mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-03 22:09:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
60,221 Commits 38 Branches 619 Tags
e2b5de2c77e13e623a7e20ec8a1aeb75e0984a01
Commit Graph

18 Commits

Author SHA1 Message Date
Sana Kazi
915a752d37 sqlite3: Fix CVE-2021-20223 
Fix CVE-2021-20223 for sqlite3
Link: d1d43efa4f.patch

(From OE-Core rev: b42ea2b7f9149f9066662e95fd0159d7c3d1fc84)

Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-23 16:22:59 +01:00
Virendra Thakur
10c6b704c0 sqlite3: Fix CVE-2020-35527 
Add patch file to fix CVE-2020-35527

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-23 16:22:59 +01:00
Virendra Thakur
8b52687223 sqlite3: Fix CVE-2020-35525 
Add patch to fix CVE-2020-35525

Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz

(From OE-Core rev: ced472cf1d195a1a856d24240dbd6ee91140a347)

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-23 16:22:59 +01:00
Hitendra Prajapati
d24759196a sqlite: CVE-2022-35737 assertion failure 
Source: https://www.sqlite.org/
MR: 120541
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7
ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda
Description:
	 CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.

(From OE-Core rev: 226f9458075061cb99d71bee737bafbe73469c22)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-09-12 08:41:51 +01:00
Steve Sakoman
9bf3399388 sqlite3: fix CVE-2020-13632 
CVE: CVE-2020-13632

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13632

(From OE-Core rev: 8d54034bb8e522f9827ec6422b32cbd4e5bf1346)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-11-12 13:07:52 +00:00
Steve Sakoman
1a057dcc73 sqlite3: fix CVE-2020-13631 
CVE: CVE-2020-13631

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13631

(From OE-Core rev: 582f253d6781a006841a436a49c3f7fdddc5bb7b)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-11-12 13:07:52 +00:00
Steve Sakoman
0d86d58505 sqlite3: fix CVE-2020-13630 
CVE: CVE-2020-13630

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13630

(From OE-Core rev: 5780879dec867bdb3c7eeeffb7a958a8b50188a4)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-11-12 13:07:52 +00:00
Steve Sakoman
e70374e51d sqlite3: fix CVE-2020-13435 
CVE: CVE-2020-13435

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13435

(From OE-Core rev: 4780662ebaba0931ac0084d40670d9be93c0da9b)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-11-12 13:07:52 +00:00
Steve Sakoman
74d50ba1bd sqlite3: fix CVE-2020-13434 
CVE: CVE-2020-13434

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-13434

(From OE-Core rev: 0338c2eb099532eb3b9a9de038f6b1a757348513)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-11-12 13:07:52 +00:00
Armin Kuster
2a6fa8877d sqlite3: Security fix for CVE-2020-15358 
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:

Affects sqlite < 3.32.3

Fixes CVE CVE-2020-15358

(From OE-Core rev: 8eb5fad746b716cba350c6cd6a30766534a90a28)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-07-07 23:15:10 +01:00
Sakib Sajal
e328ec317e sqlite: backport CVE fixes 
Fixes CVE-2020-11655 and CVE-2020-11656

(From OE-Core rev: e63a38ca6ea95c0dbc79d5024c0cec31062d2e39)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-05-14 16:45:42 +01:00
Anuj Mittal
0a9ce59fda sqlite3: fix CVE-2020-9327 
(From OE-Core rev: 6acb9746744536019d5c04ce482a873916aac99f)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2020-03-10 23:20:33 +00:00
Maxin B. John
266694886e sqlite3: upgrade to 3.21.0 
Remove upstreamed patch:
        1. sqlite3-fix-CVE-2017-13685.patch

(From OE-Core rev: 483711e676cd063a873179bdb2daedf56de0aa75)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 13:06:11 +00:00
Wenzong Fan
55db269ae9 sqlite3: fix CVE-2017-13685 
The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.

Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html

(From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-16 23:52:44 +01:00
Maxin B. John
6c4e5e0ffb sqlite3: upgrade to 3.16.2 
3.15.2 -> 3.16.2

1. Updated the SRC_URI for releases in 2017
2. Removed the following revert patch as the fix is present in this release:
        a) 0001-revert-ad601c7962-that-brings-2-increase-of-build-ti.patch

[YOCTO #10695]

(From OE-Core rev: 05317fe9f11565d40b84ad71300b39c990a53f6d)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-01-16 18:05:13 +00:00
Jianxun Zhang
7052400cea sqlite3: Revert ad601c7962 from 3.14.1 amalgamation package 
It turns out this change between 3.12.2 and 3.13 introduces
a 2% increase of build time based on statistic data in
bz10367.

The added patch is forged by diffing the new sqlite3.c
generated from reverting the change in raw source of sqlite3
project, and then manually migrate the delta to a sqlite3.c
from the 3.14.1 tarball package because what recipes reference
is actually a generated C code (amalgamation) release package
and we cannot apply the real change to 3.14.1 cleanly due to
so many changes happened.

Fixes [YOCTO #10367]

(From OE-Core rev: dda0c80019b181a5e323a82d346f86c6fffb6756)

Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-10-15 10:01:43 +01:00
Kai Kang
351c69a022 sqlite: 3.8.10.2 -> 3.9.0 
Upgrade sqlite from 3.8.10.2 to 3.9.0.

* update python function to get right SRC_URI
* drop 0001-using-the-dynamic-library.patch which use dynamic library
  that it is done that way in new version

(From OE-Core rev: a23ddbd2e197cfa1ebc829e0d83b8997dc24cec7)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-11-16 11:39:32 +00:00
Roy Li
b5ba70b47f sqlite3: upgrade to 3.8.10 
upgrade to include CVE fixes:
    CVE-2015-3414
    CVE-2015-3415
    CVE-2015-3416

(From OE-Core rev: 346505144a18b738846b9d5bc6f146426d3572ba)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2015-05-20 21:41:10 +01:00