diff options
| author | Maxin B. John <maxin.john@intel.com> | 2017-11-10 14:00:27 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-21 12:56:24 +0000 |
| commit | 483711e676cd063a873179bdb2daedf56de0aa75 (patch) | |
| tree | 5969fd6baf6f910bd924f3c8b6299791d2b559d8 | |
| parent | 4ec39933d2290c484e34ac803420155c7a2feee7 (diff) | |
| download | openembedded-core-483711e676cd063a873179bdb2daedf56de0aa75.tar.gz openembedded-core-483711e676cd063a873179bdb2daedf56de0aa75.tar.bz2 openembedded-core-483711e676cd063a873179bdb2daedf56de0aa75.zip | |
sqlite3: upgrade to 3.21.0
Remove upstreamed patch:
1. sqlite3-fix-CVE-2017-13685.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
| -rw-r--r-- | meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch | 57 | ||||
| -rw-r--r-- | meta/recipes-support/sqlite/sqlite3_3.21.0.bb (renamed from meta/recipes-support/sqlite/sqlite3_3.20.0.bb) | 5 |
2 files changed, 2 insertions, 60 deletions
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch deleted file mode 100644 index aac428c821..0000000000 --- a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix CVE-2017-13685 - -The dump_callback function in SQLite 3.20.0 allows remote attackers to -cause a denial of service (EXC_BAD_ACCESS and application crash) via a -crafted file. - -References: -https://sqlite.org/src/info/02f0f4c54f2819b3 -http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html - -Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149] - -CVE: CVE-2017-13685 - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> - -Index: src/shell.c -================================================================== ---- src/shell.c -+++ src/shell.c -@@ -2657,10 +2657,11 @@ - int *aiType /* Column types */ - ){ - int i; - ShellState *p = (ShellState*)pArg; - -+ if( azArg==0 ) return 0; - switch( p->cMode ){ - case MODE_Line: { - int w = 5; - if( azArg==0 ) break; - for(i=0; i<nArg; i++){ -@@ -3007,10 +3008,11 @@ - */ - static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){ - ShellText *p = (ShellText*)pArg; - int i; - UNUSED_PARAMETER(az); -+ if( azArg==0 ) return 0; - if( p->n ) appendText(p, "|", 0); - for(i=0; i<nArg; i++){ - if( i ) appendText(p, ",", 0); - if( azArg[i] ) appendText(p, azArg[i], 0); - } -@@ -3888,11 +3890,11 @@ - const char *zType; - const char *zSql; - ShellState *p = (ShellState *)pArg; - - UNUSED_PARAMETER(azNotUsed); -- if( nArg!=3 ) return 1; -+ if( nArg!=3 || azArg==0 ) return 0; - zTable = azArg[0]; - zType = azArg[1]; - zSql = azArg[2]; - - if( strcmp(zTable, "sqlite_sequence")==0 ){ diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.21.0.bb index e50825833e..1d51733e81 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.21.0.bb @@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "\ http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - file://sqlite3-fix-CVE-2017-13685.patch \ " -SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" -SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" +SRC_URI[md5sum] = "7913de4c3126ba3c24689cb7a199ea31" +SRC_URI[sha256sum] = "d7dd516775005ad87a57f428b6f86afd206cb341722927f104d3f0cf65fbbbe3" |