- Upgrade to 3.28.0:

* CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside
    a transaction could trigger a heap-based buffer over-read.
  * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a
    single transaction with an fts5 virtual table will lead to a
    NULL Pointer Dereference.
  * Enhanced window functions
  * Enhanced VACUUM INTO so that it works for read-only databases.
  * New query optimizations.
  * Added the sqlite3_value_frombind() API for determining if the
    argument to an SQL function is from a bound parameter. 
  * Security and compatibilities enhancements to fts3_tokenizer().
  * Improved robustness against corrupt database files.

OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=227

sqlite-doc-3270200.zip

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d84a42aaca5e8249a8e0725c1296add1b056ef8f58a52fbf916df89252c721d3
-size 9371606

sqlite-doc-3280000.zip

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:138d0cd2a55e1efe4003d0ca25bb156110fa3ddfa6457c9defadf9b4fa97f7d0
+size 9421770

sqlite-src-3270200.zip

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:15bd4286f2310f5fae085a1e03d9e6a5a0bb7373dcf8d4020868792e840fdf0a
-size 12248529

sqlite-src-3280000.zip

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:905279142d81c23e0a8803e44c926a23abaf47e2b274eda066efae11c23a6597
+size 12477204

sqlite3.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max <max@suse.com>
+
+- Upgrade to 3.28.0:
+  * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside
+    a transaction could trigger a heap-based buffer over-read.
+  * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a
+    single transaction with an fts5 virtual table will lead to a
+    NULL Pointer Dereference.
+  * Enhanced window functions
+  * Enhanced VACUUM INTO so that it works for read-only databases.
+  * New query optimizations.
+  * Added the sqlite3_value_frombind() API for determining if the
+    argument to an SQL function is from a bound parameter. 
+  * Security and compatibilities enhancements to fts3_tokenizer().
+  * Improved robustness against corrupt database files.
+
 -------------------------------------------------------------------
 Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
 

sqlite3.spec

@@ -17,9 +17,9 @@
 
 
 %define oname sqlite
-%define tarversion 3270200
+%define tarversion 3280000
 Name:           sqlite3
-Version:        3.27.2
+Version:        3.28.0
 Release:        0
 Summary:        Embeddable SQL Database Engine
 License:        SUSE-Public-Domain