mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity

sqlite: backport CVE fix

Browse Source 
Fixes CVE-2020-11655

(From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00)

(From OE-Core rev: 36edee3e489e7bd94d6fa555f87d94c5ec0f3ad8)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[ without the CVE-2020-11656 fix that did not apply cleanly ]
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Sakib Sajal
2020-07-10 09:58:23 +03:00
committed by Richard Purdie
parent f6998f7c70
commit f29b31784a
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/sqlite/files/CVE-2020-11655.patch
+32
View File
@@ -0,0 +1,32 @@
From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001
From: Sakib Sajal <sakib.sajal@windriver.com>
Date: Thu, 30 Apr 2020 10:46:16 -0700
Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query,
early-out the resetAccumulator() function to prevent problems due to
incomplete or incorrect initialization of the AggInfo object. Fix for ticket
[af4556bb5c285c08].
FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441
Upstream-Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718]
CVE: CVE-2020-11655
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
sqlite3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sqlite3.c b/sqlite3.c
index 1df6633..726adf7 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){
struct AggInfo_func *pFunc;
int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
if( nReg==0 ) return;
+ if( pParse->nErr ) return;
#ifdef SQLITE_DEBUG
/* Verify that all AggInfo registers are within the range specified by
** AggInfo.mnReg..AggInfo.mxReg */
--
2.17.1
meta/recipes-support/sqlite/sqlite3_3.29.0.bb
+1
View File
@@ -12,6 +12,7 @@ SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2019-19926.patch \
file://CVE-2019-19959.patch \
file://CVE-2019-20218.patch \
file://CVE-2020-11655.patch \
"
SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc"
SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"