diff options
Diffstat (limited to 'meta/recipes-support/sqlite/files')
5 files changed, 141 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch new file mode 100644 index 0000000000..27d81d42d9 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch @@ -0,0 +1,21 @@ +From: drh <drh@noemail.net> +Date: Thu, 20 Feb 2020 14:08:51 +0000 +Subject: [PATCH] Early-out on the INTERSECT query processing following an + error. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz] +CVE: CVE-2020-35525 +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +--- +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -130767,6 +130767,7 @@ static int multiSelect( + /* Generate code to take the intersection of the two temporary + ** tables. + */ ++ if( rc ) break; + assert( p->pEList ); + iBreak = sqlite3VdbeMakeLabel(pParse); + iCont = sqlite3VdbeMakeLabel(pParse); diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch new file mode 100644 index 0000000000..d1dae389b0 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch @@ -0,0 +1,22 @@ +From: dan <dan@noemail.net> +Date: Mon, 26 Oct 2020 13:24:36 +0000 +Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested + FROM clause. Ticket [f50af3e8a565776b]. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz] +CVE: CVE-2020-35527 +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> +--- +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke + pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); + sqlite3TokenInit(&sColname, zColname); + sqlite3ExprListSetName(pParse, pNew, &sColname, 0); +- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ ++ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){ + struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; + sqlite3DbFree(db, pX->zEName); + if( pSub ){ diff --git a/meta/recipes-support/sqlite/files/CVE-2021-20223.patch b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch new file mode 100644 index 0000000000..e9d2e04d30 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2021-20223.patch @@ -0,0 +1,23 @@ +From d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b Mon Sep 17 00:00:00 2001 +From: dan <dan@noemail.net> +Date: Mon, 26 Oct 2020 13:24:36 +0000 +Subject: [PATCH] Prevent fts5 tokenizer unicode61 from considering '\0' to be + a token characters, even if other characters of class "Cc" are. + +FossilOrigin-Name: b7b7bde9b7a03665e3691c6d51118965f216d2dfb1617f138b9f9e60e418ed2f + +CVE: CVE-2021-20223 +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b.patch] +Comment: Removed manifest, manifest.uuid and fts5tok1.test as these files are not present in the amalgamated source code +Signed-Off-by: Sana.Kazi@kpit.com +--- +--- a/sqlite3.c 2022-09-09 13:54:30.010768197 +0530 ++++ b/sqlite3.c 2022-09-09 13:56:25.458769142 +0530 +@@ -227114,6 +227114,7 @@ + } + iTbl++; + } ++ aAscii[0] = 0; /* 0x00 is never a token character */ + } + + /* diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch new file mode 100644 index 0000000000..341e002913 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch @@ -0,0 +1,29 @@ +From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Fri, 2 Sep 2022 11:22:29 +0530 +Subject: [PATCH] CVE-2022-35737 + +Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] +CVE: CVE-2022-35737 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + sqlite3.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index f664217..33dfb78 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf( + case etSQLESCAPE: /* %q: Escape ' characters */ + case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */ + case etSQLESCAPE3: { /* %w: Escape " characters */ +- int i, j, k, n, isnull; ++ i64 i, j, k, n; ++ int isnull; + int needQuote; + char ch; + char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */ +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/files/CVE-2023-7104.patch b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch new file mode 100644 index 0000000000..01ff29ff5e --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2023-7104.patch @@ -0,0 +1,46 @@ +From eab426c5fba69d2c77023939f72b4ad446834e3c Mon Sep 17 00:00:00 2001 +From: dan <Dan Kennedy> +Date: Thu, 7 Sep 2023 13:53:09 +0000 +Subject: [PATCH] Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset. + +Upstream-Status: Backport [https://sqlite.org/src/info/0e4e7a05c4204b47] +CVE: CVE-2023-7104 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + sqlite3.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 972ef18..c645ac8 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -203301,15 +203301,19 @@ static int sessionReadRecord( + } + } + if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ +- sqlite3_int64 v = sessionGetI64(aVal); +- if( eType==SQLITE_INTEGER ){ +- sqlite3VdbeMemSetInt64(apOut[i], v); ++ if( (pIn->nData-pIn->iNext)<8 ){ ++ rc = SQLITE_CORRUPT_BKPT; + }else{ +- double d; +- memcpy(&d, &v, 8); +- sqlite3VdbeMemSetDouble(apOut[i], d); ++ sqlite3_int64 v = sessionGetI64(aVal); ++ if( eType==SQLITE_INTEGER ){ ++ sqlite3VdbeMemSetInt64(apOut[i], v); ++ }else{ ++ double d; ++ memcpy(&d, &v, 8); ++ sqlite3VdbeMemSetDouble(apOut[i], d); ++ } ++ pIn->iNext += 8; + } +- pIn->iNext += 8; + } + } + } +-- +2.25.1 + |