[AUTO-CHERRYPICK] Patch sqlite for CVE-2025-6965[HIGH], CVE-2025-7458[MEDIUM] - branch main (#14496)

Co-authored-by: kgodara912 <[email protected]>
Co-authored-by: Kshitiz Godara <[email protected]>

Author: 3 people

SPECS/sqlite/CVE-2025-6965.patch

@@ -0,0 +1,36 @@
+From 21fd260b719da5aa881c760f2d11997ec0d7d28a Mon Sep 17 00:00:00 2001
+From: Kshitiz Godara <[email protected]>
+Date: Mon, 4 Aug 2025 06:48:07 +0000
+Subject: [PATCH 2/2] Fix for CVE-2025-6965 [HIGH]
+
+Upstream reference:
+https://www.sqlite.org/src/info/642be27a38018649
+---
+ sqlite3.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 70c9b45..003961a 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -109837,7 +109837,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
+             ExprSetVVAProperty(pExpr, EP_NoReduce);
+             pExpr->pAggInfo = pAggInfo;
+             pExpr->op = TK_AGG_COLUMN;
+-            pExpr->iAgg = (i16)k;
++            pExpr->iAgg = (i16)(k&0x7fff);
+             break;
+           } /* endif pExpr->iTable==pItem->iCursor */
+         } /* end loop over pSrcList */
+@@ -109883,7 +109883,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
+         */
+         assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
+         ExprSetVVAProperty(pExpr, EP_NoReduce);
+-        pExpr->iAgg = (i16)i;
++        pExpr->iAgg = (i16)(i&0x7fff);
+         pExpr->pAggInfo = pAggInfo;
+         return WRC_Prune;
+       }else{
+-- 
+2.45.4
+

SPECS/sqlite/CVE-2025-7458.patch

@@ -0,0 +1,29 @@
+From 7b06377c3e3ec165a0024b3950ae71b39e7bfcc7 Mon Sep 17 00:00:00 2001
+From: Kshitiz Godara <[email protected]>
+Date: Sun, 3 Aug 2025 16:51:50 +0000
+Subject: [PATCH 1/2] Fix for CVE-2025-7458 [MEDIUM]
+
+Upstream reference:
+https://sqlite.org/src/info/12ad822d9b827777
+---
+ sqlite3.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 158d416..70c9b45 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -158940,6 +158940,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
+       if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
+         pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
+       }
++      if( pWInfo->pOrderBy
++       && pWInfo->nOBSat > pWInfo->pOrderBy->nExpr ){
++        pWInfo->nOBSat = pWInfo->pOrderBy->nExpr;
++      }
+     }else{
+       pWInfo->revMask = pFrom->revLoop;
+       if( pWInfo->nOBSat<=0 ){
+-- 
+2.45.4
+

SPECS/sqlite/sqlite.spec

@@ -2,7 +2,7 @@
 Summary:        A portable, high level programming interface to various calling conventions
 Name:           sqlite
 Version:        3.39.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Public Domain
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -13,6 +13,8 @@ Source0:        https://www.sqlite.org/2022/%{name}-autoconf-%{sourcever}.tar.gz
 Patch0:         CVE-2015-3717.nopatch
 Patch1:         CVE-2022-46908.patch
 Patch2:         CVE-2023-7104.patch
+Patch3:         CVE-2025-7458.patch
+Patch4:         CVE-2025-6965.patch
 Requires:       sqlite-libs = %{version}-%{release}
 Provides:       sqlite3
 
