mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-02-11 11:13:04 +01:00

Author	SHA1	Message	Date
Peter Marko	ade4d1829a	sqlite3: patch CVE-2025-29088 Pick commit [1] mentioned in [2]. [1] `56d2fd008b` [2] https://nvd.nist.gov/vuln/detail/CVE-2025-29088 (From OE-Core rev: 70d2d56f89d6f4589d65a0b4f0cbda20d2172167) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-05-02 08:12:41 -07:00
Vrushti Dabhi	dd123d8eda	sqlite3: Rename patch for CVE-2022-35737 The patch "0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch" fixes CVE-2022-35737. (From OE-Core rev: 9a875873e566a6673a65a8264fd0868c568e2a2c) Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-09-07 05:38:17 -07:00
Vrushti Dabhi	bf6aca4b29	sqlite3: CVE-ID correction for CVE-2023-7104 - The commit [https://sqlite.org/src/info/0e4e7a05c4204b47] ("Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.") fixes CVE-2023-7104 instead of CVE-2022-46908. - Hence, corrected the CVE-ID in CVE-2023-7104.patch. - Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-7104 (From OE-Core rev: 9d7f21f3d0ae24d0005076396e9a929bb32d648e) Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-09-07 05:38:17 -07:00
Peter Marko	76d570000e	sqlite3: backport patch for CVE-2023-7104 Backport https://sqlite.org/src/info/0e4e7a05c4204b47 (From OE-Core rev: 31fb83ac3dcd2dd55b184de22a296ab4dc150d2e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-01-21 08:50:38 -10:00
Vijay Anusuri	4f488ca49e	sqlite3: CVE-2023-36191 CLI fault on missing -nonce Upstream-Status: Backport [https://sqlite.org/src/info/cd24178bbaad4a1d] (From OE-Core rev: 663713b2f95dee1e70f8921ece23b21d84d93805) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-07-21 06:27:34 -10:00
Vivek Kumbhar	bbe38cd637	sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs. (From OE-Core rev: 18641988caa131436f75dd3c279ce5af3380481a) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 17:33:23 +00:00
Chee Yang Lee	2c42fa484a	sqlite: add CVE-2022-35737 patch to SRC_URI SRC_URI include patch introduced in oe-core commit fdc82b2314b580c0135c16b7278ebf8786311dec (From OE-Core rev: f28dc527d4a3e3aa6ef2b446e863264c0e874fa1) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-12 08:41:47 +01:00
Alexander Kanavin	354e778709	sqlite3: upgrade 3.38.3 -> 3.38.5 Additional changes in version 3.38.4 (2022-05-04): Fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key. Forum thread 2482b32700384a0f. Other minor patches. See the timeline for details. Additional changes in version 3.38.5 (2022-05-06): Fix a blunder in the CLI of the 3.38.4 release. (From OE-Core rev: c762a5c97b61b4d560cda33ba4a7c329df0fc9f8) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e1bd414792ae2576685b2a352a5cc93343f06985) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:38:17 +01:00

8 Commits