More merges from SLE12 to the changes file

OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=264

sqlite3.changes

@@ -46,14 +46,6 @@ Tue Apr  6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>
     vulnerability
   * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
     collation-sequence names
-  * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query
-    optimizer may cause a buffer overflow and application crash via
-    a crafted SQL statement.
-  * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the
-    rtreenode() function when handling invalid rtree tables.
-  * bsc#1132045, CVE-2017-10989: getNodeSize function in
-    ext/rtree/rtree.c issues
-  * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability
 
 - Fix build on SLE-12 and remove the following patches from there
   which are all upstream:
@@ -61,11 +53,15 @@ Tue Apr  6 14:57:30 UTC 2021 - Reinhard Max <max@suse.com>
   * sqlite3-CVE-2017-2518.patch,
   * sqlite3-CVE-2018-20346.patch,
   * sqlite3-CVE-2018-8740.patch,
-  * sqlite3-CVE-2019-16168.patch (bsc#1019518),
+  * sqlite3-CVE-2019-16168.patch,
   * sqlite3-CVE-2019-8457.patch,
   * sqlite3-journal-file.patch,
-  * sqlite3-xFetch-null.patch (bsc#1025034),
+  * sqlite3-xFetch-null.patch,
   * sqlite3-CVE-2016-6153.patch
+  * The addition of these patches was also merged into the history
+    of Factory for log consistency reasons although they never
+    existed there, because Factory was always updated to a fixed
+    version instead of adding a patch. 
 
 -------------------------------------------------------------------
 Sat Apr  3 06:51:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
@@ -184,7 +180,7 @@ Wed Dec  2 09:08:39 UTC 2020 - Reinhard Max <max@suse.com>
     current transaction state of the database connection.
   * Enhance recursive common table expressions to support two or more
     recursive terms as is done by SQL Server, since this helps make
-    queries against graphs easier to write and faster to execute.\
+    queries against graphs easier to write and faster to execute.
   * Improved error messages on CHECK constraint failures.
   * The .read dot-command now accepts a pipeline in addition to a
     filename.
@@ -341,6 +337,13 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
   function, exposed when running testsuite on i586:
   + sqlite3-avoid-truncation-error.patch
 
+-------------------------------------------------------------------
+Wed Nov  6 12:33:37 UTC 2019 - Reinhard Max <max@suse.com>
+
+- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch:
+  A use-after-free bug in the query optimizer may cause a buffer
+  overflow and application crash via a crafted SQL statement.
+
 -------------------------------------------------------------------
 Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
 
@@ -409,6 +412,13 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
     + Add the long-standing ".testctrl" command to the ".help" menu.
     + Added the ".dbconfig" command
 
+-------------------------------------------------------------------
+Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max <max@suse.com>
+
+- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap
+  out-of-bound read in the rtreenode() function when handling
+  invalid rtree tables.
+
 -------------------------------------------------------------------
 Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
 
@@ -426,6 +436,21 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
   * Security and compatibilities enhancements to fts3_tokenizer().
   * Improved robustness against corrupt database files.
 
+-------------------------------------------------------------------
+Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max <max@suse.com>
+
+- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch:
+  getNodeSize function in ext/rtree/rtree.c issues
+- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch:
+  Databases whose schema is corrupted using a CREATE TABLE AS
+  statement could cause a NULL pointer dereference.
+
+-------------------------------------------------------------------
+Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max <max@suse.com>
+
+- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch:
+  Fix remote code execution vulnerability in FTS3 (Magellan).
+
 -------------------------------------------------------------------
 Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
 
@@ -791,6 +816,12 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com
     to avoid excess stack usage in the recursive descent parser.
     Fix for ticket 981329adeef51011052.
 
+-------------------------------------------------------------------
+Tue Apr  4 12:46:31 UTC 2017 - max@suse.com
+
+- Avoid calling sqlite3OsFetch() on a file-handle for which the
+  xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch).
+
 -------------------------------------------------------------------
 Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com
 
@@ -887,6 +918,12 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com
   * Ensure that the sqlite3_blob_reopen() interface can correctly
     handle short rows. Fix for ticket e6e962d6b0f06f46e. 
 
+-------------------------------------------------------------------
+Mon Jan 16 13:08:11 UTC 2017 - max@suse.com
+
+- Fix a segfault in the in-memory journal logic (bsc#1019518,
+  sqlite3-journal-file.patch).
+
 -------------------------------------------------------------------
 Sat Jan  7 16:44:32 UTC 2017 - mpluskal@suse.com
 
@@ -1094,6 +1131,12 @@ Tue Aug  2 11:00:30 UTC 2016 - tchvatal@suse.com
 - Reduce the conditions a bit and sort with spec-cleaner
 - Remove condition for old sle10 ppc machines
 
+-------------------------------------------------------------------
+Tue Jul  5 15:51:09 UTC 2016 - max@suse.com
+
+- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153,
+  sqlite3-CVE-2016-6153.patch).
+
 -------------------------------------------------------------------
 Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com