!115 sync the CVE-2023-7104 from 22.03

From: @noodlesland 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

0001-CVE-2023-7104.patch

@@ -0,0 +1,45 @@
+it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
+From: mazhao <mazhao12@huawei.com>
+Date: Wed, 3 Jan 2024 12:00:45 +0800
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Signed-off-by: mazhao <mazhao12@huawei.com>
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.34.1
+

0001-sqlite-no-malloc-usable-size.patch

@@ -1,24 +0,0 @@
-diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
---- sqlite-src-3120200/configure.ac.malloc_usable_size	2016-04-25 09:46:48.134690570 +0200
-+++ sqlite-src-3120200/configure.ac	2016-04-25 09:48:41.622637181 +0200
-@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
- #########
- # Figure out whether or not we have these functions
- #
--AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
-+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
- 
- #########
- # By default, we use the amalgamation (this may be changed below...)
-diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
---- sqlite-src-3120200/configure.malloc_usable_size	2016-04-25 09:47:12.594679063 +0200
-+++ sqlite-src-3120200/configure	2016-04-25 09:49:28.684615042 +0200
-@@ -10275,7 +10275,7 @@ done
- #########
- # Figure out whether or not we have these functions
- #
--for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
-+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
- do :
-   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

0002-remove-fail-testcase-in-no-free-fd-situation.patch

@@ -1,66 +0,0 @@
-From defded46ea50037500590122d847ba6a7cb96110 Mon Sep 17 00:00:00 2001
-From: eulerstorage <eulerstoragemt@huawei.com>
-Date: Sat, 11 Jan 2020 11:33:54 +0800
-Subject: [PATCH] remove fail testcase in no free fd situation
-
-Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
-some situation if there is no enough fd resource.
----
- test/oserror.test | 27 ---------------------------
- 1 file changed, 27 deletions(-)
-
-diff --git a/test/oserror.test b/test/oserror.test
-index a51301c..d46218f 100644
---- a/test/oserror.test
-+++ b/test/oserror.test
-@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} {
-   
- }
- 
--#--------------------------------------------------------------------------
--# Tests oserror-1.* test failures in the open() system call.
--#
--
--# Test a failure in open() due to too many files. 
--#
--# The xOpen() method of the unix VFS calls getcwd() as well as open().
--# Although this does not appear to be documented in the man page, on OSX
--# a call to getcwd() may fail if there are no free file descriptors. So
--# an error may be reported for either open() or getcwd() here.
--#
--if {![clang_sanitize_address]} {
--  unset -nocomplain rc
--  unset -nocomplain nOpen
--  set nOpen 20000
--  do_test 1.1.1 {
--    set ::log [list]
--    set ::rc [catch {
--      for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
--    } msg]
--    if {$::rc==0} {
--      # Some system (ex: Debian) are able to create 20000+ file descriptiors
--      # such systems will not fail here
--      set x ok
--    } elseif {$::rc==1 && $msg=="unable to open database file"} {
--      set x ok
--    } else {
--      set x [list $::rc $msg]
--    }
--  } {ok}
--  do_test 1.1.2 {
--    catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } }
--  } $::rc
--  if {$rc} {
--    do_re_test 1.1.3 { 
--      lindex $::log 0 
--    } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
--  }
--}
--
--
- # Test a failure in open() due to the path being a directory.
- #
- do_test 1.2.1 {
--- 
-1.8.3.1
-

