Index: devel/upp/Makefile =================================================================== --- devel/upp/Makefile +++ devel/upp/Makefile @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= upp -DISTVERSION= 11540 +DISTVERSION= 11873 CATEGORIES= devel x11-toolkits -MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2017.2/ +MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2018.1/ DISTNAME= ${PORTNAME}-x11-src-${PORTVERSION} MAINTAINER= m.sund@arcor.de @@ -70,6 +70,8 @@ CXXFLAGS+= -Wno-logical-op-parentheses .endif +CXXFLAGS_i386+= -msse2 + post-patch: .SILENT ${CP} ${BUILD_WRKSRC}/Makefile.in ${BUILD_WRKSRC}/Makefile ${CP} ${BUILD_WRKSRC}/uMakefile.in ${BUILD_WRKSRC}/uMakefile @@ -127,6 +129,7 @@ (cd ${WRKSRC} && ${COPYTREE_SHARE} "${PORTDATA}" ${STAGEDIR}${DATADIR} \ "-not ( -type d -empty )") (cd ${STAGEDIR}${DATADIR}/uppsrc && ${RM} build_info.h *Makefile*) + ${RM} ${STAGEDIR}${DATADIR}/uppsrc/plugin/sqlite3/lib/sqlite3.c.orig do-install-IDE-on: ${INSTALL_PROGRAM} ${WRKSRC}/theide ${STAGEDIR}${PREFIX}/bin Index: devel/upp/distinfo =================================================================== --- devel/upp/distinfo +++ devel/upp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1512832900 -SHA256 (upp-x11-src-11540.tar.gz) = 85707d7b545f262b58bdd783c27aff2357548a3db01bf0f9287a10c90ae01420 -SIZE (upp-x11-src-11540.tar.gz) = 56513312 +TIMESTAMP = 1522479324 +SHA256 (upp-x11-src-11873.tar.gz) = 0231b768830db96257ebf7a9cc1aaff05017aa40a2ea6dfa577de7232c1cd07b +SIZE (upp-x11-src-11873.tar.gz) = 56167504 Index: devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c =================================================================== --- /dev/null +++ devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c @@ -0,0 +1,36 @@ +# Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740 +# Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message. +# Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b +# Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 + +--- uppsrc/plugin/sqlite3/lib/sqlite3.c.orig 2018-03-31 06:10:16 UTC ++++ uppsrc/plugin/sqlite3/lib/sqlite3.c +@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable( + p = pParse->pNewTable; + if( p==0 ) return; + +- assert( !db->init.busy || !pSelect ); +- + /* If the db->init.busy is 1 it means we are reading the SQL off the + ** "sqlite_master" or "sqlite_temp_master" table on the disk. + ** So do not write to the disk again. Extract the root page number +@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable( + ** table itself. So mark it read-only. + */ + if( db->init.busy ){ ++ if( pSelect ){ ++ sqlite3ErrorMsg(pParse, ""); ++ return; ++ } + p->tnum = db->init.newTnum; + if( p->tnum==1 ) p->tabFlags |= TF_Readonly; + } +@@ -117813,7 +117815,7 @@ static void corruptSchema( + char *z; + if( zObj==0 ) zObj = "?"; + z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj); +- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); ++ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); + sqlite3DbFree(db, *pData->pzErrMsg); + *pData->pzErrMsg = z; + } Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml +++ security/vuxml/vuln.xml @@ -58,6 +58,35 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + + SQLite -- Corrupt DB can cause a NULL pointer dereference + + + upp + 11873 + + + + +

MITRE reports:

+
+

SQLite databases whose schema is corrupted using a CREATE TABLE AS + statement could cause a NULL pointer dereference, related to build.c + and prepare.c.

+
+ +
+ + CVE-2018-8740 + http://openwall.com/lists/oss-security/2018/03/17/1 + + + 2018-03-16 + 2018-06-27 + +
+ mozilla -- multiple vulnerabilities