REF: Run-Time Library Version Numbers
@@ -133226,6 +133226,7 @@ static void resetAccumulator(Parse *pPar
struct AggInfo_func *pFunc;
int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
if( nReg==0 ) return;
+ if( pParse->nErr ) return;
#ifdef SQLITE_DEBUG
/* Verify that all AggInfo registers are within the range specified by
** AggInfo.mnReg..AggInfo.mxReg */
@@ -223680,7 +223681,7 @@ static void fts5SourceIdFunc(
){
assert( nArg==0 );
UNUSED_PARAM2(nArg, apUnused);
- sqlite3_result_text(pCtx, "fts5: 2020-01-27 19:55:54 abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d", -1, SQLITE_TRANSIENT);
+ sqlite3_result_text(pCtx, "fts5: 2020-04-03 13:19:03 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441", -1, SQLITE_TRANSIENT);
}
/*
@@ -228453,9 +228454,9 @@ SQLITE_API int sqlite3_stmt_init(
#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */
/************** End of stmt.c ************************************************/
-#if __LINE__!=228456
+#if __LINE__!=228457
#undef SQLITE_SOURCE_ID
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt2"
+#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt2"
#endif
/* Return the source-id for this library */
SQLITE_API const char *sqlite3_sourceid(void){ return SQLITE_SOURCE_ID; }
diff -uprN sqlite-patch001/sqlite3.h sqlite-patch002/sqlite3.h
--- sqlite-patch001/sqlite3.h 2020-05-25 10:49:17.932970790 +0800
+++ sqlite-patch002/sqlite3.h 2020-05-25 10:56:23.296037923 +0800
@@ -125,7 +125,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 bc2f42080a6a8a33048eedf289152768c416b2a7677a92111b3b1ea60d4aalt1"
+#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt1"
/*
** CAPI3REF: Run-Time Library Version Numbers

View File

@ -0,0 +1,92 @@
diff -uprN sqlite-patch002/sqlite3.c sqlite-patch003/sqlite3.c
--- sqlite-patch002/sqlite3.c 2020-05-25 10:56:21.120064808 +0800
+++ sqlite-patch003/sqlite3.c 2020-05-25 11:00:13.909126750 +0800
@@ -1167,7 +1167,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt1"
+#define SQLITE_SOURCE_ID "2020-04-03 11:52:59 b58be6e2216e7a8e9c0eee07c42856f751359bbfa740e8ad8c5d73b33273alt1"
/*
** CAPI3REF: Run-Time Library Version Numbers
@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList(
nc.nErr = 0;
db = pParse->db;
savedSuppErr = db->suppressErr;
- db->suppressErr = 1;
+ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1;
rc = sqlite3ResolveExprNames(&nc, pE);
db->suppressErr = savedSuppErr;
if( rc ) return 0;
@@ -105384,6 +105384,21 @@ static void renameWalkWith(Walker *pWalk
}
/*
+** Unmap all tokens in the IdList object passed as the second argument.
+*/
+static void unmapColumnIdlistNames(
+ Parse *pParse,
+ IdList *pIdList
+){
+ if( pIdList ){
+ int ii;
+ for(ii=0; ii<pIdList->nId; ii++){
+ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName);
+ }
+ }
+}
+
+/*
** Walker callback used by sqlite3RenameExprUnmap().
*/
static int renameUnmapSelectCb(Walker *pWalker, Select *p){
@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *p
for(i=0; i<pSrc->nSrc; i++){
sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName);
if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort;
+ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing);
}
}
@@ -105612,6 +105628,7 @@ static void renameColumnIdlistNames(
}
}
+
/*
** Parse the SQL statement zSql using Parse object (*p). The Parse object
** is initialized by this function before it is used.
@@ -223681,7 +223698,7 @@ static void fts5SourceIdFunc(
){
assert( nArg==0 );
UNUSED_PARAM2(nArg, apUnused);
- sqlite3_result_text(pCtx, "fts5: 2020-04-03 13:19:03 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441", -1, SQLITE_TRANSIENT);
+ sqlite3_result_text(pCtx, "fts5: 2020-04-03 11:52:59 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026", -1, SQLITE_TRANSIENT);
}
/*
@@ -228454,9 +228471,9 @@ SQLITE_API int sqlite3_stmt_init(
#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */
/************** End of stmt.c ************************************************/
-#if __LINE__!=228457
+#if __LINE__!=228474
#undef SQLITE_SOURCE_ID
-#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt2"
+#define SQLITE_SOURCE_ID "2020-04-03 11:52:59 b58be6e2216e7a8e9c0eee07c42856f751359bbfa740e8ad8c5d73b33273alt2"
#endif
/* Return the source-id for this library */
SQLITE_API const char *sqlite3_sourceid(void){ return SQLITE_SOURCE_ID; }
diff -uprN sqlite-patch002/sqlite3.h sqlite-patch003/sqlite3.h
--- sqlite-patch002/sqlite3.h 2020-05-25 10:56:23.296037923 +0800
+++ sqlite-patch003/sqlite3.h 2020-05-25 11:00:14.649117241 +0800
@@ -125,7 +125,7 @@ extern "C" {
*/
#define SQLITE_VERSION "3.31.1"
#define SQLITE_VERSION_NUMBER 3031001
-#define SQLITE_SOURCE_ID "2020-04-03 13:19:03 0f4911fdb07c7c4111731d3db0adae54ee750ddbad8d98bf9ab957fb923falt1"
+#define SQLITE_SOURCE_ID "2020-04-03 11:52:59 b58be6e2216e7a8e9c0eee07c42856f751359bbfa740e8ad8c5d73b33273alt1"
/*
** CAPI3REF: Run-Time Library Version Numbers