0003-infinite-loop-in-trim-function.patch

@@ -1,88 +0,0 @@
-diff -ruN origin_src/src/func.c sqlite-src-3340000/src/func.c
---- origin_src/src/func.c	2021-09-03 10:46:50.253089516 +0800
-+++ sqlite-src-3340000/src/func.c	2021-09-03 10:59:23.151415929 +0800
-@@ -1315,10 +1315,10 @@
- ){
-   const unsigned char *zIn;         /* Input string */
-   const unsigned char *zCharSet;    /* Set of characters to trim */
--  int nIn;                          /* Number of bytes in input */
-+  unsigned int nIn;                 /* Number of bytes in input */
-   int flags;                        /* 1: trimleft  2: trimright  3: trim */
-   int i;                            /* Loop counter */
--  unsigned char *aLen = 0;          /* Length of each character in zCharSet */
-+  unsigned int *aLen = 0;           /* Length of each character in zCharSet */
-   unsigned char **azChar = 0;       /* Individual characters in zCharSet */
-   int nChar;                        /* Number of characters in zCharSet */
- 
-@@ -1327,13 +1327,13 @@
-   }
-   zIn = sqlite3_value_text(argv[0]);
-   if( zIn==0 ) return;
--  nIn = sqlite3_value_bytes(argv[0]);
-+  nIn = (unsigned)sqlite3_value_bytes(argv[0]);
-   assert( zIn==sqlite3_value_text(argv[0]) );
-   if( argc==1 ){
--    static const unsigned char lenOne[] = { 1 };
-+    static const unsigned lenOne[] = { 1 };
-     static unsigned char * const azOne[] = { (u8*)" " };
-     nChar = 1;
--    aLen = (u8*)lenOne;
-+    aLen = (unsigned*)lenOne;
-     azChar = (unsigned char **)azOne;
-     zCharSet = 0;
-   }else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){
-@@ -1344,15 +1344,16 @@
-       SQLITE_SKIP_UTF8(z);
-     }
-     if( nChar>0 ){
--      azChar = contextMalloc(context, ((i64)nChar)*(sizeof(char*)+1));
-+      azChar = contextMalloc(context, 
-+                     ((i64)nChar)*(sizeof(char*)+sizeof(unsigned)));
-       if( azChar==0 ){
-         return;
-       }
--      aLen = (unsigned char*)&azChar[nChar];
-+      aLen = (unsigned*)&azChar[nChar];
-       for(z=zCharSet, nChar=0; *z; nChar++){
-         azChar[nChar] = (unsigned char *)z;
-         SQLITE_SKIP_UTF8(z);
--        aLen[nChar] = (u8)(z - azChar[nChar]);
-+        aLen[nChar] = (unsigned)(z - azChar[nChar]);
-       }
-     }
-   }
-@@ -1360,7 +1361,7 @@
-     flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));
-     if( flags & 1 ){
-       while( nIn>0 ){
--        int len = 0;
-+        unsigned int len = 0;
-         for(i=0; i<nChar; i++){
-           len = aLen[i];
-           if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;
-@@ -1372,7 +1373,7 @@
-     }
-     if( flags & 2 ){
-       while( nIn>0 ){
--        int len = 0;
-+        unsigned int len = 0;
-         for(i=0; i<nChar; i++){
-           len = aLen[i];
-           if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;
-diff -ruN origin_src/test/func.test sqlite-src-3340000/test/func.test
---- origin_src/test/func.test	2021-09-03 10:46:50.201088526 +0800
-+++ sqlite-src-3340000/test/func.test	2021-09-03 10:59:42.751788869 +0800
-@@ -1111,6 +1111,13 @@
-   execsql {SELECT typeof(trim('hello',NULL));}
- } {null}
- 
-+# 2021-06-15 - infinite loop due to unsigned character counter
-+# overflow, reported by Zimuzo Ezeozue
-+#
-+do_execsql_test func-22.23 {
-+  SELECT trim('xyzzy',x'c0808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080');
-+} {xyzzy}
-+
- # This is to test the deprecated sqlite3_aggregate_count() API.
- #
- ifcapable deprecated {

