* [OE-core][kirkstone 0/4] Patch review
@ 2023-12-29 16:07 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2023-12-29 16:07 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, January 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6384
The following changes since commit 2afd9a6002cba2a23dd62a1805b4be04083c041b:
testimage: Exclude wtmp from target-dumper commands (2023-12-20 11:40:13 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
openssh: fix CVE-2023-51384
openssh: fix CVE-2023-51385
Khem Raj (1):
elfutils: Disable stringop-overflow warning for build host
Steve Sakoman (1):
testimage: drop target_dumper, host_dumper, and monitor_dumper
meta/classes/testimage.bbclass | 24 ---
.../openssh/openssh/CVE-2023-51384.patch | 171 ++++++++++++++++++
.../openssh/openssh/CVE-2023-51385.patch | 97 ++++++++++
.../openssh/openssh_8.9p1.bb | 2 +
.../elfutils/elfutils_0.186.bb | 2 +
5 files changed, 272 insertions(+), 24 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-51384.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2023-51385.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2024-02-01 19:37 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2024-02-01 19:37 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, February 5
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6513
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6513
The following changes since commit a744a897f0ea7d34c31c024c13031221f9a85f24:
build-appliance-image: Update to kirkstone head revision (2024-01-25 04:06:50 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
python3-jinja2: upgrade 3.1.1 -> 3.1.2
Lee Chee Yang (1):
xwayland: Fix CVE-2023-6377 CVE-2023-6478
Ludovic Jozeau (1):
image-live.bbclass: LIVE_ROOTFS_TYPE support compression
Wang Mingyu (1):
python3-jinja2: upgrade 3.1.2 -> 3.1.3
meta/classes/image-live.bbclass | 2 +-
...inja2_3.1.1.bb => python3-jinja2_3.1.3.bb} | 2 +-
.../xwayland/xwayland/CVE-2023-6377.patch | 82 +++++++++++++++++++
.../xwayland/xwayland/CVE-2023-6478.patch | 66 +++++++++++++++
.../xwayland/xwayland_22.1.8.bb | 2 +
5 files changed, 152 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/python/{python3-jinja2_3.1.1.bb => python3-jinja2_3.1.3.bb} (92%)
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6377.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-6478.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2024-03-07 18:38 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2024-03-07 18:38 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, March 11
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6658
The following changes since commit d63af11e92094487d6e358f27283e5385937e7a8:
kernel.bbclass: Set pkg-config variables for building modules (2024-03-03 11:56:20 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Chen Qi (1):
useradd-example: do not use unsupported clear text password
Fabio Estevam (1):
u-boot: Move UBOOT_INITIAL_ENV back to u-boot.inc
Hitendra Prajapati (1):
golang: Fix CVE-2023-45289 & CVE-2023-45290
Steve Sakoman (1):
selftest: skip virgl gtk/sdl test on ubuntu 18.04
.../useradd/useradd-example.bb | 4 +-
meta/classes/uboot-config.bbclass | 4 -
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +
meta/recipes-bsp/u-boot/u-boot.inc | 4 +
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.21/CVE-2023-45289.patch | 121 ++++++++
.../go/go-1.21/CVE-2023-45290.patch | 270 ++++++++++++++++++
7 files changed, 401 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-45289.patch
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-45290.patch
--
2.34.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-01-31 14:15 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-01-31 14:15 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, February 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/911
The following changes since commit 077aab43f2c928eb8da71934405c62327010f552:
classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture (2025-01-20 06:06:07 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Deepesh Varatharajan (1):
glibc: stable 2.35 branch updates
Peter Marko (1):
openssl: patch CVE-2024-13176
Yash Shinde (2):
binutils: internal gdb: Fix CVE-2024-53589
gdb: Fix CVE-2024-53589
.../openssl/openssl/CVE-2024-13176.patch | 125 ++++++++++++++++++
.../openssl/openssl_3.0.15.bb | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0037-CVE-2024-53589.patch | 92 +++++++++++++
meta/recipes-devtools/gdb/gdb.inc | 1 +
.../gdb/gdb/0014-CVE-2024-53589.patch | 92 +++++++++++++
7 files changed, 313 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-13176.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0037-CVE-2024-53589.patch
create mode 100644 meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-03-27 14:43 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-03-27 14:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirktone and have comments back by
end of day Monday, March 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1277
The following changes since commit 1172a71f2104454a13e64886adbdb381aa8d6e0e:
libxcrypt-compat: Remove libcrypt.so to fix conflict with libcrypt (2025-03-21 06:48:11 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (2):
linux-yocto/5.15: update to v5.15.179
linux-yocto/5.10: update to v5.10.234
Peter Marko (1):
python3: patch CVE-2025-0938
Vijay Anusuri (1):
vim: Upgrade 9.1.1115 -> 9.1.1198
.../python/python3/CVE-2025-0938.patch | 131 ++++++++++++++++++
.../python/python3_3.10.16.bb | 1 +
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 ++--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 ++--
meta/recipes-support/vim/vim.inc | 4 +-
9 files changed, 172 insertions(+), 40 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-0938.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-04-15 20:52 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-04-15 20:52 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, April 17
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1401
The following changes since commit 7399cf17590204f8289f356cce4575592d6e3536:
ghostscript: Fix CVE-2025-27836 (2025-04-08 08:36:03 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Divya Chellam (1):
ruby: fix CVE-2024-43398
Hitendra Prajapati (1):
go: fix CVE-2025-22871
Peter Marko (2):
cve-update-nvd2-native: add workaround for json5 style list
systemd: ignore CVEs which reappeared after upgrade to 250.14
.../meta/cve-update-nvd2-native.bb | 5 +
meta/recipes-core/systemd/systemd.inc | 3 +
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2025-22871.patch | 172 ++++++++++++++++++
.../ruby/ruby/CVE-2024-43398.patch | 81 +++++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
6 files changed, 263 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2025-22871.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-43398.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-08-05 16:43 Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 1/4] avahi: fix CVE-2024-52615 Steve Sakoman
` (3 more replies)
0 siblings, 4 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-08-05 16:43 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, August 7
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2150
The following changes since commit b4a2f74ba0b40abcdf56c4b58cae5f7ce145d511:
sqlite3: Fix CVE-2025-6965 (2025-07-29 06:39:06 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Peter Marko (3):
sqlite3: patch CVE-2025-7458
sqlite3: ignore CVE-2025-3277
glibc: stable 2.35 branch updates
Zhang Peng (1):
avahi: fix CVE-2024-52615
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2024-52615.patch | 228 ++++++++++++++++
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/0025-CVE-2025-4802.patch | 250 ------------------
meta/recipes-core/glibc/glibc_2.35.bb | 2 +-
...mpts-to-improve-the-detection-of-cov.patch | 91 +++++++
.../sqlite/files/CVE-2025-7458.patch | 32 +++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 4 +
8 files changed, 358 insertions(+), 252 deletions(-)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
delete mode 100644 meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-7458.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 1/4] avahi: fix CVE-2024-52615
2025-08-05 16:43 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
@ 2025-08-05 16:43 ` Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458 Steve Sakoman
` (2 subsequent siblings)
3 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-08-05 16:43 UTC (permalink / raw)
To: openembedded-core
From: Zhang Peng <peng.zhang1.cn@windriver.com>
CVE-2024-52615:
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area
DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-52615]
[https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g]
Upstream patches:
[https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2024-52615.patch | 228 ++++++++++++++++++
2 files changed, 229 insertions(+)
create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index b3739ad2c0..20b2791ef3 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -36,6 +36,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
file://CVE-2023-38472.patch \
file://CVE-2023-38473.patch \
file://CVE-2024-52616.patch \
+ file://CVE-2024-52615.patch \
"
UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
new file mode 100644
index 0000000000..9737f52837
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch
@@ -0,0 +1,228 @@
+From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 27 Nov 2024 18:07:32 +0100
+Subject: [PATCH] core/wide-area: fix for CVE-2024-52615
+
+CVE: CVE-2024-52615
+Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942]
+
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ avahi-core/wide-area.c | 128 ++++++++++++++++++++++-------------------
+ 1 file changed, 69 insertions(+), 59 deletions(-)
+
+diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
+index 00a15056e..06df7afc6 100644
+--- a/avahi-core/wide-area.c
++++ b/avahi-core/wide-area.c
+@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup {
+
+ AvahiAddress dns_server_used;
+
++ int fd;
++ AvahiWatch *watch;
++ AvahiProtocol proto;
++
+ AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups);
+ AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key);
+ };
+@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup {
+ struct AvahiWideAreaLookupEngine {
+ AvahiServer *server;
+
+- int fd_ipv4, fd_ipv6;
+- AvahiWatch *watch_ipv4, *watch_ipv6;
+-
+ /* Cache */
+ AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
+ AvahiHashmap *cache_by_key;
+@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i
+ return l;
+ }
+
++static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata);
++
+ static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) {
++ AvahiWideAreaLookupEngine *e;
+ AvahiAddress *a;
++ AvahiServer *s;
++ AvahiWatch *w;
++ int r;
+
+ assert(l);
+ assert(p);
+
+- if (l->engine->n_dns_servers <= 0)
++ e = l->engine;
++ assert(e);
++
++ s = e->server;
++ assert(s);
++
++ if (e->n_dns_servers <= 0)
+ return -1;
+
+- assert(l->engine->current_dns_server < l->engine->n_dns_servers);
++ assert(e->current_dns_server < e->n_dns_servers);
+
+- a = &l->engine->dns_servers[l->engine->current_dns_server];
++ a = &e->dns_servers[e->current_dns_server];
+ l->dns_server_used = *a;
+
+- if (a->proto == AVAHI_PROTO_INET) {
++ if (l->fd >= 0) {
++ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */
++ s->poll_api->watch_free(l->watch);
++ l->watch = NULL;
+
+- if (l->engine->fd_ipv4 < 0)
+- return -1;
++ close(l->fd);
++ l->fd = -EBADF;
++ }
+
+- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT);
++ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6);
+
+- } else {
+- assert(a->proto == AVAHI_PROTO_INET6);
++ if (a->proto == AVAHI_PROTO_INET)
++ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
++ else
++ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
+
+- if (l->engine->fd_ipv6 < 0)
+- return -1;
++ if (r < 0) {
++ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup");
++ return -1;
++ }
+
+- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
++ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l);
++ if (!w) {
++ close(r);
++ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup");
++ return -1;
+ }
++
++ l->fd = r;
++ l->watch = w;
++ l->proto = a->proto;
++
++ return a->proto == AVAHI_PROTO_INET ?
++ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT):
++ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
+ }
+
+ static void next_dns_server(AvahiWideAreaLookupEngine *e) {
+@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
+ l->dead = 0;
+ l->key = avahi_key_ref(key);
+ l->cname_key = avahi_key_new_cname(l->key);
++ l->fd = -EBADF;
++ l->watch = NULL;
++ l->proto = AVAHI_PROTO_UNSPEC;
+ l->callback = callback;
+ l->userdata = userdata;
+
+@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) {
+ if (l->cname_key)
+ avahi_key_unref(l->cname_key);
+
++ if (l->watch)
++ l->engine->server->poll_api->watch_free(l->watch);
++
++ if (l->fd >= 0)
++ close(l->fd);
++
+ avahi_free(l);
+ }
+
+@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) {
+ }
+
+ static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) {
+- AvahiWideAreaLookupEngine *e = userdata;
++ AvahiWideAreaLookup *l = userdata;
++ AvahiWideAreaLookupEngine *e = l->engine;
+ AvahiDnsPacket *p = NULL;
+
+- if (fd == e->fd_ipv4)
+- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL);
++ assert(l);
++ assert(e);
++ assert(l->fd == fd);
++
++ if (l->proto == AVAHI_PROTO_INET)
++ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL);
+ else {
+- assert(fd == e->fd_ipv6);
+- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL);
++ assert(l->proto == AVAHI_PROTO_INET6);
++
++ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL);
+ }
+
+ if (p) {
+@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
+ e->server = s;
+ e->cleanup_dead = 0;
+
+- /* Create sockets */
+- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
+- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
+-
+- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) {
+- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno));
+-
+- if (e->fd_ipv6 >= 0)
+- close(e->fd_ipv6);
+-
+- if (e->fd_ipv4 >= 0)
+- close(e->fd_ipv4);
+-
+- avahi_free(e);
+- return NULL;
+- }
+-
+- /* Create watches */
+-
+- e->watch_ipv4 = e->watch_ipv6 = NULL;
+-
+- if (e->fd_ipv4 >= 0)
+- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e);
+- if (e->fd_ipv6 >= 0)
+- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
+-
+ e->n_dns_servers = e->current_dns_server = 0;
+
+ /* Initialize cache */
+@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) {
+ avahi_hashmap_free(e->lookups_by_id);
+ avahi_hashmap_free(e->lookups_by_key);
+
+- if (e->watch_ipv4)
+- e->server->poll_api->watch_free(e->watch_ipv4);
+-
+- if (e->watch_ipv6)
+- e->server->poll_api->watch_free(e->watch_ipv6);
+-
+- if (e->fd_ipv6 >= 0)
+- close(e->fd_ipv6);
+-
+- if (e->fd_ipv4 >= 0)
+- close(e->fd_ipv4);
+-
+ avahi_free(e);
+ }
+
+@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres
+
+ if (a) {
+ for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--)
+- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0))
++ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6)
+ e->dns_servers[e->n_dns_servers++] = *a;
+ } else {
+ assert(n == 0);
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-08-05 16:43 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 1/4] avahi: fix CVE-2024-52615 Steve Sakoman
@ 2025-08-05 16:43 ` Steve Sakoman
2025-08-29 11:25 ` Niko Mauno
2025-08-05 16:43 ` [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277 Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 4/4] glibc: stable 2.35 branch updates Steve Sakoman
3 siblings, 1 reply; 19+ messages in thread
From: Steve Sakoman @ 2025-08-05 16:43 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
Pick patch [1] listed in [2].
Also pick another patch which is precondition to this one introducing
variable needed for the check.
[1] https://sqlite.org/src/info/12ad822d9b827777
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...mpts-to-improve-the-detection-of-cov.patch | 91 +++++++++++++++++++
.../sqlite/files/CVE-2025-7458.patch | 32 +++++++
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
3 files changed, 125 insertions(+)
create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-7458.patch
diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
new file mode 100644
index 0000000000..8fb037bb0f
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
@@ -0,0 +1,91 @@
+From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Sat, 22 Oct 2022 14:16:02 +0000
+Subject: [PATCH] This branch attempts to improve the detection of covering
+ indexes. This first check-in merely improves a parameter name to
+ sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
+ that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
+ faster.
+
+FossilOrigin-Name: cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
+
+Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a0515502386fe2]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 28 +++++++++++++---------------
+ 1 file changed, 13 insertions(+), 15 deletions(-)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 4cbc2d0..b7ed991 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -147371,9 +147371,7 @@ struct WhereInfo {
+ ExprList *pOrderBy; /* The ORDER BY clause or NULL */
+ ExprList *pResultSet; /* Result set of the query */
+ Expr *pWhere; /* The complete WHERE clause */
+-#ifndef SQLITE_OMIT_VIRTUALTABLE
+- Select *pLimit; /* Used to access LIMIT expr/registers for vtabs */
+-#endif
++ Select *pSelect; /* The entire SELECT statement containing WHERE */
+ int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt */
+ int iContinue; /* Jump here to continue with next record */
+ int iBreak; /* Jump here to break out of the loop */
+@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
+ && pLoop->u.vtab.bOmitOffset
+ ){
+ assert( pTerm->eOperator==WO_AUX );
+- assert( pWInfo->pLimit!=0 );
+- assert( pWInfo->pLimit->iOffset>0 );
+- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
++ assert( pWInfo->pSelect!=0 );
++ assert( pWInfo->pSelect->iOffset>0 );
++ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
+ VdbeComment((v,"Zero OFFSET counter"));
+ }
+ }
+@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
+ ** exist only so that they may be passed to the xBestIndex method of the
+ ** single virtual table in the FROM clause of the SELECT.
+ */
+-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
+- assert( p==0 || (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0) );
+- if( (p && p->pLimit) /* 1 */
+- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
++SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
++ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
+ && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
+ ){
+ ExprList *pOrderBy = p->pOrderBy;
+@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+ Expr *pWhere, /* The WHERE clause */
+ ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or NULL */
+ ExprList *pResultSet, /* Query result set. Req'd for DISTINCT */
+- Select *pLimit, /* Use this LIMIT/OFFSET clause, if any */
++ Select *pSelect, /* The entire SELECT statement */
+ u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
+ int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor number
+ ** If WHERE_USE_LIMIT, then the limit amount */
+@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+ pWInfo->wctrlFlags = wctrlFlags;
+ pWInfo->iLimit = iAuxArg;
+ pWInfo->savedNQueryLoop = pParse->nQueryLoop;
+-#ifndef SQLITE_OMIT_VIRTUALTABLE
+- pWInfo->pLimit = pLimit;
+-#endif
++ pWInfo->pSelect = pSelect;
+ memset(&pWInfo->nOBSat, 0,
+ offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
+ memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
+@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+
+ /* Analyze all of the subexpressions. */
+ sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
+- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
++ if( pSelect && pSelect->pLimit ){
++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
++ }
+ if( db->mallocFailed ) goto whereBeginError;
+
+ /* Special case: WHERE terms that do not refer to any tables in the join
diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
new file mode 100644
index 0000000000..6b041d9332
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
@@ -0,0 +1,32 @@
+From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00 2001
+From: drh <>
+Date: Thu, 16 Mar 2023 20:54:29 +0000
+Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when all of the
+ result set terms are constant and there are more result set terms than ORDER
+ BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
+ [d6fd512f50513ab7].
+
+FossilOrigin-Name: 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
+
+CVE: CVE-2025-7458
+Upstream-Status: Backport [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sqlite3.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sqlite3.c b/sqlite3.c
+index 19d0438..6d92184 100644
+--- a/sqlite3.c
++++ b/sqlite3.c
+@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
+ if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
+ pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
+ }
++ if( pWInfo->pSelect->pOrderBy
++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
++ }
+ }else{
+ pWInfo->nOBSat = pFrom->isOrdered;
+ pWInfo->revMask = pFrom->revLoop;
diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 656e2d8bd8..86d9b4b33b 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2023-7104.patch \
file://CVE-2025-29088.patch \
file://CVE-2025-6965.patch \
+ file://0001-This-branch-attempts-to-improve-the-detection-of-cov.patch \
+ file://CVE-2025-7458.patch \
"
SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277
2025-08-05 16:43 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 1/4] avahi: fix CVE-2024-52615 Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458 Steve Sakoman
@ 2025-08-05 16:43 ` Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 4/4] glibc: stable 2.35 branch updates Steve Sakoman
3 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-08-05 16:43 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
The vulnerable code was introduced in 3.44.0 via [1].
(See fix commit [2])
Also Debian says "not vulnerabele yet for 3.40.1 in [3]
[1] https://github.com/sqlite/sqlite/commit/e1e67abc5cf67f931aab1e471eda23d73f51d456
[2] https://sqlite.org/src/info/498e3f1cf57f164f
[3] https://security-tracker.debian.org/tracker/CVE-2025-3277
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 86d9b4b33b..280342204a 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -21,3 +21,5 @@ CVE_CHECK_IGNORE += "CVE-2019-19242"
CVE_CHECK_IGNORE += "CVE-2015-3717"
# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
CVE_CHECK_IGNORE += "CVE-2021-36690"
+# Issue was introduced in 3.44.0
+CVE_CHECK_IGNORE += "CVE-2025-3277"
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 4/4] glibc: stable 2.35 branch updates
2025-08-05 16:43 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
` (2 preceding siblings ...)
2025-08-05 16:43 ` [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277 Steve Sakoman
@ 2025-08-05 16:43 ` Steve Sakoman
3 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-08-05 16:43 UTC (permalink / raw)
To: openembedded-core
From: Peter Marko <peter.marko@siemens.com>
This is a single commit bump containing only CVE fix
$ git log --oneline d80401002011f470d9c6eb604bf734715e9b3a8c..a66bc3941ff298e474d5f02d0c3303401951141f
a66bc3941f posix: Fix double-free after allocation failure in regcomp (bug 33185)
Test results didn't change except newly added test succeeding.
(tst-regcomp-bracket-free)
Also add CVE-2025-0395 ignore which was already included in previous
hash bumps.
