!115 sync the CVE-2023-7104 from 22.03

From: @noodlesland 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

0001-CVE-2023-7104.patch

@@ -0,0 +1,45 @@
+it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
+From: mazhao <mazhao12@huawei.com>
+Date: Wed, 3 Jan 2024 12:00:45 +0800
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Signed-off-by: mazhao <mazhao12@huawei.com>
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.34.1
+

0001-sqlite-no-malloc-usable-size.patch

@@ -1,24 +0,0 @@
-diff -up sqlite-src-3120200/configure.ac.malloc_usable_size sqlite-src-3120200/configure.ac
---- sqlite-src-3120200/configure.ac.malloc_usable_size	2016-04-25 09:46:48.134690570 +0200
-+++ sqlite-src-3120200/configure.ac	2016-04-25 09:48:41.622637181 +0200
-@@ -108,7 +108,7 @@ AC_CHECK_HEADERS([sys/types.h stdlib.h s
- #########
- # Figure out whether or not we have these functions
- #
--AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64])
-+AC_CHECK_FUNCS([fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64])
- 
- #########
- # By default, we use the amalgamation (this may be changed below...)
-diff -up sqlite-src-3120200/configure.malloc_usable_size sqlite-src-3120200/configure
---- sqlite-src-3120200/configure.malloc_usable_size	2016-04-25 09:47:12.594679063 +0200
-+++ sqlite-src-3120200/configure	2016-04-25 09:49:28.684615042 +0200
-@@ -10275,7 +10275,7 @@ done
- #########
- # Figure out whether or not we have these functions
- #
--for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s malloc_usable_size strchrnul usleep utime pread pread64 pwrite pwrite64
-+for ac_func in fdatasync gmtime_r isnan localtime_r localtime_s strchrnul usleep utime pread pread64 pwrite pwrite64
- do :
-   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

0002-remove-fail-testcase-in-no-free-fd-situation.patch

@@ -1,66 +0,0 @@
-From defded46ea50037500590122d847ba6a7cb96110 Mon Sep 17 00:00:00 2001
-From: eulerstorage <eulerstoragemt@huawei.com>
-Date: Sat, 11 Jan 2020 11:33:54 +0800
-Subject: [PATCH] remove fail testcase in no free fd situation
-
-Remove testcase 1.1.1, 1.1.2 and 1.1.3, since it can not success in
-some situation if there is no enough fd resource.
----
- test/oserror.test | 27 ---------------------------
- 1 file changed, 27 deletions(-)
-
-diff --git a/test/oserror.test b/test/oserror.test
-index a51301c..d46218f 100644
---- a/test/oserror.test
-+++ b/test/oserror.test
-@@ -40,47 +40,6 @@ proc do_re_test {tn script expression} {
-   
- }
- 
--#--------------------------------------------------------------------------
--# Tests oserror-1.* test failures in the open() system call.
--#
--
--# Test a failure in open() due to too many files. 
--#
--# The xOpen() method of the unix VFS calls getcwd() as well as open().
--# Although this does not appear to be documented in the man page, on OSX
--# a call to getcwd() may fail if there are no free file descriptors. So
--# an error may be reported for either open() or getcwd() here.
--#
--if {![clang_sanitize_address]} {
--  unset -nocomplain rc
--  unset -nocomplain nOpen
--  set nOpen 20000
--  do_test 1.1.1 {
--    set ::log [list]
--    set ::rc [catch {
--      for {set i 0} {$i < $::nOpen} {incr i} { sqlite3 dbh_$i test.db -readonly 1 }
--    } msg]
--    if {$::rc==0} {
--      # Some system (ex: Debian) are able to create 20000+ file descriptiors
--      # such systems will not fail here
--      set x ok
--    } elseif {$::rc==1 && $msg=="unable to open database file"} {
--      set x ok
--    } else {
--      set x [list $::rc $msg]
--    }
--  } {ok}
--  do_test 1.1.2 {
--    catch { for {set i 0} {$i < $::nOpen} {incr i} { dbh_$i close } }
--  } $::rc
--  if {$rc} {
--    do_re_test 1.1.3 { 
--      lindex $::log 0 
--    } {^os_unix.c:\d+: \(\d+\) (open|getcwd)\(.*test.db\) - }
--  }
--}
--
--
- # Test a failure in open() due to the path being a directory.
- #
- do_test 1.2.1 {
--- 
-1.8.3.1
-

