From 95b802bfe74ac6a3f6dc05edb52c87ef90600f40 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Tue, 15 Aug 2017 22:58:36 -0700 Subject: sqlite3: upgrade to 3.2.0 * Uprev from 3.19.3 to 3.2.0 for fixing CVE-2017-10989: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. https://nvd.nist.gov/vuln/detail/CVE-2017-10989 * LIC_FILES_CHKSUM updated for below changes: -** 2001 September 15 +** 2001-09-15 Signed-off-by: Wenzong Fan Signed-off-by: Richard Purdie --- meta/recipes-support/sqlite/sqlite3_3.19.3.bb | 10 ---------- meta/recipes-support/sqlite/sqlite3_3.20.0.bb | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 meta/recipes-support/sqlite/sqlite3_3.19.3.bb create mode 100644 meta/recipes-support/sqlite/sqlite3_3.20.0.bb (limited to 'meta/recipes-support/sqlite') diff --git a/meta/recipes-support/sqlite/sqlite3_3.19.3.bb b/meta/recipes-support/sqlite/sqlite3_3.19.3.bb deleted file mode 100644 index 89d439530f..0000000000 --- a/meta/recipes-support/sqlite/sqlite3_3.19.3.bb +++ /dev/null @@ -1,10 +0,0 @@ -require sqlite3.inc - -LICENSE = "PD" -LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=65f0a57ca6928710b418c094b3570bb0" - -SRC_URI = "\ - http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - " -SRC_URI[md5sum] = "c93070d5bf136ce271db23d2dfbc2435" -SRC_URI[sha256sum] = "06129c03dced9f87733a8cba408871bd60673b8f93b920ba8d815efab0a06301" diff --git a/meta/recipes-support/sqlite/sqlite3_3.20.0.bb b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb new file mode 100644 index 0000000000..417c36202d --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3_3.20.0.bb @@ -0,0 +1,10 @@ +require sqlite3.inc + +LICENSE = "PD" +LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" + +SRC_URI = "\ + http://www.sqlite.org/2017/sqlite-autoconf-${SQLITE_PV}.tar.gz \ + " +SRC_URI[md5sum] = "e262a28b73cc330e7e83520c8ce14e4d" +SRC_URI[sha256sum] = "3814c6f629ff93968b2b37a70497cfe98b366bf587a2261a56a5f750af6ae6a0" -- cgit 1.2.3-korg