sqlite3: fix CVE-2020-13632

CVE: CVE-2020-13632 Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632 (From OE-Core rev: 8d54034bb8e522f9827ec6422b32cbd4e5bf1346) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Steve Sakoman <steve@sakoman.com> 2020-11-04 07:00:34 -1000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-11-12 13:07:52 +0000
commit: 9bf3399388e37d1f813c0b98fc8532ab411009fa (patch)
tree: 2673d2f9cbf5f7e0c0d2af1e25dfcff0d042849e
parent: 1a057dcc739461ec34071167737207db650a5ca9 (diff)
download: poky-9bf3399388e37d1f813c0b98fc8532ab411009fa.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13632.patch b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
new file mode 100644
index 0000000000..c28bf10e37
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
@@ -0,0 +1,34 @@
+From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
+From: drh <drh@noemail.net>
+Date: Thu, 14 May 2020 23:59:24 +0000
+Subject: [PATCH] Fix a null pointer deference that can occur on a strange
+ matchinfo() query.
+FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
+Upstream-Status: Backport
+CVE: CVE-2020-13632
+Reference to upstream patch:
+https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
+Patch converted to amalgamation format
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ sqlite3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 282e106..5ae8c8b 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
+     iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
+   }
+ 
+-  while( 1 ){
+  if( pIter ) while( 1 ){
+     int nHit = fts3ColumnlistCount(&pIter);
+     if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
+       if( p->flag==FTS3_MATCHINFO_LHITS ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index 5d45d1f1ab..c289affd60 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
           file://CVE-2020-13435.patch \
           file://CVE-2020-13630.patch \
           file://CVE-2020-13631.patch \
+           file://CVE-2020-13632.patch \
           "
 SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
 SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
author	Steve Sakoman <steve@sakoman.com>	2020-11-04 07:00:34 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-12 13:07:52 +0000
commit	9bf3399388e37d1f813c0b98fc8532ab411009fa (patch)
tree	2673d2f9cbf5f7e0c0d2af1e25dfcff0d042849e
parent	1a057dcc739461ec34071167737207db650a5ca9 (diff)
download	poky-9bf3399388e37d1f813c0b98fc8532ab411009fa.tar.gz

diff --git a/meta/recipes-support/sqlite/files/CVE-2020-13632.patch b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch new file mode 100644 index 0000000000..c28bf10e37 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-13632.patch
@@ -0,0 +1,34 @@
		1	From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001
		2	From: drh <drh@noemail.net>
		3	Date: Thu, 14 May 2020 23:59:24 +0000
		4	Subject: [PATCH] Fix a null pointer deference that can occur on a strange
		5	matchinfo() query.
		6
		7	FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e
		8
		9	Upstream-Status: Backport
		10	CVE: CVE-2020-13632
		11
		12	Reference to upstream patch:
		13	https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
		14
		15	Patch converted to amalgamation format
		16
		17	Signed-off-by: Steve Sakoman <steve@sakoman.com>
		18	---
		19	sqlite3.c \| 2 +-
		20	1 file changed, 1 insertion(+), 1 deletion(-)
		21
		22	diff --git a/sqlite3.c b/sqlite3.c
		23	index 282e106..5ae8c8b 100644
		24	--- a/sqlite3.c
		25	+++ b/sqlite3.c
		26	@@ -181820,7 +181820,7 @@ static int fts3ExprLHits(
		27	iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
		28	}
		29
		30	- while( 1 ){
		31	+ if( pIter ) while( 1 ){
		32	int nHit = fts3ColumnlistCount(&pIter);
		33	if( (pPhrase->iColumn>=pTab->nColumn \|\| pPhrase->iColumn==iCol) ){
		34	if( p->flag==FTS3_MATCHINFO_LHITS ){


diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 5d45d1f1ab..c289affd60 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \
12	file://CVE-2020-13435.patch \	12	file://CVE-2020-13435.patch \
13	file://CVE-2020-13630.patch \	13	file://CVE-2020-13630.patch \
14	file://CVE-2020-13631.patch \	14	file://CVE-2020-13631.patch \
		15	file://CVE-2020-13632.patch \
15	"	16	"
16	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"	17	SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
17	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"	18	SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"