0004-null-ref-in-trigger.patch

@@ -1,351 +0,0 @@
-diff -rNu sqlite_before/src/attach.c sqlite_after/src/attach.c
---- sqlite_before/src/attach.c	2021-09-05 20:50:58.133474476 +0800
-+++ sqlite_after/src/attach.c	2021-09-05 20:52:09.414798420 +0800
-@@ -434,6 +434,63 @@
- #endif /* SQLITE_OMIT_ATTACH */
- 
- /*
-+** Expression callback used by sqlite3FixAAAA() routines.
-+*/
-+static int fixExprCb(Walker *p, Expr *pExpr){
-+  DbFixer *pFix = p->u.pFix;
-+  if( !pFix->bTemp ) ExprSetProperty(pExpr, EP_FromDDL);
-+  if( pExpr->op==TK_VARIABLE ){
-+    if( pFix->pParse->db->init.busy ){
-+      pExpr->op = TK_NULL;
-+    }else{
-+      sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType);
-+      return WRC_Abort;
-+    }
-+  }
-+  return WRC_Continue;
-+}
-+
-+/*
-+** Select callback used by sqlite3FixAAAA() routines.
-+*/
-+static int fixSelectCb(Walker *p, Select *pSelect){
-+  DbFixer *pFix = p->u.pFix;
-+  int i;
-+  struct SrcList_item *pItem;
-+  sqlite3 *db = pFix->pParse->db;
-+  int iDb = sqlite3FindDbName(db, pFix->zDb);
-+  SrcList *pList = pSelect->pSrc;
-+
-+  if( NEVER(pList==0) ) return WRC_Continue;
-+  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
-+    if( pFix->bTemp==0 ){
-+      if( pItem->zDatabase && iDb!=sqlite3FindDbName(db, pItem->zDatabase) ){
-+        sqlite3ErrorMsg(pFix->pParse,
-+            "%s %T cannot reference objects in database %s",
-+            pFix->zType, pFix->pName, pItem->zDatabase);
-+        return WRC_Abort;
-+      }
-+      sqlite3DbFree(db, pItem->zDatabase);
-+      pItem->zDatabase = 0;
-+      pItem->pSchema = pFix->pSchema;
-+      pItem->fg.fromDDL = 1;
-+    }
-+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
-+    if( sqlite3WalkExpr(&pFix->w, pList->a[i].pOn) ) return WRC_Abort;
-+#endif
-+  }
-+  if( pSelect->pWith ){
-+    int i;
-+    for(i=0; i<pSelect->pWith->nCte; i++){
-+      if( sqlite3WalkSelect(p, pSelect->pWith->a[i].pSelect) ){
-+        return WRC_Abort;
-+      }
-+    }
-+  }
-+  return WRC_Continue;
-+}
-+
-+/*
- ** Initialize a DbFixer structure.  This routine must be called prior
- ** to passing the structure to one of the sqliteFixAAAA() routines below.
- */
-@@ -444,9 +501,7 @@
-   const char *zType,  /* "view", "trigger", or "index" */
-   const Token *pName  /* Name of the view, trigger, or index */
- ){
--  sqlite3 *db;
--
--  db = pParse->db;
-+  sqlite3 *db = pParse->db;
-   assert( db->nDb>iDb );
-   pFix->pParse = pParse;
-   pFix->zDb = db->aDb[iDb].zDbSName;
-@@ -454,6 +509,13 @@
-   pFix->zType = zType;
-   pFix->pName = pName;
-   pFix->bTemp = (iDb==1);
-+  pFix->w.pParse = pParse;
-+  pFix->w.xExprCallback = fixExprCb;
-+  pFix->w.xSelectCallback = fixSelectCb;
-+  pFix->w.xSelectCallback2 = 0;
-+  pFix->w.walkerDepth = 0;
-+  pFix->w.eCode = 0;
-+  pFix->w.u.pFix = pFix;
- }
- 
- /*
-@@ -474,115 +536,27 @@
-   DbFixer *pFix,       /* Context of the fixation */
-   SrcList *pList       /* The Source list to check and modify */
- ){
--  int i;
--  struct SrcList_item *pItem;
--  sqlite3 *db = pFix->pParse->db;
--  int iDb = sqlite3FindDbName(db, pFix->zDb);
--
--  if( NEVER(pList==0) ) return 0;
--
--  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
--    if( pFix->bTemp==0 ){
--      if( pItem->zDatabase && iDb!=sqlite3FindDbName(db, pItem->zDatabase) ){
--        sqlite3ErrorMsg(pFix->pParse,
--            "%s %T cannot reference objects in database %s",
--            pFix->zType, pFix->pName, pItem->zDatabase);
--        return 1;
--      }
--      sqlite3DbFree(db, pItem->zDatabase);
--      pItem->zDatabase = 0;
--      pItem->pSchema = pFix->pSchema;
--      pItem->fg.fromDDL = 1;
--    }
--#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
--    if( sqlite3FixSelect(pFix, pItem->pSelect) ) return 1;
--    if( sqlite3FixExpr(pFix, pItem->pOn) ) return 1;
--#endif
--    if( pItem->fg.isTabFunc && sqlite3FixExprList(pFix, pItem->u1.pFuncArg) ){
