From patchwork Sun Jan 1 17:37:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 17454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2326DC53210 for ; Sun, 1 Jan 2023 17:38:06 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.15987.1672594681059811528 for ; Sun, 01 Jan 2023 09:38:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=2khrMnHH; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id k137so12646409pfd.8 for ; Sun, 01 Jan 2023 09:38:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mj8lvRL5bxgH9hLoMG+rZXr1tyTWxKnzCDD8oOM+bVM=; b=2khrMnHHqwOlM/M6/vBLzt8rJkZn1tJcMjTe3VMXnQl+BOS6u+sSLgSC0a1o+ni1WI ELHbX3/imu6trWetIPRKqZNyZy2R2ATGy48nxpYIBJBra1oVTxcvh11wIqp5HYHmL1cU LwWWoPqNGcbBhLggyHKxc5weBrnfVJcdAv7eUmsUG5tNXvtcexB2GK3ZhEcB/cHvsg9m eq0UoUBY0XloRuGfI6FvxVjBGs5eqvJ9mMoD22ns4qNwvVFkqzhJbsvVeQuk47HBlqTU 07nc9ZAPUP9m6Xe0bCX93b86EmB6aCwNDfCn6nGzPDZmlboN4HI3VqjCTzSR8Cp+ALiZ Shaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mj8lvRL5bxgH9hLoMG+rZXr1tyTWxKnzCDD8oOM+bVM=; b=73vFw+kMhmjkSwMKe4HzOTq1TiaznmTmMUuylAcR+Hy2c60iQbA2E5SJodny+VD2tD 73S1i/r88u8/+HZbgB44rGu2z9CaEOhqUW5kTNDI3Y0W75p/YUuUuBqwwMDcHqjJeY4u tin3sVRWzmn9k4jyUeMJ4erEhM6mpQ+5CY83aOQDZxEMnNd230j1AfjLxWUpOLpvUWOp xQ7OhXZqbSTpNJDZbqOYo5feICSqJrocIzebUdFK0uOa08Oa2G2QoYytVi4XsPies5ZT M6QArguiBKy54TkGmBS4jatahdP9TBhKfo1kGE3IKaaCzl68eTfoymbEBoymx5VvYyPJ 4g4g== X-Gm-Message-State: AFqh2kr8J0qxy/IE0Fe4mRIeW4IFgJv4+rt6ygYE9AIjme97DOIhT3rN kYzGaYQrsE37sC05hCekp3D/YF5UM38otTJuv84= X-Google-Smtp-Source: AMrXdXsstTeBIexjjzcbn9zSlGdlCkZinqQjHwC2pzSoKRMsqLRrgFQYDIQ6r/gbAL+6jhJFKO0PzA== X-Received: by 2002:a62:ed08:0:b0:577:272f:fdb with SMTP id u8-20020a62ed08000000b00577272f0fdbmr32307328pfh.29.1672594680091; Sun, 01 Jan 2023 09:38:00 -0800 (PST) Received: from hexa.router0800d9.com (dhcp-72-253-5-74.hawaiiantel.net. [72.253.5.74]) by smtp.gmail.com with ESMTPSA id v63-20020a626142000000b005828071bf7asm102299pfb.22.2023.01.01.09.37.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 09:37:59 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/29] sqlite: fix CVE-2022-46908 safe mode authorizer callback allows disallowed UDFs. Date: Sun, 1 Jan 2023 07:37:24 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 01 Jan 2023 17:38:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/175190 From: Vivek Kumbhar Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- .../sqlite/files/CVE-2022-46908.patch | 39 +++++++++++++++++++ meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-46908.patch diff --git a/meta/recipes-support/sqlite/files/CVE-2022-46908.patch b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch new file mode 100644 index 0000000000..38bd544838 --- /dev/null +++ b/meta/recipes-support/sqlite/files/CVE-2022-46908.patch @@ -0,0 +1,39 @@ +From 1b779afa3ed2f35a110e460fc6ed13cba744db85 2022-12-05 02:52:37 UTC +From: larrybr +Date: 2022-12-05 02:52:37 UTC +Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs + +Fix safe mode authorizer callback to reject disallowed UDFs. Reported at Forum post 07beac8056151b2f. + +Upstream-Status: Backport [https://sqlite.org/src/info/cefc032473ac5ad2] +CVE-2022-46908 +Signed-off-by: Vivek Kumbhar +--- + shell.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/shell.c b/shell.c +index d104768..0200c0a 100644 +--- a/shell.c ++++ b/shell.c +@@ -12894,7 +12894,7 @@ static int safeModeAuth( + "zipfile", + "zipfile_cds", + }; +- UNUSED_PARAMETER(zA2); ++ UNUSED_PARAMETER(zA1); + UNUSED_PARAMETER(zA3); + UNUSED_PARAMETER(zA4); + switch( op ){ +@@ -12905,7 +12905,7 @@ static int safeModeAuth( + case SQLITE_FUNCTION: { + int i; + for(i=0; i