pool/sqlite3
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert the merging of SLE-12 bug references into the changes file

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=265
This commit is contained in:
Reinhard Max 2021-04-13 13:40:51 +00:00 committed by Git OBS Bridge
parent fe9c70dea4
commit 2b5cf2c709
1 changed files with 1 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
sqlite3.changes
View File

@ -1,67 +1,7 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com> Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>
- Sync Factory to SLE-12 and SLE-15. - Fix build on SLE-12
- The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the chane log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
- Fix build on SLE-12 and remove the following patches from there
which are all upstream:
* sqlite3-CVE-2017-10989.patch
* sqlite3-CVE-2017-2518.patch,
* sqlite3-CVE-2018-20346.patch,
* sqlite3-CVE-2018-8740.patch,
* sqlite3-CVE-2019-16168.patch,
* sqlite3-CVE-2019-8457.patch,
* sqlite3-journal-file.patch,
* sqlite3-xFetch-null.patch,
* sqlite3-CVE-2016-6153.patch
* The addition of these patches was also merged into the history
of Factory for log consistency reasons although they never
existed there, because Factory was always updated to a fixed
version instead of adding a patch.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
@ -337,13 +277,6 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
function, exposed when running testsuite on i586: function, exposed when running testsuite on i586:
+ sqlite3-avoid-truncation-error.patch + sqlite3-avoid-truncation-error.patch
-------------------------------------------------------------------
Wed Nov 6 12:33:37 UTC 2019 - Reinhard Max <max@suse.com>
- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch:
A use-after-free bug in the query optimizer may cause a buffer
overflow and application crash via a crafted SQL statement.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
@ -412,13 +345,6 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
+ Add the long-standing ".testctrl" command to the ".help" menu. + Add the long-standing ".testctrl" command to the ".help" menu.
+ Added the ".dbconfig" command + Added the ".dbconfig" command
-------------------------------------------------------------------
Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max <max@suse.com>
- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap
out-of-bound read in the rtreenode() function when handling
invalid rtree tables.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com> Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
@ -436,21 +362,6 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
* Security and compatibilities enhancements to fts3_tokenizer(). * Security and compatibilities enhancements to fts3_tokenizer().
* Improved robustness against corrupt database files. * Improved robustness against corrupt database files.
-------------------------------------------------------------------
Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max <max@suse.com>
- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch:
getNodeSize function in ext/rtree/rtree.c issues
- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch:
Databases whose schema is corrupted using a CREATE TABLE AS
statement could cause a NULL pointer dereference.
-------------------------------------------------------------------
Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max <max@suse.com>
- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch:
Fix remote code execution vulnerability in FTS3 (Magellan).
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
@ -467,8 +378,6 @@ Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
of the SQLite library itself of the SQLite library itself
* Increased robustness against malicious SQL that is run against * Increased robustness against malicious SQL that is run against
a maliciously corrupted database a maliciously corrupted database
* CVE-2018-20346, bsc#1119687: remote code execution
vulnerability in FTS3 (Magellan).
- drop sqlite3-btree02-100.patch - drop sqlite3-btree02-100.patch
------------------------------------------------------------------- -------------------------------------------------------------------
@ -816,12 +725,6 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com
to avoid excess stack usage in the recursive descent parser. to avoid excess stack usage in the recursive descent parser.
Fix for ticket 981329adeef51011052. Fix for ticket 981329adeef51011052.
-------------------------------------------------------------------
Tue Apr 4 12:46:31 UTC 2017 - max@suse.com
- Avoid calling sqlite3OsFetch() on a file-handle for which the
xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com
@ -918,12 +821,6 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com
* Ensure that the sqlite3_blob_reopen() interface can correctly * Ensure that the sqlite3_blob_reopen() interface can correctly
handle short rows. Fix for ticket e6e962d6b0f06f46e. handle short rows. Fix for ticket e6e962d6b0f06f46e.
-------------------------------------------------------------------
Mon Jan 16 13:08:11 UTC 2017 - max@suse.com
- Fix a segfault in the in-memory journal logic (bsc#1019518,
sqlite3-journal-file.patch).
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com
@ -1131,12 +1028,6 @@ Tue Aug 2 11:00:30 UTC 2016 - tchvatal@suse.com
- Reduce the conditions a bit and sort with spec-cleaner - Reduce the conditions a bit and sort with spec-cleaner
- Remove condition for old sle10 ppc machines - Remove condition for old sle10 ppc machines
-------------------------------------------------------------------
Tue Jul 5 15:51:09 UTC 2016 - max@suse.com
- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153,
sqlite3-CVE-2016-6153.patch).
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com
@ -1385,11 +1276,6 @@ Thu Oct 15 14:35:51 UTC 2015 - astieger@suse.com
analyzed. analyzed.
* sqlite3_memory_alarm() no-op. * sqlite3_memory_alarm() no-op.
-------------------------------------------------------------------
Tue Aug 11 09:20:25 UTC 2015 - max@suse.com
- Submit Factory package to SLE12-SP1 to enable the unlock notify
API (fate#317928).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com Fri Jul 31 11:44:40 UTC 2015 - mpluskal@suse.com