* Added the SQLITE_RESULT_SUBTYPE property for application-
defined SQL functions.
* Enhancements to the JSON SQL functions
* Add the FTS5 tokendata option to the FTS5 virtual table.
* The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by
default.
* Query planner improvements
* Increase the default value for SQLITE_MAX_PAGE_COUNT from
1073741824 to 4294967294.
* Enhancements to the CLI
* Restore the JSON BLOB input bug, and promise to support the
anomaly in subsequent releases, for backward compatibility.
* Fix the PRAGMA integrity_check command so that it works on
read-only databases that contain FTS3 and FTS5 tables.
* Fix issues associated with processing corrupt JSONB inputs.
* Fix a long-standing bug in which a read of a few bytes past the
end of a memory-mapped segment might occur when accessing a
craftily corrupted database using memory-mapped database.
* Fix a long-standing bug in which a NULL pointer dereference
might occur in the bytecode engine due to incorrect bytecode
being generated for a class of SQL statements that are
deliberately designed to stress the query planner but which
are otherwise pointless.
* Fix an error in UPSERT, introduced in version 3.35.0.
* Reduce the scope of the NOT NULL strength reduction
optimization that was added in version 3.35.0.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=329
* Fix a mistake in the CLI that was introduced by the fix in
3.44.1.
* Fix a problem in FTS5 that was discovered during internal fuzz
testing only minutes after the 3.44.1 release was tagged.
* Fix incomplete assert() statements that the fuzzer discovered.
* Fix a couple of harmless compiler warnings that appeared in
debug builds with GCC 16.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=324
* Fix a couple of obscure UAF errors and an obscure memory leak.
* Omit the use of the sprintf() function from the standard
library in the CLI, as this now generates warnings on some
platforms.
* Avoid conversion of a double into unsigned long long integer,
as some platforms do not do such conversions correctly.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=317
* Fix a regression in the way that the sum(), avg(), and total()
aggregate functions handle infinities.
* Fix a bug in the json_array_length() function that occurs when
the argument comes directly from json_remove().
* Fix the omit-unused-subquery-columns optimization (introduced
in in version 3.42.0) so that it works correctly if the
subquery is a compound where one arm is DISTINCT and the other
is not.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=316
- Update to 3.43.0:
* Add support for Contentless-Delete FTS5 Indexes. This is a variety of FTS5 full-text search index that omits storing the content that is being indexed while also allowing records to be deleted.
* Enhancements to the date and time functions:
+ Added new time shift modifiers of the form ±YYYY-MM-DD HH:MM:SS.SSS.
+ Added the timediff() SQL function.
* Added the octet_length(X) SQL function.
* Added the sqlite3_stmt_explain() API.
* Query planner enhancements:
+ Generalize the LEFT JOIN strength reduction optimization so that it works for RIGHT and FULL JOINs as well. Rename it to OUTER JOIN strength reduction.
+ Enhance the theorem prover in the OUTER JOIN strength reduction optimization so that it returns fewer false-negatives.
* Enhancements to the decimal extension:
+ New function decimal_pow2(N) returns the N-th power of 2 for integer N between -20000 and +20000.
+ New function decimal_exp(X) works like decimal(X) except that it returns the result in exponential notation - with a "e+NN" at the end.
+ If X is a floating-point value, then the decimal(X) function now does a full expansion of that value into its exact decimal equivalent.
* Performance enhancements to JSON processing results in a 2x performance improvement for some kinds of processing on large JSON strings.
* The VFS for unix now assumes that the nanosleep() system call is available unless compiled with -DHAVE_NANOSLEEP=0.
OBS-URL: https://build.opensuse.org/request/show/1106058
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=315
* Add the FTS5 secure-delete command. This option causes all
forensic traces to be removed from the FTS5 inverted index when
content is deleted.
* Enhance the JSON SQL functions to support JSON5 extensions.
* The SQLITE_CONFIG_LOG and SQLITE_CONFIG_PCACHE_HDRSZ calls to
sqlite3_config() are now allowed to occur after
sqlite3_initialize().
* New sqlite3_db_config() options:
SQLITE_DBCONFIG_STMT_SCANSTATUS and
SQLITE_DBCONFIG_REVERSE_SCANORDER.
* Query planner improvements.
* Add the --unsafe-testing command-line option.
* Allow commands ".log on" and ".log off", even in --safe mode.
* "--" as a command-line argument means all subsequent arguments
that start with "-" are interpreted as normal non-option
argument.
* Magic parameters ":inf" and ":nan" bind to floating point
literals Infinity and NaN, respectively.
* Add the ability for application-defined SQL functions to have
the same name as join keywords: CROSS, FULL, INNER, LEFT,
NATURAL, OUTER, or RIGHT.
* Enhancements to PRAGMA integrity_check
* Allow the session extension to be configured to capture changes
from tables that lack an explicit ROWID.
* Added the subsecond modifier to the date and time functions.
* Negative values passed into sqlite3_sleep() are henceforth
interpreted as 0.
* The maximum recursion depth for JSON arrays and objects is
lowered from 2000 to 1000.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=313
* Multiple fixes for reads past the end of memory buffers
* Fix the sqlite3_error_offset() so that it does not return
out-of-range values when reporting errors associated with
generated columns.
* Multiple fixes in the query query optimizer for problems that
cause incorrect results for bizarre, fuzzer-generated queries.
* Increase the size of the reference counter in the page cache
object to 64 bits to ensure that the counter never overflows.
* Fix a performance regression caused by a bug fix in patch
release 3.41.1.
* Fix a few incorrect assert() statements.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=311
* https://www.sqlite.org/releaselog/3_41_0.html
* Various query planner improvements.
* Add the built-in unhex() SQL function.
* Add the base64 and base85 application-defined functions as an
extension and include that extension in the CLI.
* In-memory databases created using sqlite3_deserialize() now
report their filename as an empty string, not as 'x'.
* The ".scanstats est" command provides query planner estimates
in profiles.
* Enhance the --safe command-line option to disallow dangerous
SQL functions.
* The double-quoted string misfeature is now disabled by default
for CLI builds.
* Various other improvements and performance enhancements.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=305
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=293
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=290
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=280
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=270
- SQLite3 3.36.0:
* Improvement to the EXPLAIN QUERY PLAN output to make it
easier to understand.
* Byte-order marks at the start of a token are skipped
as if they were whitespace.
* An error is raised on any attempt to access the rowid of a VIEW
or subquery. Formerly, the rowid of a VIEW would be indeterminate
and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW
compile-time option is available to restore the legacy behavior
for applications that need it.
* The sqlite3_deserialize() and sqlite3_serialize() interfaces
are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE
compile-time option is no longer required. Instead, there is
a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit
those interfaces.
* The "memdb" VFS now allows the same in-memory database
to be shared among multiple database connections in the same
process as long as the database name begins with "/".
* Back out the EXISTS-to-IN optimization (item 8b in the
SQLite 3.35.0 change log) as it was found to slow down
queries more often than speed them up.
* Improve the constant-propagation optimization so that it works
on non-join queries.
* The REGEXP extension is now included in CLI builds.
OBS-URL: https://build.opensuse.org/request/show/901301
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=269
this point, but were not mentioned in the chane log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2018-20346, bsc#1119687: remote code execution
vulnerability in FTS3 (Magellan).
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
