[PATCH 1/2] rpm: backport fix to prevent crashes with latest sqlite

[PATCH 1/2] rpm: backport fix to prevent crashes with latest sqlite

[Anuj Mittal]

SQLite 3.42.0 causes crashes when installing RPM packages at rootfs
creation time. Backport an upstream fix to resolve the issue.

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...87cfcf9cac87e5bc5e7db79b0338da9e355e.patch | 51 +++++++++++++++++++
 meta/recipes-devtools/rpm/rpm_4.18.1.bb       |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch

diff --git a/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch b/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
new file mode 100644
index 0000000000..470dda1dcf
--- /dev/null
+++ b/meta/recipes-devtools/rpm/files/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch
@@ -0,0 +1,51 @@
+From ea3187cfcf9cac87e5bc5e7db79b0338da9e355e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 26 Jun 2023 12:45:09 +0300
+Subject: [PATCH] Don't muck with per-process global sqlite configuration from
+ the db backend
+
+sqlite3_config() affects all in-process uses of sqlite. librpm being a
+low-level library, it has no business whatsoever making such decisions
+for the applications running on top of it. Besides that, the callback can
+easily end up pointing to an already closed database, causing an
+innocent API user to crash in librpm on an entirely unrelated error on
+some other database. "Oops."
+
+The sqlite API doesn't seem to provide any per-db or non-global context
+for logging errors, thus we can only remove the call and let sqlite output
+errors the way it pleases (print through stderr, presumably).
+
+Thanks to Jan Palus for spotting and reporting!
+
+Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ea3187cfcf9cac87e5bc5e7db79b0338da9e355e]
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ lib/backend/sqlite.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/lib/backend/sqlite.c b/lib/backend/sqlite.c
+index 5a029d575a..b612732267 100644
+--- a/lib/backend/sqlite.c
++++ b/lib/backend/sqlite.c
+@@ -44,13 +44,6 @@ static void rpm_match3(sqlite3_context *sctx, int argc, sqlite3_value **argv)
+     sqlite3_result_int(sctx, match);
+ }
+ 
+-static void errCb(void *data, int err, const char *msg)
+-{
+-    rpmdb rdb = data;
+-    rpmlog(RPMLOG_WARNING, "%s: %s: %s\n",
+-		rdb->db_descr, sqlite3_errstr(err), msg);
+-}
+-
+ static int dbiCursorReset(dbiCursor dbc)
+ {
+     if (dbc->stmt) {
+@@ -170,7 +163,6 @@ static int sqlite_init(rpmdb rdb, const char * dbhome)
+ 	 * the "database is locked" errors at every cost
+ 	 */
+ 	sqlite3_busy_timeout(sdb, 10000);
+-	sqlite3_config(SQLITE_CONFIG_LOG, errCb, rdb);
+ 
+ 	sqlexec(sdb, "PRAGMA secure_delete = OFF");
+ 	sqlexec(sdb, "PRAGMA case_sensitive_like = ON");
diff --git a/meta/recipes-devtools/rpm/rpm_4.18.1.bb b/meta/recipes-devtools/rpm/rpm_4.18.1.bb
index 83537d4761..95a9e92f96 100644
--- a/meta/recipes-devtools/rpm/rpm_4.18.1.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.18.1.bb
@@ -39,6 +39,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.18.x;protoc
            file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \
            file://0001-python-Use-Py_hash_t-instead-of-long-in-hdr_hash.patch \
            file://fix-declaration.patch \
+           file://ea3187cfcf9cac87e5bc5e7db79b0338da9e355e.patch \
            "
 
 PE = "1"
-- 
2.41.0

[PATCH 2/2] sqlite3: upgrade 3.41.2 -> 3.42.0

[Anuj Mittal]

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-support/sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb} (86%)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
similarity index 86%
rename from meta/recipes-support/sqlite/sqlite3_3.41.2.bb
rename to meta/recipes-support/sqlite/sqlite3_3.42.0.bb
index b09e8e7f55..f60aca63d2 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
@@ -4,7 +4,7 @@ LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
 
 SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
-SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499"
+SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
 
 # -19242 is only an issue in specific development branch commits
 CVE_CHECK_IGNORE += "CVE-2019-19242"
-- 
2.41.0

Re: [OE-core] [PATCH 2/2] sqlite3: upgrade 3.41.2 -> 3.42.0

[Alexandre Belloni]

Hello Anuj,

Previous testing shows that this breaks rpm, do you know if this was
fixed?

On 03/07/2023 14:59:09+0800, Anuj Mittal wrote:
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> ---
>  .../sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb}             | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-support/sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb} (86%)
> 
> diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> similarity index 86%
> rename from meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> rename to meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> index b09e8e7f55..f60aca63d2 100644
> --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> +++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> @@ -4,7 +4,7 @@ LICENSE = "PD"
>  LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
>  
>  SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
> -SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499"
> +SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
>  
>  # -19242 is only an issue in specific development branch commits
>  CVE_CHECK_IGNORE += "CVE-2019-19242"
> -- 
> 2.41.0
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#183796): https://lists.openembedded.org/g/openembedded-core/message/183796
> Mute This Topic: https://lists.openembedded.org/mt/99922416/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 


-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Re: [OE-core] [PATCH 2/2] sqlite3: upgrade 3.41.2 -> 3.42.0

[Alexandre Belloni]

On 04/07/2023 23:51:25+0200, Alexandre Belloni wrote:
> Hello Anuj,
> 
> Previous testing shows that this breaks rpm, do you know if this was
> fixed?

I actually read the previous patch now...

> 
> On 03/07/2023 14:59:09+0800, Anuj Mittal wrote:
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> > ---
> >  .../sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb}             | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >  rename meta/recipes-support/sqlite/{sqlite3_3.41.2.bb => sqlite3_3.42.0.bb} (86%)
> > 
> > diff --git a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> > similarity index 86%
> > rename from meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> > rename to meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> > index b09e8e7f55..f60aca63d2 100644
> > --- a/meta/recipes-support/sqlite/sqlite3_3.41.2.bb
> > +++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
> > @@ -4,7 +4,7 @@ LICENSE = "PD"
> >  LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
> >  
> >  SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
> > -SRC_URI[sha256sum] = "e98c100dd1da4e30fa460761dab7c0b91a50b785e167f8c57acc46514fae9499"
> > +SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
> >  
> >  # -19242 is only an issue in specific development branch commits
> >  CVE_CHECK_IGNORE += "CVE-2019-19242"
> > -- 
> > 2.41.0
> > 
> 
> > 
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#183796): https://lists.openembedded.org/g/openembedded-core/message/183796
> > Mute This Topic: https://lists.openembedded.org/mt/99922416/3617179
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> > 
> 
> 
> -- 
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

-- 
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com