Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sqlite-replication: fix build + CVE-2019-16168 #73002

Merged
merged 1 commit into from Nov 8, 2019
Merged

sqlite-replication: fix build + CVE-2019-16168 #73002

merged 1 commit into from Nov 8, 2019

Conversation

d-goldin
Copy link
Contributor

@d-goldin d-goldin commented Nov 7, 2019
edited by veprbl

Motivation for this change

CVE fix in #71695 broke this package, as it's an older
version and additionaly disables amalgamation.

Related:
Fixes: #72992
Closes: #72997

The supplied patch is modified minimally to fit this version (slight
line number change for analyze.c).

The fix was verified using
https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
as for the previous fix.

@otwieracz: Could you maybe try this one out and see how this one works for you?

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @jokogr @dtzWill @andir

@d-goldin d-goldin changed the title sqlite-replicated: fix build + CVE-2019-16168 sqlite-replication: fix build + CVE-2019-16168 Nov 7, 2019
@d-goldin
Copy link
Contributor Author

d-goldin commented Nov 7, 2019

To ease review, a diff of the original vs modified patch:

--- vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b	2019-11-07 23:09:05.442763233 +0100
+++ cve_2019_16168_327_backport.patch	2019-11-07 22:48:12.912811831 +0100
@@ -1,8 +1,11 @@
+This is a backport of https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b
+with a tiny adjustment for 3.27.2 for the sqlite-replication package.
+
 Index: src/analyze.c
 ==================================================================
 --- src/analyze.c
 +++ src/analyze.c
-@@ -1448,11 +1448,13 @@
+@@ -1495,11 +1495,13 @@
      pIndex->noSkipScan = 0;
      while( z[0] ){
        if( sqlite3_strglob("unordered*", z)==0 ){

@ofborg ofborg bot requested review from edolstra and np November 7, 2019 22:14
@d-goldin
sqlite-replication: fix build + CVE-2019-16168
3fe3061 
CVE fix in NixOS#71695 broke this package, as it's an older
version and additionaly disables amalgamation.

The supplied patch is modified minimally to fit this version (slight
line number change for analyze.c).

The fix was verified using
https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
as for the previous fix.
@otwieracz
Copy link
Contributor

@d-goldin I can confirm that it resolves my original issue.

@andir andir merged commit d9a83d3 into NixOS:release-19.09 Nov 8, 2019
@d-goldin d-goldin deleted the fix_sqlite_replicated branch November 8, 2019 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andir andir andir left review comments

@edolstra edolstra Awaiting requested review from edolstra

@np np Awaiting requested review from np

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@d-goldin @otwieracz @andir