5 files changed, 141 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
new file mode 100644
index 0000000000..27d81d42d9
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
@@ -0,0 +1,21 @@
+From: drh <drh@noemail.net>
+Date: Thu, 20 Feb 2020 14:08:51 +0000
+Subject: [PATCH] Early-out on the INTERSECT query processing following an
+ error.
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
+CVE: CVE-2020-35525
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+---
+Index: sqlite-autoconf-3310100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
+@@ -130767,6 +130767,7 @@ static int multiSelect(
+         /* Generate code to take the intersection of the two temporary
+         ** tables.
+         */
+        if( rc ) break;
+         assert( p->pEList );
+         iBreak = sqlite3VdbeMakeLabel(pParse);
+         iCont = sqlite3VdbeMakeLabel(pParse);
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
new file mode 100644
index 0000000000..d1dae389b0
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
@@ -0,0 +1,22 @@
+From: dan <dan@noemail.net>
+Date: Mon, 26 Oct 2020 13:24:36 +0000
+Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
+ FROM clause. Ticket [f50af3e8a565776b].
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
+CVE: CVE-2020-35527
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+Index: sqlite-autoconf-3310100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
+@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
+             pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
+             sqlite3TokenInit(&sColname, zColname);
+             sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
+-            if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+            if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
+               struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
+               sqlite3DbFree(db, pX->zEName);
+               if( pSub ){
diff --git a/meta/recipes-support/sqlite/files/CVE-2021-20223.patch b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
new file mode 100644
index 0000000000..e9d2e04d30
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
@@ -0,0 +1,23 @@
+From d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001
+From: dan <dan@noemail.net>
+Date: Mon, 26 Oct 2020 13:24:36 +0000
+Subject: [PATCH] Prevent fts5 tokenizer unicode61 from considering '\0' to be
+ a token characters, even if other characters of class "Cc" are.
+FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
+CVE: CVE-2021-20223
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch]
+Comment: Removed manifest, manifest.uuid and fts5tok1.test as these files are not present in the amalgamated source code
+Signed-Off-by: Sana.Kazi@kpit.com
+---
+--- a/sqlite3.c        2022-09-09 13:54:30.010768197 +0530
+++ b/sqlite3.c        2022-09-09 13:56:25.458769142 +0530
+@@ -227114,6 +227114,7 @@
+     }
+     iTbl++;
+   }
+  aAscii[0] = 0;                  /* 0x00 is never a token character */
+ }
+ /*
diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
new file mode 100644
index 0000000000..341e002913
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
@@ -0,0 +1,29 @@
+From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 2 Sep 2022 11:22:29 +0530
+Subject: [PATCH] CVE-2022-35737
+Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
+CVE: CVE-2022-35737
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ sqlite3.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index f664217..33dfb78 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
+       case etSQLESCAPE:           /* %q: Escape ' characters */
+       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
+       case etSQLESCAPE3: {        /* %w: Escape " characters */
+-        int i, j, k, n, isnull;
+        i64  i, j, k, n;
+        int isnull;
+         int needQuote;
+         char ch;
+         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+-- 
+2.25.1
diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
new file mode 100644
index 0000000000..01ff29ff5e
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
+From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
+Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
+CVE: CVE-2023-7104
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ sqlite3.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 972ef18..c645ac8 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
+       if( (pIn->nData-pIn->iNext)<8 ){
+         rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
+         sqlite3_int64 v = sessionGetI64(aVal);
+         if( eType==SQLITE_INTEGER ){
+           sqlite3VdbeMemSetInt64(apOut[i], v);
+         }else{
+           double d;
+           memcpy(&d, &v, 8);
+           sqlite3VdbeMemSetDouble(apOut[i], d);
+         }
+         pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.25.1

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch new file mode 100644 index 0000000000..27d81d42d9 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
@@ -0,0 +1,21 @@
	1	From: drh <drh@noemail.net>
	2	Date: Thu, 20 Feb 2020 14:08:51 +0000
	3	Subject: [PATCH] Early-out on the INTERSECT query processing following an
	4	error.
	5
	6	Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
	7	CVE: CVE-2020-35525
	8	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
	9	---
	10	Index: sqlite-autoconf-3310100/sqlite3.c
	11	===================================================================
	12	--- sqlite-autoconf-3310100.orig/sqlite3.c
	13	+++ sqlite-autoconf-3310100/sqlite3.c
	14	@@ -130767,6 +130767,7 @@ static int multiSelect(
	15	/* Generate code to take the intersection of the two temporary
	16	** tables.
	17	*/
	18	+ if( rc ) break;
	19	assert( p->pEList );
	20	iBreak = sqlite3VdbeMakeLabel(pParse);
	21	iCont = sqlite3VdbeMakeLabel(pParse);


diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch new file mode 100644 index 0000000000..d1dae389b0 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
@@ -0,0 +1,22 @@
	1	From: dan <dan@noemail.net>
	2	Date: Mon, 26 Oct 2020 13:24:36 +0000
	3	Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
	4	FROM clause. Ticket [f50af3e8a565776b].
	5
	6	Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
	7	CVE: CVE-2020-35527
	8	Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
	9	---
	10	Index: sqlite-autoconf-3310100/sqlite3.c
	11	===================================================================
	12	--- sqlite-autoconf-3310100.orig/sqlite3.c
	13	+++ sqlite-autoconf-3310100/sqlite3.c
	14	@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
	15	pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
	16	sqlite3TokenInit(&sColname, zColname);
	17	sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
	18	- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
	19	+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
	20	struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
	21	sqlite3DbFree(db, pX->zEName);
	22	if( pSub ){


diff --git a/meta/recipes-support/sqlite/files/CVE-2021-20223.patch b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch new file mode 100644 index 0000000000..e9d2e04d30 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
@@ -0,0 +1,23 @@
	1	From d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001
	2	From: dan <dan@noemail.net>
	3	Date: Mon, 26 Oct 2020 13:24:36 +0000
	4	Subject: [PATCH] Prevent fts5 tokenizer unicode61 from considering '\0' to be
	5	a token characters, even if other characters of class "Cc" are.
	6
	7	FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
	8
	9	CVE: CVE-2021-20223
	10	Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch]
	11	Comment: Removed manifest, manifest.uuid and fts5tok1.test as these files are not present in the amalgamated source code
	12	Signed-Off-by: Sana.Kazi@kpit.com
	13	---
	14	--- a/sqlite3.c 2022-09-09 13:54:30.010768197 +0530
	15	+++ b/sqlite3.c 2022-09-09 13:56:25.458769142 +0530
	16	@@ -227114,6 +227114,7 @@
	17	}
	18	iTbl++;
	19	}
	20	+ aAscii[0] = 0; /* 0x00 is never a token character */
	21	}
	22
	23	/*


diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch new file mode 100644 index 0000000000..341e002913 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
@@ -0,0 +1,29 @@
	1	From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
	2	From: Hitendra Prajapati <hprajapati@mvista.com>
	3	Date: Fri, 2 Sep 2022 11:22:29 +0530
	4	Subject: [PATCH] CVE-2022-35737
	5
	6	Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
	7	CVE: CVE-2022-35737
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	---
	10	sqlite3.c \| 3 ++-
	11	1 file changed, 2 insertions(+), 1 deletion(-)
	12
	13	diff --git a/sqlite3.c b/sqlite3.c
	14	index f664217..33dfb78 100644
	15	--- a/sqlite3.c
	16	+++ b/sqlite3.c
	17	@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
	18	case etSQLESCAPE: /* %q: Escape ' characters */
	19	case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
	20	case etSQLESCAPE3: { /* %w: Escape " characters */
	21	- int i, j, k, n, isnull;
	22	+ i64 i, j, k, n;
	23	+ int isnull;
	24	int needQuote;
	25	char ch;
	26	char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
	27	--
	28	2.25.1
	29


diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch new file mode 100644 index 0000000000..01ff29ff5e --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
	1	From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
	2	From: dan <Dan Kennedy>
	3	Date: Thu, 7 Sep 2023 13:53:09 +0000
	4	Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
	5
	6	Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
	7	CVE: CVE-2023-7104
	8	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	9	---
	10	sqlite3.c \| 18 +++++++++++-------
	11	1 file changed, 11 insertions(+), 7 deletions(-)
	12
	13	diff --git a/sqlite3.c b/sqlite3.c
	14	index 972ef18..c645ac8 100644
	15	--- a/sqlite3.c
	16	+++ b/sqlite3.c
	17	@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
	18	}
	19	}
	20	if( eType==SQLITE_INTEGER \|\| eType==SQLITE_FLOAT ){
	21	- sqlite3_int64 v = sessionGetI64(aVal);
	22	- if( eType==SQLITE_INTEGER ){
	23	- sqlite3VdbeMemSetInt64(apOut[i], v);
	24	+ if( (pIn->nData-pIn->iNext)<8 ){
	25	+ rc = SQLITE_CORRUPT_BKPT;
	26	}else{
	27	- double d;
	28	- memcpy(&d, &v, 8);
	29	- sqlite3VdbeMemSetDouble(apOut[i], d);
	30	+ sqlite3_int64 v = sessionGetI64(aVal);
	31	+ if( eType==SQLITE_INTEGER ){
	32	+ sqlite3VdbeMemSetInt64(apOut[i], v);
	33	+ }else{
	34	+ double d;
	35	+ memcpy(&d, &v, 8);
	36	+ sqlite3VdbeMemSetDouble(apOut[i], d);
	37	+ }
	38	+ pIn->iNext += 8;
	39	}
	40	- pIn->iNext += 8;
	41	}
	42	}
	43	}
	44	--
	45	2.25.1
	46