Also drop an unreferenced patch.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
.../glibc/glibc/0025-CVE-2025-4802.patch | 250 ------------------
meta/recipes-core/glibc/glibc_2.35.bb | 2 +-
3 files changed, 2 insertions(+), 252 deletions(-)
delete mode 100644 meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index b269518af4..0b06005b25 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.35/master"
PV = "2.35"
-SRCREV_glibc ?= "80401002011f470d9c6eb604bf734715e9b3a8c2"
+SRCREV_glibc ?= "a66bc3941ff298e474d5f02d0c3303401951141f"
SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch b/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
deleted file mode 100644
index a1197c0318..0000000000
--- a/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
+++ /dev/null
@@ -1,250 +0,0 @@
-From 32917e7ee972e7a01127a04454f12ef31dc312ed Mon Sep 17 00:00:00 2001
-From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-Date: Wed, 11 Jun 2025 03:19:10 -0700
-Subject: [PATCH] elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for
- static
-
-It mimics the ld.so behavior.
-Checked on x86_64-linux-gnu.
-
-[New Test Case]
-elf: Test case for bug 32976
-[https://sourceware.org/bugzilla/show_bug.cgi?id=32976]
-
-Check that LD_LIBRARY_PATH is ignored for AT_SECURE statically
-linked binaries, using support_capture_subprogram_self_sgid.
-
-Upstream-Status: Backport [https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 &&
- https://sourceware.org/cgit/glibc/commit/?id=d8f7a79335b0d861c12c42aec94c04cd5bb181e2]
-
-CVE: CVE-2025-4802
-
-Co-authored-by: Florian Weimer <fweimer@redhat.com>
-Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com>
----
- elf/Makefile | 4 ++
- elf/dl-support.c | 46 ++++++++---------
- elf/tst-dlopen-sgid-mod.c | 1 +
- elf/tst-dlopen-sgid.c | 104 ++++++++++++++++++++++++++++++++++++++
- 4 files changed, 132 insertions(+), 23 deletions(-)
- create mode 100644 elf/tst-dlopen-sgid-mod.c
- create mode 100644 elf/tst-dlopen-sgid.c
-
-diff --git a/elf/Makefile b/elf/Makefile
-index 61c41ea6..3ad66ab6 100644
---- a/elf/Makefile
-+++ b/elf/Makefile
-@@ -274,6 +274,7 @@ tests-static-normal := \
- tst-array1-static \
- tst-array5-static \
- tst-dl-iter-static \
-+ tst-dlopen-sgid \
- tst-dst-static \
- tst-env-setuid \
- tst-env-setuid-tunables \
-@@ -807,6 +808,7 @@ modules-names = \
- tst-dlmopen-gethostbyname-mod \
- tst-dlmopen-twice-mod1 \
- tst-dlmopen-twice-mod2 \
-+ tst-dlopen-sgid-mod \
- tst-dlopenfaillinkmod \
- tst-dlopenfailmod1 \
- tst-dlopenfailmod2 \
-@@ -2913,3 +2915,5 @@ $(objpfx)tst-recursive-tls.out: \
- 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15)
- $(objpfx)tst-recursive-tlsmod%.os: tst-recursive-tlsmodN.c
- $(compile-command.c) -DVAR=thread_$* -DFUNC=get_threadvar_$*
-+
-+$(objpfx)tst-dlopen-sgid.out: $(objpfx)tst-dlopen-sgid-mod.so
-diff --git a/elf/dl-support.c b/elf/dl-support.c
-index 09079c12..c2baed69 100644
---- a/elf/dl-support.c
-+++ b/elf/dl-support.c
-@@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
- _dl_main_map.l_phdr = GL(dl_phdr);
- _dl_main_map.l_phnum = GL(dl_phnum);
-
-- _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
--
- /* Set up the data structures for the system-supplied DSO early,
- so they can influence _dl_init_paths. */
- setup_vdso (NULL, NULL);
-@@ -281,27 +279,6 @@ _dl_non_dynamic_init (void)
- /* With vDSO setup we can initialize the function pointers. */
- setup_vdso_pointers ();
-
-- /* Initialize the data structures for the search paths for shared
-- objects. */
-- _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
-- /* No glibc-hwcaps selection support in statically
-- linked binaries. */
-- NULL, NULL);
--
-- /* Remember the last search directory added at startup. */
-_dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;- _dl_init_all_dirs = GL(dl_all_dirs);
--
-- _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0';
--
-- _dl_bind_not = *(getenv ("LD_BIND_NOT") ?: "") != '\0';
--
-- _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
--
-- _dl_profile_output = getenv ("LD_PROFILE_OUTPUT");
-- if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0')
-- _dl_profile_output
-- = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
--
- if (__libc_enable_secure)
- {
- static const char unsecure_envvars[] =
- setup_vdso_pointers ();
-@@ -324,6 +301,29 @@ _dl_non_dynamic_init (void)
- #endif
- }
-
-+ _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
-+
-+ /* Initialize the data structures for the search paths for shared
-+ objects. */
-+ _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
-+ /* No glibc-hwcaps selection support in statically
-+ linked binaries. */
-+ NULL, NULL);
-+
-+ /* Remember the last search directory added at startup. */
-+ _dl_init_all_dirs = GL(dl_all_dirs);
-+
-+ _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0';
-+
-+ _dl_bind_not = *(getenv ("LD_BIND_NOT") ?: "") != '\0';
-+
-+ _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0';
-+
-+ _dl_profile_output = getenv ("LD_PROFILE_OUTPUT");
-+ if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0')
-+ _dl_profile_output
-+ = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
-+
- #ifdef DL_PLATFORM_INIT
- DL_PLATFORM_INIT;
- #endif
-diff --git a/elf/tst-dlopen-sgid-mod.c b/elf/tst-dlopen-sgid-mod.c
-new file mode 100644
-index 00000000..5eb79eef
---- /dev/null
-+++ b/elf/tst-dlopen-sgid-mod.c
-@@ -0,0 +1 @@
-+/* Opening this object should not succeed. */
-diff --git a/elf/tst-dlopen-sgid.c b/elf/tst-dlopen-sgid.c
-new file mode 100644
-index 00000000..47829a40
---- /dev/null
-+++ b/elf/tst-dlopen-sgid.c
-@@ -0,0 +1,104 @@
-+/* Test case for ignored LD_LIBRARY_PATH in static startug (bug 32976).
-+ Copyright (C) 2025 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <https://www.gnu.org/licenses/>. */
-+
-+#include <dlfcn.h>
-+#include <gnu/lib-names.h>
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <support/capture_subprocess.h>
-+#include <support/check.h>
-+#include <support/support.h>
-+#include <support/temp_file.h>
-+#include <unistd.h>
-+
-+/* This is the name of our test object. Use a custom module for
-+ testing, so that this object does not get picked up from the system
-+ path. */
-+static const char dso_name[] = "tst-dlopen-sgid-mod.so";
-+
-+/* Used to mark the recursive invocation. */
-+static const char magic_argument[] = "run-actual-test";
-+
-+static int
-+do_test (void)
-+{
-+/* Pathname of the directory that receives the shared objects this
-+ test attempts to load. */
-+ char *libdir = support_create_temp_directory ("tst-dlopen-sgid-");
-+
-+ /* This is supposed to be ignored and stripped. */
-+ TEST_COMPARE (setenv ("LD_LIBRARY_PATH", libdir, 1), 0);
-+
-+ /* Copy of libc.so.6. */
-+ {
-+ char *from = xasprintf ("%s/%s", support_objdir_root, LIBC_SO);
-+ char *to = xasprintf ("%s/%s", libdir, LIBC_SO);
-+ add_temp_file (to);
-+ support_copy_file (from, to);
-+ free (to);
-+ free (from);
-+ }
-+
-+ /* Copy of the test object. */
-+ {
-+ char *from = xasprintf ("%s/elf/%s", support_objdir_root, dso_name);
-+ char *to = xasprintf ("%s/%s", libdir, dso_name);
-+ add_temp_file (to);
-+ support_copy_file (from, to);
-+ free (to);
-+ free (from);
-+ }
-+
-+ TEST_COMPARE (support_capture_subprogram_self_sgid (magic_argument), 0);
-+
-+ free (libdir);
-+
-+ return 0;
-+}
-+
-+static void
-+alternative_main (int argc, char **argv)
-+{
-+ if (argc == 2 && strcmp (argv[1], magic_argument) == 0)
-+ {
-+ if (getgid () == getegid ())
-+ /* This can happen if the file system is mounted nosuid. */
-+ FAIL_UNSUPPORTED ("SGID failed: GID and EGID match (%jd)\n",
-+ (intmax_t) getgid ());
-+
-+ /* Should be removed due to SGID. */
-+ TEST_COMPARE_STRING (getenv ("LD_LIBRARY_PATH"), NULL);
-+
-+ TEST_VERIFY (dlopen (dso_name, RTLD_NOW) == NULL);
-+ {
-+ const char *message = dlerror ();
-+ TEST_COMPARE_STRING (message,
-+ "tst-dlopen-sgid-mod.so:"
-+ " cannot open shared object file:"
-+ " No such file or directory");
-+ }
-+
-+ support_record_failure_barrier ();
-+ exit (EXIT_SUCCESS);
-+ }
-+}
-+
-+#define PREPARE alternative_main
-+#include <support/test-driver.c>
---
-2.49.0
-
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index df5f14984a..265dcb9129 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -27,7 +27,7 @@ CVE_CHECK_IGNORE += "CVE-2023-4527"
CVE_CHECK_IGNORE += " \
CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 \
CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 \
- CVE-2025-4802 \
+ CVE-2025-0395 CVE-2025-4802 CVE-2025-8058 \
"
DEPENDS += "gperf-native bison-native"
--
2.43.0
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-08-05 16:43 ` [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458 Steve Sakoman
@ 2025-08-29 11:25 ` Niko Mauno
2025-08-29 15:37 ` Steve Sakoman
0 siblings, 1 reply; 19+ messages in thread
From: Niko Mauno @ 2025-08-29 11:25 UTC (permalink / raw)
To: steve, openembedded-core
We have found that since this patch SELECT queries with COUNT(DISTINCT(column)) seem to cause sqlite to segfault. E.g.
# sqlite3 :memory: 'create table foo (x int); select count(distinct(x)) from foo;'
Segmentation fault (core dumped)
-Niko
On 5.8.2025 19.43, Steve Sakoman via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Pick patch [1] listed in [2].
