Just a heads up, do you have a chance to review this patch?
ytao On 4/21/20 2:14 PM, Yue Tao wrote: > From: Yue Tao <yue....@windriver.com> > > Signed-off-by: Yue Tao <yue....@windriver.com> > --- > .../sqlite/sqlite3/CVE-2020-11655.patch | 33 ++++++++++ > .../sqlite/sqlite3/CVE-2020-11656.patch | 60 +++++++++++++++++++ > meta/recipes-support/sqlite/sqlite3_3.29.0.bb | 2 + > 3 files changed, 95 insertions(+) > create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2020-11655.patch > create mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2020-11656.patch > > diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2020-11655.patch > b/meta/recipes-support/sqlite/sqlite3/CVE-2020-11655.patch > new file mode 100644 > index 0000000000..e518dd43e5 > --- /dev/null > +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2020-11655.patch > @@ -0,0 +1,33 @@ > +From c415d91007e1680e4eb17def583b202c3c83c718 Mon Sep 17 00:00:00 2001 > +From: drh <d...@noemail.net> > +Date: Fri, 3 Apr 2020 13:19:03 +0000 > +Subject: [PATCH] In the event of a semantic error in an aggregate query, > + early-out the resetAccumulator() function to prevent problems due to > + incomplete or incorrect initialization of the AggInfo object. Fix for ticket > + [af4556bb5c285c08]. > + > +FossilOrigin-Name: > 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 > + > +CVE: CVE-2020-11655 > + > +Upstream-Status: Backport > [https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202] > + > +Signed-off-by: Yue Tao <yue....@windriver.com> > + > +--- > + > +diff --git a/sqlite3.c b/sqlite3.c > +index b2dd5f149..59ba706fc 100644 > +--- a/sqlite3.c > ++++ b/sqlite3.c > +@@ -130409,6 +130409,7 @@ static void resetAccumulator(Parse *pPar > + struct AggInfo_func *pFunc; > + int nReg = pAggInfo->nFunc + pAggInfo->nColumn; > + if( nReg==0 ) return; > ++ if( pParse->nErr ) return; > + #ifdef SQLITE_DEBUG > + /* Verify that all AggInfo registers are within the range specified by > + ** AggInfo.mnReg..AggInfo.mxReg */ > +-- > +2.17.1 > + > diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2020-11656.patch > b/meta/recipes-support/sqlite/sqlite3/CVE-2020-11656.patch > new file mode 100644 > index 0000000000..5635fef48b > --- /dev/null > +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2020-11656.patch > @@ -0,0 +1,60 @@ > +From fb99e388ec7f30fe43e4878236e3695ff24ae58d Mon Sep 17 00:00:00 2001 > +From: dan <d...@noemail.net> > +Date: Fri, 3 Apr 2020 11:20:40 +0000 > +Subject: [PATCH] Fix a case when a pointer might be used after being freed in > + the ALTER TABLE code. Fix for [4722bdab08cb1]. > + > +FossilOrigin-Name: > d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 > + > +CVE: CVE-2020-11656 > + > +Upstream-Status: Backport > [https://github.com/sqlite/sqlite/commit/fb99e388ec7f30fe43e4878236e3695ff24ae58d] > + > +Signed-off-by: Yue Tao <yue....@windriver.com> > +--- > + > +diff --git a/sqlite3.c b/sqlite3.c > +index ee193d18b..7114757a2 100644 > +--- a/sqlite3.c > ++++ b/sqlite3.c > +@@ -103507,6 +103507,21 @@ SQLITE_PRIVATE void sqlite3RenameTokenRe > + } > + > + /* > ++** Unmap all tokens in the IdList object passed as the second argument. > ++*/ > ++static void unmapColumnIdlistNames( > ++ Parse *pParse, > ++ IdList *pIdList > ++){ > ++ if( pIdList ){ > ++ int ii; > ++ for(ii=0; ii<pIdList->nId; ii++){ > ++ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); > ++ } > ++ } > ++} > ++ > ++/* > + ** Walker callback used by sqlite3RenameExprUnmap(). > + */ > + static int renameUnmapExprCb(Walker *pWalker, Expr *pExpr){ > +@@ -103534,6 +103549,7 @@ static int renameUnmapSelectCb(Walker *p > + SrcList *pSrc = p->pSrc; > + for(i=0; i<pSrc->nSrc; i++){ > + sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); > ++ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); > + } > + } > + return WRC_Continue; > +@@ -103750,6 +103766,7 @@ static void renameColumnIdlistNames( > + } > + } > + > ++ > + /* > + ** Parse the SQL statement zSql using Parse object (*p). The Parse object > + ** is initialized by this function before it is used. > +-- > +2.17.1 > + > diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb > b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb > index cf3b179845..1db72f0b9a 100644 > --- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb > +++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb > @@ -12,6 +12,8 @@ SRC_URI = > "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ > file://CVE-2019-19926.patch \ > file://CVE-2019-19959.patch \ > file://CVE-2019-20218.patch \ > + file://CVE-2020-11655.patch \ > + file://CVE-2020-11656.patch \ > " > SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" > SRC_URI[sha256sum] = > "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#138065): https://lists.openembedded.org/g/openembedded-core/message/138065 Mute This Topic: https://lists.openembedded.org/mt/74088301/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
