Re: [OE-core] [PATCH v2] sqlite3: upgrade 3.30.1 -> 3.31.1

2020-02-04 Thread Mikko.Rapeli 
Hi,

slightly off topic but I was checking CVEs for sqlite3 and noticed
this recipe uses the merged source tree format. This makes it very
hard to cherry-pick CVE and other patches from Debian, Ubuntu,
OpenSUSE etc.

Why use sqlite sources in "amalgamation" format?

https://sqlite.org/amalgamation.html

Cheers,

-Mikko
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH v2] sqlite3: upgrade 3.30.1 -> 3.31.1

2020-02-03 Thread Anuj Mittal 
Signed-off-by: Anuj Mittal 
---
 .../sqlite/sqlite3/CVE-2019-19244.patch   | 33 --
 .../sqlite/sqlite3/CVE-2019-19880.patch   | 33 --
 .../sqlite/sqlite3/CVE-2019-19923.patch   | 50 --
 .../sqlite/sqlite3/CVE-2019-19924.patch   | 65 ---
 .../sqlite/sqlite3/CVE-2019-19925.patch   | 33 --
 .../sqlite/sqlite3/CVE-2019-19926.patch   | 31 -
 .../sqlite/sqlite3/CVE-2019-19959.patch   | 46 -
 .../sqlite/sqlite3/CVE-2019-20218.patch   | 31 -
 meta/recipes-support/sqlite/sqlite3_3.30.1.bb | 20 --
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 12 
 10 files changed, 12 insertions(+), 342 deletions(-)
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19880.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19924.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19926.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-19959.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3/CVE-2019-20218.patch
 delete mode 100644 meta/recipes-support/sqlite/sqlite3_3.30.1.bb
 create mode 100644 meta/recipes-support/sqlite/sqlite3_3.31.1.bb

diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch 
b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch
deleted file mode 100644
index 3f70979acc..00
--- a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19244.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-CVE: CVE-2019-19244
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From 0f690d4ae5ffe656762fdbb7f36cc4c2dcbb2d9d Mon Sep 17 00:00:00 2001
-From: dan 
-Date: Fri, 22 Nov 2019 10:14:01 +
-Subject: [PATCH] Fix a crash that could occur if a sub-select that uses both
- DISTINCT and window functions also used an ORDER BY that is the same as its
- select list.
-
-Amalgamation version of the patch:
-FossilOrigin-Name: 
bcdd66c1691955c697f3d756c2b035acfe98f6aad72e90b0021bab6e9023b3ba

- sqlite3.c | 5 +++--
- sqlite3.h | 2 +-
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/sqlite3.c b/sqlite3.c
-index 8fd740b..db1c649 100644
 a/sqlite3.c
-+++ b/sqlite3.c
-@@ -131679,6 +131679,7 @@ SQLITE_PRIVATE int sqlite3Select(
-   */
-   if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct 
-&& sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0
-+   && p->pWin==0
-   ){
- p->selFlags &= ~SF_Distinct;
- pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0);
--- 
-2.24.1
-
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19880.patch 
b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19880.patch
deleted file mode 100644
index ca5c31c57b..00
--- a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19880.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-CVE: CVE-2019-19880
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From 3622d20ad10dfac9586d4423547ed960cbc66fcf Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" 
-Date: Wed, 18 Dec 2019 00:05:50 +
-Subject: [PATCH] When processing constant integer values in ORDER BY clauses
- of window definitions (see check-in [7e4 ---
-

- sqlite3.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/sqlite3.c b/sqlite3.c
-index db1c649..a83b3d2 100644
 a/sqlite3.c
-+++ b/sqlite3.c
-@@ -147584,9 +147584,11 @@ static ExprList *exprListAppendList(
- int nInit = pList ? pList->nExpr : 0;
- for(i=0; inExpr; i++){
-   Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
-+  assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
-   if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
- pDup->op = TK_NULL;
- pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
-+pDup->u.zToken = 0;
-   }
-   pList = sqlite3ExprListAppend(pParse, pList, pDup);
-   if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
--- 
-2.24.1
-
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch 
b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch
deleted file mode 100644
index b1b866b250..00
--- a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19923.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-CVE: CVE-2019-19923
-Upstream-Status: Backport
-Signed-off-by: Ross Burton 
-
-From b64463719dc53bde98b0ce3930b10a32560c3a02 Mon Sep 17 00:00:00 2001
-From: "D. Richard Hipp" 
-Date: Wed, 18 Dec 2019 20:51:58 +
-Subject: [PATCH] Continue to back away from the LEFT JOIN optimization of
- check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer
- query is DISTINCT.  Without this fix, if an index scan is run on the table
- within the view on the right-hand side of the LEFT JOIN, stale result
-