From 75bce8729317493332f76aa98c2f1f1cfa861735 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Jun 27 2023 07:28:29 +0000 Subject: Fix potential crash with multiple in-process sqlite uses --- diff --git a/0001-Don-t-muck-with-per-process-global-sqlite-configurat.patch b/0001-Don-t-muck-with-per-process-global-sqlite-configurat.patch new file mode 100644 index 0000000..b3f3b65 --- /dev/null +++ b/0001-Don-t-muck-with-per-process-global-sqlite-configurat.patch @@ -0,0 +1,52 @@ +From ea3187cfcf9cac87e5bc5e7db79b0338da9e355e Mon Sep 17 00:00:00 2001 +Message-ID: +From: Panu Matilainen +Date: Mon, 26 Jun 2023 12:45:09 +0300 +Subject: [PATCH] Don't muck with per-process global sqlite configuration from + the db backend + +sqlite3_config() affects all in-process uses of sqlite. librpm being a +low-level library, it has no business whatsoever making such decisions +for the applications running on top of it. Besides that, the callback can +easily end up pointing to an already closed database, causing an +innocent API user to crash in librpm on an entirely unrelated error on +some other database. "Oops." + +The sqlite API doesn't seem to provide any per-db or non-global context +for logging errors, thus we can only remove the call and let sqlite output +errors the way it pleases (print through stderr, presumably). + +Thanks to Jan Palus for spotting and reporting! +--- + lib/backend/sqlite.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c +index 5a029d575..b61273226 100644 +--- a/lib/backend/sqlite.c ++++ b/lib/backend/sqlite.c +@@ -44,13 +44,6 @@ static void rpm_match3(sqlite3_context *sctx, int argc, sqlite3_value **argv) + sqlite3_result_int(sctx, match); + } + +-static void errCb(void *data, int err, const char *msg) +-{ +- rpmdb rdb = data; +- rpmlog(RPMLOG_WARNING, "%s: %s: %s\n", +- rdb->db_descr, sqlite3_errstr(err), msg); +-} +- + static int dbiCursorReset(dbiCursor dbc) + { + if (dbc->stmt) { +@@ -170,7 +163,6 @@ static int sqlite_init(rpmdb rdb, const char * dbhome) + * the "database is locked" errors at every cost + */ + sqlite3_busy_timeout(sdb, 10000); +- sqlite3_config(SQLITE_CONFIG_LOG, errCb, rdb); + + sqlexec(sdb, "PRAGMA secure_delete = OFF"); + sqlexec(sdb, "PRAGMA case_sensitive_like = ON"); +-- +2.41.0 + diff --git a/rpm.spec b/rpm.spec index 830b12d..e6d0012 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.18.91 #global snapver rc1 -%global baserelease 4 +%global baserelease 5 %global sover 10 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -147,7 +147,9 @@ rpm-4.9.90-no-man-dirs.patch rpm-4.18.90-disable-sysusers.patch rpm-4.18.90-weak-user-group.patch + # Patches already upstream: +0001-Don-t-muck-with-per-process-global-sqlite-configurat.patch # ... # These are not yet upstream @@ -620,6 +622,9 @@ fi %doc %{_defaultdocdir}/rpm/API/ %changelog +* Tue Jun 27 2023 Panu Matilainen - 4.18.91-5 +- Fix potential crash with multiple in-process sqlite uses + * Mon Jun 26 2023 Python Maint - 4.18.91-4 - Rebuilt for Python 3.12