- Update to 3.41.0:
* https://www.sqlite.org/releaselog/3_41_0.html
* Various query planner improvements.
* Add the built-in unhex() SQL function.
* Add the base64 and base85 application-defined functions as an
extension and include that extension in the CLI.
* In-memory databases created using sqlite3_deserialize() now
report their filename as an empty string, not as 'x'.
* The ".scanstats est" command provides query planner estimates
in profiles.
* Enhance the --safe command-line option to disallow dangerous
SQL functions.
* The double-quoted string misfeature is now disabled by default
for CLI builds.
* Various other improvements and performance enhancements.
- The new version obsoletes sqlite-src-3390000-func7-pg-181.patch
OBS-URL: https://build.opensuse.org/request/show/1067149
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=142
* https://www.sqlite.org/releaselog/3_41_0.html
* Various query planner improvements.
* Add the built-in unhex() SQL function.
* Add the base64 and base85 application-defined functions as an
extension and include that extension in the CLI.
* In-memory databases created using sqlite3_deserialize() now
report their filename as an empty string, not as 'x'.
* The ".scanstats est" command provides query planner estimates
in profiles.
* Enhance the --safe command-line option to disallow dangerous
SQL functions.
* The double-quoted string misfeature is now disabled by default
for CLI builds.
* Various other improvements and performance enhancements.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=305
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=293
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=290
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
OBS-URL: https://build.opensuse.org/request/show/965652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=131
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=280
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=270
- SQLite3 3.36.0:
* Improvement to the EXPLAIN QUERY PLAN output to make it
easier to understand.
* Byte-order marks at the start of a token are skipped
as if they were whitespace.
* An error is raised on any attempt to access the rowid of a VIEW
or subquery. Formerly, the rowid of a VIEW would be indeterminate
and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW
compile-time option is available to restore the legacy behavior
for applications that need it.
* The sqlite3_deserialize() and sqlite3_serialize() interfaces
are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE
compile-time option is no longer required. Instead, there is
a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit
those interfaces.
* The "memdb" VFS now allows the same in-memory database
to be shared among multiple database connections in the same
process as long as the database name begins with "/".
* Back out the EXISTS-to-IN optimization (item 8b in the
SQLite 3.35.0 change log) as it was found to slow down
queries more often than speed them up.
* Improve the constant-propagation optimization so that it works
on non-join queries.
* The REGEXP extension is now included in CLI builds.
OBS-URL: https://build.opensuse.org/request/show/901301
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=269
this point, but were not mentioned in the chane log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2018-20346, bsc#1119687: remote code execution
vulnerability in FTS3 (Magellan).
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
