Hello community, here is the log from the commit of package sqlite3 for openSUSE:Factory checked in at 2019-09-25 01:13:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sqlite3 (Old) and /work/SRC/openSUSE:Factory/.sqlite3.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sqlite3" Wed Sep 25 01:13:57 2019 rev:115 rq:731563 version:3.29.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sqlite3/sqlite3.changes 2019-07-16 08:37:36.363100068 +0200 +++ /work/SRC/openSUSE:Factory/.sqlite3.new.7948/sqlite3.changes 2019-09-25 01:13:59.581818632 +0200 @@ -1,0 +2,7 @@ +Tue Sep 10 15:17:35 UTC 2019 - Reinhard Max <[email protected]> + +- bsc#1150137, CVE-2019-16168, sqlite3-CVE-2019-16168.patch: + Improper validation of qlite_stat1 sz field leads to division by + zero. + +------------------------------------------------------------------- New: ---- sqlite3-CVE-2019-16168.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sqlite3.spec ++++++ --- /var/tmp/diff_new_pack.zcKjWb/_old 2019-09-25 01:14:02.057818887 +0200 +++ /var/tmp/diff_new_pack.zcKjWb/_new 2019-09-25 01:14:02.061818888 +0200 @@ -28,6 +28,7 @@ Source0: http://www.sqlite.org/2019/sqlite-src-%{tarversion}.zip Source1: baselibs.conf Source2: http://www.sqlite.org/2019/sqlite-doc-%{tarversion}.zip +Patch0: sqlite3-CVE-2019-16168.patch BuildRequires: automake BuildRequires: libtool BuildRequires: pkgconfig @@ -103,6 +104,7 @@ %prep %setup -q -n sqlite-src-%{tarversion} -a2 +%patch0 rm -v sqlite-doc-%{tarversion}/releaselog/current.html ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html find -type f -name sqlite.css~ -delete ++++++ sqlite3-CVE-2019-16168.patch ++++++ --- src/analyze.c.orig +++ src/analyze.c @@ -1497,7 +1497,9 @@ static void decodeIntArray( if( sqlite3_strglob("unordered*", z)==0 ){ pIndex->bUnordered = 1; }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){ - pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3)); + int sz = sqlite3Atoi(z+3); + if( sz<2 ) sz = 2; + pIndex->szIdxRow = sqlite3LogEst(sz); }else if( sqlite3_strglob("noskipscan*", z)==0 ){ pIndex->noSkipScan = 1; } --- src/where.c.orig +++ src/where.c @@ -2668,6 +2668,7 @@ static int whereLoopAddBtreeIndex( ** it to pNew->rRun, which is currently set to the cost of the index ** seek only. Then, if this is a non-covering index, add the cost of ** visiting the rows in the main table. */ + assert( pSrc->pTab->szTabRow>0 ); rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow; pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx); if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){ --- test/analyzeC.test.orig +++ test/analyzeC.test @@ -132,6 +132,20 @@ do_execsql_test 4.3 { SELECT count(a) FROM t1; } {/.*INDEX t1ca.*/} +# 2019-08-15. +# Ticket https://www.sqlite.org/src/tktview/e4598ecbdd18bd82945f602901 +# The sz=N parameter in the sqlite_stat1 table needs to have a value of +# 2 or more to avoid a division by zero in the query planner. +# +do_execsql_test 4.4 { + DROP TABLE IF EXISTS t44; + CREATE TABLE t44(a PRIMARY KEY); + INSERT INTO sqlite_stat1 VALUES('t44',null,'sz=0'); + ANALYZE sqlite_master; + SELECT 0 FROM t44 WHERE a IN(1,2,3); +} {} + + # The sz=NNN parameter works even if there is other extraneous text # in the sqlite_stat1.stat column.