--      return 1;
--    }
-+  int res = 0;
-+  if( pList ){
-+    Select s; 
-+    memset(&s, 0, sizeof(s));
-+    s.pSrc = pList;
-+    res = sqlite3WalkSelect(&pFix->w, &s);
-   }
--  return 0;
-+  return res;
- }
- #if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
- int sqlite3FixSelect(
-   DbFixer *pFix,       /* Context of the fixation */
-   Select *pSelect      /* The SELECT statement to be fixed to one database */
- ){
--  while( pSelect ){
--    if( sqlite3FixExprList(pFix, pSelect->pEList) ){
--      return 1;
--    }
--    if( sqlite3FixSrcList(pFix, pSelect->pSrc) ){
--      return 1;
--    }
--    if( sqlite3FixExpr(pFix, pSelect->pWhere) ){
--      return 1;
--    }
--    if( sqlite3FixExprList(pFix, pSelect->pGroupBy) ){
--      return 1;
--    }
--    if( sqlite3FixExpr(pFix, pSelect->pHaving) ){
--      return 1;
--    }
--    if( sqlite3FixExprList(pFix, pSelect->pOrderBy) ){
--      return 1;
--    }
--    if( sqlite3FixExpr(pFix, pSelect->pLimit) ){
--      return 1;
--    }
--    if( pSelect->pWith ){
--      int i;
--      for(i=0; i<pSelect->pWith->nCte; i++){
--        if( sqlite3FixSelect(pFix, pSelect->pWith->a[i].pSelect) ){
--          return 1;
--        }
--      }
--    }
--    pSelect = pSelect->pPrior;
--  }
--  return 0;
-+  return sqlite3WalkSelect(&pFix->w, pSelect);
- }
- int sqlite3FixExpr(
-   DbFixer *pFix,     /* Context of the fixation */
-   Expr *pExpr        /* The expression to be fixed to one database */
- ){
--  while( pExpr ){
--    if( !pFix->bTemp ) ExprSetProperty(pExpr, EP_FromDDL);
--    if( pExpr->op==TK_VARIABLE ){
--      if( pFix->pParse->db->init.busy ){
--        pExpr->op = TK_NULL;
--      }else{
--        sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType);
--        return 1;
--      }
--    }
--    if( ExprHasProperty(pExpr, EP_TokenOnly|EP_Leaf) ) break;
--    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
--      if( sqlite3FixSelect(pFix, pExpr->x.pSelect) ) return 1;
--    }else{
--      if( sqlite3FixExprList(pFix, pExpr->x.pList) ) return 1;
--    }
--    if( sqlite3FixExpr(pFix, pExpr->pRight) ){
--      return 1;
--    }
--    pExpr = pExpr->pLeft;
--  }
--  return 0;
--}
--int sqlite3FixExprList(
--  DbFixer *pFix,     /* Context of the fixation */
--  ExprList *pList    /* The expression to be fixed to one database */
--){
--  int i;
--  struct ExprList_item *pItem;
--  if( pList==0 ) return 0;
--  for(i=0, pItem=pList->a; i<pList->nExpr; i++, pItem++){
--    if( sqlite3FixExpr(pFix, pItem->pExpr) ){
--      return 1;
--    }
--  }
--  return 0;
-+  return sqlite3WalkExpr(&pFix->w, pExpr);
- }
- #endif
- 
-@@ -592,25 +566,20 @@
-   TriggerStep *pStep /* The trigger step be fixed to one database */
- ){
-   while( pStep ){
--    if( sqlite3FixSelect(pFix, pStep->pSelect) ){
--      return 1;
--    }
--    if( sqlite3FixExpr(pFix, pStep->pWhere) ){
--      return 1;
--    }
--    if( sqlite3FixExprList(pFix, pStep->pExprList) ){
--      return 1;
--    }
--    if( pStep->pFrom && sqlite3FixSrcList(pFix, pStep->pFrom) ){
-+    if( sqlite3WalkSelect(&pFix->w, pStep->pSelect)
-+     || sqlite3WalkExpr(&pFix->w, pStep->pWhere) 
-+     || sqlite3WalkExprList(&pFix->w, pStep->pExprList)
-+     || sqlite3FixSrcList(pFix, pStep->pFrom)
-+    ){
-       return 1;
-     }
- #ifndef SQLITE_OMIT_UPSERT
-     if( pStep->pUpsert ){
-       Upsert *pUp = pStep->pUpsert;
--      if( sqlite3FixExprList(pFix, pUp->pUpsertTarget)
--       || sqlite3FixExpr(pFix, pUp->pUpsertTargetWhere)
--       || sqlite3FixExprList(pFix, pUp->pUpsertSet)
--       || sqlite3FixExpr(pFix, pUp->pUpsertWhere)
-+      if( sqlite3WalkExprList(&pFix->w, pUp->pUpsertTarget)
-+       || sqlite3WalkExpr(&pFix->w, pUp->pUpsertTargetWhere)
-+       || sqlite3WalkExprList(&pFix->w, pUp->pUpsertSet)
-+       || sqlite3WalkExpr(&pFix->w, pUp->pUpsertWhere)
-       ){
-         return 1;
-       }
