25 Commits

Author SHA1 Message Date
Cy Schubert
0a5eb308d3 MFV 364467:
Update sqlite to 3.33.0 (3330000).

Release announcement at https://www.sqlite.org/releaselog/3_33_0.html.

MFC after:	1 month
2020-08-24 18:13:44 +00:00
Cy Schubert
3c67996ca9 MFV r362990:
Update sqlite to 3.32.3 (3320300).

Release Announcement:	https://www.sqlite.org/releaselog/3_32_3.html
See also:		ports r541414

PR:		247819
Reported by:	Pavel Volkov <pavelivolkov at gmail.com>
MFC after:	1 week
2020-07-07 19:09:38 +00:00
Cy Schubert
9236bd4bb7 MFV r362143:
Update sqlite3 to 3.32.2 (3320200).

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.

CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.

CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.

CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature

CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.

PR:		247149
Reported by:	spam123@bitbert.com
MFC after:	3 days
Security:	vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
		https://nvd.nist.gov/vuln/detail/CVE-2020-11655
		https://nvd.nist.gov/vuln/detail/CVE-2020-13434
		https://nvd.nist.gov/vuln/detail/CVE-2020-13435
		https://nvd.nist.gov/vuln/detail/CVE-2020-13630
		https://nvd.nist.gov/vuln/detail/CVE-2020-13631
		https://nvd.nist.gov/vuln/detail/CVE-2020-13632
2020-06-13 04:47:59 +00:00
Cy Schubert
b622dc25cf MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.

PR:		247149
Reported by:	spam123@bitbert.com
Reminded by:	emaste
MFC after:	3 days
Security:	CVE-2020-11655, CVE-2020-13434, CVE-2020-13435,
		CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
2020-06-12 13:02:44 +00:00
Cy Schubert
1c2fa9150d Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org,
to address S/390 and Sparc segfaults, both of which are big endian.
Our PowerPC is also big endian, which this patch also fixes.

Reported by:	Mark Millard <marklmi at yahoo.com>
Tested by:	Mark Millard <marklmi at yahoo.com>
Obtained from:	https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1
		https://sqlite.org/forum/forumpost/672291a5b2
MFC after:	1 month
X-MFC with:	r360221, 360221
2020-04-23 14:08:40 +00:00
Cy Schubert
74a6cddade MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)

Tested by:	Mark Millard <marklmi at yahoo.com>
		With to be committed PowerPC patch
MFC after:	1 month
X-MFC with:	r360221
2020-04-23 13:58:11 +00:00
Cy Schubert
0e2816f50a In preparation for update to sqlite3-3.31.1 (3310100),
recommit r357201: MFV r357163, which was reverted by r357522
due to segfault under PowerPc.

Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

MFC after:	1 month
2020-04-23 13:46:34 +00:00
Cy Schubert
c998f2d39d Revert r357201: downgrade sqlite3 from sqlite3-3.31.0 (3310000) to
sqlite3-3.30.1 (3300100), as it causes svnlite segfaults on PowerPC,
resulting in corruption.

Reported by:	Mark Millard <marklmi at yahoo.com>
		Francis Little <oggy at farscape.co.uk>
2020-02-04 19:45:51 +00:00
Cy Schubert
882f88ff77 MFV r357163:
Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

MFC after:	1 month
2020-01-28 13:13:41 +00:00
Cy Schubert
f1b328b32f MFV r354257:
Update sqlite3-3.29.0 (3290000) --> sqlite3-3.30.1 (3300100)

MFC after:	1 month
2019-11-03 01:25:46 +00:00
Cy Schubert
5f34d83b8c MFV r350080:
Update sqlite3-3.28.0 (3280000) --> sqlite3-3.29.0 (3290000)

MFC after:	1 week
2019-07-18 00:27:28 +00:00
Cy Schubert
02273ca832 MFV r347136:
Update sqlite3-3.27.2 (3270200) --> sqlite3-3.28.0 (3280000)

MFC after:	3 days
Security:	CVE-2019-9937, CVE-2019-9936
2019-05-05 04:14:17 +00:00
Cy Schubert
de2a04f2e2 MFV r346450:
Update sqlite3-3.27.1 (3270100) --> sqlite3-3.27.2 (3270200)

MFC after:	11 days
2019-04-20 23:18:19 +00:00
Cy Schubert
bca4681bf8 MFV r345988:
Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

MFC after:	2 weeks
2019-04-06 23:35:23 +00:00
Cy Schubert
076b94438c MFV r342175:
Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

MFC after:	3 days
Security:	https://blade.tencent.com/magellan/index_en.html
		No known CVE was apparently registered.
2018-12-18 01:12:30 +00:00
Peter Wemm
54a411221f Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1 2018-05-08 04:51:15 +00:00
Peter Wemm
ee51cfe17c Update from sqlite3-3.14.1 to sqlite3-3.20.0. This is a private lib.
This fixes a possible client-side crash when parsing corrupt databases.
2017-08-11 00:00:01 +00:00
Cy Schubert
affba8c71c MFV r304732.
Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).

This commit addresses the tmpdir selection vulnerability fixed in
sqlite3-1.13.0.  See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.

Security:	VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
Security:	CVE-2016-6153
2016-08-24 12:32:24 +00:00
Baptiste Daroussin
d915215ec6 Import sqlite3 3.12.1 2016-04-17 21:23:14 +00:00
Peter Wemm
041541bdeb Update the private sqlite3 from 3.8.9 to 3.8.11.1 (used by svnlite and
kerberos)
2015-08-09 05:44:57 +00:00
Pedro F. Giffuni
99ec3637e9 sqlite: clean a couple of invocations of memcpy(3)
Found almost accidentally by our native gcc when enhanced with
FORTIFY_SOURCE.

Submitted by:	Oliver Pinter
Sponosored by:	Google Inc. GSoC 2015
2015-07-16 22:07:13 +00:00
Baptiste Daroussin
dde01df167 Import sqlite3 3.8.9 2015-05-01 21:59:32 +00:00
Baptiste Daroussin
912bdb4db7 Update sqlite3 to 3.8.7.2 2014-11-22 19:18:08 +00:00
Peter Wemm
8bc5c7c0eb Update sqlite-3.7.17 -> 3.8.5 2014-08-12 02:09:00 +00:00
Peter Wemm
937a200089 Introduce svnlite so that we can check out our source code again.
This is actually a fully functional build except:
* All internal shared libraries are static linked to make sure there
  is no interference with ports (and to reduce build time).
* It does not have the python/perl/etc plugin or API support.
* By default, it installs as "svnlite" rather than "svn".
* If WITH_SVN added in make.conf, you get "svn".
* If WITHOUT_SVNLITE is in make.conf, this is completely disabled.

To be absolutely clear, this is not intended for any use other than
checking out freebsd source and committing, like we once did with cvs.

It should be usable for small scale local repositories that don't
need the python/perl plugin architecture.
2013-06-18 02:53:45 +00:00