[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] [dunfell][PATCH] sqlite3: Security fix for CVE-2020-15358
From: "akuster" <akuster808 () gmail ! com>
Date: 2020-06-30 17:38:35
Message-ID: 20200630173835.14484-1-akuster808 () gmail ! com
[Download RAW message or body]
From: Armin Kuster <akuster@mvista.com>
Source: sqlite.org
MR: 104526
Type: Security Fix
Disposition: Backport from https://www.sqlite.org/src/vinfo/10fa79d00f8091e5?diff=1
ChangeID: a1c012b8c8aecd4970f3ae16686bf25f2376f542
Description:
Affects sqlite < 3.32.3
Fixes CVE CVE-2020-15358
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../sqlite/files/CVE-2020-15358.patch | 47 +++++++++++++++++++
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-support/sqlite/files/CVE-2020-15358.patch
diff --git a/meta/recipes-support/sqlite/files/CVE-2020-15358.patch \
b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch new file mode 100644
index 0000000000..f4cd6ba4b5
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2020-15358.patch
@@ -0,0 +1,47 @@
+Fix a defect in the query-flattener optimization identified by ticket \
[8f157e8010b22af0]. +
+Upstream Status: Backport
+https://www.sqlite.org/src/info/10fa79d00f8091e5
+CVE: CVE-2020-15358
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: sqlite-autoconf-3310100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3310100.orig/sqlite3.c
++++ sqlite-autoconf-3310100/sqlite3.c
+@@ -18349,6 +18349,7 @@ struct Select {
+ #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */
+ #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */
+ #define SF_View 0x0200000 /* SELECT statement is a view */
++#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */
+
+ /*
+ ** The results of a SELECT can be distributed in several ways, as defined
+@@ -130607,9 +130608,7 @@ static int multiSelect(
+ selectOpName(p->op)));
+ rc = sqlite3Select(pParse, p, &uniondest);
+ testcase( rc!=SQLITE_OK );
+- /* Query flattening in sqlite3Select() might refill p->pOrderBy.
+- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
+- sqlite3ExprListDelete(db, p->pOrderBy);
++ assert( p->pOrderBy==0 );
+ pDelete = p->pPrior;
+ p->pPrior = pPrior;
+ p->pOrderBy = 0;
+@@ -131958,7 +131957,7 @@ static int flattenSubquery(
+ ** We look at every expression in the outer query and every place we see
+ ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
+ */
+- if( pSub->pOrderBy ){
++ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){
+ /* At this point, any non-zero iOrderByCol values indicate that the
+ ** ORDER BY column expression is identical to the iOrderByCol'th
+ ** expression returned by SELECT statement pSub. Since these values
+@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select(
+ sqlite3ExprListDelete(db, p->pOrderBy);
+ p->pOrderBy = 0;
+ p->selFlags &= ~SF_Distinct;
++ p->selFlags |= SF_NoopOrderBy;
+ }
+ sqlite3SelectPrep(pParse, p, 0);
+ if( pParse->nErr || db->mallocFailed ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb \
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index 57a791385c..e5071b48bb 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -7,6 +7,7 @@ SRC_URI = \
"http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ \
file://CVE-2020-9327.patch \ file://CVE-2020-11656.patch \
file://CVE-2020-11655.patch \
+ file://CVE-2020-15358.patch \
"
SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125"
SRC_URI[sha256sum] = \
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae"
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#140142): https://lists.openembedded.org/g/openembedded-core/message/140142
Mute This Topic: https://lists.openembedded.org/mt/75218755/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic