diff options
Diffstat (limited to 'meta/recipes-support/sqlite')
| -rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2020-11655.patch | 32 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2020-11656.patch | 70 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/files/CVE-2020-9327.patch | 141 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3.inc | 22 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 15 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.45.3.bb | 8 |
6 files changed, 19 insertions, 269 deletions
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/meta/recipes-support/sqlite/files/CVE-2020-11655.patch deleted file mode 100644 index e30c482bbb..0000000000 --- a/meta/recipes-support/sqlite/files/CVE-2020-11655.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:46:16 -0700 -Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query, - early-out the resetAccumulator() function to prevent problems due to - incomplete or incorrect initialization of the AggInfo object. Fix for ticket - [af4556bb5c285c08]. - -FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 -Upstream Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718] - -CVE: CVE-2020-11655 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/sqlite3.c b/sqlite3.c -index 1df6633..726adf7 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ - struct AggInfo_func *pFunc; - int nReg = pAggInfo->nFunc + pAggInfo->nColumn; - if( nReg==0 ) return; -+ if( pParse->nErr ) return; - #ifdef SQLITE_DEBUG - /* Verify that all AggInfo registers are within the range specified by - ** AggInfo.mnReg..AggInfo.mxReg */ --- -2.17.1 - diff --git a/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/meta/recipes-support/sqlite/files/CVE-2020-11656.patch deleted file mode 100644 index b88a724e8c..0000000000 --- a/meta/recipes-support/sqlite/files/CVE-2020-11656.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:14:36 -0700 -Subject: [PATCH 1/2] Fix a case when a pointer might be used after - being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. - -FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 -Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d] - -[PATCH 2/2] Do not suppress errors when resolving references in an ORDER - BY clause belonging to a compound SELECT within a view or trigger within - ALTER TABLE. Fix for ticket [a10a14e9b4ba2]. - -FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026 -Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae] - -The two patches were converted to amalgamation format. - -CVE: CVE-2020-11656 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 64fae04..1df6633 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( - nc.nErr = 0; - db = pParse->db; - savedSuppErr = db->suppressErr; -- db->suppressErr = 1; -+ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; - rc = sqlite3ResolveExprNames(&nc, pE); - db->suppressErr = savedSuppErr; - if( rc ) return 0; -@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ - } - } - -+/* -+** Unmap all tokens in the IdList object passed as the second argument. -+*/ -+static void unmapColumnIdlistNames( -+ Parse *pParse, -+ IdList *pIdList -+){ -+ if( pIdList ){ -+ int ii; -+ for(ii=0; ii<pIdList->nId; ii++){ -+ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); -+ } -+ } -+} -+ - /* - ** Walker callback used by sqlite3RenameExprUnmap(). - */ -@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ - for(i=0; i<pSrc->nSrc; i++){ - sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); - if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; -+ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); - } - } - --- -2.17.1 - diff --git a/meta/recipes-support/sqlite/files/CVE-2020-9327.patch b/meta/recipes-support/sqlite/files/CVE-2020-9327.patch deleted file mode 100644 index fecbbabce8..0000000000 --- a/meta/recipes-support/sqlite/files/CVE-2020-9327.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 45d491851e1bca378de158a5e279fd584ce548e4 Mon Sep 17 00:00:00 2001 -From: "D. Richard Hipp" <drh@hwaci.com> -Date: Mon, 17 Feb 2020 00:12:04 +0000 -Subject: [PATCH] [PATCH 1/2] Take care when checking the table of a TK_COLUMN - expression node to see if the table is a virtual table to first ensure that - the Expr.y.pTab pointer is not null due to generated column optimizations. - Ticket [4374860b29383380]. - -FossilOrigin-Name: 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454 - -[PATCH 2/2] A better (smaller and faster) solution to ticket - [4374860b29383380]. - -FossilOrigin-Name: abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d - -The two patches were converted to amalgamation format - -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> -Upstream-Status: Backport -CVE: CVE-2020-9327 ---- - sqlite3.c | 35 ++++++++++++++++++++++++----------- - sqlite3.h | 2 +- - 2 files changed, 25 insertions(+), 12 deletions(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 55dc686..64fae04 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -1167,7 +1167,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers -@@ -17428,8 +17428,11 @@ struct Table { - */ - #ifndef SQLITE_OMIT_VIRTUALTABLE - # define IsVirtual(X) ((X)->nModuleArg) -+# define ExprIsVtab(X) \ -+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) - #else - # define IsVirtual(X) 0 -+# define ExprIsVtab(X) 0 - #endif - - /* -@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){ - case TK_LT: - case TK_LE: - case TK_GT: -- case TK_GE: -+ case TK_GE: { -+ Expr *pLeft = pExpr->pLeft; -+ Expr *pRight = pExpr->pRight; - testcase( pExpr->op==TK_EQ ); - testcase( pExpr->op==TK_NE ); - testcase( pExpr->op==TK_LT ); - testcase( pExpr->op==TK_LE ); - testcase( pExpr->op==TK_GT ); - testcase( pExpr->op==TK_GE ); -- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) -- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) -+ /* The y.pTab=0 assignment in wherecode.c always happens after the -+ ** impliesNotNullRow() test */ -+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) -+ && IsVirtual(pLeft->y.pTab)) -+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) -+ && IsVirtual(pRight->y.pTab)) - ){ -- return WRC_Prune; -+ return WRC_Prune; - } -- -+ } - default: - return WRC_Continue; - } -@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator( - ** MATCH(expression,vtab_column) - */ - pCol = pList->a[1].