Revert the merging of SLE-12 bug references into the changes file
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=265
This commit is contained in:
Reinhard Max
Git OBS Bridge
parent
fe9c70dea4
commit
2b5cf2c709
116
sqlite3.changes
116
sqlite3.changes
@ -1,67 +1,7 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>
|
||||
|
||||
- Sync Factory to SLE-12 and SLE-15.
|
||||
|
||||
- The following CVEs have been fixed in upstream releases up to
|
||||
this point, but were not mentioned in the chane log so far:
|
||||
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
|
||||
multiSelectOrderBy due to mishandling of query-flattener
|
||||
optimization
|
||||
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
|
||||
segmentation fault because of generated column optimizations in
|
||||
isAuxiliaryVtabOperator
|
||||
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
|
||||
with WITH stack unwinding even after a parsing error
|
||||
* bsc#1160438, CVE-2019-19959: memory-management error via
|
||||
ext/misc/zipfile.c involving embedded '\0' input
|
||||
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
|
||||
of SELECT DISTINCT in flattenSubquery may lead to null pointer
|
||||
dereference
|
||||
* bsc#1159850, CVE-2019-19924: improper error handling in
|
||||
sqlite3WindowRewrite()
|
||||
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
|
||||
during an update of a ZIP archive
|
||||
* bsc#1159715, CVE-2019-19926: improper handling of certain
|
||||
errors during parsing multiSelect in select.c
|
||||
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
|
||||
allows attackers to trigger an invalid pointer dereference
|
||||
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
|
||||
and CREATE VIEW statements, does not consider confusion with
|
||||
a shadow table name
|
||||
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
|
||||
integrity_check PRAGMA command in certain cases of generated
|
||||
columns
|
||||
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
|
||||
infinite recursion via certain types of self-referential views
|
||||
in conjunction with ALTER TABLE statements
|
||||
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
|
||||
from the colUsed bitmask in the case of a generated column,
|
||||
which allows attackers to cause a denial of service
|
||||
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
|
||||
function sqlite3Select in select.c allows a crash if a
|
||||
sub-select uses both DISTINCT and window functions, and also
|
||||
has certain ORDER BY usage
|
||||
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
|
||||
vulnerability
|
||||
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
|
||||
collation-sequence names
|
||||
|
||||
- Fix build on SLE-12 and remove the following patches from there
|
||||
which are all upstream:
|
||||
* sqlite3-CVE-2017-10989.patch
|
||||
* sqlite3-CVE-2017-2518.patch,
|
||||
* sqlite3-CVE-2018-20346.patch,
|
||||
* sqlite3-CVE-2018-8740.patch,
|
||||
* sqlite3-CVE-2019-16168.patch,
|
||||
* sqlite3-CVE-2019-8457.patch,
|
||||
* sqlite3-journal-file.patch,
|
||||
* sqlite3-xFetch-null.patch,
|
||||
* sqlite3-CVE-2016-6153.patch
|
||||
* The addition of these patches was also merged into the history
|
||||
of Factory for log consistency reasons although they never
|
||||
existed there, because Factory was always updated to a fixed
|
||||
version instead of adding a patch.
|
||||
- Fix build on SLE-12
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
@ -337,13 +277,6 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||
function, exposed when running testsuite on i586:
|
||||
+ sqlite3-avoid-truncation-error.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 6 12:33:37 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
|
||||
- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch:
|
||||
A use-after-free bug in the query optimizer may cause a buffer
|
||||
overflow and application crash via a crafted SQL statement.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
|
||||
@ -412,13 +345,6 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
||||
+ Add the long-standing ".testctrl" command to the ".help" menu.
|
||||
+ Added the ".dbconfig" command
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
|
||||
- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap
|
||||
out-of-bound read in the rtreenode() function when handling
|
||||
invalid rtree tables.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
|
||||
@ -436,21 +362,6 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
* Security and compatibilities enhancements to fts3_tokenizer().
|
||||
* Improved robustness against corrupt database files.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
|
||||
- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch:
|
||||
getNodeSize function in ext/rtree/rtree.c issues
|
||||
- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch:
|
||||
Databases whose schema is corrupted using a CREATE TABLE AS
|
||||
statement could cause a NULL pointer dereference.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max <max@suse.com>
|
||||
|
||||
- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch:
|
||||
Fix remote code execution vulnerability in FTS3 (Magellan).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
|
||||
@ -467,8 +378,6 @@ Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
of the SQLite library itself
|
||||
* Increased robustness against malicious SQL that is run against
|
||||
a maliciously corrupted database
|
||||
* CVE-2018-20346, bsc#1119687: remote code execution
|
||||
vulnerability in FTS3 (Magellan).
|
||||
- drop sqlite3-btree02-100.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
@ -816,12 +725,6 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com
|
||||
to avoid excess stack usage in the recursive descent parser.
|
||||
Fix for ticket 981329adeef51011052.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 4 12:46:31 UTC 2017 - max@suse.com
|
||||
|
||||
- Avoid calling sqlite3OsFetch() on a file-handle for which the
|
||||
xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com
|
||||
|
||||
@ -918,12 +821,6 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com
|
||||
* Ensure that the sqlite3_blob_reopen() interface can correctly
|
||||
handle short rows. Fix for ticket e6e962d6b0f06f46e.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 16 13:08:11 UTC 2017 - max@suse.com
|
||||
|
||||
- Fix a segfault in the in-memory journal logic (bsc#1019518,
|
||||
sqlite3-journal-file.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com
|
||||
|
||||
@ -1131,12 +1028,6 @@ Tue Aug 2 11:00:30 UTC 2016 - tchvatal@suse.com
|
||||
- Reduce the conditions a bit and sort with spec-cleaner
|
||||
- Remove condition for old sle10 ppc machines
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 5 15:51:09 UTC 2016 - max@suse.com
|
||||
|
||||
- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153,
|
||||
sqlite3-CVE-2016-6153.patch).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com
|
||||
|
||||
@ -1385,11 +1276,6 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com
|
||||
analyzed.
|
||||
* sqlite3_memory_alarm() no-op.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 11 09:20:25 UTC 2015 - max@suse.com
|
||||
- Submit Factory package to SLE12-SP1 to enable the unlock notify
|
||||
API (fate#317928).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user