mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-10 23:02:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

sqlite3: upgrade to 3.21.0

Browse Source 
Remove upstreamed patch:
        1. sqlite3-fix-CVE-2017-13685.patch

(From OE-Core rev: 483711e676cd063a873179bdb2daedf56de0aa75)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Maxin B. John
2017-11-10 14:00:27 +02:00
committed by Richard Purdie
parent 2b990231c0
commit 266694886e
2 changed files with 2 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
View File

@@ -1,57 +0,0 @@
Fix CVE-2017-13685
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.
References:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
CVE: CVE-2017-13685
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Index: src/shell.c
==================================================================
--- src/shell.c
+++ src/shell.c
@@ -2657,10 +2657,11 @@
int *aiType /* Column types */
){
int i;
ShellState *p = (ShellState*)pArg;
+ if( azArg==0 ) return 0;
switch( p->cMode ){
case MODE_Line: {
int w = 5;
if( azArg==0 ) break;
for(i=0; i<nArg; i++){
@@ -3007,10 +3008,11 @@
*/
static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
ShellText *p = (ShellText*)pArg;
int i;
UNUSED_PARAMETER(az);
+ if( azArg==0 ) return 0;
if( p->n ) appendText(p, "|", 0);
for(i=0; i<nArg; i++){
if( i ) appendText(p, ",", 0);
if( azArg[i] ) appendText(p, azArg[i], 0);
}
@@ -3888,11 +3890,11 @@
const char *zType;
const char *zSql;
ShellState *p = (ShellState *)pArg;
UNUSED_PARAMETER(azNotUsed);
- if( nArg!=3 ) return 1;
+ if( nArg!=3 || azArg==0 ) return 0;
zTable = azArg[0];
zType = azArg[1];
zSql = azArg[2];
if( strcmp(zTable, "sqlite_sequence")==0 ){

5
meta/recipes-support/sqlite/sqlite3_3.20.0.bb → meta/recipes-support/sqlite/sqlite3_3.21.0.bb
View File

@@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "\
http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://sqlite3-fix-CVE-2017-13685.patch \
"
SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"
SRC_URI[md5sum] = "7913de4c3126ba3c24689cb7a199ea31"
SRC_URI[sha256sum] = "d7dd516775005ad87a57f428b6f86afd206cb341722927f104d3f0cf65fbbbe3"