2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
new file mode 100644
index 0000000000..7c4a65b3cd
--- /dev/null
+++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
@@ -0,0 +1,40 @@
+From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 15 Oct 2019 13:22:52 +0800
+Subject: [PATCH] Fix CVE-2019-16168
+CVE: CVE-2019-16168
+Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ sqlite3.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/sqlite3.c b/sqlite3.c
+index 61bfdeb..b3e6ae2 100644
+--- a/sqlite3.c
+++ b/sqlite3.c
+@@ -105933,7 +105933,9 @@ static void decodeIntArray(
+       if( sqlite3_strglob("unordered*", z)==0 ){
+         pIndex->bUnordered = 1;
+       }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+-        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
+        int sz = sqlite3Atoi(z+3);
+        if( sz<2 ) sz = 2;
+        pIndex->szIdxRow = sqlite3LogEst(sz);
+       }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+         pIndex->noSkipScan = 1;
+       }
+@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
+     ** it to pNew->rRun, which is currently set to the cost of the index
+     ** seek only. Then, if this is a non-covering index, add the cost of
+     ** visiting the rows in the main table.  */
+    assert( pSrc->pTab->szTabRow>0 );
+     rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+     pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+     if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+-- 
+2.17.1
diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
index 4bdb04f4d1..2888a56ee9 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "\
  http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
  file://CVE-2019-9936.patch \
  file://CVE-2019-9937.patch \
+  file://0001-Fix-CVE-2019-16168.patch \
  "
 SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"

diff --git a/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch new file mode 100644 index 0000000000..7c4a65b3cd --- /dev/null +++ b/meta/recipes-support/sqlite/files/0001-Fix-CVE-2019-16168.patch
@@ -0,0 +1,40 @@
		1	From fcf06b0b426e6c243d6ca2d6c6a02830717ab6a3 Mon Sep 17 00:00:00 2001
		2	From: Chen Qi <Qi.Chen@windriver.com>
		3	Date: Tue, 15 Oct 2019 13:22:52 +0800
		4	Subject: [PATCH] Fix CVE-2019-16168
		5
		6	CVE: CVE-2019-16168
		7
		8	Upstream-Status: Backport [https://www.sqlite.org/src/vpatch?from=4f5b2d938194fab7&to=98357d8c1263920b]
		9
		10	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		11	---
		12	sqlite3.c \| 5 ++++-
		13	1 file changed, 4 insertions(+), 1 deletion(-)
		14
		15	diff --git a/sqlite3.c b/sqlite3.c
		16	index 61bfdeb..b3e6ae2 100644
		17	--- a/sqlite3.c
		18	+++ b/sqlite3.c
		19	@@ -105933,7 +105933,9 @@ static void decodeIntArray(
		20	if( sqlite3_strglob("unordered*", z)==0 ){
		21	pIndex->bUnordered = 1;
		22	}else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
		23	- pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
		24	+ int sz = sqlite3Atoi(z+3);
		25	+ if( sz<2 ) sz = 2;
		26	+ pIndex->szIdxRow = sqlite3LogEst(sz);
		27	}else if( sqlite3_strglob("noskipscan*", z)==0 ){
		28	pIndex->noSkipScan = 1;
		29	}
		30	@@ -143260,6 +143262,7 @@ static int whereLoopAddBtreeIndex(
		31	** it to pNew->rRun, which is currently set to the cost of the index
		32	** seek only. Then, if this is a non-covering index, add the cost of
		33	** visiting the rows in the main table. */
		34	+ assert( pSrc->pTab->szTabRow>0 );
		35	rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
		36	pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
		37	if( (pNew->wsFlags & (WHERE_IDX_ONLY\|WHERE_IPK))==0 ){
		38	--
		39	2.17.1
		40


diff --git a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb index 4bdb04f4d1..2888a56ee9 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.27.2.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.27.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "\
7	http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \	7	http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \
8	file://CVE-2019-9936.patch \	8	file://CVE-2019-9936.patch \
9	file://CVE-2019-9937.patch \	9	file://CVE-2019-9937.patch \
		10	file://0001-Fix-CVE-2019-16168.patch \
10	"	11	"
11		12
12	SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"	13	SRC_URI[md5sum] = "1f72631ce6e8efa5b4a6e55a43b3bdc0"