* Fix a mistake in the CLI that was introduced by the fix in
3.44.1.
* Fix a problem in FTS5 that was discovered during internal fuzz
testing only minutes after the 3.44.1 release was tagged.
* Fix incomplete assert() statements that the fuzzer discovered.
* Fix a couple of harmless compiler warnings that appeared in
debug builds with GCC 16.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=324
* Fix a couple of obscure UAF errors and an obscure memory leak.
* Omit the use of the sprintf() function from the standard
library in the CLI, as this now generates warnings on some
platforms.
* Avoid conversion of a double into unsigned long long integer,
as some platforms do not do such conversions correctly.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=317
* Fix a regression in the way that the sum(), avg(), and total()
aggregate functions handle infinities.
* Fix a bug in the json_array_length() function that occurs when
the argument comes directly from json_remove().
* Fix the omit-unused-subquery-columns optimization (introduced
in in version 3.42.0) so that it works correctly if the
subquery is a compound where one arm is DISTINCT and the other
is not.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=316
- Update to 3.43.0:
* Add support for Contentless-Delete FTS5 Indexes. This is a variety of FTS5 full-text search index that omits storing the content that is being indexed while also allowing records to be deleted.
* Enhancements to the date and time functions:
+ Added new time shift modifiers of the form ±YYYY-MM-DD HH:MM:SS.SSS.
+ Added the timediff() SQL function.
* Added the octet_length(X) SQL function.
* Added the sqlite3_stmt_explain() API.
* Query planner enhancements:
+ Generalize the LEFT JOIN strength reduction optimization so that it works for RIGHT and FULL JOINs as well. Rename it to OUTER JOIN strength reduction.
+ Enhance the theorem prover in the OUTER JOIN strength reduction optimization so that it returns fewer false-negatives.
* Enhancements to the decimal extension:
+ New function decimal_pow2(N) returns the N-th power of 2 for integer N between -20000 and +20000.
+ New function decimal_exp(X) works like decimal(X) except that it returns the result in exponential notation - with a "e+NN" at the end.
+ If X is a floating-point value, then the decimal(X) function now does a full expansion of that value into its exact decimal equivalent.
* Performance enhancements to JSON processing results in a 2x performance improvement for some kinds of processing on large JSON strings.
* The VFS for unix now assumes that the nanosleep() system call is available unless compiled with -DHAVE_NANOSLEEP=0.
OBS-URL: https://build.opensuse.org/request/show/1106058
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=315
* Add the FTS5 secure-delete command. This option causes all
forensic traces to be removed from the FTS5 inverted index when
content is deleted.
* Enhance the JSON SQL functions to support JSON5 extensions.
* The SQLITE_CONFIG_LOG and SQLITE_CONFIG_PCACHE_HDRSZ calls to
sqlite3_config() are now allowed to occur after
sqlite3_initialize().
* New sqlite3_db_config() options:
SQLITE_DBCONFIG_STMT_SCANSTATUS and
SQLITE_DBCONFIG_REVERSE_SCANORDER.
* Query planner improvements.
* Add the --unsafe-testing command-line option.
* Allow commands ".log on" and ".log off", even in --safe mode.
* "--" as a command-line argument means all subsequent arguments
that start with "-" are interpreted as normal non-option
argument.
* Magic parameters ":inf" and ":nan" bind to floating point
literals Infinity and NaN, respectively.
* Add the ability for application-defined SQL functions to have
the same name as join keywords: CROSS, FULL, INNER, LEFT,
NATURAL, OUTER, or RIGHT.
* Enhancements to PRAGMA integrity_check
* Allow the session extension to be configured to capture changes
from tables that lack an explicit ROWID.
* Added the subsecond modifier to the date and time functions.
* Negative values passed into sqlite3_sleep() are henceforth
interpreted as 0.
* The maximum recursion depth for JSON arrays and objects is
lowered from 2000 to 1000.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=313
* Multiple fixes for reads past the end of memory buffers
* Fix the sqlite3_error_offset() so that it does not return
out-of-range values when reporting errors associated with
generated columns.
