7 files changed, 147 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
new file mode 100644
index 0000000000..27d81d42d9
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
@@ -0,0 +1,21 @@
+From: drh <drh@noemail.net>
+Date: Thu, 20 Feb 2020 14:08:51 +0000
+Subject: [PATCH] Early-out on the INTERSECT query processing following an
+ error.
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
+CVE: CVE-2020-35525
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+---
+Index: sqlite-autoconf-3310100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
+@@ -130767,6 +130767,7 @@ static int multiSelect(
+         /* Generate code to take the intersection of the two temporary
+         ** tables.
+         */
+        if( rc ) break;
+         assert( p->pEList );
+         iBreak = sqlite3VdbeMakeLabel(pParse);
+         iCont = sqlite3VdbeMakeLabel(pParse);
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
new file mode 100644
index 0000000000..d1dae389b0
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
@@ -0,0 +1,22 @@
+From: dan <dan@noemail.net>
+Date: Mon, 26 Oct 2020 13:24:36 +0000
+Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
+ FROM clause. Ticket [f50af3e8a565776b].
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
+CVE: CVE-2020-35527
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+Index: sqlite-autoconf-3310100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
+@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
+             pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
+             sqlite3TokenInit(&sColname, zColname);
+             sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
+-            if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+            if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
+               struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
+               sqlite3DbFree(db, pX->zEName);
+               if( pSub ){
diff --git a/meta/recipes-support/sqlite/files/CVE-2021-20223.patch b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
new file mode 100644
index 0000000000..e9d2e04d30
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
@@ -0,0 +1,23 @@
+From d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001
+From: dan <dan@noemail.net>
+Date: Mon, 26 Oct 2020 13:24:36 +0000
+Subject: [PATCH] Prevent fts5 tokenizer unicode61 from considering '\0' to be
+ a token characters, even if other characters of class "Cc" are.
+FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
+CVE: CVE-2021-20223
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch]
+Comment: Removed manifest, manifest.uuid and fts5tok1.test as these files are not present in the amalgamated source code
+Signed-Off-by: Sana.Kazi@kpit.com
+---
+--- a/sqlite3.c        2022-09-09 13:54:30.010768197 +0530
+++ b/sqlite3.c        2022-09-09 13:56:25.458769142 +0530
+@@ -227114,6 +227114,7 @@
+     }
+     iTbl++;
+   }
+  aAscii[0] = 0;                  /* 0x00 is never a token character */
+ }
+ /*
diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
new file mode 100644
index 0000000000..341e002913
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
@@ -0,0 +1,29 @@
+From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 2 Sep 2022 11:22:29 +0530
+Subject: [PATCH] CVE-2022-35737
+Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
+CVE: CVE-2022-35737
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ sqlite3.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index f664217..33dfb78 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
+       case etSQLESCAPE:           /* %q: Escape ' characters */
+       case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
+       case etSQLESCAPE3: {        /* %w: Escape " characters */
+-        int i, j, k, n, isnull;
+        i64  i, j, k, n;
+        int isnull;
+         int needQuote;
+         char ch;
+         char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+-- 
+2.25.1
diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
new file mode 100644
index 0000000000..01ff29ff5e
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
+From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
+From: dan <Dan Kennedy>
+Date: Thu, 7 Sep 2023 13:53:09 +0000
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
+Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
+CVE: CVE-2023-7104
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ sqlite3.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 972ef18..c645ac8 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
+       if( (pIn->nData-pIn->iNext)<8 ){
+         rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
+         sqlite3_int64 v = sessionGetI64(aVal);
+         if( eType==SQLITE_INTEGER ){
+           sqlite3VdbeMemSetInt64(apOut[i], v);
+         }else{
+           double d;
+           memcpy(&d, &v, 8);
+           sqlite3VdbeMemSetDouble(apOut[i], d);
+         }
+         pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.25.1
diff --git a/meta/recipes-support/sqlite/sqlite3.inc b/meta/recipes-support/sqlite/sqlite3.inc
index 07614bdb3e..1adc0eba66 100644
--- a/meta/recipes-support/sqlite/sqlite3.inc
+++ b/meta/recipes-support/sqlite/sqlite3.inc
@@ -1,4 +1,5 @@
 SUMMARY = "Embeddable SQL database engine"
+DESCRIPTION = "A library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day"
 HOMEPAGE = "http://www.sqlite.org"
 SECTION = "libs"
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 877e80f5a3..0e7bcfa5a7 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -13,6 +13,11 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://CVE-2020-13630.patch \
           file://CVE-2020-13631.patch \
           file://CVE-2020-13632.patch \
+           file://CVE-2022-35737.patch \
+           file://CVE-2020-35525.patch \
+           file://CVE-2020-35527.patch \
+           file://CVE-2021-20223.patch \
+           file://CVE-2023-7104.patch \
           "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch new file mode 100644 index 0000000000..27d81d42d9 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch
@@ -0,0 +1,21 @@
		1	From: drh <drh@noemail.net>
		2	Date: Thu, 20 Feb 2020 14:08:51 +0000
		3	Subject: [PATCH] Early-out on the INTERSECT query processing following an
		4	error.
		5
		6	Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
		7	CVE: CVE-2020-35525
		8	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		9	---
		10	Index: sqlite-autoconf-3310100/sqlite3.c
		11	===================================================================
		12	--- sqlite-autoconf-3310100.orig/sqlite3.c
		13	+++ sqlite-autoconf-3310100/sqlite3.c
		14	@@ -130767,6 +130767,7 @@ static int multiSelect(
		15	/* Generate code to take the intersection of the two temporary
		16	** tables.
		17	*/
		18	+ if( rc ) break;
		19	assert( p->pEList );
		20	iBreak = sqlite3VdbeMakeLabel(pParse);
		21	iCont = sqlite3VdbeMakeLabel(pParse);


diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch new file mode 100644 index 0000000000..d1dae389b0 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch
@@ -0,0 +1,22 @@
		1	From: dan <dan@noemail.net>
		2	Date: Mon, 26 Oct 2020 13:24:36 +0000
		3	Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
		4	FROM clause. Ticket [f50af3e8a565776b].
		5
		6	Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
		7	CVE: CVE-2020-35527
		8	Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
		9	---
		10	Index: sqlite-autoconf-3310100/sqlite3.c
		11	===================================================================
		12	--- sqlite-autoconf-3310100.orig/sqlite3.c
		13	+++ sqlite-autoconf-3310100/sqlite3.c
		14	@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
		15	pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
		16	sqlite3TokenInit(&sColname, zColname);
		17	sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
		18	- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
		19	+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
		20	struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
		21	sqlite3DbFree(db, pX->zEName);
		22	if( pSub ){


diff --git a/meta/recipes-support/sqlite/files/CVE-2021-20223.patch b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch new file mode 100644 index 0000000000..e9d2e04d30 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch
@@ -0,0 +1,23 @@
		1	From d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001
		2	From: dan <dan@noemail.net>
		3	Date: Mon, 26 Oct 2020 13:24:36 +0000
		4	Subject: [PATCH] Prevent fts5 tokenizer unicode61 from considering '\0' to be
		5	a token characters, even if other characters of class "Cc" are.
		6
		7	FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f
		8
		9	CVE: CVE-2021-20223
		10	Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch]
		11	Comment: Removed manifest, manifest.uuid and fts5tok1.test as these files are not present in the amalgamated source code
		12	Signed-Off-by: Sana.Kazi@kpit.com
		13	---
		14	--- a/sqlite3.c 2022-09-09 13:54:30.010768197 +0530
		15	+++ b/sqlite3.c 2022-09-09 13:56:25.458769142 +0530
		16	@@ -227114,6 +227114,7 @@
		17	}
		18	iTbl++;
		19	}
		20	+ aAscii[0] = 0; /* 0x00 is never a token character */
		21	}
		22
		23	/*


diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch new file mode 100644 index 0000000000..341e002913 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch
@@ -0,0 +1,29 @@
		1	From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Fri, 2 Sep 2022 11:22:29 +0530
		4	Subject: [PATCH] CVE-2022-35737
		5
		6	Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7]
		7	CVE: CVE-2022-35737
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9	---
		10	sqlite3.c \| 3 ++-
		11	1 file changed, 2 insertions(+), 1 deletion(-)
		12
		13	diff --git a/sqlite3.c b/sqlite3.c
		14	index f664217..33dfb78 100644
		15	--- a/sqlite3.c
		16	+++ b/sqlite3.c
		17	@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf(
		18	case etSQLESCAPE: /* %q: Escape ' characters */
		19	case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */
		20	case etSQLESCAPE3: { /* %w: Escape " characters */
		21	- int i, j, k, n, isnull;
		22	+ i64 i, j, k, n;
		23	+ int isnull;
		24	int needQuote;
		25	char ch;
		26	char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */
		27	--
		28	2.25.1
		29


diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch new file mode 100644 index 0000000000..01ff29ff5e --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch
@@ -0,0 +1,46 @@
		1	From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001
		2	From: dan <Dan Kennedy>
		3	Date: Thu, 7 Sep 2023 13:53:09 +0000
		4	Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
		5
		6	Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47]
		7	CVE: CVE-2023-7104
		8	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		9	---
		10	sqlite3.c \| 18 +++++++++++-------
		11	1 file changed, 11 insertions(+), 7 deletions(-)
		12
		13	diff --git a/sqlite3.c b/sqlite3.c
		14	index 972ef18..c645ac8 100644
		15	--- a/sqlite3.c
		16	+++ b/sqlite3.c
		17	@@ -203301,15 +203301,19 @@ static int sessionReadRecord(
		18	}
		19	}
		20	if( eType==SQLITE_INTEGER \|\| eType==SQLITE_FLOAT ){
		21	- sqlite3_int64 v = sessionGetI64(aVal);
		22	- if( eType==SQLITE_INTEGER ){
		23	- sqlite3VdbeMemSetInt64(apOut[i], v);
		24	+ if( (pIn->nData-pIn->iNext)<8 ){
		25	+ rc = SQLITE_CORRUPT_BKPT;
		26	}else{
		27	- double d;
		28	- memcpy(&d, &v, 8);
		29	- sqlite3VdbeMemSetDouble(apOut[i], d);
		30	+ sqlite3_int64 v = sessionGetI64(aVal);
		31	+ if( eType==SQLITE_INTEGER ){
		32	+ sqlite3VdbeMemSetInt64(apOut[i], v);
		33	+ }else{
		34	+ double d;
		35	+ memcpy(&d, &v, 8);
		36	+ sqlite3VdbeMemSetDouble(apOut[i], d);
		37	+ }
		38	+ pIn->iNext += 8;
		39	}
		40	- pIn->iNext += 8;
		41	}
		42	}
		43	}
		44	--
		45	2.25.1
		46


diff --git a/meta/recipes-support/sqlite/sqlite3.inc b/meta/recipes-support/sqlite/sqlite3.inc index 07614bdb3e..1adc0eba66 100644 --- a/meta/recipes-support/sqlite/sqlite3.inc +++ b/meta/recipes-support/sqlite/sqlite3.inc
@@ -1,4 +1,5 @@
1	SUMMARY = "Embeddable SQL database engine"	1	SUMMARY = "Embeddable SQL database engine"
		2	DESCRIPTION = "A library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day"
2	HOMEPAGE = "http://www.sqlite.org"	3	HOMEPAGE = "http://www.sqlite.org"
3	SECTION = "libs"	4	SECTION = "libs"
4		5


diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 877e80f5a3..0e7bcfa5a7 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -13,6 +13,11 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
13	file://CVE-2020-13630.patch \	13	file://CVE-2020-13630.patch \
14	file://CVE-2020-13631.patch \	14	file://CVE-2020-13631.patch \
15	file://CVE-2020-13632.patch \	15	file://CVE-2020-13632.patch \
		16	file://CVE-2022-35737.patch \
		17	file://CVE-2020-35525.patch \
		18	file://CVE-2020-35527.patch \
		19	file://CVE-2021-20223.patch \
		20	file://CVE-2023-7104.patch \
16	"	21	"
17	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"	22	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
18	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"	23	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"