954b6b2caa- Update to release 3.46.0: * https://sqlite.org/releaselog/3_46_0.html * Enhance PRAGMA optimize in multiple ways. * Enhancements to the date and time functions. * Add support for underscore ("_") characters between digits in numeric literals. * Add the json_pretty() SQL function. * Query planner improvements. * Allocate additional memory from the heap for the SQL parser stack if that stack overflows, rather than reporting a "parser stack overflow" error. * Allow ASCII control characters within JSON5 string literals. * Fix the -> and ->> JSON operators so that when the right-hand side operand is a string that looks like an integer it is still treated as a string, because that is what PostgreSQL does. * Obsoletes sqlite3-float-i586.patch.Reinhard Max2024-05-23 19:30:28 +00:00
6d5984446fAccepting request 1169661 from server:databaseAna Guerrero2024-04-26 21:26:26 +00:00
155638d144- Update to release 3.45.3: * Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the "old.*" values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. * Reduce the scope of the NOT NULL strength reduction optimization that was added as item 8e in version 3.35.0. The optimization was being attempted in some contexts where it did not work, resulting in incorrect query results. - Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream.Reinhard Max2024-04-18 08:29:52 +00:00
6d6a8c75e3Accepting request 1158281 from server:databaseAna Guerrero2024-03-17 21:13:29 +00:00
9fe3cba2c3- Add sqlite3-float-i586.patch to fix build on i586. - sqlite3-rtree-i686.patch is not needed anymore.Reinhard Max2024-03-15 14:57:36 +00:00
0c4f7bcc97- Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0.Reinhard Max2024-03-12 14:59:03 +00:00
f5416321bb- Update to release 3.45.1 * Details will follow... - Abort build when %version and %tarversion don't match.Reinhard Max2024-01-30 18:08:35 +00:00
94b67df5adAccepting request 1133118 from server:databaseAna Guerrero2023-12-15 20:47:09 +00:00
b8b8403beeAccepting request 1131615 from home:dimstar:FactoryReinhard Max2023-12-11 08:08:59 +00:00
88c75defdfAccepting request 1130837 from server:databaseAna Guerrero2023-12-05 16:02:45 +00:00
41cf744a23- Update to release 3.44.2 * Fix a mistake in the CLI that was introduced by the fix in 3.44.1. * Fix a problem in FTS5 that was discovered during internal fuzz testing only minutes after the 3.44.1 release was tagged. * Fix incomplete assert() statements that the fuzzer discovered. * Fix a couple of harmless compiler warnings that appeared in debug builds with GCC 16.Reinhard Max2023-11-27 18:18:37 +00:00
78d06b5581- Update to release 3.44.1 * Change the CLI so that it uses UTF-16 for console I/O on Windows. * Other obscure bug fixes.Reinhard Max2023-11-22 17:34:30 +00:00
c19bfcdb2bAccepting request 1123976 from server:databaseAna Guerrero2023-11-08 21:16:42 +00:00
89ae143f90Accepting request 1123191 from home:jengelh:branches:server:databaseReinhard Max2023-11-07 12:45:51 +00:00
1173f8e2f8Accepting request 1119230 from server:databaseAna Guerrero2023-10-20 21:16:05 +00:00
3d3f0ad76c- Update to: 3.42.2: * Fix a couple of obscure UAF errors and an obscure memory leak. * Omit the use of the sprintf() function from the standard library in the CLI, as this now generates warnings on some platforms. * Avoid conversion of a double into unsigned long long integer, as some platforms do not do such conversions correctly.Reinhard Max2023-10-10 16:05:16 +00:00
148ae3d8b6- Update to: 3.43.1 * Fix a regression in the way that the sum(), avg(), and total() aggregate functions handle infinities. * Fix a bug in the json_array_length() function that occurs when the argument comes directly from json_remove(). * Fix the omit-unused-subquery-columns optimization (introduced in in version 3.42.0) so that it works correctly if the subquery is a compound where one arm is DISTINCT and the other is not.Reinhard Max2023-09-11 14:50:47 +00:00
37c084e88bAccepting request 1106058 from home:amanzini:branches:server:database
Martin Pluskal
2023-08-31 08:06:24 +00:00
94156a4c52- Update to 3.42.0: * Add the FTS5 secure-delete command. This option causes all forensic traces to be removed from the FTS5 inverted index when content is deleted. * Enhance the JSON SQL functions to support JSON5 extensions. * The SQLITE_CONFIG_LOG and SQLITE_CONFIG_PCACHE_HDRSZ calls to sqlite3_config() are now allowed to occur after sqlite3_initialize(). * New sqlite3_db_config() options: SQLITE_DBCONFIG_STMT_SCANSTATUS and SQLITE_DBCONFIG_REVERSE_SCANORDER. * Query planner improvements. * Add the --unsafe-testing command-line option. * Allow commands ".log on" and ".log off", even in --safe mode. * "--" as a command-line argument means all subsequent arguments that start with "-" are interpreted as normal non-option argument. * Magic parameters ":inf" and ":nan" bind to floating point literals Infinity and NaN, respectively. * Add the ability for application-defined SQL functions to have the same name as join keywords: CROSS, FULL, INNER, LEFT, NATURAL, OUTER, or RIGHT. * Enhancements to PRAGMA integrity_check * Allow the session extension to be configured to capture changes from tables that lack an explicit ROWID. * Added the subsecond modifier to the date and time functions. * Negative values passed into sqlite3_sleep() are henceforth interpreted as 0. * The maximum recursion depth for JSON arrays and objects is lowered from 2000 to 1000.Reinhard Max2023-05-17 09:36:33 +00:00
