diff options
author | 2020-03-30 09:24:26 +0900 | |
---|---|---|
committer | 2020-03-30 09:24:26 +0900 | |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-support/sqlite | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-support/sqlite')
4 files changed, 201 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch new file mode 100644 index 00000000..d1119f3b --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch @@ -0,0 +1,31 @@ +From: D. Richard Hipp <drh@hwaci.com> +Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000) +Subject: Fix a assert() in the query planner that can arise when doing row-value +X-Git-Tag: version-3.26.0~59 +X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f + +Fix a assert() in the query planner that can arise when doing row-value +operations on a PRIMARY KEY that contains duplicate columns. +Ticket [1a84668dcfdebaf12415d]. + +https://sqlite.org/src/info/1a84668dcfdebaf12415d + +upstream-Status: Backport +CVE: CVE-2018-20505 +affects <= 3.26.0 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: sqlite-autoconf-3230100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3230100.orig/sqlite3.c ++++ sqlite-autoconf-3230100/sqlite3.c +@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe + for(i=iEq; i<pLoop->nLTerm; i++){ + if( pLoop->aLTerm[i]->pExpr==pX ){ + int iField = pLoop->aLTerm[i]->iField - 1; +- assert( pOrigRhs->a[iField].pExpr!=0 ); ++ if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */ + pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr); + pOrigRhs->a[iField].pExpr = 0; + assert( pOrigLhs->a[iField].pExpr!=0 ); diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch new file mode 100644 index 00000000..7919f9b5 --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch @@ -0,0 +1,103 @@ +From: Dan Kennedy <danielk1977@gmail.com> +Date: Sat, 3 Nov 2018 16:51:30 +0000 (+0000) +Subject: Add extra defenses against strategically corrupt databases to fts3/4. +X-Git-Tag: version-3.26.0~58 +X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18 + +Add extra defenses against strategically corrupt databases to fts3/4. + +https://sqlite.org/src/info/940f2adc8541a838 + +Upstream-Status: Backport +CVE: CVE-2018-20506 +Affects <= 3.26.0 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: sqlite-autoconf-3230100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3230100.orig/sqlite3.c ++++ sqlite-autoconf-3230100/sqlite3.c +@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode( + const char *zCsr = zNode; /* Cursor to iterate through node */ + const char *zEnd = &zCsr[nNode];/* End of interior node buffer */ + char *zBuffer = 0; /* Buffer to load terms into */ +- int nAlloc = 0; /* Size of allocated buffer */ ++ i64 nAlloc = 0; /* Size of allocated buffer */ + int isFirstTerm = 1; /* True when processing first term on page */ + sqlite3_int64 iChild; /* Block id of child node to descend to */ + +@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode( + zCsr += fts3GetVarint32(zCsr, &nSuffix); + + assert( nPrefix>=0 && nSuffix>=0 ); +- if( &zCsr[nSuffix]>zEnd ){ ++ if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){ + rc = FTS_CORRUPT_VTAB; + goto finish_scan; + } +- if( nPrefix+nSuffix>nAlloc ){ ++ if( (i64)nPrefix+nSuffix>nAlloc ){ + char *zNew; +- nAlloc = (nPrefix+nSuffix) * 2; +- zNew = (char *)sqlite3_realloc(zBuffer, nAlloc); ++ nAlloc = ((i64)nPrefix+nSuffix) * 2; ++ zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc); + if( !zNew ){ + rc = SQLITE_NOMEM; + goto finish_scan; +@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext( + ** safe (no risk of overread) even if the node data is corrupted. */ + pNext += fts3GetVarint32(pNext, &nPrefix); + pNext += fts3GetVarint32(pNext, &nSuffix); +- if( nPrefix<0 || nSuffix<=0 +- || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] ++ if( nSuffix<=0 ++ || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix ++ || nPrefix>pReader->nTermAlloc + ){ + return