summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorQi.Chen@windriver.com <Qi.Chen@windriver.com>2020-02-21 23:56:23 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-04-09 00:07:12 +0100
commitb569007b7b4dec2371d33e4a847b4ae70917f1e5 (patch)
tree75c770195b879ab877b2d73d987ad42e00e150ae
parentee276e50e54d3decff63bca9a905ffd2e95401f7 (diff)
downloadpoky-b569007b7b4dec2371d33e4a847b4ae70917f1e5.tar.gz
sqlite3: fix CVE-2019-16168
(From OE-Core rev: 8d663da7e5fad8dd936fbefeba67db6e0e356975) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch40
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.27.2.bb1
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
new file mode 100644
index 0000000000..7c4a65b3cd
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
@@ -0,0 +1,40 @@
1From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Tue, 15 Oct 2019 13:22:52 +0800
4Subject: [PATCH] Fix CVE-2019-16168
5
6CVE: CVE-2019-16168
7
8Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
9
10Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
11---
12 sqlite3.c | 5 ++++-
13 1 file changed, 4 insertions(+), 1 deletion(-)
14
15diff --git a/sqlite3.c b/sqlite3.c
16index 61bfdeb..b3e6ae2 100644
17--- a/sqlite3.c
18+++ b/sqlite3.c
19@@ -105933,7 +105933,9 @@ static void decodeIntArray(
20 if( sqlite3_strglob("unordered*", z)==0 ){
21 pIndex->bUnordered = 1;
22 }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
23- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
24+ int sz = sqlite3Atoi(z+3);
25+ if( sz<2 ) sz = 2;
26+ pIndex->szIdxRow = sqlite3LogEst(sz);
27 }else if( sqlite3_strglob("noskipscan*", z)==0 ){
28 pIndex->noSkipScan = 1;
29 }
30@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
31 ** it to pNew->rRun, which is currently set to the cost of the index
32 ** seek only. Then, if this is a non-covering index, add the cost of
33 ** visiting the rows in the main table. */
34+ assert( pSrc->pTab->szTabRow>0 );
35 rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
36 pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
37 if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
38--
392.17.1
40
diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
index 4bdb04f4d1..2888a56ee9 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "\
7 http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ 7 http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
8 file://CVE-2019-9936.patch \ 8 file://CVE-2019-9936.patch \
9 file://CVE-2019-9937.patch \ 9 file://CVE-2019-9937.patch \
10 file://0001-Fix-CVE-2019-16168.patch \
10 " 11 "
11 12
12SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0" 13SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"