> Also pick another patch which is precondition to this one introducing
> variable needed for the check.
>
> [1] https://sqlite.org/src/info/12ad822d9b827777
> [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> ...mpts-to-improve-the-detection-of-cov.patch | 91 +++++++++++++++++++
> .../sqlite/files/CVE-2025-7458.patch | 32 +++++++
> meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
> 3 files changed, 125 insertions(+)
> create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-7458.patch
>
> diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> new file mode 100644
> index 0000000000..8fb037bb0f
> --- /dev/null
> +++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> @@ -0,0 +1,91 @@
> +From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00 2001
> +From: drh <>
> +Date: Sat, 22 Oct 2022 14:16:02 +0000
> +Subject: [PATCH] This branch attempts to improve the detection of covering
> + indexes. This first check-in merely improves a parameter name to
> + sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
> + that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
> + faster.
> +
> +FossilOrigin-Name: cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
> +
> +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a0515502386fe2]
> +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> +---
> + sqlite3.c | 28 +++++++++++++---------------
> + 1 file changed, 13 insertions(+), 15 deletions(-)
> +
> +diff --git a/sqlite3.c b/sqlite3.c
> +index 4cbc2d0..b7ed991 100644
> +--- a/sqlite3.c
> ++++ b/sqlite3.c
> +@@ -147371,9 +147371,7 @@ struct WhereInfo {
> + ExprList *pOrderBy; /* The ORDER BY clause or NULL */
> + ExprList *pResultSet; /* Result set of the query */
> + Expr *pWhere; /* The complete WHERE clause */
> +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> +- Select *pLimit; /* Used to access LIMIT expr/registers for vtabs */
> +-#endif
> ++ Select *pSelect; /* The entire SELECT statement containing WHERE */
> + int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt */
> + int iContinue; /* Jump here to continue with next record */
> + int iBreak; /* Jump here to break out of the loop */
> +@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
> + && pLoop->u.vtab.bOmitOffset
> + ){
> + assert( pTerm->eOperator==WO_AUX );
> +- assert( pWInfo->pLimit!=0 );
> +- assert( pWInfo->pLimit->iOffset>0 );
> +- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
> ++ assert( pWInfo->pSelect!=0 );
> ++ assert( pWInfo->pSelect->iOffset>0 );
> ++ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
> + VdbeComment((v,"Zero OFFSET counter"));
> + }
> + }
> +@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
> + ** exist only so that they may be passed to the xBestIndex method of the
> + ** single virtual table in the FROM clause of the SELECT.
> + */
> +-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> +- assert( p==0 || (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0) );
> +- if( (p && p->pLimit) /* 1 */
> +- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> ++SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> ++ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
> ++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
> ++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> + && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
> + ){
> + ExprList *pOrderBy = p->pOrderBy;
> +@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> + Expr *pWhere, /* The WHERE clause */
> + ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or NULL */
> + ExprList *pResultSet, /* Query result set. Req'd for DISTINCT */
> +- Select *pLimit, /* Use this LIMIT/OFFSET clause, if any */
> ++ Select *pSelect, /* The entire SELECT statement */
> + u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
> + int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor number
> + ** If WHERE_USE_LIMIT, then the limit amount */
> +@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> + pWInfo->wctrlFlags = wctrlFlags;
> + pWInfo->iLimit = iAuxArg;
> + pWInfo->savedNQueryLoop = pParse->nQueryLoop;
> +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> +- pWInfo->pLimit = pLimit;
> +-#endif
> ++ pWInfo->pSelect = pSelect;
> + memset(&pWInfo->nOBSat, 0,
> + offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
> + memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
> +@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> +
> + /* Analyze all of the subexpressions. */
> + sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
> +- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
> ++ if( pSelect && pSelect->pLimit ){
> ++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
> ++ }
> + if( db->mallocFailed ) goto whereBeginError;
> +
> + /* Special case: WHERE terms that do not refer to any tables in the join
> diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> new file mode 100644
> index 0000000000..6b041d9332
> --- /dev/null
> +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> @@ -0,0 +1,32 @@
> +From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00 2001
> +From: drh <>
> +Date: Thu, 16 Mar 2023 20:54:29 +0000
> +Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when all of the
> + result set terms are constant and there are more result set terms than ORDER
> + BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
> + [d6fd512f50513ab7].
> +
> +FossilOrigin-Name: 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
> +
> +CVE: CVE-2025-7458
> +Upstream-Status: Backport [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
> +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> +---
> + sqlite3.c | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/sqlite3.c b/sqlite3.c
> +index 19d0438..6d92184 100644
> +--- a/sqlite3.c
> ++++ b/sqlite3.c
> +@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
> + if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
> + pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
> + }
> ++ if( pWInfo->pSelect->pOrderBy
> ++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
> ++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
> ++ }
> + }else{
> + pWInfo->nOBSat = pFrom->isOrdered;
> + pWInfo->revMask = pFrom->revLoop;
> diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> index 656e2d8bd8..86d9b4b33b 100644
> --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> @@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
> file://CVE-2023-7104.patch \
> file://CVE-2025-29088.patch \
> file://CVE-2025-6965.patch \
> + file://0001-This-branch-attempts-to-improve-the-detection-of-cov.patch \
> + file://CVE-2025-7458.patch \
> "
> SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#221481): https://lists.openembedded.org/g/openembedded-core/message/221481
> Mute This Topic: https://lists.openembedded.org/mt/114551672/3618471
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [niko.mauno@vaisala.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-08-29 11:25 ` Niko Mauno
@ 2025-08-29 15:37 ` Steve Sakoman
2025-08-31 21:12 ` Marko, Peter
0 siblings, 1 reply; 19+ messages in thread
From: Steve Sakoman @ 2025-08-29 15:37 UTC (permalink / raw)
To: Marko, Peter; +Cc: openembedded-core, Niko Mauno
On Fri, Aug 29, 2025 at 4:25 AM Niko Mauno <niko.mauno@vaisala.com> wrote:
>
> We have found that since this patch SELECT queries with COUNT(DISTINCT(column)) seem to cause sqlite to segfault. E.g.
>
> # sqlite3 :memory: 'create table foo (x int); select count(distinct(x)) from foo;'
> Segmentation fault (core dumped)
Hi Peter,
Could you check this to see if you can reproduce it?
If so, we should revert this patch.
Steve
> On 5.8.2025 19.43, Steve Sakoman via lists.openembedded.org wrote:
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > Pick patch [1] listed in [2].
> > Also pick another patch which is precondition to this one introducing
> > variable needed for the check.
> >
> > [1] https://sqlite.org/src/info/12ad822d9b827777
> > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
> >
> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > ...mpts-to-improve-the-detection-of-cov.patch | 91 +++++++++++++++++++
> > .../sqlite/files/CVE-2025-7458.patch | 32 +++++++
> > meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
> > 3 files changed, 125 insertions(+)
> > create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> > create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> >
> > diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> > new file mode 100644
> > index 0000000000..8fb037bb0f
> > --- /dev/null
> > +++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-improve-the-detection-of-cov.patch
> > @@ -0,0 +1,91 @@
> > +From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00 2001
> > +From: drh <>
> > +Date: Sat, 22 Oct 2022 14:16:02 +0000
> > +Subject: [PATCH] This branch attempts to improve the detection of covering
> > + indexes. This first check-in merely improves a parameter name to
> > + sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
> > + that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
> > + faster.
> > +
> > +FossilOrigin-Name: cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
> > +
> > +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a0515502386fe2]
> > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > +---
> > + sqlite3.c | 28 +++++++++++++---------------
> > + 1 file changed, 13 insertions(+), 15 deletions(-)
> > +
> > +diff --git a/sqlite3.c b/sqlite3.c
> > +index 4cbc2d0..b7ed991 100644
> > +--- a/sqlite3.c
> > ++++ b/sqlite3.c
> > +@@ -147371,9 +147371,7 @@ struct WhereInfo {
> > + ExprList *pOrderBy; /* The ORDER BY clause or NULL */
> > + ExprList *pResultSet; /* Result set of the query */
> > + Expr *pWhere; /* The complete WHERE clause */
> > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > +- Select *pLimit; /* Used to access LIMIT expr/registers for vtabs */
> > +-#endif
> > ++ Select *pSelect; /* The entire SELECT statement containing WHERE */
> > + int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt */
> > + int iContinue; /* Jump here to continue with next record */
> > + int iBreak; /* Jump here to break out of the loop */
> > +@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
> > + && pLoop->u.vtab.bOmitOffset
> > + ){
> > + assert( pTerm->eOperator==WO_AUX );
> > +- assert( pWInfo->pLimit!=0 );
> > +- assert( pWInfo->pLimit->iOffset>0 );
> > +- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
> > ++ assert( pWInfo->pSelect!=0 );
> > ++ assert( pWInfo->pSelect->iOffset>0 );
> > ++ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
> > + VdbeComment((v,"Zero OFFSET counter"));
> > + }
> > + }
> > +@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
> > + ** exist only so that they may be passed to the xBestIndex method of the
> > + ** single virtual table in the FROM clause of the SELECT.
> > + */
> > +-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> > +- assert( p==0 || (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0) );
> > +- if( (p && p->pLimit) /* 1 */
> > +- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > ++SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> > ++ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
> > ++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
> > ++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > + && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
> > + ){
> > + ExprList *pOrderBy = p->pOrderBy;
> > +@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> > + Expr *pWhere, /* The WHERE clause */
> > + ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or NULL */
> > + ExprList *pResultSet, /* Query result set. Req'd for DISTINCT */
> > +- Select *pLimit, /* Use this LIMIT/OFFSET clause, if any */
> > ++ Select *pSelect, /* The entire SELECT statement */
> > + u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
> > + int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor number
> > + ** If WHERE_USE_LIMIT, then the limit amount */
> > +@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> > + pWInfo->wctrlFlags = wctrlFlags;
> > + pWInfo->iLimit = iAuxArg;
> > + pWInfo->savedNQueryLoop = pParse->nQueryLoop;
> > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > +- pWInfo->pLimit = pLimit;
> > +-#endif
> > ++ pWInfo->pSelect = pSelect;
> > + memset(&pWInfo->nOBSat, 0,
> > + offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
> > + memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
> > +@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
> > +
> > + /* Analyze all of the subexpressions. */
> > + sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
> > +- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
> > ++ if( pSelect && pSelect->pLimit ){
> > ++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
> > ++ }
> > + if( db->mallocFailed ) goto whereBeginError;
> > +
> > + /* Special case: WHERE terms that do not refer to any tables in the join
> > diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > new file mode 100644
> > index 0000000000..6b041d9332
> > --- /dev/null
> > +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > @@ -0,0 +1,32 @@
> > +From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00 2001
> > +From: drh <>
> > +Date: Thu, 16 Mar 2023 20:54:29 +0000
> > +Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when all of the
> > + result set terms are constant and there are more result set terms than ORDER
> > + BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
> > + [d6fd512f50513ab7].
