please use attach patch in case there is issue in do_patch. As observed earlier KPIT mailer is adding some extra character in patch while sending patch, which cause failure in do_patch.
Best Regards ________________________________ From: Virendra Kumar Thakur <[email protected]> Sent: Monday, September 19, 2022 7:25 PM To: [email protected] <[email protected]> Cc: [email protected] <[email protected]>; Virendra Kumar Thakur <[email protected]> Subject: [OE-Core][dunfell][PATCH 1/2] sqlite3: Fix CVE-2020-35525 From: Virendra Thakur <[email protected]> Add patch to fix CVE-2020-35525 Reference: https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.debian.org%2Fdebian-security%2Fpool%2Fupdates%2Fmain%2Fs%2Fsqlite3%2Fsqlite3_3.27.2-3%2Bdeb10u2.debian.tar.xz&data=05%7C01%7CVirendra.Thakur%40kpit.com%7C66ef6b4f62da4e9c4c0e08da9a46b263%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637991925705182386%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yr1oVWwognNVO0Puv8gHuRzVm12EXvAtc3LCoJmhYuU%3D&reserved=0 Signed-off-by: Virendra Thakur <[email protected]> --- .../sqlite/files/CVE-2020-35525.patch | 21 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 + 2 files changed, 22 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35525.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch new file mode 100644 index 0000000000..27d81d42d9 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch @@ -0,0 +1,21 @@ +From: drh <[email protected]> +Date: Thu, 20 Feb 2020 14:08:51 +0000 +Subject: [PATCH] Early-out on the INTERSECT query processing following an + error. + +Upstream-Status: Backport [https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.debian.org%2Fdebian-security%2Fpool%2Fupdates%2Fmain%2Fs%2Fsqlite3%2Fsqlite3_3.27.2-3%2Bdeb10u2.debian.tar.xz&data=05%7C01%7CVirendra.Thakur%40kpit.com%7C66ef6b4f62da4e9c4c0e08da9a46b263%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637991925705182386%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yr1oVWwognNVO0Puv8gHuRzVm12EXvAtc3LCoJmhYuU%3D&reserved=0] +CVE: CVE-2020-35525 +Signed-off-by: Virendra Thakur <[email protected]> +--- +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -130767,6 +130767,7 @@ static int multiSelect( + /* Generate code to take the intersection of the two temporary + ** tables. + */ ++ if( rc ) break; + assert( p->pEList ); + iBreak = sqlite3VdbeMakeLabel(pParse); + iCont = sqlite3VdbeMakeLabel(pParse); diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 3440bf4913..48051593e4 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb @@ -14,6 +14,7 @@ SRC_URI = "https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sqlite.org%2F2020%2Fsqlite-autoconf-%24&data=05%7C01%7CVirendra.Thakur%40kpit.com%7C66ef6b4f62da4e9c4c0e08da9a46b263%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637991925705494829%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=F4jFw0UZvxcHtGpqurisDSojtRr773gSMtHFP%2FbO3Ks%3D&reserved=0{SQLITE_PV}.tar.gz \ file://CVE-2020-13631.patch \ file://CVE-2020-13632.patch \ file://CVE-2022-35737.patch \ + file://CVE-2020-35525.patch \ " SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
From c6a58ddecb462d37951954c0cf7e7f75c6fd295a Mon Sep 17 00:00:00 2001 From: Virendra Thakur <[email protected]> Date: Thu, 15 Sep 2022 18:02:41 +0530 Subject: [PATCH] sqlite3: Fix CVE-2020-35525 Add patch to fix CVE-2020-35525 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz Signed-off-by: Virendra Thakur <[email protected]> --- .../sqlite/files/CVE-2020-35525.patch | 21 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 + 2 files changed, 22 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35525.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35525.patch b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch new file mode 100644 index 0000000000..27d81d42d9 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35525.patch @@ -0,0 +1,21 @@ +From: drh <[email protected]> +Date: Thu, 20 Feb 2020 14:08:51 +0000 +Subject: [PATCH] Early-out on the INTERSECT query processing following an + error. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz] +CVE: CVE-2020-35525 +Signed-off-by: Virendra Thakur <[email protected]> +--- +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -130767,6 +130767,7 @@ static int multiSelect( + /* Generate code to take the intersection of the two temporary + ** tables. + */ ++ if( rc ) break; + assert( p->pEList ); + iBreak = sqlite3VdbeMakeLabel(pParse); + iCont = sqlite3VdbeMakeLabel(pParse); diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 3440bf4913..48051593e4 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb @@ -14,6 +14,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2020-13631.patch \ file://CVE-2020-13632.patch \ file://CVE-2022-35737.patch \ + file://CVE-2020-35525.patch \ " SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170860): https://lists.openembedded.org/g/openembedded-core/message/170860 Mute This Topic: https://lists.openembedded.org/mt/93781188/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