@@ -83,6 +85,9 @@ make %{?_smp_mflags} check
 %{_libdir}/libsqlite3.so.0.8.6
 
 %changelog
+* Mon Aug 04 2025 Kshitiz Godara <[email protected]> - 3.39.2-4
+- Address CVE-2025-6965 and CVE-2025-7458
+
 * Tue Jan 09 2024 Henry Li <[email protected]> - 3.39.2-3
 - Address CVE-2023-7104
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -84,9 +84,9 @@ bison-3.7.6-2.cm2.aarch64.rpm
 popt-1.18-1.cm2.aarch64.rpm
 popt-devel-1.18-1.cm2.aarch64.rpm
 popt-lang-1.18-1.cm2.aarch64.rpm
-sqlite-3.39.2-3.cm2.aarch64.rpm
-sqlite-devel-3.39.2-3.cm2.aarch64.rpm
-sqlite-libs-3.39.2-3.cm2.aarch64.rpm
+sqlite-3.39.2-4.cm2.aarch64.rpm
+sqlite-devel-3.39.2-4.cm2.aarch64.rpm
+sqlite-libs-3.39.2-4.cm2.aarch64.rpm
 elfutils-0.186-2.cm2.aarch64.rpm
 elfutils-default-yama-scope-0.186-2.cm2.noarch.rpm
 elfutils-devel-0.186-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -84,9 +84,9 @@ bison-3.7.6-2.cm2.x86_64.rpm
 popt-1.18-1.cm2.x86_64.rpm
 popt-devel-1.18-1.cm2.x86_64.rpm
 popt-lang-1.18-1.cm2.x86_64.rpm
-sqlite-3.39.2-3.cm2.x86_64.rpm
-sqlite-devel-3.39.2-3.cm2.x86_64.rpm
-sqlite-libs-3.39.2-3.cm2.x86_64.rpm
+sqlite-3.39.2-4.cm2.x86_64.rpm
+sqlite-devel-3.39.2-4.cm2.x86_64.rpm
+sqlite-libs-3.39.2-4.cm2.x86_64.rpm
 elfutils-0.186-2.cm2.x86_64.rpm
 elfutils-default-yama-scope-0.186-2.cm2.noarch.rpm
 elfutils-devel-0.186-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -548,10 +548,10 @@ sed-lang-4.8-3.cm2.aarch64.rpm
 slang-2.3.2-4.cm2.aarch64.rpm
 slang-debuginfo-2.3.2-4.cm2.aarch64.rpm
 slang-devel-2.3.2-4.cm2.aarch64.rpm
-sqlite-3.39.2-3.cm2.aarch64.rpm
-sqlite-debuginfo-3.39.2-3.cm2.aarch64.rpm
-sqlite-devel-3.39.2-3.cm2.aarch64.rpm
-sqlite-libs-3.39.2-3.cm2.aarch64.rpm
+sqlite-3.39.2-4.cm2.aarch64.rpm
+sqlite-debuginfo-3.39.2-4.cm2.aarch64.rpm
+sqlite-devel-3.39.2-4.cm2.aarch64.rpm
+sqlite-libs-3.39.2-4.cm2.aarch64.rpm
 swig-4.0.2-3.cm2.aarch64.rpm
 swig-debuginfo-4.0.2-3.cm2.aarch64.rpm
 systemd-bootstrap-250.3-13.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -554,10 +554,10 @@ sed-lang-4.8-3.cm2.x86_64.rpm
 slang-2.3.2-4.cm2.x86_64.rpm
 slang-debuginfo-2.3.2-4.cm2.x86_64.rpm
 slang-devel-2.3.2-4.cm2.x86_64.rpm
-sqlite-3.39.2-3.cm2.x86_64.rpm
-sqlite-debuginfo-3.39.2-3.cm2.x86_64.rpm
-sqlite-devel-3.39.2-3.cm2.x86_64.rpm
-sqlite-libs-3.39.2-3.cm2.x86_64.rpm
+sqlite-3.39.2-4.cm2.x86_64.rpm
+sqlite-debuginfo-3.39.2-4.cm2.x86_64.rpm
+sqlite-devel-3.39.2-4.cm2.x86_64.rpm
+sqlite-libs-3.39.2-4.cm2.x86_64.rpm
 swig-4.0.2-3.cm2.x86_64.rpm
 swig-debuginfo-4.0.2-3.cm2.x86_64.rpm
 systemd-bootstrap-250.3-13.cm2.x86_64.rpm