> > +
> > +FossilOrigin-Name: 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
> > +
> > +CVE: CVE-2025-7458
> > +Upstream-Status: Backport [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
> > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > +---
> > + sqlite3.c | 4 ++++
> > + 1 file changed, 4 insertions(+)
> > +
> > +diff --git a/sqlite3.c b/sqlite3.c
> > +index 19d0438..6d92184 100644
> > +--- a/sqlite3.c
> > ++++ b/sqlite3.c
> > +@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
> > + if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
> > + pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
> > + }
> > ++ if( pWInfo->pSelect->pOrderBy
> > ++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
> > ++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
> > ++ }
> > + }else{
> > + pWInfo->nOBSat = pFrom->isOrdered;
> > + pWInfo->revMask = pFrom->revLoop;
> > diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > index 656e2d8bd8..86d9b4b33b 100644
> > --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > @@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-${SQLITE_PV}.tar.gz \
> > file://CVE-2023-7104.patch \
> > file://CVE-2025-29088.patch \
> > file://CVE-2025-6965.patch \
> > + file://0001-This-branch-attempts-to-improve-the-detection-of-cov.patch \
> > + file://CVE-2025-7458.patch \
> > "
> > SRC_URI[sha256sum] = "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
> >
> >
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#221481): https://lists.openembedded.org/g/openembedded-core/message/221481
> > Mute This Topic: https://lists.openembedded.org/mt/114551672/3618471
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [niko.mauno@vaisala.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* RE: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-08-29 15:37 ` Steve Sakoman
@ 2025-08-31 21:12 ` Marko, Peter
2025-09-03 22:34 ` Marko, Peter
0 siblings, 1 reply; 19+ messages in thread
From: Marko, Peter @ 2025-08-31 21:12 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core@lists.openembedded.org, Niko Mauno
> -----Original Message-----
> From: Steve Sakoman <steve@sakoman.com>
> Sent: Friday, August 29, 2025 17:38
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> Cc: openembedded-core@lists.openembedded.org; Niko Mauno
> <niko.mauno@vaisala.com>
> Subject: Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
>
> On Fri, Aug 29, 2025 at 4:25 AM Niko Mauno <niko.mauno@vaisala.com> wrote:
> >
> > We have found that since this patch SELECT queries with
> COUNT(DISTINCT(column)) seem to cause sqlite to segfault. E.g.
> >
> > # sqlite3 :memory: 'create table foo (x int); select count(distinct(x)) from foo;'
> > Segmentation fault (core dumped)
>
> Hi Peter,
>
> Could you check this to see if you can reproduce it?
I'll be offline for next two weeks, please revert and I'll check it when I'm back.
>
> If so, we should revert this patch.
>
> Steve
>
> > On 5.8.2025 19.43, Steve Sakoman via lists.openembedded.org wrote:
> > > From: Peter Marko <peter.marko@siemens.com>
> > >
> > > Pick patch [1] listed in [2].
> > > Also pick another patch which is precondition to this one introducing
> > > variable needed for the check.
> > >
> > > [1] https://sqlite.org/src/info/12ad822d9b827777
> > > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
> > >
> > > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > > ---
> > > ...mpts-to-improve-the-detection-of-cov.patch | 91 +++++++++++++++++++
> > > .../sqlite/files/CVE-2025-7458.patch | 32 +++++++
> > > meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
> > > 3 files changed, 125 insertions(+)
> > > create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-
> attempts-to-improve-the-detection-of-cov.patch
> > > create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > >
> > > diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-This-
> branch-attempts-to-improve-the-detection-of-cov.patch
> > > new file mode 100644
> > > index 0000000000..8fb037bb0f
> > > --- /dev/null
> > > +++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> improve-the-detection-of-cov.patch
> > > @@ -0,0 +1,91 @@
> > > +From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00
> 2001
> > > +From: drh <>
> > > +Date: Sat, 22 Oct 2022 14:16:02 +0000
> > > +Subject: [PATCH] This branch attempts to improve the detection of covering
> > > + indexes. This first check-in merely improves a parameter name to
> > > + sqlite3WhereBegin() to be more descriptive of what it contains, and ensures
> > > + that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
> > > + faster.
> > > +
> > > +FossilOrigin-Name:
> cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
> > > +
> > > +Upstream-Status: Backport
> [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a051550238
> 6fe2]
> > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > +---
> > > + sqlite3.c | 28 +++++++++++++---------------
> > > + 1 file changed, 13 insertions(+), 15 deletions(-)
> > > +
> > > +diff --git a/sqlite3.c b/sqlite3.c
> > > +index 4cbc2d0..b7ed991 100644
> > > +--- a/sqlite3.c
> > > ++++ b/sqlite3.c
> > > +@@ -147371,9 +147371,7 @@ struct WhereInfo {
> > > + ExprList *pOrderBy; /* The ORDER BY clause or NULL */
> > > + ExprList *pResultSet; /* Result set of the query */
> > > + Expr *pWhere; /* The complete WHERE clause */
> > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > +- Select *pLimit; /* Used to access LIMIT expr/registers for vtabs */
> > > +-#endif
> > > ++ Select *pSelect; /* The entire SELECT statement containing
> WHERE */
> > > + int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt */
> > > + int iContinue; /* Jump here to continue with next record */
> > > + int iBreak; /* Jump here to break out of the loop */
> > > +@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask
> sqlite3WhereCodeOneLoopStart(
> > > + && pLoop->u.vtab.bOmitOffset
> > > + ){
> > > + assert( pTerm->eOperator==WO_AUX );
> > > +- assert( pWInfo->pLimit!=0 );
> > > +- assert( pWInfo->pLimit->iOffset>0 );
> > > +- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
> > > ++ assert( pWInfo->pSelect!=0 );
> > > ++ assert( pWInfo->pSelect->iOffset>0 );
> > > ++ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
> > > + VdbeComment((v,"Zero OFFSET counter"));
> > > + }
> > > + }
> > > +@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
> > > + ** exist only so that they may be passed to the xBestIndex method of the
> > > + ** single virtual table in the FROM clause of the SELECT.
> > > + */
> > > +-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC, Select
> *p){
> > > +- assert( p==0 || (p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0)
> );
> > > +- if( (p && p->pLimit) /* 1 */
> > > +- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > > ++SQLITE_PRIVATE void SQLITE_NOINLINE
> sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> > > ++ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
> > > ++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
> > > ++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > > + && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
> > > + ){
> > > + ExprList *pOrderBy = p->pOrderBy;
> > > +@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo
> *sqlite3WhereBegin(
> > > + Expr *pWhere, /* The WHERE clause */
> > > + ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or NULL
> */
> > > + ExprList *pResultSet, /* Query result set. Req'd for DISTINCT */
> > > +- Select *pLimit, /* Use this LIMIT/OFFSET clause, if any */
> > > ++ Select *pSelect, /* The entire SELECT statement */
> > > + u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
> > > + int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor
> number
> > > + ** If WHERE_USE_LIMIT, then the limit amount */
> > > +@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo
> *sqlite3WhereBegin(
> > > + pWInfo->wctrlFlags = wctrlFlags;
> > > + pWInfo->iLimit = iAuxArg;
> > > + pWInfo->savedNQueryLoop = pParse->nQueryLoop;
> > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > +- pWInfo->pLimit = pLimit;
> > > +-#endif
> > > ++ pWInfo->pSelect = pSelect;
> > > + memset(&pWInfo->nOBSat, 0,
> > > + offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
> > > + memset(&pWInfo->a[0], 0,
> sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
> > > +@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo
> *sqlite3WhereBegin(
> > > +
> > > + /* Analyze all of the subexpressions. */
> > > + sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
> > > +- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
> > > ++ if( pSelect && pSelect->pLimit ){
> > > ++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
> > > ++ }
> > > + if( db->mallocFailed ) goto whereBeginError;
> > > +
> > > + /* Special case: WHERE terms that do not refer to any tables in the join
> > > diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > new file mode 100644
> > > index 0000000000..6b041d9332
> > > --- /dev/null
> > > +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > @@ -0,0 +1,32 @@
> > > +From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17 00:00:00
> 2001
> > > +From: drh <>
> > > +Date: Thu, 16 Mar 2023 20:54:29 +0000
> > > +Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY when
> all of the
> > > + result set terms are constant and there are more result set terms than
> ORDER
> > > + BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
> > > + [d6fd512f50513ab7].
> > > +
> > > +FossilOrigin-Name:
> 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
> > > +
> > > +CVE: CVE-2025-7458
> > > +Upstream-Status: Backport
> [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
> > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > +---
> > > + sqlite3.c | 4 ++++
> > > + 1 file changed, 4 insertions(+)
> > > +
> > > +diff --git a/sqlite3.c b/sqlite3.c
> > > +index 19d0438..6d92184 100644
> > > +--- a/sqlite3.c
> > > ++++ b/sqlite3.c
> > > +@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo
> *pWInfo, LogEst nRowEst){
> > > + if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
> > > + pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
> > > + }
> > > ++ if( pWInfo->pSelect->pOrderBy
> > > ++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
> > > ++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
> > > ++ }
> > > + }else{
> > > + pWInfo->nOBSat = pFrom->isOrdered;
> > > + pWInfo->revMask = pFrom->revLoop;
> > > diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-
> support/sqlite/sqlite3_3.38.5.bb
> > > index 656e2d8bd8..86d9b4b33b 100644
> > > --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > @@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-autoconf-
> ${SQLITE_PV}.tar.gz \
> > > file://CVE-2023-7104.patch \
> > > file://CVE-2025-29088.patch \
> > > file://CVE-2025-6965.patch \
> > > + file://0001-This-branch-attempts-to-improve-the-detection-of-
> cov.patch \
> > > + file://CVE-2025-7458.patch \
> > > "
> > > SRC_URI[sha256sum] =
> "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
> > >
> > >
> > >
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > > Links: You receive all messages sent to this group.