-@@ -618,6 +587,7 @@
- #endif
-     pStep = pStep->pNext;
-   }
-+
-   return 0;
- }
- #endif
-diff -rNu sqlite_before/src/sqliteInt.h sqlite_after/src/sqliteInt.h
---- sqlite_before/src/sqliteInt.h	2021-09-05 20:50:58.137474551 +0800
-+++ sqlite_after/src/sqliteInt.h	2021-09-05 20:52:09.418798495 +0800
-@@ -1137,6 +1137,7 @@
- typedef struct CollSeq CollSeq;
- typedef struct Column Column;
- typedef struct Db Db;
-+typedef struct DbFixer DbFixer;
- typedef struct Schema Schema;
- typedef struct Expr Expr;
- typedef struct ExprList ExprList;
-@@ -3651,21 +3652,6 @@
- };
- 
- /*
--** The following structure contains information used by the sqliteFix...
--** routines as they walk the parse tree to make database references
--** explicit.
--*/
--typedef struct DbFixer DbFixer;
--struct DbFixer {
--  Parse *pParse;      /* The parsing context.  Error messages written here */
--  Schema *pSchema;    /* Fix items to this schema */
--  u8 bTemp;           /* True for TEMP schema entries */
--  const char *zDb;    /* Make sure all objects are contained in this database */
--  const char *zType;  /* Type of the container - used for error messages */
--  const Token *pName; /* Name of the container - used for error messages */
--};
--
--/*
- ** An objected used to accumulate the text of a string where we
- ** do not necessarily know how big the string will be in the end.
- */
-@@ -3815,9 +3801,25 @@
-     struct RenameCtx *pRename;                /* RENAME COLUMN context */
-     struct Table *pTab;                       /* Table of generated column */
-     struct SrcList_item *pSrcItem;            /* A single FROM clause item */
-+    DbFixer *pFix;
-   } u;
- };
- 
-+/*
-+** The following structure contains information used by the sqliteFix...
-+** routines as they walk the parse tree to make database references
-+** explicit.
-+*/
-+struct DbFixer {
-+  Parse *pParse;      /* The parsing context.  Error messages written here */
-+  Walker w;           /* Walker object */
-+  Schema *pSchema;    /* Fix items to this schema */
-+  u8 bTemp;           /* True for TEMP schema entries */
-+  const char *zDb;    /* Make sure all objects are contained in this database */
-+  const char *zType;  /* Type of the container - used for error messages */
-+  const Token *pName; /* Name of the container - used for error messages */
-+};
-+
- /* Forward declarations */
- int sqlite3WalkExpr(Walker*, Expr*);
- int sqlite3WalkExprList(Walker*, ExprList*);
-@@ -4527,7 +4529,6 @@
- int sqlite3FixSrcList(DbFixer*, SrcList*);
- int sqlite3FixSelect(DbFixer*, Select*);
- int sqlite3FixExpr(DbFixer*, Expr*);
--int sqlite3FixExprList(DbFixer*, ExprList*);
- int sqlite3FixTriggerStep(DbFixer*, TriggerStep*);
- int sqlite3RealSameAsInt(double,sqlite3_int64);
- void sqlite3Int64ToText(i64,char*);
-diff -rNu sqlite_before/test/altertab3.test sqlite_after/test/altertab3.test
---- sqlite_before/test/altertab3.test	2021-09-05 20:50:58.137474551 +0800
-+++ sqlite_after/test/altertab3.test	2021-09-05 20:52:09.422798569 +0800
-@@ -253,7 +253,7 @@
- 
- do_catchsql_test 11.2 {
-   ALTER TABLE t1 RENAME TO t1x;
--} {1 {error in trigger b: no such table: abc}}
-+} {1 {error in trigger b: no such table: main.abc}}
- 
- do_execsql_test 11.3 {
-   DROP TRIGGER b;
-diff -rNu sqlite_before/test/triggerE.test sqlite_after/test/triggerE.test
---- sqlite_before/test/triggerE.test	2021-09-05 20:50:58.137474551 +0800
-+++ sqlite_after/test/triggerE.test	2021-09-05 20:52:09.462799312 +0800
-@@ -58,6 +58,8 @@
-   8 { BEFORE UPDATE ON t1 BEGIN UPDATE t2 SET c = ?; END; }
-   9 { BEFORE UPDATE ON t1 BEGIN UPDATE t2 SET c = 1 WHERE d = ?; END; }
-  10 { AFTER INSERT ON t1 BEGIN SELECT * FROM pragma_stats(?); END; }
-+ 11 { BEFORE INSERT ON t1 BEGIN 
-+      INSERT INTO t1 SELECT max(b) OVER(ORDER BY $1) FROM t1; END }
- } {
-   catchsql {drop trigger tr1}
-   do_catchsql_test 1.1.$tn "CREATE TRIGGER tr1 $defn" [list 1 $errmsg]

