diff options
author | Ross Burton <ross.burton@intel.com> | 2020-01-14 16:05:52 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-16 22:21:31 +0000 |
commit | f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75 (patch) | |
tree | a6cf925cec70556d1fad4588c098654d1741663d /meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | |
parent | f781e2a70ce1086c49e0c3d5ac61b7bf5bd79a9c (diff) | |
download | openembedded-core-contrib-f3ebf3f8dd0b4d144db451a8fcb352762f7fbd75.tar.gz |
sqlite: fix numerous CVEs
Fix the following CVEs:
- CVE-2019-19244
- CVE-2019-19880
- CVE-2019-19923
- CVE-2019-19924
- CVE-2019-19925
- CVE-2019-19926
- CVE-2019-19959
- CVE-2019-20218
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch')
-rw-r--r-- | meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch new file mode 100644 index 0000000000..ffc2c6afff --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2019-19925.patch @@ -0,0 +1,33 @@ +CVE: CVE-2019-19925 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From e92580434d2cdca228649d32f76167492de4f512 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Thu, 19 Dec 2019 15:15:40 +0000 +Subject: [PATCH] Fix the zipfile extension so that INSERT works even if the + pathname of the file being inserted is a NULL. Bug discovered by the + Yongheng and Rui fuzzer. + +FossilOrigin-Name: a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06 +--- + shell.c | 1 + + sqlite3.c | 4 ++-- + sqlite3.h | 2 +- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/shell.c b/shell.c +index 053180c..404a8d4 100644 +--- a/shell.c ++++ b/shell.c +@@ -5827,6 +5827,7 @@ static int zipfileUpdate( + + if( rc==SQLITE_OK ){ + zPath = (const char*)sqlite3_value_text(apVal[2]); ++ if( zPath==0 ) zPath = ""; + nPath = (int)strlen(zPath); + mTime = zipfileGetTime(apVal[4]); + } +-- +2.24.1 + |