From: "Maxin B. John" <maxin.john@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 6/7] sqlite3: upgrade to 3.21.0
Date: Fri, 10 Nov 2017 14:00:27 +0200 [thread overview]
Message-ID: <1510315228-24186-7-git-send-email-maxin.john@intel.com> (raw)
In-Reply-To: <1510315228-24186-1-git-send-email-maxin.john@intel.com>
Remove upstreamed patch:
1. sqlite3-fix-CVE-2017-13685.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
.../sqlite/files/sqlite3-fix-CVE-2017-13685.patch | 57 ----------------------
.../{sqlite3_3.20.0.bb => sqlite3_3.21.0.bb} | 5 +-
2 files changed, 2 insertions(+), 60 deletions(-)
delete mode 100644 meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
rename meta/recipes-support/sqlite/{sqlite3_3.20.0.bb => sqlite3_3.21.0.bb} (52%)
diff --git a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch b/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
deleted file mode 100644
index aac428c..0000000
--- a/meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix CVE-2017-13685
-
-The dump_callback function in SQLite 3.20.0 allows remote attackers to
-cause a denial of service (EXC_BAD_ACCESS and application crash) via a
-crafted file.
-
-References:
-https://sqlite.org/src/info/02f0f4c54f2819b3
-http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
-
-Upstream-Status: Backport [https://sqlite.org/src/info/cf0d3715caac9149]
-
-CVE: CVE-2017-13685
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
-Index: src/shell.c
-==================================================================
---- src/shell.c
-+++ src/shell.c
-@@ -2657,10 +2657,11 @@
- int *aiType /* Column types */
- ){
- int i;
- ShellState *p = (ShellState*)pArg;
-
-+ if( azArg==0 ) return 0;
- switch( p->cMode ){
- case MODE_Line: {
- int w = 5;
- if( azArg==0 ) break;
- for(i=0; i<nArg; i++){
-@@ -3007,10 +3008,11 @@
- */
- static int captureOutputCallback(void *pArg, int nArg, char **azArg, char **az){
- ShellText *p = (ShellText*)pArg;
- int i;
- UNUSED_PARAMETER(az);
-+ if( azArg==0 ) return 0;
- if( p->n ) appendText(p, "|", 0);
- for(i=0; i<nArg; i++){
- if( i ) appendText(p, ",", 0);
- if( azArg[i] ) appendText(p, azArg[i], 0);
- }
-@@ -3888,11 +3890,11 @@
- const char *zType;
- const char *zSql;
- ShellState *p = (ShellState *)pArg;
-
- UNUSED_PARAMETER(azNotUsed);
-- if( nArg!=3 ) return 1;
-+ if( nArg!=3 || azArg==0 ) return 0;
- zTable = azArg[0];
- zType = azArg[1];
- zSql = azArg[2];
-
- if( strcmp(zTable, "sqlite_sequence")==0 ){
diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.21.0.bb
similarity index 52%
rename from meta/recipes-support/sqlite/sqlite3_3.20.0.bb
rename to meta/recipes-support/sqlite/sqlite3_3.21.0.bb
index e508258..1d51733 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.21.0.bb
@@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "\
http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \
- file://sqlite3-fix-CVE-2017-13685.patch \
"
-SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d"
-SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0"
+SRC_URI[md5sum] = "7913de4c3126ba3c24689cb7a199ea31"
+SRC_URI[sha256sum] = "d7dd516775005ad87a57f428b6f86afd206cb341722927f104d3f0cf65fbbbe3"
--
2.4.0
next prev parent reply other threads:[~2017-11-10 12:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-10 12:00 [PATCH 0/7] package upgrades Maxin B. John
2017-11-10 12:00 ` [PATCH 1/7] ofono: upgrade to 1.21 Maxin B. John
2017-11-10 12:00 ` [PATCH 2/7] harfbuzz: upgrade to 1.6.3 Maxin B. John
2017-11-10 12:00 ` [PATCH 3/7] quota: upgrade to 4.04 Maxin B. John
2017-11-10 12:00 ` [PATCH 4/7] screen: upgrade to 4.6.2 Maxin B. John
2017-11-16 16:09 ` Burton, Ross
2017-11-17 11:20 ` Maxin B. John
2017-11-10 12:00 ` [PATCH 5/7] libproxy: upgrade to 0.4.15 Maxin B. John
2017-11-10 12:00 ` Maxin B. John [this message]
2017-11-10 12:00 ` [PATCH 7/7] libsoup-2.4: upgrade to 2.60.2 Maxin B. John
2017-11-10 12:26 ` Burton, Ross
2017-11-10 13:06 ` Maxin B. John
2017-11-10 12:35 ` ✗ patchtest: failure for package upgrades (rev2) Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510315228-24186-7-git-send-email-maxin.john@intel.com \
--to=maxin.john@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox