b46ae693e3
- SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema.
Reinhard Max2021-11-30 09:16:25 +00:00
f5e623596d
- SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema.
Reinhard Max2021-11-30 09:16:25 +00:00
c767c076fa
Accepting request 882778 from home:AndreasStieger:branches:server:database
Reinhard Max2021-04-06 14:56:53 +00:00
51879f1fe6
Accepting request 882778 from home:AndreasStieger:branches:server:database
Reinhard Max2021-04-06 14:56:53 +00:00
98346ec9c1
- The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the chane log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2018-20346, bsc#1119687: remote code execution vulnerability in FTS3 (Magellan).
Reinhard Max2021-04-01 10:56:15 +00:00
6c075ba2a9
- The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the chane log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2018-20346, bsc#1119687: remote code execution vulnerability in FTS3 (Magellan).
Reinhard Max2021-04-01 10:56:15 +00:00
30b3f3ad53
- SQLite 3.34.0: * Added the sqlite3_txn_state() interface for reporting on the current transaction state of the database connection. * Enhance recursive common table expressions to support two or more recursive terms as is done by SQL Server, since this helps make queries against graphs easier to write and faster to execute.\ * Improved error messages on CHECK constraint failures. * The .read dot-command now accepts a pipeline in addition to a filename. * Added options --data-only and --nosys to the .dump dot-command. * Added the --nosys option to the .schema dot-command. * Table name quoting works correctly for the .import dot-command. * The generate_series(START,END,STEP) table-valued function extension is now built into the CLI. * The .databases dot-command now show the status of each database file as determined by sqlite3_db_readonly() and sqlite3_txn_state(). * Added the --tabs command-line option that sets .mode tabs. * The --init option reports an error if the file named as its argument cannot be opened. The --init option also now honors the --bail option. * Improved estimates for the cost of running a DISTINCT operator. * When doing an UPDATE or DELETE using a multi-column index where only a few of the earlier columns of the index are useful for the index lookup, postpone doing the main table seek until after all WHERE clause constraints have been evaluated, in case those constraints can be covered by unused later terms of the index, thus avoiding unnecessary main table seeks. * The new OP_SeekScan opcode is used to improve performance of multi-column index look-ups when later columns are constrained by
Reinhard Max2020-12-02 14:29:05 +00:00
9828732483
- SQLite 3.34.0: * Added the sqlite3_txn_state() interface for reporting on the current transaction state of the database connection. * Enhance recursive common table expressions to support two or more recursive terms as is done by SQL Server, since this helps make queries against graphs easier to write and faster to execute.\ * Improved error messages on CHECK constraint failures. * The .read dot-command now accepts a pipeline in addition to a filename. * Added options --data-only and --nosys to the .dump dot-command. * Added the --nosys option to the .schema dot-command. * Table name quoting works correctly for the .import dot-command. * The generate_series(START,END,STEP) table-valued function extension is now built into the CLI. * The .databases dot-command now show the status of each database file as determined by sqlite3_db_readonly() and sqlite3_txn_state(). * Added the --tabs command-line option that sets .mode tabs. * The --init option reports an error if the file named as its argument cannot be opened. The --init option also now honors the --bail option. * Improved estimates for the cost of running a DISTINCT operator. * When doing an UPDATE or DELETE using a multi-column index where only a few of the earlier columns of the index are useful for the index lookup, postpone doing the main table seek until after all WHERE clause constraints have been evaluated, in case those constraints can be covered by unused later terms of the index, thus avoiding unnecessary main table seeks. * The new OP_SeekScan opcode is used to improve performance of multi-column index look-ups when later columns are constrained by
Reinhard Max2020-12-02 14:29:05 +00:00
a68ee4aeaf
- bsc#1150137, CVE-2019-16168, sqlite3-CVE-2019-16168.patch: Improper validation of qlite_stat1 sz field leads to division by zero.
Reinhard Max2019-09-10 15:21:46 +00:00
75675a0ae2
- bsc#1150137, CVE-2019-16168, sqlite3-CVE-2019-16168.patch: Improper validation of qlite_stat1 sz field leads to division by zero.
Reinhard Max2019-09-10 15:21:46 +00:00
756d8b5bef
- Update to version 3.29.0 * Added the SQLITE_DBCONFIG_DQS_DML and SQLITE_DBCONFIG_DQS_DDL actions to sqlite3_db_config() for activating and deactivating the double-quoted string literal misfeature. Both default to "on" for legacy compatibility, but developers are encouraged to turn them "off", perhaps using the -DSQLITE_DQS=0 compile-time option. * -DSQLITE_DQS=0 is now a recommended compile-time option. * Improvements to the query planner: + Improved optimization of AND and OR operators when one or the other operand is a constant. + Enhancements to the LIKE optimization for cases when the left-hand side column has numeric affinity. * Added the "sqlite_dbdata" virtual table for extracting raw low-level content from an SQLite database, even a database that is corrupt. * Enhancements to the CLI: + Add the ".recover" command which tries to recover as much content as possible from a corrupt database file. + Add the ".filectrl" command useful for testing. + Add the long-standing ".testctrl" command to the ".help" menu. + Added the ".dbconfig" command
Ismail Dönmez
2019-07-11 09:13:12 +00:00
d65862a3fc
- Update to version 3.29.0 * Added the SQLITE_DBCONFIG_DQS_DML and SQLITE_DBCONFIG_DQS_DDL actions to sqlite3_db_config() for activating and deactivating the double-quoted string literal misfeature. Both default to "on" for legacy compatibility, but developers are encouraged to turn them "off", perhaps using the -DSQLITE_DQS=0 compile-time option. * -DSQLITE_DQS=0 is now a recommended compile-time option. * Improvements to the query planner: + Improved optimization of AND and OR operators when one or the other operand is a constant. + Enhancements to the LIKE optimization for cases when the left-hand side column has numeric affinity. * Added the "sqlite_dbdata" virtual table for extracting raw low-level content from an SQLite database, even a database that is corrupt. * Enhancements to the CLI: + Add the ".recover" command which tries to recover as much content as possible from a corrupt database file. + Add the ".filectrl" command useful for testing. + Add the long-standing ".testctrl" command to the ".help" menu. + Added the ".dbconfig" command
Ismail Dönmez
2019-07-11 09:13:12 +00:00
0372cc6f27
- Upgrade to 3.28.0: * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read. * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference. * Enhanced window functions * Enhanced VACUUM INTO so that it works for read-only databases. * New query optimizations. * Added the sqlite3_value_frombind() API for determining if the argument to an SQL function is from a bound parameter. * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files.
Reinhard Max2019-04-18 14:01:24 +00:00
e540347535
- Upgrade to 3.28.0: * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read. * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference. * Enhanced window functions * Enhanced VACUUM INTO so that it works for read-only databases. * New query optimizations. * Added the sqlite3_value_frombind() API for determining if the argument to an SQL function is from a bound parameter. * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files.
Reinhard Max2019-04-18 14:01:24 +00:00
Dominique Leuenberger
Reinhard Max
Richard Brown
Andreas Stieger
Martin Pluskal
Ismail Dönmez