freebsd-nq/contrib/sqlite3
Cy Schubert 9236bd4bb7 MFV r362143:
Update sqlite3 to 3.32.2 (3320200).

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.

CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.

CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.

CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature

CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.

PR:		247149
Reported by:	spam123@bitbert.com
MFC after:	3 days
Security:	vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
		https://nvd.nist.gov/vuln/detail/CVE-2020-11655
		https://nvd.nist.gov/vuln/detail/CVE-2020-13434
		https://nvd.nist.gov/vuln/detail/CVE-2020-13435
		https://nvd.nist.gov/vuln/detail/CVE-2020-13630
		https://nvd.nist.gov/vuln/detail/CVE-2020-13631
		https://nvd.nist.gov/vuln/detail/CVE-2020-13632
2020-06-13 04:47:59 +00:00
..
tea MFV r362143: 2020-06-13 04:47:59 +00:00
aclocal.m4 MFV r345988: 2019-04-06 23:35:23 +00:00
compile
config.guess MFV r345988: 2019-04-06 23:35:23 +00:00
config.sub MFV r345988: 2019-04-06 23:35:23 +00:00
configure MFV r362143: 2020-06-13 04:47:59 +00:00
configure.ac MFV r362143: 2020-06-13 04:47:59 +00:00
depcomp MFV r345988: 2019-04-06 23:35:23 +00:00
INSTALL
install-sh MFV r345988: 2019-04-06 23:35:23 +00:00
ltmain.sh MFV r345988: 2019-04-06 23:35:23 +00:00
Makefile.am
Makefile.fallback
Makefile.in MFV r345988: 2019-04-06 23:35:23 +00:00
Makefile.msc MFV r362082: 2020-06-12 13:02:44 +00:00
missing
README.txt
Replace.cs
shell.c MFV r362143: 2020-06-13 04:47:59 +00:00
sqlite3.1
sqlite3.c MFV r362143: 2020-06-13 04:47:59 +00:00
sqlite3.h MFV r362143: 2020-06-13 04:47:59 +00:00
sqlite3.pc.in
sqlite3.rc
sqlite3ext.h MFV r362082: 2020-06-12 13:02:44 +00:00

This package contains:

 * the SQLite library amalgamation source code file: sqlite3.c
 * the sqlite3.h and sqlite3ext.h header files that define the C-language
   interface to the sqlite3.c library file
 * the shell.c file used to build the sqlite3 command-line shell program
 * autoconf/automake installation infrastucture for building on POSIX
   compliant systems
 * a Makefile.msc, sqlite3.rc, and Replace.cs for building with Microsoft
   Visual C++ on Windows

SUMMARY OF HOW TO BUILD
=======================

  Unix:      ./configure; make
  Windows:   nmake /f Makefile.msc

BUILDING ON POSIX
=================

The generic installation instructions for autoconf/automake are found
in the INSTALL file.

The following SQLite specific boolean options are supported:

  --enable-readline           use readline in shell tool   [default=yes]
  --enable-threadsafe         build a thread-safe library  [default=yes]
  --enable-dynamic-extensions support loadable extensions  [default=yes]

The default value for the CFLAGS variable (options passed to the C
compiler) includes debugging symbols in the build, resulting in larger
binaries than are necessary. Override it on the configure command
line like this:

  $ CFLAGS="-Os" ./configure

to produce a smaller installation footprint.

Other SQLite compilation parameters can also be set using CFLAGS. For
example:

  $ CFLAGS="-Os -DSQLITE_THREADSAFE=0" ./configure


BUILDING WITH MICROSOFT VISUAL C++
==================================

To compile for Windows using Microsoft Visual C++:

  $ nmake /f Makefile.msc

Using Microsoft Visual C++ 2005 (or later) is recommended.  Several Windows
platform variants may be built by adding additional macros to the NMAKE
command line.

Building for WinRT 8.0
----------------------

  FOR_WINRT=1

Using Microsoft Visual C++ 2012 (or later) is required.  When using the
above, something like the following macro will need to be added to the
NMAKE command line as well:

  "NSDKLIBPATH=%WindowsSdkDir%\..\8.0\lib\win8\um\x86"

Building for WinRT 8.1
----------------------

  FOR_WINRT=1

Using Microsoft Visual C++ 2013 (or later) is required.  When using the
above, something like the following macro will need to be added to the
NMAKE command line as well:

  "NSDKLIBPATH=%WindowsSdkDir%\..\8.1\lib\winv6.3\um\x86"

Building for UWP 10.0
---------------------

  FOR_WINRT=1 FOR_UWP=1

Using Microsoft Visual C++ 2015 (or later) is required.  When using the
above, something like the following macros will need to be added to the
NMAKE command line as well:

  "NSDKLIBPATH=%WindowsSdkDir%\..\10\lib\10.0.10586.0\um\x86"
  "PSDKLIBPATH=%WindowsSdkDir%\..\10\lib\10.0.10586.0\um\x86"
  "NUCRTLIBPATH=%UniversalCRTSdkDir%\..\10\lib\10.0.10586.0\ucrt\x86"

Building for the Windows 10 SDK
-------------------------------

  FOR_WIN10=1

Using Microsoft Visual C++ 2015 (or later) is required.  When using the
above, no other macros should be needed on the NMAKE command line.

Other preprocessor defines
--------------------------

Additionally, preprocessor defines may be specified by using the OPTS macro
on the NMAKE command line.  However, not all possible preprocessor defines
may be specified in this manner as some require the amalgamation to be built
with them enabled (see http://www.sqlite.org/compile.html). For example, the
following will work:

  "OPTS=-DSQLITE_ENABLE_STAT4=1 -DSQLITE_ENABLE_JSON1=1"

However, the following will not compile unless the amalgamation was built
with it enabled:

  "OPTS=-DSQLITE_ENABLE_UPDATE_DELETE_LIMIT=1"