From a275d38385382b8630dbd7de4df352bd7defb7aa Mon Sep 17 00:00:00 2001 From: Liang Qi Date: Fri, 17 Apr 2020 12:25:22 +0200 Subject: [PATCH 1/3] doc: AA_DisableSessionManager was added in 5.14 This amends 404bee752c5058506900c23faa9d577a38b300f1. Fixes: QTBUG-83611 Change-Id: Ic3379a646b9c70fb23fd1f3f4bebed6e0b485664 Reviewed-by: Paul Wicking --- src/corelib/global/qnamespace.qdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/corelib/global/qnamespace.qdoc b/src/corelib/global/qnamespace.qdoc index 31e1bcc0da..ca3687a420 100644 --- a/src/corelib/global/qnamespace.qdoc +++ b/src/corelib/global/qnamespace.qdoc @@ -291,7 +291,7 @@ application on supported platforms, use of a session manager may be redundant for system services. This attribute must be set before QGuiApplication is constructed. - This value was added in 5.13 + This value was added in 5.14 The following values are deprecated or obsolete: From 441ea6be15f68f46ecee2365a7e7ee7dd6f11ff3 Mon Sep 17 00:00:00 2001 From: Andy Shaw Date: Mon, 20 Apr 2020 10:43:29 +0200 Subject: [PATCH 2/3] sqlite: Fix CVE-2020-11655 This was taken from 4a302b42c7bf5e11 in SQLite, ref: https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 [ChangeLog][QtSQL][sqlite] Fixed CVE-2020-11655 Task-number: QTBUG-83652 Change-Id: I5ead78d9ee63aa0f12f1c1014c79373728569f30 Reviewed-by: Volker Hilsheimer --- .../0002-sqlite-Fix-CVE-2020-11655.patch | 30 +++++++++++++++++++ src/3rdparty/sqlite/sqlite3.c | 1 + 2 files changed, 31 insertions(+) create mode 100644 src/3rdparty/sqlite/patches/0002-sqlite-Fix-CVE-2020-11655.patch diff --git a/src/3rdparty/sqlite/patches/0002-sqlite-Fix-CVE-2020-11655.patch b/src/3rdparty/sqlite/patches/0002-sqlite-Fix-CVE-2020-11655.patch new file mode 100644 index 0000000000..c47e68c4a9 --- /dev/null +++ b/src/3rdparty/sqlite/patches/0002-sqlite-Fix-CVE-2020-11655.patch @@ -0,0 +1,30 @@ +From fa3ea2350c0367aa7cfd796b31214e2dcf574360 Mon Sep 17 00:00:00 2001 +From: Andy Shaw +Date: Mon, 20 Apr 2020 10:43:29 +0200 +Subject: [PATCH] sqlite: Fix CVE-2020-11655 + +This was taken from 4a302b42c7bf5e11 in SQLite, ref: +https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 + +[ChangeLog][QtSQL][sqlite] Fixed CVE-2020-11655 + +Change-Id: I5ead78d9ee63aa0f12f1c1014c79373728569f30 +--- + src/3rdparty/sqlite/sqlite3.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index dfe5323a59..054be43d95 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -133226,6 +133226,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ + struct AggInfo_func *pFunc; + int nReg = pAggInfo->nFunc + pAggInfo->nColumn; + if( nReg==0 ) return; ++ if( pParse->nErr ) return; + #ifdef SQLITE_DEBUG + /* Verify that all AggInfo registers are within the range specified by + ** AggInfo.mnReg..AggInfo.mxReg */ +-- +2.24.2 (Apple Git-127) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index dfe5323a59..054be43d95 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -133226,6 +133226,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ struct AggInfo_func *pFunc; int nReg = pAggInfo->nFunc + pAggInfo->nColumn; if( nReg==0 ) return; + if( pParse->nErr ) return; #ifdef SQLITE_DEBUG /* Verify that all AggInfo registers are within the range specified by ** AggInfo.mnReg..AggInfo.mxReg */ From 3e6089b695489d5ba513723230a54b4b5e8349ae Mon Sep 17 00:00:00 2001 From: Andy Shaw Date: Mon, 20 Apr 2020 10:49:57 +0200 Subject: [PATCH 3/3] sqlite: Fix CVE-2020-11656 This was taken from d09f8c3621d5f7f8 and b64674919f673602 in SQLite, ref: