diff options
-rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2020-15358.patch | 47 | ||||
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-15358.patch b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch new file mode 100644 index 0000000000..086f6ef913 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0]. | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | https://www.sqlite.org/src/info/10fa79d00f8091e5 | ||
5 | CVE: CVE-2020-15358 | ||
6 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
7 | |||
8 | Index: sqlite-autoconf-3310100/sqlite3.c | ||
9 | =================================================================== | ||
10 | --- sqlite-autoconf-3310100.orig/sqlite3.c | ||
11 | +++ sqlite-autoconf-3310100/sqlite3.c | ||
12 | @@ -18349,6 +18349,7 @@ struct Select { | ||
13 | #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */ | ||
14 | #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */ | ||
15 | #define SF_View 0x0200000 /* SELECT statement is a view */ | ||
16 | +#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */ | ||
17 | |||
18 | /* | ||
19 | ** The results of a SELECT can be distributed in several ways, as defined | ||
20 | @@ -130607,9 +130608,7 @@ static int multiSelect( | ||
21 | selectOpName(p->op))); | ||
22 | rc = sqlite3Select(pParse, p, &uniondest); | ||
23 | testcase( rc!=SQLITE_OK ); | ||
24 | - /* Query flattening in sqlite3Select() might refill p->pOrderBy. | ||
25 | - ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */ | ||
26 | - sqlite3ExprListDelete(db, p->pOrderBy); | ||
27 | + assert( p->pOrderBy==0 ); | ||
28 | pDelete = p->pPrior; | ||
29 | p->pPrior = pPrior; | ||
30 | p->pOrderBy = 0; | ||
31 | @@ -131958,7 +131957,7 @@ static int flattenSubquery( | ||
32 | ** We look at every expression in the outer query and every place we see | ||
33 | ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10". | ||
34 | */ | ||
35 | - if( pSub->pOrderBy ){ | ||
36 | + if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){ | ||
37 | /* At this point, any non-zero iOrderByCol values indicate that the | ||
38 | ** ORDER BY column expression is identical to the iOrderByCol'th | ||
39 | ** expression returned by SELECT statement pSub. Since these values | ||
40 | @@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select( | ||
41 | sqlite3ExprListDelete(db, p->pOrderBy); | ||
42 | p->pOrderBy = 0; | ||
43 | p->selFlags &= ~SF_Distinct; | ||
44 | + p->selFlags |= SF_NoopOrderBy; | ||
45 | } | ||
46 | sqlite3SelectPrep(pParse, p, 0); | ||
47 | if( pParse->nErr || db->mallocFailed ){ | ||
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 57a791385c..e5071b48bb 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb | |||
@@ -7,6 +7,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ | |||
7 | file://CVE-2020-9327.patch \ | 7 | file://CVE-2020-9327.patch \ |
8 | file://CVE-2020-11656.patch \ | 8 | file://CVE-2020-11656.patch \ |
9 | file://CVE-2020-11655.patch \ | 9 | file://CVE-2020-11655.patch \ |
10 | file://CVE-2020-15358.patch \ | ||
10 | " | 11 | " |
11 | SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" | 12 | SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" |
12 | SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" | 13 | SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" |