0005-uninitialized-value-used-in-pattern-compare.patch

@@ -1,28 +0,0 @@
-diff -Nur sqlite_before/src/func.c sqlite_after/src/func.c
---- sqlite_before/src/func.c	2021-09-26 16:11:20.573041810 +0800
-+++ sqlite_after/src/func.c	2021-09-26 16:16:56.535137866 +0800
-@@ -694,7 +694,8 @@
-       /* Skip over multiple "*" characters in the pattern.  If there
-       ** are also "?" characters, skip those as well, but consume a
-       ** single character of the input string for each "?" skipped */
--      while( (c=Utf8Read(zPattern)) == matchAll || c == matchOne ){
-+      while( (c=Utf8Read(zPattern)) == matchAll 
-+             || (c == matchOne && matchOne!=0) ){
-         if( c==matchOne && sqlite3Utf8Read(&zString)==0 ){
-           return SQLITE_NOWILDCARDMATCH;
-         }
-diff -Nur sqlite_before/test/like.test sqlite_after/test/like.test
---- sqlite_before/test/like.test	2021-09-26 16:11:20.561041592 +0800
-+++ sqlite_after/test/like.test	2021-09-26 16:17:03.575265610 +0800
-@@ -1131,4 +1131,11 @@
-   SELECT id FROM t1 WHERE x LIKE 'abc__' ESCAPE '_';
- } {2}
- 
-+# 2021-02-15 ticket c0aeea67d58ae0fd
-+#
-+do_execsql_test 17.1 {
-+  SELECT 'x' LIKE '%' ESCAPE '_';
-+} {1}
-+
-+
- finish_test

sqlite.spec

@@ -1,25 +1,21 @@
 %bcond_without check
 
-%global extver 3340000
+%global extver 3420000
 %global tcl_version 8.6
 %global tcl_sitearch %{_libdir}/tcl%{tcl_version}
 
 Name:    sqlite
-Version: 3.34.0
-Release: 4
+Version: 3.42.0
+Release: 2
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2020/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2020/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz
 
-Patch1: 0001-sqlite-no-malloc-usable-size.patch
-Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
-Patch3: 0003-infinite-loop-in-trim-function.patch
-Patch4: 0004-null-ref-in-trigger.patch
-Patch5: 0005-uninitialized-value-used-in-pattern-compare.patch
+Patch1: 0001-CVE-2023-7104.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -63,16 +59,12 @@ This contains man files and HTML files for the using of sqlite.
 #autosetup will fail because of 2 zip files
 %setup -q -a1 -n %{name}-src-%{extver}
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
-autoconf
-
 %build
+
+autoconf
 export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
                -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
@@ -113,6 +105,10 @@ export MALLOC_CHECK_=3
 %else
 rm test/csv01.test
 %endif
+%ifarch loongarch64
+rm -rf test/thread1.test
+rm -rf test/thread2.test
+%endif
 
 make test
 %endif # with check
@@ -137,6 +133,42 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Wed Sep 4 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-2
+- sync the CVE-2023-7104 from 2203
+
+* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
+- Bump version to fix CVE-2024-0232
+
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
+- fix the CVE-2023-7104
+
+* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
+- fix the CVE-2023-36191
+
+* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
+- remove fail testcase for loongarch
+
+* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
+- fix the CVE-2022-46908
+
+* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
+- fix build problem
+
+* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
+- fix integer overflow on gigabyte string
+
+* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
+- update to 3.37.2
+
+* Tue Aug 16 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
+- fix the CVE-2022-35737.
+
+* Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
+- fix the CVE-2021-36690.
+
+* Fri Nov 25 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-1
+- update to 3.36.0.
+
 * Fri Sep 26 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-4
 - fix the uninitialized value used in pattern match.