mirror of
https://git.yoctoproject.org/poky
synced 2026-02-26 19:39:40 +01:00
10c6b704c0
Add patch file to fix CVE-2020-35527 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz (From OE-Core rev: 2541fd0d0e2c0919d80d6b0f6262cf2c50fe309b) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
23 lines
1.1 KiB
Diff
23 lines
1.1 KiB
Diff
From: dan <dan@noemail.net>
|
|
Date: Mon, 26 Oct 2020 13:24:36 +0000
|
|
Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
|
|
FROM clause. Ticket [f50af3e8a565776b].
|
|
|
|
Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
|
|
CVE: CVE-2020-35527
|
|
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
|
|
---
|
|
Index: sqlite-autoconf-3310100/sqlite3.c
|
|
===================================================================
|
|
--- sqlite-autoconf-3310100.orig/sqlite3.c
|
|
+++ sqlite-autoconf-3310100/sqlite3.c
|
|
@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
|
|
pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
|
|
sqlite3TokenInit(&sColname, zColname);
|
|
sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
|
|
- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
|
|
+ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
|
|
struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
|
|
sqlite3DbFree(db, pX->zEName);
|
|
if( pSub ){
|