FTS_CORRUPT_VTAB; + } + +- if( nPrefix+nSuffix>pReader->nTermAlloc ){ +- int nNew = (nPrefix+nSuffix)*2; +- char *zNew = sqlite3_realloc(pReader->zTerm, nNew); ++ /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are ++ ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer ++ ** overflow - hence the (i64) casts. */ ++ if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){ ++ i64 nNew = ((i64)nPrefix+nSuffix)*2; ++ char *zNew = sqlite3_realloc64(pReader->zTerm, nNew); + if( !zNew ){ + return SQLITE_NOMEM; + } +@@ -162042,7 +162046,7 @@ static int fts3SegReaderNext( + ** b-tree node. And that the final byte of the doclist is 0x00. If either + ** of these statements is untrue, then the data structure is corrupt. + */ +- if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] ++ if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist + || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1]) + ){ + return FTS_CORRUPT_VTAB; +@@ -164367,7 +164371,9 @@ static int nodeReaderNext(NodeReader *p) + p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix); + } + p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix); +- ++ if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){ ++ return SQLITE_CORRUPT_VTAB; ++ } + blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc); + if( rc==SQLITE_OK ){ + memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix); +@@ -164375,6 +164381,9 @@ static int nodeReaderNext(NodeReader *p) + p->iOff += nSuffix; + if( p->iChild==0 ){ + p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist); ++ if( (p->nNode-p->iOff)<p->nDoclist ){ ++ return SQLITE_CORRUPT_VTAB; ++ } + p->aDoclist = &p->aNode[p->iOff]; + p->iOff += p->nDoclist; + } diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3.inc b/external/poky/meta/recipes-support/sqlite/sqlite3.inc new file mode 100644 index 00000000..1834867d --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/sqlite3.inc @@ -0,0 +1,55 @@ +SUMMARY = "Embeddable SQL database engine" +HOMEPAGE = "http://www.sqlite.org" +SECTION = "libs" + +PE = "3" + +def sqlite_download_version(d): + pvsplit = d.getVar('PV').split('.') + if len(pvsplit) < 4: + pvsplit.append('0') + return pvsplit[0] + ''.join([part.rjust(2,'0') for part in pvsplit[1:]]) + +SQLITE_PV = "${@sqlite_download_version(d)}" + +S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}" + +UPSTREAM_CHECK_URI = "http://www.sqlite.org/" +UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html" + +CVE_PRODUCT = "sqlite" + +inherit autotools pkgconfig + +PACKAGECONFIG ?= "" +PACKAGECONFIG_class-native = "" + +PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit" +PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses" + +EXTRA_OECONF = " \ + --enable-shared \ + --enable-threadsafe \ + --disable-static-shell \ +" + +CFLAGS_append = " -fPIC" + +# pread() is in POSIX.1-2001 so any reasonable system must surely support it +CFLAGS += "-DUSE_PREAD" + +# Provide column meta-data API +CFLAGS += "-DSQLITE_ENABLE_COLUMN_METADATA" + +PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}" + +FILES_${PN} = "${bindir}/*" +FILES_lib${BPN} = "${libdir}/*.so.*" +FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \ + ${libdir}/pkgconfig ${includedir}" +FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" +FILES_lib${BPN}-staticdev = "${libdir}/lib*.a" + +AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}" + +BBCLASSEXTEND = "native nativesdk" diff --git a/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb new file mode 100644 index 00000000..d214ea15 --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/sqlite3_3.23.1.bb @@ -0,0 +1,12 @@ +require sqlite3.inc + +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" + +SRC_URI = "\ + http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + file://CVE-2018-20505.patch \ + file://CVE-2018-20506.patch \ + " +SRC_URI[md5sum] = "99a51b40a66872872a91c92f6d0134fa" +SRC_URI[sha256sum] = "92842b283e5e744eff5da29ed3c69391de7368fccc4d0ee6bf62490ce555ef25" |