Your message dated Thu, 29 May 2025 06:43:49 +0000
with message-id <e1ukwzv-005zjx...@respighi.debian.org>
and subject line unblock sqlite3
has caused the Debian Bug report #1106512,
regarding unblock: sqlite3/3.46.1-5 (pre-approval)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1106512: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Control: affects -1 + src:sqlite3
Hi RMs,
Please pre-approve unblocking of package sqlite3.
[ Reason ]
There is a bug that in a special case invalid data to be used for a
column. It isn't seen in the wild, found by the Chromium fuzzer.
For some reason upstream turned off recovery support by default for a
long time. It was active in Bullseye, but not in Bookworm nor in
Trixie.
[ Impact ]
The column handling bug is considered important and fixed by upstream,
but the details of the possible exploit is not yet made public [1].
That is, I can't declare the importance of the fix, but I say it is
better to have this.
The recovery support needs a compile option to be added and as it's
exposed to outside, a new library symbol is being added.
[ Tests ]
Tested by myself on my box running Trixie and even backported to my
Bookworm one. There's no issues.
[ Risks ]
Fairly low if any. The fix is a minimal change and while the recovery
support exposes some internal data to the user it is for the specific
reason.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
Regards,
Laszlo/GCS
[1] https://issues.chromium.org/issues/415397143
diff -Nru sqlite3-3.46.1/debian/changelog sqlite3-3.46.1/debian/changelog
--- sqlite3-3.46.1/debian/changelog 2025-04-18 19:33:30.000000000 +0200
+++ sqlite3-3.46.1/debian/changelog 2025-05-24 15:36:17.000000000 +0200
@@ -1,3 +1,13 @@
+sqlite3 (3.46.1-5) unstable; urgency=medium
+
+ * Backport upstream fix for a bug in the NOT NULL/IS NULL optimization that
+ can cause invalid data to be used for a column if that column has a CHECK
+ constraint that includes the NOT NULL or IS NULL operator.
+ * Enable the SQLITE_DBPAGE extension (closes: #1099542).
+ * Update symbols file.
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org> Sat, 24 May 2025 15:36:17 +0200
+
sqlite3 (3.46.1-4) unstable; urgency=high
* Backport upstream security fix for CVE-2025-29088: certain argument
diff -Nru sqlite3-3.46.1/debian/libsqlite3-0.symbols sqlite3-3.46.1/debian/libsqlite3-0.symbols
--- sqlite3-3.46.1/debian/libsqlite3-0.symbols 2024-05-30 19:37:02.000000000 +0200
+++ sqlite3-3.46.1/debian/libsqlite3-0.symbols 2025-05-24 15:36:17.000000000 +0200
@@ -197,6 +197,7 @@
sqlite3DbSpanDup@Base 3.37.0
sqlite3DbStrDup@Base 3.37.0
sqlite3DbStrNDup@Base 3.37.0
+ sqlite3DbpageRegister@Base 3.46.1
sqlite3DbstatRegister@Base 3.37.0
sqlite3DecOrHexToI64@Base 3.37.0
sqlite3DefaultMutex@Base 3.37.0
diff -Nru sqlite3-3.46.1/debian/patches/41-fix_a_bug_in_the_NOT_NULL-IS_NULL_optimization.patch sqlite3-3.46.1/debian/patches/41-fix_a_bug_in_the_NOT_NULL-IS_NULL_optimization.patch
