* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=290
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
OBS-URL: https://build.opensuse.org/request/show/965652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=131
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=280
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=270
- SQLite3 3.36.0:
* Improvement to the EXPLAIN QUERY PLAN output to make it
easier to understand.
* Byte-order marks at the start of a token are skipped
as if they were whitespace.
* An error is raised on any attempt to access the rowid of a VIEW
or subquery. Formerly, the rowid of a VIEW would be indeterminate
and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW
compile-time option is available to restore the legacy behavior
for applications that need it.
* The sqlite3_deserialize() and sqlite3_serialize() interfaces
are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE
compile-time option is no longer required. Instead, there is
a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit
those interfaces.
* The "memdb" VFS now allows the same in-memory database
to be shared among multiple database connections in the same
process as long as the database name begins with "/".
* Back out the EXISTS-to-IN optimization (item 8b in the
SQLite 3.35.0 change log) as it was found to slow down
queries more often than speed them up.
* Improve the constant-propagation optimization so that it works
on non-join queries.
* The REGEXP extension is now included in CLI builds.
OBS-URL: https://build.opensuse.org/request/show/901301
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=269
this point, but were not mentioned in the chane log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2018-20346, bsc#1119687: remote code execution
vulnerability in FTS3 (Magellan).
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
- update to 3.35.0:
* Added built-in SQL math functions().
(Requires the -DSQLITE_ENABLE_MATH_FUNCTIONS compile-time option.)
* Added support for ALTER TABLE DROP COLUMN.
* Generalize UPSERT:
* Allow multiple ON CONFLICT clauses that are evaluated in order,
* The final ON CONFLICT clause may omit the conflict target and yet still use DO UPDATE.
* Add support for the RETURNING clause on DELETE, INSERT, and UPDATE statements.
* Use less memory when running VACUUM on databases containing very large TEXT
or BLOB values. It is no longer necessary to hold the entire TEXT or BLOB
in memory all at once.
* Add support for the MATERIALIZED and NOT MATERIALIZED hints when specifying
common table expressions. The default behavior was formerly NOT
MATERIALIZED, but is now changed to MATERIALIZED for CTEs that are used
more than once.
* The SQLITE_DBCONFIG_ENABLE_TRIGGER and SQLITE_DBCONFIG_ENABLE_VIEW settings
are modified so that they only control triggers and views in the main
database schema or in attached database schemas and not in the TEMP schema.
TEMP triggers and views are always allowed.
* Query planner/optimizer improvements
* Enhance the ".stats" command to accept new arguments "stmt" and "vmstep",
causing prepare statement statistics and only the virtual-machine step
count to be shown, respectively.
* Add the ".filectrl data_version" command.
* Enhance the ".once" and ".output" commands so that if the destination
argument begins with "|" (indicating that output is redirected into a pipe)
then the argument does not need to be quoted.
* Fix a bug in the IN-operator optimization of version 3.33.0 that can cause
an incorrect answer.
* Fix incorrect answers from the LIKE operator if the pattern ends with "%"
OBS-URL: https://build.opensuse.org/request/show/879097
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=256
* Added the sqlite3_txn_state() interface for reporting on the
current transaction state of the database connection.
* Enhance recursive common table expressions to support two or more
recursive terms as is done by SQL Server, since this helps make
queries against graphs easier to write and faster to execute.\
* Improved error messages on CHECK constraint failures.
* The .read dot-command now accepts a pipeline in addition to a
filename.
* Added options --data-only and --nosys to the .dump dot-command.
* Added the --nosys option to the .schema dot-command.
* Table name quoting works correctly for the .import dot-command.
* The generate_series(START,END,STEP) table-valued function
extension is now built into the CLI.
* The .databases dot-command now show the status of each database
file as determined by sqlite3_db_readonly() and
sqlite3_txn_state().
* Added the --tabs command-line option that sets .mode tabs.
* The --init option reports an error if the file named as its
argument cannot be opened. The --init option also now honors the
--bail option.
* Improved estimates for the cost of running a DISTINCT operator.
* When doing an UPDATE or DELETE using a multi-column index where
only a few of the earlier columns of the index are useful for the
index lookup, postpone doing the main table seek until after all
WHERE clause constraints have been evaluated, in case those
constraints can be covered by unused later terms of the index,
thus avoiding unnecessary main table seeks.
* The new OP_SeekScan opcode is used to improve performance of
multi-column index look-ups when later columns are constrained by
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=252