From 0372cc6f272c45001fcd07c14668e43f5acdc1a286bca2ccf45ed6a844aaefca Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Thu, 18 Apr 2019 14:01:24 +0000 Subject: [PATCH] - Upgrade to 3.28.0: * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read. * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference. * Enhanced window functions * Enhanced VACUUM INTO so that it works for read-only databases. * New query optimizations. * Added the sqlite3_value_frombind() API for determining if the argument to an SQL function is from a bound parameter. * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=227 --- sqlite-doc-3270200.zip | 3 --- sqlite-doc-3280000.zip | 3 +++ sqlite-src-3270200.zip | 3 --- sqlite-src-3280000.zip | 3 +++ sqlite3.changes | 17 +++++++++++++++++ sqlite3.spec | 4 ++-- 6 files changed, 25 insertions(+), 8 deletions(-) delete mode 100644 sqlite-doc-3270200.zip create mode 100644 sqlite-doc-3280000.zip delete mode 100644 sqlite-src-3270200.zip create mode 100644 sqlite-src-3280000.zip diff --git a/sqlite-doc-3270200.zip b/sqlite-doc-3270200.zip deleted file mode 100644 index 2a97f16..0000000 --- a/sqlite-doc-3270200.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d84a42aaca5e8249a8e0725c1296add1b056ef8f58a52fbf916df89252c721d3 -size 9371606 diff --git a/sqlite-doc-3280000.zip b/sqlite-doc-3280000.zip new file mode 100644 index 0000000..b2aa425 --- /dev/null +++ b/sqlite-doc-3280000.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:138d0cd2a55e1efe4003d0ca25bb156110fa3ddfa6457c9defadf9b4fa97f7d0 +size 9421770 diff --git a/sqlite-src-3270200.zip b/sqlite-src-3270200.zip deleted file mode 100644 index 4391c39..0000000 --- a/sqlite-src-3270200.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15bd4286f2310f5fae085a1e03d9e6a5a0bb7373dcf8d4020868792e840fdf0a -size 12248529 diff --git a/sqlite-src-3280000.zip b/sqlite-src-3280000.zip new file mode 100644 index 0000000..12f3de7 --- /dev/null +++ b/sqlite-src-3280000.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:905279142d81c23e0a8803e44c926a23abaf47e2b274eda066efae11c23a6597 +size 12477204 diff --git a/sqlite3.changes b/sqlite3.changes index 8662e0d..1352eba 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max + +- Upgrade to 3.28.0: + * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside + a transaction could trigger a heap-based buffer over-read. + * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a + single transaction with an fts5 virtual table will lead to a + NULL Pointer Dereference. + * Enhanced window functions + * Enhanced VACUUM INTO so that it works for read-only databases. + * New query optimizations. + * Added the sqlite3_value_frombind() API for determining if the + argument to an SQL function is from a bound parameter. + * Security and compatibilities enhancements to fts3_tokenizer(). + * Improved robustness against corrupt database files. + ------------------------------------------------------------------- Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger diff --git a/sqlite3.spec b/sqlite3.spec index e523012..ad98743 100644 --- a/sqlite3.spec +++ b/sqlite3.spec @@ -17,9 +17,9 @@ %define oname sqlite -%define tarversion 3270200 +%define tarversion 3280000 Name: sqlite3 -Version: 3.27.2 +Version: 3.28.0 Release: 0 Summary: Embeddable SQL Database Engine License: SUSE-Public-Domain