summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Sakoman <steve@sakoman.com>2020-11-04 07:00:34 -1000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-11-12 13:07:52 +0000
commit9bf3399388e37d1f813c0b98fc8532ab411009fa (patch)
tree2673d2f9cbf5f7e0c0d2af1e25dfcff0d042849e
parent1a057dcc739461ec34071167737207db650a5ca9 (diff)
downloadpoky-9bf3399388e37d1f813c0b98fc8532ab411009fa.tar.gz
sqlite3: fix CVE-2020-13632
CVE: CVE-2020-13632 Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632 (From OE-Core rev: 8d54034bb8e522f9827ec6422b32cbd4e5bf1346) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/sqlite/files/CVE-2020-13632.patch34
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.31.1.bb1
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13632.patch b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
new file mode 100644
index 0000000000..c28bf10e37
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
@@ -0,0 +1,34 @@
1From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
2From: drh <drh@noemail.net>
3Date: Thu, 14 May 2020 23:59:24 +0000
4Subject: [PATCH] Fix a null pointer deference that can occur on a strange
5 matchinfo() query.
6
7FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
8
9Upstream-Status: Backport
10CVE: CVE-2020-13632
11
12Reference to upstream patch:
13https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
14
15Patch converted to amalgamation format
16
17Signed-off-by: Steve Sakoman <steve@sakoman.com>
18---
19 sqlite3.c | 2 +-
20 1 file changed, 1 insertion(+), 1 deletion(-)
21
22diff --git a/sqlite3.c b/sqlite3.c
23index 282e106..5ae8c8b 100644
24--- a/sqlite3.c
25+++ b/sqlite3.c
26@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
27 iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
28 }
29
30- while( 1 ){
31+ if( pIter ) while( 1 ){
32 int nHit = fts3ColumnlistCount(&pIter);
33 if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
34 if( p->flag==FTS3_MATCHINFO_LHITS ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 5d45d1f1ab..c289affd60 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
12 file://CVE-2020-13435.patch \ 12 file://CVE-2020-13435.patch \
13 file://CVE-2020-13630.patch \ 13 file://CVE-2020-13630.patch \
14 file://CVE-2020-13631.patch \ 14 file://CVE-2020-13631.patch \
15 file://CVE-2020-13632.patch \
15 " 16 "
16SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" 17SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
17SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" 18SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"