--- sqlite3-3.46.1/debian/patches/41-fix_a_bug_in_the_NOT_NULL-IS_NULL_optimization.patch 1970-01-01 01:00:00.000000000 +0100
+++ sqlite3-3.46.1/debian/patches/41-fix_a_bug_in_the_NOT_NULL-IS_NULL_optimization.patch 2025-05-24 15:36:17.000000000 +0200
@@ -0,0 +1,58 @@
+Index: sqlite3/src/expr.c
+==================================================================
+--- sqlite3/src/expr.c
++++ sqlite3/src/expr.c
+@@ -5735,15 +5735,15 @@
+ case TK_ISNULL:
+ case TK_NOTNULL: {
+ assert( TK_ISNULL==OP_IsNull ); testcase( op==TK_ISNULL );
+ assert( TK_NOTNULL==OP_NotNull ); testcase( op==TK_NOTNULL );
+ r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, ®Free1);
+- sqlite3VdbeTypeofColumn(v, r1);
++ assert( regFree1==0 || regFree1==r1 );
++ if( regFree1 ) sqlite3VdbeTypeofColumn(v, r1);
+ sqlite3VdbeAddOp2(v, op, r1, dest);
+ VdbeCoverageIf(v, op==TK_ISNULL);
+ VdbeCoverageIf(v, op==TK_NOTNULL);
+- testcase( regFree1==0 );
+ break;
+ }
+ case TK_BETWEEN: {
+ testcase( jumpIfNull==0 );
+ exprCodeBetween(pParse, pExpr, dest, sqlite3ExprIfTrue, jumpIfNull);
+@@ -5910,15 +5910,15 @@
+ break;
+ }
+ case TK_ISNULL:
+ case TK_NOTNULL: {
+ r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, ®Free1);
+- sqlite3VdbeTypeofColumn(v, r1);
++ assert( regFree1==0 || regFree1==r1 );
++ if( regFree1 ) sqlite3VdbeTypeofColumn(v, r1);
+ sqlite3VdbeAddOp2(v, op, r1, dest);
+ testcase( op==TK_ISNULL ); VdbeCoverageIf(v, op==TK_ISNULL);
+ testcase( op==TK_NOTNULL ); VdbeCoverageIf(v, op==TK_NOTNULL);
+- testcase( regFree1==0 );
+ break;
+ }
+ case TK_BETWEEN: {
+ testcase( jumpIfNull==0 );
+ exprCodeBetween(pParse, pExpr, dest, sqlite3ExprIfFalse, jumpIfNull);
+
+Index: sqlite3/src/vdbe.c
+==================================================================
+--- sqlite3/src/vdbe.c
++++ sqlite3/src/vdbe.c
+@@ -3679,10 +3679,11 @@
+ }
+ }else{
+ zHdr += sqlite3PutVarint(zHdr, serial_type);
+ if( pRec->n ){
+ assert( pRec->z!=0 );
++ assert( pRec->z!=(const char*)sqlite3CtypeMap );
+ memcpy(zPayload, pRec->z, pRec->n);
+ zPayload += pRec->n;
+ }
+ }
+ if( pRec==pLast ) break;
+
diff -Nru sqlite3-3.46.1/debian/patches/series sqlite3-3.46.1/debian/patches/series
--- sqlite3-3.46.1/debian/patches/series 2025-04-18 19:33:30.000000000 +0200
+++ sqlite3-3.46.1/debian/patches/series 2025-05-24 15:36:17.000000000 +0200
@@ -7,5 +7,6 @@
32-dynamic_link.patch
02-use-packaged-lempar.c.patch
40-amalgamation_configure.patch
+41-fix_a_bug_in_the_NOT_NULL-IS_NULL_optimization.patch
50-CVE-2025-29087.patch
51-CVE-2025-29088.patch
diff -Nru sqlite3-3.46.1/debian/rules sqlite3-3.46.1/debian/rules
--- sqlite3-3.46.1/debian/rules 2025-03-04 18:11:00.000000000 +0100
+++ sqlite3-3.46.1/debian/rules 2025-05-24 15:36:17.000000000 +0200
@@ -46,6 +46,7 @@
-DSQLITE_ENABLE_RTREE=1 -DSQLITE_SOUNDEX=1 \
-DSQLITE_ENABLE_UNLOCK_NOTIFY \
-DSQLITE_ENABLE_DBSTAT_VTAB \
+ -DSQLITE_ENABLE_DBPAGE_VTAB \
-DSQLITE_ALLOW_ROWID_IN_VIEW \
-DSQLITE_ENABLE_UPDATE_DELETE_LIMIT=1 \
-DSQLITE_ENABLE_LOAD_EXTENSION \
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