> > > View/Reply Online (#221481):
> https://lists.openembedded.org/g/openembedded-core/message/221481
> > > Mute This Topic: https://lists.openembedded.org/mt/114551672/3618471
> > > Group Owner: openembedded-core+owner@lists.openembedded.org
> > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
> [niko.mauno@vaisala.com]
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > >
> >
^ permalink raw reply [flat|nested] 19+ messages in thread
* RE: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-08-31 21:12 ` Marko, Peter
@ 2025-09-03 22:34 ` Marko, Peter
2025-09-03 23:03 ` Steve Sakoman
0 siblings, 1 reply; 19+ messages in thread
From: Marko, Peter @ 2025-09-03 22:34 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core@lists.openembedded.org, Niko Mauno
I have looked at the problem and reverting was the correct action.
Trying to identify missing patch I realized that the CVE does not affect our version,
so I'd have to backport additional patches which would first introduce the CVE and then fix it.
Sorry for this inconvenience.
Peter
> -----Original Message-----
> From: Marko, Peter (FT D EU SK BFS1)
> Sent: Sunday, August 31, 2025 23:12
> To: Steve Sakoman <steve@sakoman.com>
> Cc: openembedded-core@lists.openembedded.org; Niko Mauno
> <niko.mauno@vaisala.com>
> Subject: RE: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
>
>
>
> > -----Original Message-----
> > From: Steve Sakoman <steve@sakoman.com>
> > Sent: Friday, August 29, 2025 17:38
> > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> > Cc: openembedded-core@lists.openembedded.org; Niko Mauno
> > <niko.mauno@vaisala.com>
> > Subject: Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
> >
> > On Fri, Aug 29, 2025 at 4:25 AM Niko Mauno <niko.mauno@vaisala.com>
> wrote:
> > >
> > > We have found that since this patch SELECT queries with
> > COUNT(DISTINCT(column)) seem to cause sqlite to segfault. E.g.
> > >
> > > # sqlite3 :memory: 'create table foo (x int); select count(distinct(x)) from foo;'
> > > Segmentation fault (core dumped)
> >
> > Hi Peter,
> >
> > Could you check this to see if you can reproduce it?
>
> I'll be offline for next two weeks, please revert and I'll check it when I'm back.
>
> >
> > If so, we should revert this patch.
> >
> > Steve
> >
> > > On 5.8.2025 19.43, Steve Sakoman via lists.openembedded.org wrote:
> > > > From: Peter Marko <peter.marko@siemens.com>
> > > >
> > > > Pick patch [1] listed in [2].
> > > > Also pick another patch which is precondition to this one introducing
> > > > variable needed for the check.
> > > >
> > > > [1] https://sqlite.org/src/info/12ad822d9b827777
> > > > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
> > > >
> > > > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > > > ---
> > > > ...mpts-to-improve-the-detection-of-cov.patch | 91
> +++++++++++++++++++
> > > > .../sqlite/files/CVE-2025-7458.patch | 32 +++++++
> > > > meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
> > > > 3 files changed, 125 insertions(+)
> > > > create mode 100644 meta/recipes-support/sqlite/files/0001-This-branch-
> > attempts-to-improve-the-detection-of-cov.patch
> > > > create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-
> 7458.patch
> > > >
> > > > diff --git a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> > improve-the-detection-of-cov.patch b/meta/recipes-support/sqlite/files/0001-
> This-
> > branch-attempts-to-improve-the-detection-of-cov.patch
> > > > new file mode 100644
> > > > index 0000000000..8fb037bb0f
> > > > --- /dev/null
> > > > +++ b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> > improve-the-detection-of-cov.patch
> > > > @@ -0,0 +1,91 @@
> > > > +From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00
> > 2001
> > > > +From: drh <>
> > > > +Date: Sat, 22 Oct 2022 14:16:02 +0000
> > > > +Subject: [PATCH] This branch attempts to improve the detection of
> covering
> > > > + indexes. This first check-in merely improves a parameter name to
> > > > + sqlite3WhereBegin() to be more descriptive of what it contains, and
> ensures
> > > > + that a subroutine is not inlines so that sqlite3WhereBegin() runs slightly
> > > > + faster.
> > > > +
> > > > +FossilOrigin-Name:
> > cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
> > > > +
> > > > +Upstream-Status: Backport
> >
> [https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a051550238
> > 6fe2]
> > > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > +---
> > > > + sqlite3.c | 28 +++++++++++++---------------
> > > > + 1 file changed, 13 insertions(+), 15 deletions(-)
> > > > +
> > > > +diff --git a/sqlite3.c b/sqlite3.c
> > > > +index 4cbc2d0..b7ed991 100644
> > > > +--- a/sqlite3.c
> > > > ++++ b/sqlite3.c
> > > > +@@ -147371,9 +147371,7 @@ struct WhereInfo {
> > > > + ExprList *pOrderBy; /* The ORDER BY clause or NULL */
> > > > + ExprList *pResultSet; /* Result set of the query */
> > > > + Expr *pWhere; /* The complete WHERE clause */
> > > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > > +- Select *pLimit; /* Used to access LIMIT expr/registers for vtabs */
> > > > +-#endif
> > > > ++ Select *pSelect; /* The entire SELECT statement containing
> > WHERE */
> > > > + int aiCurOnePass[2]; /* OP_OpenWrite cursors for the ONEPASS opt
> */
> > > > + int iContinue; /* Jump here to continue with next record */
> > > > + int iBreak; /* Jump here to break out of the loop */
> > > > +@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask
> > sqlite3WhereCodeOneLoopStart(
> > > > + && pLoop->u.vtab.bOmitOffset
> > > > + ){
> > > > + assert( pTerm->eOperator==WO_AUX );
> > > > +- assert( pWInfo->pLimit!=0 );
> > > > +- assert( pWInfo->pLimit->iOffset>0 );
> > > > +- sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pLimit->iOffset);
> > > > ++ assert( pWInfo->pSelect!=0 );
> > > > ++ assert( pWInfo->pSelect->iOffset>0 );
> > > > ++ sqlite3VdbeAddOp2(v, OP_Integer, 0, pWInfo->pSelect->iOffset);
> > > > + VdbeComment((v,"Zero OFFSET counter"));
> > > > + }
> > > > + }
> > > > +@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
> > > > + ** exist only so that they may be passed to the xBestIndex method of the
> > > > + ** single virtual table in the FROM clause of the SELECT.
> > > > + */
> > > > +-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC,
> Select
> > *p){
> > > > +- assert( p==0 || (p->pGroupBy==0 && (p->selFlags &
> SF_Aggregate)==0)
> > );
> > > > +- if( (p && p->pLimit) /* 1 */
> > > > +- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > > > ++SQLITE_PRIVATE void SQLITE_NOINLINE
> > sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> > > > ++ assert( p!=0 && p->pLimit!=0 ); /* 1 -- checked by caller */
> > > > ++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
> > > > ++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0 /* 2 */
> > > > + && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab)) /* 3 */
> > > > + ){
> > > > + ExprList *pOrderBy = p->pOrderBy;
> > > > +@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo
> > *sqlite3WhereBegin(
> > > > + Expr *pWhere, /* The WHERE clause */
> > > > + ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or
> NULL
> > */
> > > > + ExprList *pResultSet, /* Query result set. Req'd for DISTINCT */
> > > > +- Select *pLimit, /* Use this LIMIT/OFFSET clause, if any */
> > > > ++ Select *pSelect, /* The entire SELECT statement */
> > > > + u16 wctrlFlags, /* The WHERE_* flags defined in sqliteInt.h */
> > > > + int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index cursor
> > number
> > > > + ** If WHERE_USE_LIMIT, then the limit amount */
> > > > +@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo
> > *sqlite3WhereBegin(
> > > > + pWInfo->wctrlFlags = wctrlFlags;
> > > > + pWInfo->iLimit = iAuxArg;
> > > > + pWInfo->savedNQueryLoop = pParse->nQueryLoop;
> > > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > > +- pWInfo->pLimit = pLimit;
> > > > +-#endif
> > > > ++ pWInfo->pSelect = pSelect;
> > > > + memset(&pWInfo->nOBSat, 0,
> > > > + offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
> > > > + memset(&pWInfo->a[0], 0,
> > sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
> > > > +@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo
> > *sqlite3WhereBegin(
> > > > +
> > > > + /* Analyze all of the subexpressions. */
> > > > + sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
> > > > +- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
> > > > ++ if( pSelect && pSelect->pLimit ){
> > > > ++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
> > > > ++ }
> > > > + if( db->mallocFailed ) goto whereBeginError;
> > > > +
> > > > + /* Special case: WHERE terms that do not refer to any tables in the join
> > > > diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > > new file mode 100644
> > > > index 0000000000..6b041d9332
> > > > --- /dev/null
> > > > +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > > @@ -0,0 +1,32 @@
> > > > +From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17
> 00:00:00
> > 2001
> > > > +From: drh <>
> > > > +Date: Thu, 16 Mar 2023 20:54:29 +0000
> > > > +Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY
> when
> > all of the
> > > > + result set terms are constant and there are more result set terms than
> > ORDER
> > > > + BY terms. Fix for these tickets: [c36cdb4afd504dc1], [4051a7f931d9ba24],
> > > > + [d6fd512f50513ab7].
> > > > +
> > > > +FossilOrigin-Name:
> > 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
> > > > +
> > > > +CVE: CVE-2025-7458
> > > > +Upstream-Status: Backport
> >
> [github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
> > > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > +---
> > > > + sqlite3.c | 4 ++++
> > > > + 1 file changed, 4 insertions(+)
> > > > +
> > > > +diff --git a/sqlite3.c b/sqlite3.c
> > > > +index 19d0438..6d92184 100644
> > > > +--- a/sqlite3.c
> > > > ++++ b/sqlite3.c
> > > > +@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo
> > *pWInfo, LogEst nRowEst){
> > > > + if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
> > > > + pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
> > > > + }
> > > > ++ if( pWInfo->pSelect->pOrderBy
> > > > ++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
> > > > ++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
> > > > ++ }
> > > > + }else{
> > > > + pWInfo->nOBSat = pFrom->isOrdered;
> > > > + pWInfo->revMask = pFrom->revLoop;
> > > > diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-
> > support/sqlite/sqlite3_3.38.5.bb
> > > > index 656e2d8bd8..86d9b4b33b 100644
> > > > --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > > +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > > @@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-
> autoconf-
> > ${SQLITE_PV}.tar.gz \
> > > > file://CVE-2023-7104.patch \
> > > > file://CVE-2025-29088.patch \
> > > > file://CVE-2025-6965.patch \
> > > > + file://0001-This-branch-attempts-to-improve-the-detection-of-
> > cov.patch \
> > > > + file://CVE-2025-7458.patch \
> > > > "
> > > > SRC_URI[sha256sum] =
> > "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
> > > >
> > > >
> > > >
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > Links: You receive all messages sent to this group.
> > > > View/Reply Online (#221481):
> > https://lists.openembedded.org/g/openembedded-core/message/221481
> > > > Mute This Topic: https://lists.openembedded.org/mt/114551672/3618471
> > > > Group Owner: openembedded-core+owner@lists.openembedded.org
> > > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
> > [niko.mauno@vaisala.com]
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > >
> > >
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
2025-09-03 22:34 ` Marko, Peter
@ 2025-09-03 23:03 ` Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-09-03 23:03 UTC (permalink / raw)
To: Marko, Peter; +Cc: Patches and discussions about the oe-core layer, Niko Mauno
[-- Attachment #1: Type: text/plain, Size: 12655 bytes --]
On Wed, Sep 3, 2025, 3:34 PM Marko, Peter <Peter.Marko@siemens.com> wrote:
> I have looked at the problem and reverting was the correct action.
> Trying to identify missing patch I realized that the CVE does not affect
> our version,
> so I'd have to backport additional patches which would first introduce the
> CVE and then fix it
>
Thanks for investigating!
Steve
> Sorry for this inconvenience.
>
> Peter
>
> > -----Original Message-----
> > From: Marko, Peter (FT D EU SK BFS1)
> > Sent: Sunday, August 31, 2025 23:12
> > To: Steve Sakoman <steve@sakoman.com>
> > Cc: openembedded-core@lists.openembedded.org; Niko Mauno
> > <niko.mauno@vaisala.com>
> > Subject: RE: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
> >
> >
> >
> > > -----Original Message-----
> > > From: Steve Sakoman <steve@sakoman.com>
> > > Sent: Friday, August 29, 2025 17:38
> > > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>
> > > Cc: openembedded-core@lists.openembedded.org; Niko Mauno
> > > <niko.mauno@vaisala.com>
> > > Subject: Re: [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458
> > >
> > > On Fri, Aug 29, 2025 at 4:25 AM Niko Mauno <niko.mauno@vaisala.com>
> > wrote:
> > > >
> > > > We have found that since this patch SELECT queries with
> > > COUNT(DISTINCT(column)) seem to cause sqlite to segfault. E.g.
> > > >
> > > > # sqlite3 :memory: 'create table foo (x int); select
> count(distinct(x)) from foo;'
> > > > Segmentation fault (core dumped)
> > >
> > > Hi Peter,
> > >
> > > Could you check this to see if you can reproduce it?
> >
> > I'll be offline for next two weeks, please revert and I'll check it when
> I'm back.
> >
> > >
> > > If so, we should revert this patch.
> > >
> > > Steve
> > >
> > > > On 5.8.2025 19.43, Steve Sakoman via lists.openembedded.org wrote:
> > > > > From: Peter Marko <peter.marko@siemens.com>
> > > > >
> > > > > Pick patch [1] listed in [2].
> > > > > Also pick another patch which is precondition to this one
> introducing
> > > > > variable needed for the check.
> > > > >
> > > > > [1] https://sqlite.org/src/info/12ad822d9b827777
> > > > > [2] https://nvd.nist.gov/vuln/detail/CVE-2025-7458
> > > > >
> > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > > > > ---
> > > > > ...mpts-to-improve-the-detection-of-cov.patch | 91
> > +++++++++++++++++++
> > > > > .../sqlite/files/CVE-2025-7458.patch | 32 +++++++
> > > > > meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 +
> > > > > 3 files changed, 125 insertions(+)
> > > > > create mode 100644
> meta/recipes-support/sqlite/files/0001-This-branch-
> > > attempts-to-improve-the-detection-of-cov.patch
> > > > > create mode 100644 meta/recipes-support/sqlite/files/CVE-2025-
> > 7458.patch
> > > > >
> > > > > diff --git
> a/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> > > improve-the-detection-of-cov.patch
> b/meta/recipes-support/sqlite/files/0001-
> > This-
> > > branch-attempts-to-improve-the-detection-of-cov.patch
> > > > > new file mode 100644
> > > > > index 0000000000..8fb037bb0f
> > > > > --- /dev/null
> > > > > +++
> b/meta/recipes-support/sqlite/files/0001-This-branch-attempts-to-
> > > improve-the-detection-of-cov.patch
> > > > > @@ -0,0 +1,91 @@
> > > > > +From f55a7dad195994f2bb24db7df0a0515502386fe2 Mon Sep 17 00:00:00
> > > 2001
> > > > > +From: drh <>
> > > > > +Date: Sat, 22 Oct 2022 14:16:02 +0000
> > > > > +Subject: [PATCH] This branch attempts to improve the detection of
> > covering
> > > > > + indexes. This first check-in merely improves a parameter name to
> > > > > + sqlite3WhereBegin() to be more descriptive of what it contains,
> and
> > ensures
> > > > > + that a subroutine is not inlines so that sqlite3WhereBegin()
> runs slightly
> > > > > + faster.
> > > > > +
> > > > > +FossilOrigin-Name:
> > > cadf5f6bb1ce0492ef858ada476288e8057afd3609caa18b09c818d3845d7244
> > > > > +
> > > > > +Upstream-Status: Backport
> > >
> > [
> https://github.com/sqlite/sqlite/commit/f55a7dad195994f2bb24db7df0a051550238
> > > 6fe2]
> > > > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > > +---
> > > > > + sqlite3.c | 28 +++++++++++++---------------
> > > > > + 1 file changed, 13 insertions(+), 15 deletions(-)
> > > > > +
> > > > > +diff --git a/sqlite3.c b/sqlite3.c
> > > > > +index 4cbc2d0..b7ed991 100644
> > > > > +--- a/sqlite3.c
> > > > > ++++ b/sqlite3.c
> > > > > +@@ -147371,9 +147371,7 @@ struct WhereInfo {
> > > > > + ExprList *pOrderBy; /* The ORDER BY clause or NULL */
> > > > > + ExprList *pResultSet; /* Result set of the query */
> > > > > + Expr *pWhere; /* The complete WHERE clause */
> > > > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > > > +- Select *pLimit; /* Used to access LIMIT
> expr/registers for vtabs */
> > > > > +-#endif
> > > > > ++ Select *pSelect; /* The entire SELECT statement
> containing
> > > WHERE */
> > > > > + int aiCurOnePass[2]; /* OP_OpenWrite cursors for the
> ONEPASS opt
> > */
> > > > > + int iContinue; /* Jump here to continue with next
> record */
> > > > > + int iBreak; /* Jump here to break out of the
> loop */
> > > > > +@@ -149070,9 +149068,9 @@ SQLITE_PRIVATE Bitmask
> > > sqlite3WhereCodeOneLoopStart(
> > > > > + && pLoop->u.vtab.bOmitOffset
> > > > > + ){
> > > > > + assert( pTerm->eOperator==WO_AUX );
> > > > > +- assert( pWInfo->pLimit!=0 );
> > > > > +- assert( pWInfo->pLimit->iOffset>0 );
> > > > > +- sqlite3VdbeAddOp2(v, OP_Integer, 0,
> pWInfo->pLimit->iOffset);
> > > > > ++ assert( pWInfo->pSelect!=0 );
> > > > > ++ assert( pWInfo->pSelect->iOffset>0 );
> > > > > ++ sqlite3VdbeAddOp2(v, OP_Integer, 0,
> pWInfo->pSelect->iOffset);
> > > > > + VdbeComment((v,"Zero OFFSET counter"));
> > > > > + }
> > > > > + }
> > > > > +@@ -151830,10 +151828,10 @@ static void whereAddLimitExpr(
> > > > > + ** exist only so that they may be passed to the xBestIndex
> method of the
> > > > > + ** single virtual table in the FROM clause of the SELECT.
> > > > > + */
> > > > > +-SQLITE_PRIVATE void sqlite3WhereAddLimit(WhereClause *pWC,
> > Select
> > > *p){
> > > > > +- assert( p==0 || (p->pGroupBy==0 && (p->selFlags &
> > SF_Aggregate)==0)
> > > );
> > > > > +- if( (p && p->pLimit)
> /* 1 */
> > > > > +- && (p->selFlags & (SF_Distinct|SF_Aggregate))==0
> /* 2 */
> > > > > ++SQLITE_PRIVATE void SQLITE_NOINLINE
> > > sqlite3WhereAddLimit(WhereClause *pWC, Select *p){
> > > > > ++ assert( p!=0 && p->pLimit!=0 ); /* 1 --
> checked by caller */
> > > > > ++ assert( p->pGroupBy==0 && (p->selFlags & SF_Aggregate)==0 );
> > > > > ++ if( (p->selFlags & (SF_Distinct|SF_Aggregate))==0
> /* 2 */
> > > > > + && (p->pSrc->nSrc==1 && IsVirtual(p->pSrc->a[0].pTab))
> /* 3 */
> > > > > + ){
> > > > > + ExprList *pOrderBy = p->pOrderBy;
> > > > > +@@ -157427,7 +157425,7 @@ SQLITE_PRIVATE WhereInfo
> > > *sqlite3WhereBegin(
> > > > > + Expr *pWhere, /* The WHERE clause */
> > > > > + ExprList *pOrderBy, /* An ORDER BY (or GROUP BY) clause, or
> > NULL
> > > */
> > > > > + ExprList *pResultSet, /* Query result set. Req'd for
> DISTINCT */
> > > > > +- Select *pLimit, /* Use this LIMIT/OFFSET clause, if
> any */
> > > > > ++ Select *pSelect, /* The entire SELECT statement */
> > > > > + u16 wctrlFlags, /* The WHERE_* flags defined in
> sqliteInt.h */
> > > > > + int iAuxArg /* If WHERE_OR_SUBCLAUSE is set, index
> cursor
> > > number
> > > > > + ** If WHERE_USE_LIMIT, then the limit
> amount */
> > > > > +@@ -157504,9 +157502,7 @@ SQLITE_PRIVATE WhereInfo
> > > *sqlite3WhereBegin(
> > > > > + pWInfo->wctrlFlags = wctrlFlags;
> > > > > + pWInfo->iLimit = iAuxArg;
> > > > > + pWInfo->savedNQueryLoop = pParse->nQueryLoop;
> > > > > +-#ifndef SQLITE_OMIT_VIRTUALTABLE
> > > > > +- pWInfo->pLimit = pLimit;
> > > > > +-#endif
> > > > > ++ pWInfo->pSelect = pSelect;
> > > > > + memset(&pWInfo->nOBSat, 0,
> > > > > + offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
> > > > > + memset(&pWInfo->a[0], 0,
> > > sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
> > > > > +@@ -157575,7 +157571,9 @@ SQLITE_PRIVATE WhereInfo
> > > *sqlite3WhereBegin(
> > > > > +
> > > > > + /* Analyze all of the subexpressions. */
> > > > > + sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
> > > > > +- sqlite3WhereAddLimit(&pWInfo->sWC, pLimit);
> > > > > ++ if( pSelect && pSelect->pLimit ){
> > > > > ++ sqlite3WhereAddLimit(&pWInfo->sWC, pSelect);
> > > > > ++ }
> > > > > + if( db->mallocFailed ) goto whereBeginError;
> > > > > +
> > > > > + /* Special case: WHERE terms that do not refer to any tables
> in the join
> > > > > diff --git a/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > > > new file mode 100644
> > > > > index 0000000000..6b041d9332
> > > > > --- /dev/null
> > > > > +++ b/meta/recipes-support/sqlite/files/CVE-2025-7458.patch
> > > > > @@ -0,0 +1,32 @@
> > > > > +From b816ca9994e03a8bc829b49452b8158a731e81a9 Mon Sep 17
> > 00:00:00
> > > 2001
> > > > > +From: drh <>
> > > > > +Date: Thu, 16 Mar 2023 20:54:29 +0000
> > > > > +Subject: [PATCH] Correctly handle SELECT DISTINCT ... ORDER BY
> > when
> > > all of the
> > > > > + result set terms are constant and there are more result set
> terms than
> > > ORDER
> > > > > + BY terms. Fix for these tickets: [c36cdb4afd504dc1],
> [4051a7f931d9ba24],
> > > > > + [d6fd512f50513ab7].
> > > > > +
> > > > > +FossilOrigin-Name:
> > > 12ad822d9b827777526ca5ed5bf3e678d600294fc9b5c25482dfff2a021328a4
> > > > > +
> > > > > +CVE: CVE-2025-7458
> > > > > +Upstream-Status: Backport
> > >
> > [
> github.com/sqlite/sqlite/commit/b816ca9994e03a8bc829b49452b8158a731e81a9]
> > > > > +Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > > > > +---
> > > > > + sqlite3.c | 4 ++++
> > > > > + 1 file changed, 4 insertions(+)
> > > > > +
> > > > > +diff --git a/sqlite3.c b/sqlite3.c
> > > > > +index 19d0438..6d92184 100644
> > > > > +--- a/sqlite3.c
> > > > > ++++ b/sqlite3.c
> > > > > +@@ -156989,6 +156989,10 @@ static int wherePathSolver(WhereInfo
> > > *pWInfo, LogEst nRowEst){
> > > > > + if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
> > > > > + pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
> > > > > + }
> > > > > ++ if( pWInfo->pSelect->pOrderBy
> > > > > ++ && pWInfo->nOBSat > pWInfo->pSelect->pOrderBy->nExpr ){
> > > > > ++ pWInfo->nOBSat = pWInfo->pSelect->pOrderBy->nExpr;
> > > > > ++ }
> > > > > + }else{
> > > > > + pWInfo->nOBSat = pFrom->isOrdered;
> > > > > + pWInfo->revMask = pFrom->revLoop;
> > > > > diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> b/meta/recipes-
> > > support/sqlite/sqlite3_3.38.5.bb
> > > > > index 656e2d8bd8..86d9b4b33b 100644
> > > > > --- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > > > +++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
> > > > > @@ -10,6 +10,8 @@ SRC_URI = "http://www.sqlite.org/2022/sqlite-
> > autoconf-
> > > ${SQLITE_PV}.tar.gz \
> > > > > file://CVE-2023-7104.patch \
> > > > > file://CVE-2025-29088.patch \
> > > > > file://CVE-2025-6965.patch \
> > > > > +
> file://0001-This-branch-attempts-to-improve-the-detection-of-
> > > cov.patch \
> > > > > + file://CVE-2025-7458.patch \
> > > > > "
> > > > > SRC_URI[sha256sum] =
> > > "5af07de982ba658fd91a03170c945f99c971f6955bc79df3266544373e39869c"
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > Links: You receive all messages sent to this group.
> > > > > View/Reply Online (#221481):
> > > https://lists.openembedded.org/g/openembedded-core/message/221481
> > > > > Mute This Topic:
> https://lists.openembedded.org/mt/114551672/3618471
> > > > > Group Owner: openembedded-core+owner@lists.openembedded.org
> > > > > Unsubscribe:
> https://lists.openembedded.org/g/openembedded-core/unsub
> > > [niko.mauno@vaisala.com]
> > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > >
> > > >
>
[-- Attachment #2: Type: text/html, Size: 20119 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-10-29 2:54 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-10-29 2:54 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, October 30
Passed a-full on the autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2650
The following changes since commit 9b3dbd691f6ebdbdfe88cef3d3a676ddd1399c63:
python3: upgrade 3.10.18 -> 3.10.19 (2025-10-17 07:39:27 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (1):
git: fix CVE-2025-48386
Peter Marko (1):
lz4: patch CVE-2025-62813
Yash Shinde (2):
binutils: fix CVE-2025-11081
binutils: fix CVE-2025-8225
.../binutils/binutils-2.38.inc | 2 +
.../binutils/0046-CVE-2025-11081.patch | 84 ++++++++++++++++
.../binutils/0047-CVE-2025-8225.patch | 47 +++++++++
.../git/git/CVE-2025-48386.patch | 97 +++++++++++++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 1 +
.../lz4/files/CVE-2025-62813.patch | 69 +++++++++++++
meta/recipes-support/lz4/lz4_1.9.4.bb | 4 +-
7 files changed, 303 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0046-CVE-2025-11081.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0047-CVE-2025-8225.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2025-48386.patch
create mode 100644 meta/recipes-support/lz4/files/CVE-2025-62813.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-12-09 21:53 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-12-09 21:53 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, December 11
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2836
The following changes since commit 80c7fd87fd95a79c6eb5f41b95cf70ccc70d9615:
systemd-bootchart: update SRC_URI branch (2025-12-01 07:13:56 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
libxml2: Security fix for CVE-2025-7425
openssh: fix CVE-2025-61984
Peter Marko (2):
libpng: patch CVE-2025-66293
libmicrohttpd: disable experimental code by default
.../openssh/openssh/CVE-2025-61984.patch | 98 +++
.../openssh/openssh_8.9p1.bb | 1 +
.../libxml/libxml2/CVE-2025-7425.patch | 802 ++++++++++++++++++
meta/recipes-core/libxml/libxml2_2.9.14.bb | 1 +
.../libpng/files/CVE-2025-66293-01.patch | 60 ++
.../libpng/files/CVE-2025-66293-02.patch | 125 +++
.../libpng/libpng_1.6.39.bb | 2 +
.../libmicrohttpd/libmicrohttpd_0.9.76.bb | 3 +
8 files changed, 1092 insertions(+)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2025-61984.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-7425.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-66293-01.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2025-66293-02.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
* [OE-core][kirkstone 0/4] Patch review
@ 2025-12-29 23:03 Steve Sakoman
0 siblings, 0 replies; 19+ messages in thread
From: Steve Sakoman @ 2025-12-29 23:03 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Wednesday, December 31
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2953
The following changes since commit c15faee8854e85e02693a041d88326f30b24ee92:
cross.bbclass: Propagate dependencies to outhash (2025-12-29 08:40:22 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Jiaying Song (1):
grub: fix CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
Vijay Anusuri (3):
go: Update CVE-2025-58187
go: Fix CVE-2025-61727
go: Fix CVE-2025-61729
.../grub/files/CVE-2025-61661.patch | 40 ++
.../grub/files/CVE-2025-61662.patch | 72 +++
.../grub/files/CVE-2025-61663_61664.patch | 64 +++
meta/recipes-bsp/grub/grub2.inc | 3 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +-
...025-58187.patch => CVE-2025-58187-1.patch} | 0
.../go/go-1.18/CVE-2025-58187-2.patch | 516 ++++++++++++++++++
.../go/go-1.18/CVE-2025-61727.patch | 229 ++++++++
.../go/go-1.18/CVE-2025-61729.patch | 172 ++++++
9 files changed, 1100 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
rename meta/recipes-devtools/go/go-1.18/{CVE-2025-58187.patch => CVE-2025-58187-1.patch} (100%)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2025-58187-2.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2025-61727.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2025-61729.patch
--
2.43.0
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2025-12-29 23:03 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-05 16:43 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 1/4] avahi: fix CVE-2024-52615 Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 2/4] sqlite3: patch CVE-2025-7458 Steve Sakoman
2025-08-29 11:25 ` Niko Mauno
2025-08-29 15:37 ` Steve Sakoman
2025-08-31 21:12 ` Marko, Peter
2025-09-03 22:34 ` Marko, Peter
2025-09-03 23:03 ` Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277 Steve Sakoman
2025-08-05 16:43 ` [OE-core][kirkstone 4/4] glibc: stable 2.35 branch updates Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-12-29 23:03 [OE-core][kirkstone 0/4] Patch review Steve Sakoman
2025-12-09 21:53 Steve Sakoman
2025-10-29 2:54 Steve Sakoman
2025-04-15 20:52 Steve Sakoman
2025-03-27 14:43 Steve Sakoman
2025-01-31 14:15 Steve Sakoman
2024-03-07 18:38 Steve Sakoman
2024-02-01 19:37 Steve Sakoman
2023-12-29 16:07 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox