sqlite3: fix CVE-2017-13685

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Backport patch to fix the issue. Some references: https://sqlite.org/src/info/02f0f4c54f2819b3 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html (From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Wenzong Fan <wenzong.fan@windriver.com> 2017-10-16 02:31:32 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-10-16 23:52:44 +0100
commit: 55db269ae9a5a334e3d98e9b63ee5d78c562609a (patch)
tree: 058210c75d15f59926e157f5ee21dc4d627e2778 /meta/recipes-support/sqlite/sqlite3_3.20.0.bb
parent: 885fd98f0cb80973122a9a9589d318e855ff8615 (diff)
download: poky-55db269ae9a5a334e3d98e9b63ee5d78c562609a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
index 417c36202d..e50825833e 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
 SRC_URI = "\
  http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+  file://sqlite3-fix-CVE-2017-13685.patch \
  "
 SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
 SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"
author	Wenzong Fan <wenzong.fan@windriver.com>	2017-10-16 02:31:32 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-10-16 23:52:44 +0100
commit	55db269ae9a5a334e3d98e9b63ee5d78c562609a (patch)
tree	058210c75d15f59926e157f5ee21dc4d627e2778 /meta/recipes-support/sqlite/sqlite3_3.20.0.bb
parent	885fd98f0cb80973122a9a9589d318e855ff8615 (diff)
download	poky-55db269ae9a5a334e3d98e9b63ee5d78c562609a.tar.gz

diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb index 417c36202d..e50825833e 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
5		5
6	SRC_URI = "\	6	SRC_URI = "\
7	http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \	7	http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
		8	file://sqlite3-fix-CVE-2017-13685.patch \
8	"	9	"
9	SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"	10	SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
10	SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"	11	SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"