* Multiple fixes in the query query optimizer for problems that
cause incorrect results for bizarre, fuzzer-generated queries.
* Increase the size of the reference counter in the page cache
object to 64 bits to ensure that the counter never overflows.
* Fix a performance regression caused by a bug fix in patch
release 3.41.1.
* Fix a few incorrect assert() statements.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=311
* https://www.sqlite.org/releaselog/3_41_0.html
* Various query planner improvements.
* Add the built-in unhex() SQL function.
* Add the base64 and base85 application-defined functions as an
extension and include that extension in the CLI.
* In-memory databases created using sqlite3_deserialize() now
report their filename as an empty string, not as 'x'.
* The ".scanstats est" command provides query planner estimates
in profiles.
* Enhance the --safe command-line option to disallow dangerous
SQL functions.
* The double-quoted string misfeature is now disabled by default
for CLI builds.
* Various other improvements and performance enhancements.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=305
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=293
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=290
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=280
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=270
- SQLite3 3.36.0:
* Improvement to the EXPLAIN QUERY PLAN output to make it
easier to understand.
* Byte-order marks at the start of a token are skipped
as if they were whitespace.
* An error is raised on any attempt to access the rowid of a VIEW
or subquery. Formerly, the rowid of a VIEW would be indeterminate
and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW
compile-time option is available to restore the legacy behavior
for applications that need it.
* The sqlite3_deserialize() and sqlite3_serialize() interfaces
are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE
compile-time option is no longer required. Instead, there is
a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit
those interfaces.
* The "memdb" VFS now allows the same in-memory database
to be shared among multiple database connections in the same
process as long as the database name begins with "/".
* Back out the EXISTS-to-IN optimization (item 8b in the
SQLite 3.35.0 change log) as it was found to slow down
queries more often than speed them up.
* Improve the constant-propagation optimization so that it works
on non-join queries.
* The REGEXP extension is now included in CLI builds.
OBS-URL: https://build.opensuse.org/request/show/901301
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=269
this point, but were not mentioned in the chane log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '\0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2018-20346, bsc#1119687: remote code execution
vulnerability in FTS3 (Magellan).
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
- update to 3.35.0:
* Added built-in SQL math functions().
(Requires the -DSQLITE_ENABLE_MATH_FUNCTIONS compile-time option.)
* Added support for ALTER TABLE DROP COLUMN.
* Generalize UPSERT:
* Allow multiple ON CONFLICT clauses that are evaluated in order,
* The final ON CONFLICT clause may omit the conflict target and yet still use DO UPDATE.
* Add support for the RETURNING clause on DELETE, INSERT, and UPDATE statements.
* Use less memory when running VACUUM on databases containing very large TEXT
or BLOB values. It is no longer necessary to hold the entire TEXT or BLOB
in memory all at once.
* Add support for the MATERIALIZED and NOT MATERIALIZED hints when specifying
common table expressions. The default behavior was formerly NOT
MATERIALIZED, but is now changed to MATERIALIZED for CTEs that are used
more than once.
* The SQLITE_DBCONFIG_ENABLE_TRIGGER and SQLITE_DBCONFIG_ENABLE_VIEW settings
are modified so that they only control triggers and views in the main
database schema or in attached database schemas and not in the TEMP schema.
TEMP triggers and views are always allowed.
* Query planner/optimizer improvements
* Enhance the ".stats" command to accept new arguments "stmt" and "vmstep",
causing prepare statement statistics and only the virtual-machine step
count to be shown, respectively.
* Add the ".filectrl data_version" command.
* Enhance the ".once" and ".output" commands so that if the destination
argument begins with "|" (indicating that output is redirected into a pipe)
then the argument does not need to be quoted.
* Fix a bug in the IN-operator optimization of version 3.33.0 that can cause
an incorrect answer.
* Fix incorrect answers from the LIKE operator if the pattern ends with "%"
OBS-URL: https://build.opensuse.org/request/show/879097
OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=256
