From: Virendra Thakur <[email protected]> Add patch file to fix CVE-2020-35527
Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz Signed-off-by: Virendra Thakur <[email protected]> --- .../sqlite/files/CVE-2020-35527.patch | 22 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-35527.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2020-35527.patch b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch new file mode 100644 index 0000000000..d1dae389b0 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2020-35527.patch @@ -0,0 +1,22 @@ +From: dan <[email protected]> +Date: Mon, 26 Oct 2020 13:24:36 +0000 +Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested + FROM clause. Ticket [f50af3e8a565776b]. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz] +CVE: CVE-2020-35527 +Signed-off-by: Virendra Thakur <[email protected]> +--- +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke + pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); + sqlite3TokenInit(&sColname, zColname); + sqlite3ExprListSetName(pParse, pNew, &sColname, 0); +- if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ ++ if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){ + struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; + sqlite3DbFree(db, pX->zEName); + if( pSub ){ diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 48051593e4..d9e98c9120 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb @@ -15,6 +15,7 @@ SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2020-13632.patch \ file://CVE-2022-35737.patch \ file://CVE-2020-35525.patch \ + file://CVE-2020-35527.patch \ " SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170861): https://lists.openembedded.org/g/openembedded-core/message/170861 Mute This Topic: https://lists.openembedded.org/mt/93781601/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
