<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-support/sqlite/files, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2020-06-04T12:27:32+00:00</updated>
<entry>
<title>sqlite: upgrade 3.31.1 -&gt; 3.32.1</title>
<updated>2020-06-04T12:27:32+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@cn.fujitsu.com</email>
</author>
<published>2020-06-03T10:52:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=c15d342e45d11b4e00c9f24d72ad2f197f242a61'/>
<id>urn:sha1:c15d342e45d11b4e00c9f24d72ad2f197f242a61</id>
<content type='text'>
CVE-2020-11655.patch
CVE-2020-11656.patch
CVE-2020-9327.patch
removed since they are included in 3.32.1

(From OE-Core rev: 7ee8501146ceccdbd07104903694a435b75c0606)

Signed-off-by: Wang Mingyu &lt;wangmy@cn.fujitsu.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite: backport CVE fixes</title>
<updated>2020-05-03T14:41:40+00:00</updated>
<author>
<name>Sakib Sajal</name>
<email>sakib.sajal@windriver.com</email>
</author>
<published>2020-04-30T18:42:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b3f5f7f10a2bc959fb5b9ca05cc294918418c6fc'/>
<id>urn:sha1:b3f5f7f10a2bc959fb5b9ca05cc294918418c6fc</id>
<content type='text'>
Fixes CVE-2020-11655 and CVE-2020-11656

(From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00)

Signed-off-by: Sakib Sajal &lt;sakib.sajal@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: fix CVE-2020-9327</title>
<updated>2020-03-10T23:20:33+00:00</updated>
<author>
<name>Anuj Mittal</name>
<email>anuj.mittal@intel.com</email>
</author>
<published>2020-03-09T00:45:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0a9ce59fda57380f8ee08df2f1a2079a6f32009e'/>
<id>urn:sha1:0a9ce59fda57380f8ee08df2f1a2079a6f32009e</id>
<content type='text'>
(From OE-Core rev: 6acb9746744536019d5c04ce482a873916aac99f)

Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: upgrade to 3.21.0</title>
<updated>2017-11-21T13:06:11+00:00</updated>
<author>
<name>Maxin B. John</name>
<email>maxin.john@intel.com</email>
</author>
<published>2017-11-10T12:00:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=266694886ebe141ab2ff3c8f81ed6e64d74efbee'/>
<id>urn:sha1:266694886ebe141ab2ff3c8f81ed6e64d74efbee</id>
<content type='text'>
Remove upstreamed patch:
        1. sqlite3-fix-CVE-2017-13685.patch

(From OE-Core rev: 483711e676cd063a873179bdb2daedf56de0aa75)

Signed-off-by: Maxin B. John &lt;maxin.john@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: fix CVE-2017-13685</title>
<updated>2017-10-16T22:52:44+00:00</updated>
<author>
<name>Wenzong Fan</name>
<email>wenzong.fan@windriver.com</email>
</author>
<published>2017-10-16T09:31:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=55db269ae9a5a334e3d98e9b63ee5d78c562609a'/>
<id>urn:sha1:55db269ae9a5a334e3d98e9b63ee5d78c562609a</id>
<content type='text'>
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.

Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html

(From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0)

Signed-off-by: Wenzong Fan &lt;wenzong.fan@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: upgrade to 3.16.2</title>
<updated>2017-01-16T18:05:13+00:00</updated>
<author>
<name>Maxin B. John</name>
<email>maxin.john@intel.com</email>
</author>
<published>2017-01-10T12:18:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6c4e5e0ffbbac1ec280727f129265951b45f8dfc'/>
<id>urn:sha1:6c4e5e0ffbbac1ec280727f129265951b45f8dfc</id>
<content type='text'>
3.15.2 -&gt; 3.16.2

1. Updated the SRC_URI for releases in 2017
2. Removed the following revert patch as the fix is present in this release:
        a) 0001-revert-ad601c7962-that-brings-2-increase-of-build-ti.patch

[YOCTO #10695]

(From OE-Core rev: 05317fe9f11565d40b84ad71300b39c990a53f6d)

Signed-off-by: Maxin B. John &lt;maxin.john@intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: Revert ad601c7962 from 3.14.1 amalgamation package</title>
<updated>2016-10-15T09:01:43+00:00</updated>
<author>
<name>Jianxun Zhang</name>
<email>jianxun.zhang@linux.intel.com</email>
</author>
<published>2016-10-13T20:16:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7052400ceadd309a11c3c8dd2b2a4879d69aac02'/>
<id>urn:sha1:7052400ceadd309a11c3c8dd2b2a4879d69aac02</id>
<content type='text'>
It turns out this change between 3.12.2 and 3.13 introduces
a 2% increase of build time based on statistic data in
bz10367.

The added patch is forged by diffing the new sqlite3.c
generated from reverting the change in raw source of sqlite3
project, and then manually migrate the delta to a sqlite3.c
from the 3.14.1 tarball package because what recipes reference
is actually a generated C code (amalgamation) release package
and we cannot apply the real change to 3.14.1 cleanly due to
so many changes happened.

Fixes [YOCTO #10367]

(From OE-Core rev: dda0c80019b181a5e323a82d346f86c6fffb6756)

Signed-off-by: Jianxun Zhang &lt;jianxun.zhang@linux.intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite: 3.8.10.2 -&gt; 3.9.0</title>
<updated>2015-11-16T11:39:32+00:00</updated>
<author>
<name>Kai Kang</name>
<email>kai.kang@windriver.com</email>
</author>
<published>2015-10-16T06:28:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=351c69a022ea0b147a2415a25d9ae096bdab7c69'/>
<id>urn:sha1:351c69a022ea0b147a2415a25d9ae096bdab7c69</id>
<content type='text'>
Upgrade sqlite from 3.8.10.2 to 3.9.0.

* update python function to get right SRC_URI
* drop 0001-using-the-dynamic-library.patch which use dynamic library
  that it is done that way in new version

(From OE-Core rev: a23ddbd2e197cfa1ebc829e0d83b8997dc24cec7)

Signed-off-by: Kai Kang &lt;kai.kang@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sqlite3: upgrade to 3.8.10</title>
<updated>2015-05-20T20:41:10+00:00</updated>
<author>
<name>Roy Li</name>
<email>rongqing.li@windriver.com</email>
</author>
<published>2015-05-19T12:32:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b5ba70b47fff227e4381fcac93defccb79e3d8f1'/>
<id>urn:sha1:b5ba70b47fff227e4381fcac93defccb79e3d8f1</id>
<content type='text'>
upgrade to include CVE fixes:
    CVE-2015-3414
    CVE-2015-3415
    CVE-2015-3416

(From OE-Core rev: 346505144a18b738846b9d5bc6f146426d3572ba)

Signed-off-by: Roy Li &lt;rongqing.li@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
