Source: https://www.sqlite.org/ MR: 120541 Type: Security Fix Disposition: Backport from https://www.sqlite.org/src/info/aab790a16e1bdff7 ChangeID: cf6d0962be0d1f7d4a5019843da6349eb7f9acda Description: CVE-2022-35737 sqlite: assertion failure via query when compiled with -DSQLITE_ENABLE_STAT4.
Signed-off-by: Hitendra Prajapati <[email protected]> --- .../sqlite/files/CVE-2022-35737.patch | 29 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-35737.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2022-35737.patch b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch new file mode 100644 index 0000000000..341e002913 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-35737.patch @@ -0,0 +1,29 @@ +From 2bbf4c999dbb4b520561a57e0bafc19a15562093 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <[email protected]> +Date: Fri, 2 Sep 2022 11:22:29 +0530 +Subject: [PATCH] CVE-2022-35737 + +Upstream-Status: Backport [https://www.sqlite.org/src/info/aab790a16e1bdff7] +CVE: CVE-2022-35737 +Signed-off-by: Hitendra Prajapati <[email protected]> +--- + sqlite3.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index f664217..33dfb78 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -28758,7 +28758,8 @@ SQLITE_API void sqlite3_str_vappendf( + case etSQLESCAPE: /* %q: Escape ' characters */ + case etSQLESCAPE2: /* %Q: Escape ' and enclose in '...' */ + case etSQLESCAPE3: { /* %w: Escape " characters */ +- int i, j, k, n, isnull; ++ i64 i, j, k, n; ++ int isnull; + int needQuote; + char ch; + char q = ((xtype==etSQLESCAPE3)?'"':'\''); /* Quote character */ +-- +2.25.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 877e80f5a3..3440bf4913 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb @@ -13,6 +13,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2020-13630.patch \ file://CVE-2020-13631.patch \ file://CVE-2020-13632.patch \ + file://CVE-2022-35737.patch \ " SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170243): https://lists.openembedded.org/g/openembedded-core/message/170243 Mute This Topic: https://lists.openembedded.org/mt/93416756/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
