agl-basesystem

author: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
committer: ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> 2020-03-30 09:24:26 +0900
commit: 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree: b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-support/sqlite
parent: 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)
4 files changed, 201 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
new file mode 100644
index 00000000..d1119f3b
--- /dev/null
+++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch
@@ -0,0 +1,31 @@
+From: D. Richard Hipp <drh@hwaci.com>
+Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000)
+Subject: Fix a assert() in the query planner that can arise when doing row-value
+X-Git-Tag: version-3.26.0~59
+X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f
+
+Fix a assert() in the query planner that can arise when doing row-value
+operations on a PRIMARY KEY that contains duplicate columns.
+Ticket [1a84668dcfdebaf12415d].
+
+https://sqlite.org/src/info/1a84668dcfdebaf12415d
+
+upstream-Status: Backport
+CVE: CVE-2018-20505
+affects <= 3.26.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3230100.orig/sqlite3.c
++++ sqlite-autoconf-3230100/sqlite3.c
+@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
+     for(i=iEq; i<pLoop->nLTerm; i++){
+       if( pLoop->aLTerm[i]->pExpr==pX ){
+         int iField = pLoop->aLTerm[i]->iField - 1;
+-        assert( pOrigRhs->a[iField].pExpr!=0 );
++        if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
+         pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
+         pOrigRhs->a[iField].pExpr = 0;
+         assert( pOrigLhs->a[iField].pExpr!=0 );
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
new file mode 100644
index 00000000..7919f9b5
--- /dev/null
+++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch
@@ -0,0 +1,103 @@
+From: Dan Kennedy <danielk1977@gmail.com>
+Date: Sat, 3 Nov 2018 16:51:30 +0000 (+0000)
+Subject: Add extra defenses against strategically corrupt databases to fts3/4.
+X-Git-Tag: version-3.26.0~58
+X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18
+
+Add extra defenses against strategically corrupt databases to fts3/4.
+
+https://sqlite.org/src/info/940f2adc8541a838
+
+Upstream-Status: Backport
+CVE: CVE-2018-20506
+Affects <= 3.26.0
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: sqlite-autoconf-3230100/sqlite3.c
+===================================================================
+--- sqlite-autoconf-3230100.orig/sqlite3.c
++++ sqlite-autoconf-3230100/sqlite3.c
+@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode(
+   const char *zCsr = zNode;       /* Cursor to iterate through node */
+   const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
+   char *zBuffer = 0;              /* Buffer to load terms into */
+-  int nAlloc = 0;                 /* Size of allocated buffer */
++  i64 nAlloc = 0;                 /* Size of allocated buffer */
+   int isFirstTerm = 1;            /* True when processing first term on page */
+   sqlite3_int64 iChild;           /* Block id of child node to descend to */
+ 
+@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode(
+     zCsr += fts3GetVarint32(zCsr, &nSuffix);
+     
+     assert( nPrefix>=0 && nSuffix>=0 );
+-    if( &zCsr[nSuffix]>zEnd ){
++    if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){
+       rc = FTS_CORRUPT_VTAB;
+       goto finish_scan;
+     }
+-    if( nPrefix+nSuffix>nAlloc ){
++    if( (i64)nPrefix+nSuffix>nAlloc ){
+       char *zNew;
+-      nAlloc = (nPrefix+nSuffix) * 2;
+-      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
++      nAlloc = ((i64)nPrefix+nSuffix) * 2;
++      zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc);
+       if( !zNew ){
+         rc = SQLITE_NOMEM;
+         goto finish_scan;
+@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext(
+   ** safe (no risk of overread) even if the node data is corrupted. */
+   pNext += fts3GetVarint32(pNext, &nPrefix);
+   pNext += fts3GetVarint32(pNext, &nSuffix);
+-  if( nPrefix<0 || nSuffix<=0 
+-   || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] 
++  if( nSuffix<=0 
++   || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix
++   || nPrefix>pReader->nTermAlloc
+   ){
+     return FTS_CORRUPT_VTAB;
+   }
+ 
+-  if( nPrefix+nSuffix>pReader->nTermAlloc ){
+-    int nNew = (nPrefix+nSuffix)*2;
+-    char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
++  /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are
++  ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer
++  ** overflow - hence the (i64) casts.  */
++  if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){
++    i64 nNew = ((i64)nPrefix+nSuffix)*2;
++    char *zNew = sqlite3_realloc64(pReader->zTerm, nNew);
+     if( !zNew ){
+       return SQLITE_NOMEM;
+     }
+@@ -162042,7 +162046,7 @@ static int fts3SegReaderNext(
+   ** b-tree node. And that the final byte of the doclist is 0x00. If either 
+   ** of these statements is untrue, then the data structure is corrupt.
