D16017.id44490.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D16017.id44490.diff
View Options

	Index: devel/upp/Makefile
	===================================================================
	--- devel/upp/Makefile
	+++ devel/upp/Makefile
	@@ -2,9 +2,9 @@
	# $FreeBSD$

	PORTNAME= upp
	-DISTVERSION= 11540
	+DISTVERSION= 11873
	CATEGORIES= devel x11-toolkits
	-MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2017.2/
	+MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2018.1/
	DISTNAME= ${PORTNAME}-x11-src-${PORTVERSION}

	MAINTAINER= m.sund@arcor.de
	@@ -70,6 +70,8 @@
	CXXFLAGS+= -Wno-logical-op-parentheses
	.endif

	+CXXFLAGS_i386+= -msse2
	+
	post-patch: .SILENT
	${CP} ${BUILD_WRKSRC}/Makefile.in ${BUILD_WRKSRC}/Makefile
	${CP} ${BUILD_WRKSRC}/uMakefile.in ${BUILD_WRKSRC}/uMakefile
	@@ -127,6 +129,7 @@
	(cd ${WRKSRC} && ${COPYTREE_SHARE} "${PORTDATA}" ${STAGEDIR}${DATADIR} \
	"-not ( -type d -empty )")
	(cd ${STAGEDIR}${DATADIR}/uppsrc && ${RM} build_info.h Makefile)
	+ ${RM} ${STAGEDIR}${DATADIR}/uppsrc/plugin/sqlite3/lib/sqlite3.c.orig

	do-install-IDE-on:
	${INSTALL_PROGRAM} ${WRKSRC}/theide ${STAGEDIR}${PREFIX}/bin
	Index: devel/upp/distinfo
	===================================================================
	--- devel/upp/distinfo
	+++ devel/upp/distinfo
	@@ -1,3 +1,3 @@
	-TIMESTAMP = 1512832900
	-SHA256 (upp-x11-src-11540.tar.gz) = 85707d7b545f262b58bdd783c27aff2357548a3db01bf0f9287a10c90ae01420
	-SIZE (upp-x11-src-11540.tar.gz) = 56513312
	+TIMESTAMP = 1522479324
	+SHA256 (upp-x11-src-11873.tar.gz) = 0231b768830db96257ebf7a9cc1aaff05017aa40a2ea6dfa577de7232c1cd07b
	+SIZE (upp-x11-src-11873.tar.gz) = 56167504
	Index: devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c
	===================================================================
	--- /dev/null
	+++ devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c
	@@ -0,0 +1,36 @@
	+# Fix for CVE-2018-8740: https://nvd.nist.gov/vuln/detail/CVE-2018-8740
	+# Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message.
	+# Commit [d75e6765]: https://www.sqlite.org/src/info/d75e67654aa9620b
	+# Description: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
	+
	+--- uppsrc/plugin/sqlite3/lib/sqlite3.c.orig 2018-03-31 06:10:16 UTC
	++++ uppsrc/plugin/sqlite3/lib/sqlite3.c
	+@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable(
	+ p = pParse->pNewTable;
	+ if( p==0 ) return;
	+
	+- assert( !db->init.busy \|\| !pSelect );
	+-
	+ /* If the db->init.busy is 1 it means we are reading the SQL off the
	+ ** "sqlite_master" or "sqlite_temp_master" table on the disk.
	+ ** So do not write to the disk again. Extract the root page number
	+@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable(
	+ ** table itself. So mark it read-only.
	+ */
	+ if( db->init.busy ){
	++ if( pSelect ){
	++ sqlite3ErrorMsg(pParse, "");
	++ return;
	++ }
	+ p->tnum = db->init.newTnum;
	+ if( p->tnum==1 ) p->tabFlags \|= TF_Readonly;
	+ }
	+@@ -117813,7 +117815,7 @@ static void corruptSchema(
	+ char *z;
	+ if( zObj==0 ) zObj = "?";
	+ z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
	+- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
	++ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
	+ sqlite3DbFree(db, *pData->pzErrMsg);
	+ *pData->pzErrMsg = z;
	+ }
	Index: security/vuxml/vuln.xml
	===================================================================
	--- security/vuxml/vuln.xml
	+++ security/vuxml/vuln.xml
	@@ -58,6 +58,35 @@
	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
	-->
	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
	+
	+ <vuln vid="c1630aa3-7970-11e8-8634-dcfe074bd614">
	+ <topic>SQLite -- Corrupt DB can cause a NULL pointer dereference</topic>
	+ <affects>
	+ <package>
	+ <name>upp</name>
	+ <range><le>11873</le></range>
	+ </package>
	+ </affects>
	+ <description>
	+ <body xmlns="http://www.w3.org/1999/xhtml">
	+ <p>MITRE reports:</p>
	+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-8740">
	+ <p>SQLite databases whose schema is corrupted using a CREATE TABLE AS
	+ statement could cause a NULL pointer dereference, related to build.c
	+ and prepare.c.</p>
	+ </blockquote>
	+ </body>
	+ </description>
	+ <references>
	+ <cvename>CVE-2018-8740</cvename>
	+ <url>http://openwall.com/lists/oss-security/2018/03/17/1</url>
	+ </references>
	+ <dates>
	+ <discovery>2018-03-16</discovery>
	+ <entry>2018-06-27</entry>
	+ </dates>
	+ </vuln>
	+
	<vuln vid="cd81806c-26e7-4d4a-8425-02724a2f48af">
	<topic>mozilla -- multiple vulnerabilities</topic>
	<affects>

File Metadata

Mime Type: text/plain
Expires: Sun, Mar 8, 4:45 PM (7 h, 13 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29384833
Default Alt Text: D16017.id44490.diff (4 KB)

D16017.id44490.diffNo OneTemporaryActions

D16017.id44490.diffView Options

File Metadata

Event Timeline

D16017.id44490.diff
No OneTemporary
Actions

D16017.id44490.diff
View Options