diff options
author | Armin Kuster <akuster@mvista.com> | 2019-05-30 14:10:11 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-27 18:05:18 +0100 |
commit | 015bfc5971120e3483572cb4eaf0cb7c15b64349 (patch) | |
tree | d629cfbbf4154e10d56346b0543ecc9fa4841ab4 /meta/recipes-support/sqlite/files/CVE-2018-20505.patch | |
parent | 14d23c29a2d6a9944233983d64109037077db49e (diff) | |
download | poky-015bfc5971120e3483572cb4eaf0cb7c15b64349.tar.gz |
sqlite3: Security fixes for CVE-2018-20505 & 20506
Source: sqlite.org
MR: 97484, 97490
Type: Security Fix
Disposition: Backport from sqilte.org
ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5
Description:
Affects < 3.26.0
fixes:
CVE-2018-20505
CVE-2018-20506
(From OE-Core rev: e2f9efdc93068bce00b07021aa447f0b8786f69d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/sqlite/files/CVE-2018-20505.patch')
-rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2018-20505.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch new file mode 100644 index 0000000000..d1119f3b31 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2018-20505.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From: D. Richard Hipp <drh@hwaci.com> | ||
2 | Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000) | ||
3 | Subject: Fix a assert() in the query planner that can arise when doing row-value | ||
4 | X-Git-Tag: version-3.26.0~59 | ||
5 | X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f | ||
6 | |||
7 | Fix a assert() in the query planner that can arise when doing row-value | ||
8 | operations on a PRIMARY KEY that contains duplicate columns. | ||
9 | Ticket [1a84668dcfdebaf12415d]. | ||
10 | |||
11 | https://sqlite.org/src/info/1a84668dcfdebaf12415d | ||
12 | |||
13 | upstream-Status: Backport | ||
14 | CVE: CVE-2018-20505 | ||
15 | affects <= 3.26.0 | ||
16 | |||
17 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
18 | |||
19 | Index: sqlite-autoconf-3230100/sqlite3.c | ||
20 | =================================================================== | ||
21 | --- sqlite-autoconf-3230100.orig/sqlite3.c | ||
22 | +++ sqlite-autoconf-3230100/sqlite3.c | ||
23 | @@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe | ||
24 | for(i=iEq; i<pLoop->nLTerm; i++){ | ||
25 | if( pLoop->aLTerm[i]->pExpr==pX ){ | ||
26 | int iField = pLoop->aLTerm[i]->iField - 1; | ||
27 | - assert( pOrigRhs->a[iField].pExpr!=0 ); | ||
28 | + if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */ | ||
29 | pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr); | ||
30 | pOrigRhs->a[iField].pExpr = 0; | ||
31 | assert( pOrigLhs->a[iField].pExpr!=0 ); | ||