sqlite3: Security fixes for CVE-2018-20505 & 20506

Source: sqlite.org MR: 97484, 97490 Type: Security Fix Disposition: Backport from sqilte.org ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5 Description: Affects < 3.26.0 fixes: CVE-2018-20505 CVE-2018-20506 (From OE-Core rev: e2f9efdc93068bce00b07021aa447f0b8786f69d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2019-05-30 14:10:11 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-27 18:05:18 +0100
commit: 015bfc5971120e3483572cb4eaf0cb7c15b64349 (patch)
tree: d629cfbbf4154e10d56346b0543ecc9fa4841ab4 /meta/recipes-support/sqlite/files/CVE-2018-20505.patch
parent: 14d23c29a2d6a9944233983d64109037077db49e (diff)
download: poky-015bfc5971120e3483572cb4eaf0cb7c15b64349.tar.gz
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
new file mode 100644
index 0000000000..d1119f3b31
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
@@ -0,0 +1,31 @@
+From: D. Richard Hipp <drh@hwaci.com>
+Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000)
+Subject: Fix a assert() in the query planner that can arise when doing row-value
+X-Git-Tag: version-3.26.0~59
+X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f
+Fix a assert() in the query planner that can arise when doing row-value
+operations on a PRIMARY KEY that contains duplicate columns.
+Ticket [1a84668dcfdebaf12415d].
+https://sqlite.org/src/info/1a84668dcfdebaf12415d
+upstream-Status: Backport
+CVE: CVE-2018-20505
+affects <= 3.26.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: sqlite-autoconf-3230100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3230100.orig/sqlite3.c
+++ sqlite-autoconf-3230100/sqlite3.c
+@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
+     for(i=iEq; i<pLoop->nLTerm; i++){
+       if( pLoop->aLTerm[i]->pExpr==pX ){
+         int iField = pLoop->aLTerm[i]->iField - 1;
+-        assert( pOrigRhs->a[iField].pExpr!=0 );
+        if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
+         pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
+         pOrigRhs->a[iField].pExpr = 0;
+         assert( pOrigLhs->a[iField].pExpr!=0 );
author	Armin Kuster <akuster@mvista.com>	2019-05-30 14:10:11 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +0100
commit	015bfc5971120e3483572cb4eaf0cb7c15b64349 (patch)
tree	d629cfbbf4154e10d56346b0543ecc9fa4841ab4 /meta/recipes-support/sqlite/files/CVE-2018-20505.patch
parent	14d23c29a2d6a9944233983d64109037077db49e (diff)
download	poky-015bfc5971120e3483572cb4eaf0cb7c15b64349.tar.gz

diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch new file mode 100644 index 0000000000..d1119f3b31 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
@@ -0,0 +1,31 @@
	1	From: D. Richard Hipp <drh@hwaci.com>
	2	Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000)
	3	Subject: Fix a assert() in the query planner that can arise when doing row-value
	4	X-Git-Tag: version-3.26.0~59
	5	X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f
	6
	7	Fix a assert() in the query planner that can arise when doing row-value
	8	operations on a PRIMARY KEY that contains duplicate columns.
	9	Ticket [1a84668dcfdebaf12415d].
	10
	11	https://sqlite.org/src/info/1a84668dcfdebaf12415d
	12
	13	upstream-Status: Backport
	14	CVE: CVE-2018-20505
	15	affects <= 3.26.0
	16
	17	Signed-off-by: Armin Kuster <akuster@mvista.com>
	18
	19	Index: sqlite-autoconf-3230100/sqlite3.c
	20	===================================================================
	21	--- sqlite-autoconf-3230100.orig/sqlite3.c
	22	+++ sqlite-autoconf-3230100/sqlite3.c
	23	@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
	24	for(i=iEq; i<pLoop->nLTerm; i++){
	25	if( pLoop->aLTerm[i]->pExpr==pX ){
	26	int iField = pLoop->aLTerm[i]->iField - 1;
	27	- assert( pOrigRhs->a[iField].pExpr!=0 );
	28	+ if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
	29	pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
	30	pOrigRhs->a[iField].pExpr = 0;
	31	assert( pOrigLhs->a[iField].pExpr!=0 );