https://www3.sqlite.org/cgi/src/info/d09f8c3621d5f7f8 https://www.sqlite.org/cgi/src/info/b64674919f673602 [ChangeLog][QtSQL][sqlite] Fixed CVE-2020-11656 Fixes: QTBUG-83652 Change-Id: I99bd59dc10b753ff19822c902dff1fc339d330a8 Reviewed-by: Volker Hilsheimer --- .../0003-sqlite-Fix-CVE-2020-11656.patch | 63 +++++++++++++++++++ src/3rdparty/sqlite/sqlite3.c | 18 +++++- 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 src/3rdparty/sqlite/patches/0003-sqlite-Fix-CVE-2020-11656.patch diff --git a/src/3rdparty/sqlite/patches/0003-sqlite-Fix-CVE-2020-11656.patch b/src/3rdparty/sqlite/patches/0003-sqlite-Fix-CVE-2020-11656.patch new file mode 100644 index 0000000000..c5ceb0a00c --- /dev/null +++ b/src/3rdparty/sqlite/patches/0003-sqlite-Fix-CVE-2020-11656.patch @@ -0,0 +1,63 @@ +From 99cdbed3bb5368ae2ec80d15635a2dd57961310c Mon Sep 17 00:00:00 2001 +From: Andy Shaw +Date: Mon, 20 Apr 2020 10:49:57 +0200 +Subject: [PATCH] sqlite: Fix CVE-2020-11656 + +This was taken from d09f8c3621d5f7f8 and b64674919f673602 in SQLite, +ref: https://www3.sqlite.org/cgi/src/info/d09f8c3621d5f7f8 +https://www.sqlite.org/cgi/src/info/b64674919f673602 + +[ChangeLog][QtSQL][sqlite] Fixed CVE-2020-11656 + +Fixes: QTBUG-83652 +Change-Id: I99bd59dc10b753ff19822c902dff1fc339d330a8 +--- + src/3rdparty/sqlite/sqlite3.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c +index 054be43d95..6ff9ba42aa 100644 +--- a/src/3rdparty/sqlite/sqlite3.c ++++ b/src/3rdparty/sqlite/sqlite3.c +@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( + nc.nErr = 0; + db = pParse->db; + savedSuppErr = db->suppressErr; +- db->suppressErr = 1; ++ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; + rc = sqlite3ResolveExprNames(&nc, pE); + db->suppressErr = savedSuppErr; + if( rc ) return 0; +@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ + } + } + ++/* ++** Unmap all tokens in the IdList object passed as the second argument. ++*/ ++static void unmapColumnIdlistNames( ++ Parse *pParse, ++ IdList *pIdList ++){ ++ if( pIdList ){ ++ int ii; ++ for(ii=0; iinId; ii++){ ++ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); ++ } ++ } ++} ++ + /* + ** Walker callback used by sqlite3RenameExprUnmap(). + */ +@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ + for(i=0; inSrc; i++){ + sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); + if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; ++ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); + } + } + +-- +2.24.2 (Apple Git-127) + diff --git a/src/3rdparty/sqlite/sqlite3.c b/src/3rdparty/sqlite/sqlite3.c index 054be43d95..6ff9ba42aa 100644 --- a/src/3rdparty/sqlite/sqlite3.c +++ b/src/3rdparty/sqlite/sqlite3.c @@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( nc.nErr = 0; db = pParse->db; savedSuppErr = db->suppressErr; - db->suppressErr = 1; + if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; rc = sqlite3ResolveExprNames(&nc, pE); db->suppressErr = savedSuppErr; if( rc ) return 0; @@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ } } +/* +** Unmap all tokens in the IdList object passed as the second argument. +*/ +static void unmapColumnIdlistNames( + Parse *pParse, + IdList *pIdList +){ + if( pIdList ){ + int ii; + for(ii=0; iinId; ii++){ + sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); + } + } +} + /* ** Walker callback used by sqlite3RenameExprUnmap(). */ @@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ for(i=0; inSrc; i++){ sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; + unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); } }