Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sqlite3 for openSUSE:Factory checked in at 2022-12-17 20:35:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sqlite3 (Old) and /work/SRC/openSUSE:Factory/.sqlite3.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sqlite3" Sat Dec 17 20:35:57 2022 rev:140 rq:1043393 version:3.40.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sqlite3/sqlite3.changes 2022-11-25 13:11:32.735809340 +0100 +++ /work/SRC/openSUSE:Factory/.sqlite3.new.1835/sqlite3.changes 2022-12-17 20:35:58.576417471 +0100 @@ -1,0 +2,6 @@ +Tue Dec 13 16:10:49 UTC 2022 - Reinhard Max <m...@suse.com> + +- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: + relying on --safe for execution of an untrusted CLI script + +------------------------------------------------------------------- New: ---- sqlite-CVE-2022-46908.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sqlite3.spec ++++++ --- /var/tmp/diff_new_pack.RjBDQI/_old 2022-12-17 20:35:59.168420723 +0100 +++ /var/tmp/diff_new_pack.RjBDQI/_new 2022-12-17 20:35:59.168420723 +0100 @@ -31,6 +31,7 @@ Source1: baselibs.conf Source2: https://www.sqlite.org/2022/sqlite-doc-%{tarversion}.zip Patch0: sqlite-src-3390000-func7-pg-181.patch +Patch1: sqlite-CVE-2022-46908.patch BuildRequires: automake BuildRequires: libtool BuildRequires: pkgconfig @@ -128,7 +129,8 @@ %prep %setup -q -n sqlite-src-%{tarversion} -a2 -%autopatch -p1 +%patch0 -p1 +%patch1 rm -v sqlite-doc-%{tarversion}/releaselog/current.html ln -sv `echo %{version} | sed "s/\./_/g"`.html sqlite-doc-%{tarversion}/releaselog/current.html ++++++ sqlite-CVE-2022-46908.patch ++++++ Index: src/shell.c.in ================================================================== --- src/shell.c.in +++ src/shell.c.in @@ -1878,11 +1878,11 @@ "readfile", "writefile", "zipfile", "zipfile_cds", }; - UNUSED_PARAMETER(zA2); + UNUSED_PARAMETER(zA1); UNUSED_PARAMETER(zA3); UNUSED_PARAMETER(zA4); switch( op ){ case SQLITE_ATTACH: { #ifndef SQLITE_SHELL_FIDDLE @@ -1893,11 +1893,11 @@ break; } case SQLITE_FUNCTION: { int i; for(i=0; i<ArraySize(azProhibitedFunctions); i++){ - if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){ + if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){ failIfSafeMode(p, "cannot use the %s() function in safe mode", azProhibitedFunctions[i]); } } break; Index: test/shell2.test ================================================================== --- test/shell2.test +++ test/shell2.test @@ -188,7 +188,19 @@ catchcmd ":memory:" { SELECT 'unclosed;} } {1 {Parse error near line 2: unrecognized token: "'unclosed;" SELECT 'unclosed; ^--- error here}} + +# Verify that safe mode rejects certain UDFs +# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f +do_test shell2-1.4.8 { + catchcmd "-safe :memory:" { + SELECT edit('DoNotCare');} +} {1 {line 2: cannot use the edit() function in safe mode}} +do_test shell2-1.4.9 { + catchcmd "-safe :memory:" { + SELECT writefile('DoNotCare', x'');} +} {1 {line 2: cannot use the writefile() function in safe mode}} + finish_test