+   */
+-  if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] 
++  if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist
+    || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
+   ){
+     return FTS_CORRUPT_VTAB;
+@@ -164367,7 +164371,9 @@ static int nodeReaderNext(NodeReader *p)
+       p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
+     }
+     p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
+-
++    if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){
++      return SQLITE_CORRUPT_VTAB;
++    }
+     blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
+     if( rc==SQLITE_OK ){
+       memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
+@@ -164375,6 +164381,9 @@ static int nodeReaderNext(NodeReader *p)
+       p->iOff += nSuffix;
+       if( p->iChild==0 ){
+         p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
++        if( (p->nNode-p->iOff)<p->nDoclist ){
++          return SQLITE_CORRUPT_VTAB;
++        }
+         p->aDoclist = &p->aNode[p->iOff];
+         p->iOff += p->nDoclist;
+       }
diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3.inc b/external/poky/meta/recipes-support/sqlite/sqlite3.inc
new file mode 100644
index 00000000..1834867d
--- /dev/null
+++ b/external/poky/meta/recipes-support/sqlite/sqlite3.inc
@@ -0,0 +1,55 @@
+SUMMARY = "Embeddable SQL database engine"
+HOMEPAGE = "http://www.sqlite.org"
+SECTION = "libs"
+
+PE = "3"
+
+def sqlite_download_version(d):
+    pvsplit = d.getVar('PV').split('.')
+    if len(pvsplit) < 4:
+        pvsplit.append('0')
+    return pvsplit[0] + ''.join([part.rjust(2,'0') for part in pvsplit[1:]])
+
+SQLITE_PV = "${@sqlite_download_version(d)}"
+
+S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}"
+
+UPSTREAM_CHECK_URI = "http://www.sqlite.org/"
+UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html"
+
+CVE_PRODUCT = "sqlite"
+
+inherit autotools pkgconfig
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+
+PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses"
+
+EXTRA_OECONF = " \
+    --enable-shared \
+    --enable-threadsafe \
+    --disable-static-shell \
+"
+
+CFLAGS_append = " -fPIC"
+
+# pread() is in POSIX.1-2001 so any reasonable system must surely support it
+CFLAGS += "-DUSE_PREAD"
+
+# Provide column meta-data API
+CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA"
+
+PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
+
+FILES_${PN} = "${bindir}/*"
+FILES_lib${BPN} = "${libdir}/*.so.*"
+FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \
+                       ${libdir}/pkgconfig ${includedir}"
+FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
+FILES_lib${BPN}-staticdev = "${libdir}/lib*.a"
+
+AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
new file mode 100644
index 00000000..d214ea15
--- /dev/null
+++ b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb
@@ -0,0 +1,12 @@
+require sqlite3.inc
+
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
+
+SRC_URI = "\
+  http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \
+  file://CVE-2018-20505.patch \
+  file://CVE-2018-20506.patch \
+  "
+SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa"
+SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25"
author	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
committer	ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp>	2020-03-30 09:24:26 +0900
commit	5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch)
tree	b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-support/sqlite
parent	706ad73eb02caf8532deaf5d38995bd258725cb8 (diff)