diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 11:11:46 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-09-27 14:47:44 +0300 |
| commit | bba38f38e7e41525c30116a2fe990d113b8157da (patch) | |
| tree | 14a0d015f4b144a97c51c896e7a3135b600760a6 /poky/meta/recipes-support/sqlite | |
| parent | 36b84cde8facab568630eec811e483cf1fc50848 (diff) | |
| download | openbmc-bba38f38e7e41525c30116a2fe990d113b8157da.tar.xz | |
poky: sumo refresh 51872d3f99..3b8dc3a88e
Update poky to sumo HEAD.
Andrej Valek (1):
wpa-supplicant: fix CVE-2018-14526
Armin Kuster (2):
xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
Bruce Ashfield (3):
linux-yocto/4.12: update to v4.12.28
linux-yocto/4.14: update to v4.14.62
linux-yocto/4.14: update to v4.14.67
Changqing Li (6):
libexif: patch for CVE-2017-7544
squashfs-tools: patch for CVE-2015-4645(4646)
libcroco: patch for CVE-2017-7960
libid3tag: patch for CVE-2004-2779
libice: patch for CVE-2017-2626
apr-util: fix ptest fail problem
Chen Qi (2):
util-linux: upgrade 2.32 -> 2.32.1
busybox: move init related configs to init.cfg
Jagadeesh Krishnanjanappa (2):
libarchive: CVE-2017-14501
libcgroup: CVE-2018-14348
Jon Szymaniak (1):
cve-check.bbclass: detect CVE IDs listed on multiple lines
Joshua Lock (1):
os-release: fix to install in the expected location
Khem Raj (1):
serf: Fix Sconstruct build with python 3.7
Konstantin Shemyak (1):
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Mike Looijmans (1):
busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail
Ross Burton (1):
lrzsz: fix CVE-2018-10195
Sinan Kaya (3):
busybox: CVE-2017-15874
libpng: CVE-2018-13785
sqlite3: CVE-2018-8740
Yadi.hu (1):
busybox: handle syslog
Yi Zhao (2):
blktrace: Security fix CVE-2018-10689
taglib: Security fix CVE-2018-11439
Zheng Ruoqin (1):
glibc: fix CVE-2018-11237
Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-support/sqlite')
| -rw-r--r-- | poky/meta/recipes-support/sqlite/files/CVE-2018-8740.patch | 47 | ||||
| -rw-r--r-- | poky/meta/recipes-support/sqlite/sqlite3_3.22.0.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2018-8740.patch b/poky/meta/recipes-support/sqlite/files/CVE-2018-8740.patch new file mode 100644 index 0000000000..5d95e37afe --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/CVE-2018-8740.patch @@ -0,0 +1,47 @@ +From 19aed4d2be46c4516caf2bee31f79044bbd1d57d Mon Sep 17 00:00:00 2001 +From: Sinan Kaya <okaya@kernel.org> +Date: Fri, 21 Sep 2018 16:22:01 +0000 +Subject: [PATCH] Detect databases whose schema is corrupted using a CREATE TABLE AS statement and issue an appropriate error message + +Upstream-Status: Backport [ https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b&diff=1&w] +Signed-off-by: Sinan Kaya <okaya@kernel.org> +--- + sqlite3.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 73c69ef..6863bc6 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -103474,8 +103474,6 @@ SQLITE_PRIVATE void sqlite3EndTable( + p = pParse->pNewTable; + if( p==0 ) return; + +- assert( !db->init.busy || !pSelect ); +- + /* If the db->init.busy is 1 it means we are reading the SQL off the + ** "sqlite_master" or "sqlite_temp_master" table on the disk. + ** So do not write to the disk again. Extract the root page number +@@ -103486,6 +103484,10 @@ SQLITE_PRIVATE void sqlite3EndTable( + ** table itself. So mark it read-only. + */ + if( db->init.busy ){ ++ if( pSelect ){ ++ sqlite3ErrorMsg(pParse, ""); ++ return; ++ } + p->tnum = db->init.newTnum; + if( p->tnum==1 ) p->tabFlags |= TF_Readonly; + } +@@ -117813,7 +117815,7 @@ static void corruptSchema( + char *z; + if( zObj==0 ) zObj = "?"; + z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj); +- if( zExtra ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); ++ if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra); + sqlite3DbFree(db, *pData->pzErrMsg); + *pData->pzErrMsg = z; + } +-- +2.19.0 + diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.22.0.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.22.0.bb index ef88659e97..b90f89886a 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.22.0.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.22.0.bb @@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "\ http://www.sqlite.org/2018/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + file://CVE-2018-8740.patch \ " SRC_URI[md5sum] = "96b5648d542e8afa6ab7ffb8db8ddc3d" SRC_URI[sha256sum] = "2824ab1238b706bc66127320afbdffb096361130e23291f26928a027b885c612" |