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - for(i=0; i<ArraySize(aOp); i++){ - if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ - *peOp2 = aOp[i].eOp2; -@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator( - ** with function names in an arbitrary case. - */ - pCol = pList->a[0].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - sqlite3_vtab *pVtab; - sqlite3_module *pMod; - void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); -@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator( - int res = 0; - Expr *pLeft = pExpr->pLeft; - Expr *pRight = pExpr->pRight; -- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ -+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); -+ if( ExprIsVtab(pLeft) ){ - res++; - } -- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ -+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); -+ if( pRight && ExprIsVtab(pRight) ){ - res++; - SWAP(Expr*, pLeft, pRight); - } -@@ -228440,7 +228453,7 @@ SQLITE_API int sqlite3_stmt_init( - #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ - - /************** End of stmt.c ************************************************/ --#if __LINE__!=228443 -+#if __LINE__!=228456 - #undef SQLITE_SOURCE_ID - #define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt2" - #endif -diff --git a/sqlite3.h b/sqlite3.h -index cef6eea..5b9796c 100644 ---- a/sqlite3.h -+++ b/sqlite3.h -@@ -125,7 +125,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers --- -2.25.1 - diff --git a/meta/recipes-support/sqlite/sqlite3.inc b/meta/recipes-support/sqlite/sqlite3.inc index 07614bdb3e..9a0de08553 100644 --- a/meta/recipes-support/sqlite/sqlite3.inc +++ b/meta/recipes-support/sqlite/sqlite3.inc @@ -1,4 +1,5 @@ SUMMARY = "Embeddable SQL database engine" +DESCRIPTION = "A library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications that people use every day" HOMEPAGE = "http://www.sqlite.org" SECTION = "libs" @@ -22,15 +23,14 @@ CVE_PRODUCT = "sqlite" inherit autotools pkgconfig siteinfo # enable those which are enabled by default in configure -PACKAGECONFIG ?= "fts4 fts5 json1 rtree dyn_ext" -PACKAGECONFIG_class-native ?= "fts4 fts5 json1 rtree dyn_ext" +PACKAGECONFIG ?= "fts4 fts5 rtree dyn_ext" +PACKAGECONFIG:class-native ?= "fts4 fts5 rtree dyn_ext" PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit" PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses" PACKAGECONFIG[fts3] = "--enable-fts3,--disable-fts3" PACKAGECONFIG[fts4] = "--enable-fts4,--disable-fts4" PACKAGECONFIG[fts5] = "--enable-fts5,--disable-fts5" -PACKAGECONFIG[json1] = "--enable-json1,--disable-json1" PACKAGECONFIG[rtree] = "--enable-rtree,--disable-rtree" PACKAGECONFIG[session] = "--enable-session,--disable-session" PACKAGECONFIG[dyn_ext] = "--enable-dynamic-extensions,--disable-dynamic-extensions" @@ -45,23 +45,23 @@ EXTRA_OECONF = " \ " # pread() is in POSIX.1-2001 so any reasonable system must surely support it -CFLAGS_append = " -DUSE_PREAD" +CFLAGS:append = " -DUSE_PREAD" # Provide column meta-data API -CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA" +CFLAGS:append = " -DSQLITE_ENABLE_COLUMN_METADATA" # Unless SQLITE_BYTEORDER is predefined, the code falls back to build time # huristics, which are not always correct -CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}" +CFLAGS:append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}" PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}" -FILES_${PN} = "${bindir}/*" -FILES_lib${BPN} = "${libdir}/*.so.*" -FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \ +FILES:${PN} = "${bindir}/*" +FILES:lib${BPN} = "${libdir}/*.so.*" +FILES:lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \ ${libdir}/pkgconfig ${includedir}" -FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" -FILES_lib${BPN}-staticdev = "${libdir}/lib*.a" +FILES:lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" +FILES:lib${BPN}-staticdev = "${libdir}/lib*.a" AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}" diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb deleted file mode 100644 index 57a791385c..0000000000 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ /dev/null @@ -1,15 +0,0 @@ -require sqlite3.inc - -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" - -SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - file://CVE-2020-9327.patch \ - file://CVE-2020-11656.patch \ - file://CVE-2020-11655.patch \ - " -SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" -SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" - -# -19242 is only an issue in specific development branch commits -CVE_CHECK_WHITELIST += "CVE-2019-19242" diff --git a/meta/recipes-support/sqlite/sqlite3_3.45.3.bb b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb new file mode 100644 index 0000000000..03d70bbd38 --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3_3.45.3.bb @@ -0,0 +1,8 @@ +require sqlite3.inc + +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" + +SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531" + |