sqlite3: fix CVE-2020-13434

CVE: CVE-2020-13434 Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13434 (From OE-Core rev: 0338c2eb099532eb3b9a9de038f6b1a757348513) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Steve Sakoman <steve@sakoman.com> 2020-11-04 05:33:45 -1000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-11-12 13:07:52 +0000
commit: 74d50ba1bd41e086fb5aaf56128e2ce8b4758e05 (patch)
tree: 667ba29bca4b1d7194660d46dc0cf22fc265a48a /meta
parent: aa2f4b2011b92bd1eadc2b2c04f0cfc772765f0f (diff)
download: poky-74d50ba1bd41e086fb5aaf56128e2ce8b4758e05.tar.gz
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13434.patch b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch
new file mode 100644
index 0000000000..40c5e6f2ce
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch
@@ -0,0 +1,48 @@
+From dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Sat, 23 May 2020 19:58:07 +0000
+Subject: [PATCH] Limit the "precision" of floating-point to text conversions
+ in the printf() function to 100,000,000.  Fix for ticket [23439ea582241138].
+FossilOrigin-Name: d08d3405878d394e08e5d3af281246edfbd81ca74cc8d16458808591512fb93d
+Upstream-Status: Backport
+CVE: CVE-2020-13434
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
+Patch converted to amalgamation format
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+diff --git a/sqlite3.c b/sqlite3.c
+index 55dc686..5ff2c14 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -28147,6 +28147,13 @@ static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){
+ #endif
+ #define etBUFSIZE SQLITE_PRINT_BUF_SIZE  /* Size of the output buffer */
+ 
+/*
+** Hard limit on the precision of floating-point conversions.
+*/
+#ifndef SQLITE_PRINTF_PRECISION_LIMIT
+# define SQLITE_FP_PRECISION_LIMIT 100000000
+#endif
+
+ /*
+ ** Render a string given by "fmt" into the StrAccum object.
+ */
+@@ -28468,6 +28475,11 @@ SQLITE_API void sqlite3_str_vappendf(
+         length = 0;
+ #else
+         if( precision<0 ) precision = 6;         /* Set default precision */
+#ifdef SQLITE_FP_PRECISION_LIMIT
+        if( precision>SQLITE_FP_PRECISION_LIMIT ){
+          precision = SQLITE_FP_PRECISION_LIMIT;
+        }
+#endif
+         if( realvalue<0.0 ){
+           realvalue = -realvalue;
+           prefix = '-';
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index e5071b48bb..c8225fff15 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://CVE-2020-11656.patch \
           file://CVE-2020-11655.patch \
           file://CVE-2020-15358.patch \
+           file://CVE-2020-13434.patch \
           "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
author	Steve Sakoman <steve@sakoman.com>	2020-11-04 05:33:45 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-12 13:07:52 +0000
commit	74d50ba1bd41e086fb5aaf56128e2ce8b4758e05 (patch)
tree	667ba29bca4b1d7194660d46dc0cf22fc265a48a /meta
parent	aa2f4b2011b92bd1eadc2b2c04f0cfc772765f0f (diff)
download	poky-74d50ba1bd41e086fb5aaf56128e2ce8b4758e05.tar.gz

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13434.patch b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch new file mode 100644 index 0000000000..40c5e6f2ce --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-13434.patch
@@ -0,0 +1,48 @@
		1	From dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 Mon Sep 17 00:00:00 2001
		2	From: drh <drh@noemail.net>
		3	Date: Sat, 23 May 2020 19:58:07 +0000
		4	Subject: [PATCH] Limit the "precision" of floating-point to text conversions
		5	in the printf() function to 100,000,000. Fix for ticket [23439ea582241138].
		6
		7	FossilOrigin-Name: d08d3405878d394e08e5d3af281246edfbd81ca74cc8d16458808591512fb93d
		8
		9	Upstream-Status: Backport
		10	CVE: CVE-2020-13434
		11
		12	Reference to upstream patch:
		13	https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
		14
		15	Patch converted to amalgamation format
		16
		17	Signed-off-by: Steve Sakoman <steve@sakoman.com>
		18	---
		19	diff --git a/sqlite3.c b/sqlite3.c
		20	index 55dc686..5ff2c14 100644
		21	--- a/sqlite3.c
		22	+++ b/sqlite3.c
		23	@@ -28147,6 +28147,13 @@ static char printfTempBuf(sqlite3_str pAccum, sqlite3_int64 n){
		24	#endif
		25	#define etBUFSIZE SQLITE_PRINT_BUF_SIZE /* Size of the output buffer */
		26
		27	+/*
		28	+** Hard limit on the precision of floating-point conversions.
		29	+*/
		30	+#ifndef SQLITE_PRINTF_PRECISION_LIMIT
		31	+# define SQLITE_FP_PRECISION_LIMIT 100000000
		32	+#endif
		33	+
		34	/*
		35	** Render a string given by "fmt" into the StrAccum object.
		36	*/
		37	@@ -28468,6 +28475,11 @@ SQLITE_API void sqlite3_str_vappendf(
		38	length = 0;
		39	#else
		40	if( precision<0 ) precision = 6; /* Set default precision */
		41	+#ifdef SQLITE_FP_PRECISION_LIMIT
		42	+ if( precision>SQLITE_FP_PRECISION_LIMIT ){
		43	+ precision = SQLITE_FP_PRECISION_LIMIT;
		44	+ }
		45	+#endif
		46	if( realvalue<0.0 ){
		47	realvalue = -realvalue;
		48	prefix = '-';


diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index e5071b48bb..c8225fff15 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -8,6 +8,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
8	file://CVE-2020-11656.patch \	8	file://CVE-2020-11656.patch \
9	file://CVE-2020-11655.patch \	9	file://CVE-2020-11655.patch \
10	file://CVE-2020-15358.patch \	10	file://CVE-2020-15358.patch \
		11	file://CVE-2020-13434.patch \
11	"	12	"
12	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"	13	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
13	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"	14	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"