e14d797334- Update to 3.41.2: * Multiple fixes for reads past the end of memory buffers * Fix the sqlite3_error_offset() so that it does not return out-of-range values when reporting errors associated with generated columns. * Multiple fixes in the query query optimizer for problems that cause incorrect results for bizarre, fuzzer-generated queries. * Increase the size of the reference counter in the page cache object to 64 bits to ensure that the counter never overflows. * Fix a performance regression caused by a bug fix in patch release 3.41.1. * Fix a few incorrect assert() statements.Reinhard Max2023-03-22 15:25:48 +00:00
5b479316edAccepting request 1072680 from home:AndreasStieger:branches:server:databaseReinhard Max2023-03-21 15:10:35 +00:00
e42e2b9682- Update to 3.41.0: * https://www.sqlite.org/releaselog/3_41_0.html * Various query planner improvements. * Add the built-in unhex() SQL function. * Add the base64 and base85 application-defined functions as an extension and include that extension in the CLI. * In-memory databases created using sqlite3_deserialize() now report their filename as an empty string, not as 'x'. * The ".scanstats est" command provides query planner estimates in profiles. * Enhance the --safe command-line option to disallow dangerous SQL functions. * The double-quoted string misfeature is now disabled by default for CLI builds. * Various other improvements and performance enhancements.Reinhard Max2023-02-22 10:09:14 +00:00
989c4161c9- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: relying on --safe for execution of an untrusted CLI scriptReinhard Max2022-12-13 16:12:14 +00:00
8fb7a2b6da* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence.Reinhard Max2022-09-12 09:20:10 +00:00
40bb6fef9c- update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe.Reinhard Max2022-09-05 15:20:33 +00:00
db850fbdfdAccepting request 991047 from server:databaseRichard Brown2022-07-26 17:42:21 +00:00
30186d2a5aAccepting request 990677 from home:AndreasStieger:branches:server:databaseReinhard Max2022-07-25 13:52:39 +00:00
b10f552687- update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing.Reinhard Max2022-07-21 17:13:33 +00:00
c070330dbfAccepting request 989477 from home:AndreasStieger:branches:server:databaseReinhard Max2022-07-18 10:24:56 +00:00
c464d12817- update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches.Reinhard Max2022-03-29 11:46:41 +00:00
c9c9f6d2d8- Remove obsolete configure flags - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). - Use dynamic linking for the sqlite3 shell.Reinhard Max2022-03-16 18:44:06 +00:00
b46ae693e3- SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema.Reinhard Max2021-11-30 09:16:25 +00:00
c767c076faAccepting request 882778 from home:AndreasStieger:branches:server:databaseReinhard Max2021-04-06 14:56:53 +00:00
98346ec9c1- The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the chane log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2018-20346, bsc#1119687: remote code execution vulnerability in FTS3 (Magellan).Reinhard Max2021-04-01 10:56:15 +00:00
30b3f3ad53- SQLite 3.34.0: * Added the sqlite3_txn_state() interface for reporting on the current transaction state of the database connection. * Enhance recursive common table expressions to support two or more recursive terms as is done by SQL Server, since this helps make queries against graphs easier to write and faster to execute.\ * Improved error messages on CHECK constraint failures. * The .read dot-command now accepts a pipeline in addition to a filename. * Added options --data-only and --nosys to the .dump dot-command. * Added the --nosys option to the .schema dot-command. * Table name quoting works correctly for the .import dot-command. * The generate_series(START,END,STEP) table-valued function extension is now built into the CLI. * The .databases dot-command now show the status of each database file as determined by sqlite3_db_readonly() and sqlite3_txn_state(). * Added the --tabs command-line option that sets .mode tabs. * The --init option reports an error if the file named as its argument cannot be opened. The --init option also now honors the --bail option. * Improved estimates for the cost of running a DISTINCT operator. * When doing an UPDATE or DELETE using a multi-column index where only a few of the earlier columns of the index are useful for the index lookup, postpone doing the main table seek until after all WHERE clause constraints have been evaluated, in case those constraints can be covered by unused later terms of the index, thus avoiding unnecessary main table seeks. * The new OP_SeekScan opcode is used to improve performance of multi-column index look-ups when later columns are constrained byReinhard Max2020-12-02 14:29:05 +00:00
Ana Guerrero
Reinhard Max
Martin Pluskal
Dominique Leuenberger
Richard Brown
Lars Vogdt
Richard Brown
Andreas Stieger