0003-CVE-2021-36690.patch

@@ -1,44 +0,0 @@
-diff -rNu a/ext/expert/sqlite3expert.c b/ext/expert/sqlite3expert.c
---- a/ext/expert/sqlite3expert.c	2021-11-25 09:00:19.267831518 +0800
-+++ b/ext/expert/sqlite3expert.c	2021-11-25 09:07:38.551969861 +0800
-@@ -690,11 +690,13 @@
-   rc = idxPrintfPrepareStmt(db, &p1, pzErrmsg, "PRAGMA table_xinfo=%Q", zTab);
-   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
-     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
-+    const char *zColSeq = 0;
-     nByte += 1 + STRLEN(zCol);
-     rc = sqlite3_table_column_metadata(
--        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
-+        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
-     );
--    nByte += 1 + STRLEN(zCol);
-+    if( zColSeq==0 ) zColSeq = "binary";
-+    nByte += 1 + STRLEN(zColSeq);
-     nCol++;
-     nPk += (sqlite3_column_int(p1, 5)>0);
-   }
-@@ -714,6 +716,7 @@
-   nCol = 0;
-   while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(p1) ){
-     const char *zCol = (const char*)sqlite3_column_text(p1, 1);
-+    const char *zColSeq = 0;
-     int nCopy = STRLEN(zCol) + 1;
-     pNew->aCol[nCol].zName = pCsr;
-     pNew->aCol[nCol].iPk = (sqlite3_column_int(p1, 5)==1 && nPk==1);
-@@ -721,12 +724,13 @@
-     pCsr += nCopy;
- 
-     rc = sqlite3_table_column_metadata(
--        db, "main", zTab, zCol, 0, &zCol, 0, 0, 0
-+        db, "main", zTab, zCol, 0, &zColSeq, 0, 0, 0
-     );
-     if( rc==SQLITE_OK ){
--      nCopy = STRLEN(zCol) + 1;
-+      if( zColSeq==0 ) zColSeq = "binary";
-+      nCopy = STRLEN(zColSeq) + 1;
-       pNew->aCol[nCol].zColl = pCsr;
--      memcpy(pCsr, zCol, nCopy);
-+      memcpy(pCsr, zColSeq, nCopy);
-       pCsr += nCopy;
-     }
- 

sqlite.spec

@@ -1,23 +1,21 @@
 %bcond_without check
 
-%global extver 3360000
+%global extver 3420000
 %global tcl_version 8.6
 %global tcl_sitearch %{_libdir}/tcl%{tcl_version}
 
 Name:    sqlite
-Version: 3.36.0
+Version: 3.42.0
 Release: 2
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
 
-Source0: https://www.sqlite.org/2021/sqlite-src-%{extver}.zip
-Source1: http://www.sqlite.org/2021/sqlite-doc-%{extver}.zip
-Source2: https://www.sqlite.org/2021/sqlite-autoconf-%{extver}.tar.gz
+Source0: https://www.sqlite.org/2023/sqlite-src-%{extver}.zip
+Source1: http://www.sqlite.org/2023/sqlite-doc-%{extver}.zip
+Source2: https://www.sqlite.org/2023/sqlite-autoconf-%{extver}.tar.gz
 
-Patch1: 0001-sqlite-no-malloc-usable-size.patch
-Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
-Patch3: 0003-CVE-2021-36690.patch
+Patch1: 0001-CVE-2023-7104.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -61,14 +59,12 @@ This contains man files and HTML files for the using of sqlite.
 #autosetup will fail because of 2 zip files
 %setup -q -a1 -n %{name}-src-%{extver}
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
-autoconf
-
 %build
+
+autoconf
 export CFLAGS="$RPM_OPT_FLAGS $RPM_LD_FLAGS -DSQLITE_ENABLE_COLUMN_METADATA=1 \
                -DSQLITE_DISABLE_DIRSYNC=1 -DSQLITE_ENABLE_FTS3=3 \
                -DSQLITE_ENABLE_RTREE=1 -DSQLITE_SECURE_DELETE=1 \
@@ -109,6 +105,10 @@ export MALLOC_CHECK_=3
 %else
 rm test/csv01.test
 %endif
+%ifarch loongarch64
+rm -rf test/thread1.test
+rm -rf test/thread2.test
+%endif
 
 make test
 %endif # with check
@@ -133,6 +133,36 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Wed Sep 4 2024 wangmian <wangmian19@h-partners.com> - 3.42.0-2
+- sync the CVE-2023-7104 from 2203
+
+* Tue Feb 27 2024 Zheng Zhenyu <zheng.zhenyu@outlook.com> - 3.42.0-1
+- Bump version to fix CVE-2024-0232
+
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.37.2-7
+- fix the CVE-2023-7104
+
+* Mon Aug 7 2023 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-6
+- fix the CVE-2023-36191
+
+* Fri Jan 13 2023 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.37.2-5
+- remove fail testcase for loongarch
+
+* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
+- fix the CVE-2022-46908
+
+* Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
+- fix build problem
+
+* Mon Sep 5 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-2
+- fix integer overflow on gigabyte string
+
+* Mon Aug 29 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-1
+- update to 3.37.2
+
+* Tue Aug 16 2022 liusirui <liusirui@huawei.com> - 3.36.0-3
+- fix the CVE-2022-35737.
+
 * Sat Nov 27 2021 wbq_sky <wangbingquan@huawei.com> - 3.36.0-2
 - fix the CVE-2021-36690.