Commit Graph

25 Commits

Author SHA1 Message Date
cy
df5ec7d889 MFV 364467:
Update sqlite to 3.33.0 (3330000).

Release announcement at https://www.sqlite.org/releaselog/3_33_0.html.

MFC after:	1 month
2020-08-24 18:13:44 +00:00
cy
f357eac25a MFV r362990:
Update sqlite to 3.32.3 (3320300).

Release Announcement:	https://www.sqlite.org/releaselog/3_32_3.html
See also:		ports r541414

PR:		247819
Reported by:	Pavel Volkov <pavelivolkov at gmail.com>
MFC after:	1 week
2020-07-07 19:09:38 +00:00
cy
3132c3cb3a MFV r362143:
Update sqlite3 to 3.32.2 (3320200).

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.

CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.

CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.

CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature

CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.

PR:		247149
Reported by:	spam123@bitbert.com
MFC after:	3 days
Security:	vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
		https://nvd.nist.gov/vuln/detail/CVE-2020-11655
		https://nvd.nist.gov/vuln/detail/CVE-2020-13434
		https://nvd.nist.gov/vuln/detail/CVE-2020-13435
		https://nvd.nist.gov/vuln/detail/CVE-2020-13630
		https://nvd.nist.gov/vuln/detail/CVE-2020-13631
		https://nvd.nist.gov/vuln/detail/CVE-2020-13632
2020-06-13 04:47:59 +00:00
cy
c3c70f6599 MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.

PR:		247149
Reported by:	spam123@bitbert.com
Reminded by:	emaste
MFC after:	3 days
Security:	CVE-2020-11655, CVE-2020-13434, CVE-2020-13435,
		CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
2020-06-12 13:02:44 +00:00
cy
03ffd71cfd Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org,
to address S/390 and Sparc segfaults, both of which are big endian.
Our PowerPC is also big endian, which this patch also fixes.

Reported by:	Mark Millard <marklmi at yahoo.com>
Tested by:	Mark Millard <marklmi at yahoo.com>
Obtained from:	https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1
		https://sqlite.org/forum/forumpost/672291a5b2
MFC after:	1 month
X-MFC with:	r360221, 360221
2020-04-23 14:08:40 +00:00
cy
9c7ac33549 MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)

Tested by:	Mark Millard <marklmi at yahoo.com>
		With to be committed PowerPC patch
MFC after:	1 month
X-MFC with:	r360221
2020-04-23 13:58:11 +00:00
cy
355146b1cd In preparation for update to sqlite3-3.31.1 (3310100),
recommit r357201: MFV r357163, which was reverted by r357522
due to segfault under PowerPc.

Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

MFC after:	1 month
2020-04-23 13:46:34 +00:00
cy
ac03aee5b1 Revert r357201: downgrade sqlite3 from sqlite3-3.31.0 (3310000) to
sqlite3-3.30.1 (3300100), as it causes svnlite segfaults on PowerPC,
resulting in corruption.

Reported by:	Mark Millard <marklmi at yahoo.com>
		Francis Little <oggy at farscape.co.uk>
2020-02-04 19:45:51 +00:00
cy
8ab5e8856e MFV r357163:
Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

MFC after:	1 month
2020-01-28 13:13:41 +00:00
cy
541045cb42 MFV r354257:
Update sqlite3-3.29.0 (3290000) --> sqlite3-3.30.1 (3300100)

MFC after:	1 month
2019-11-03 01:25:46 +00:00
cy
d63c98e763 MFV r350080:
Update sqlite3-3.28.0 (3280000) --> sqlite3-3.29.0 (3290000)

MFC after:	1 week
2019-07-18 00:27:28 +00:00
cy
e786d5adfb MFV r347136:
Update sqlite3-3.27.2 (3270200) --> sqlite3-3.28.0 (3280000)

MFC after:	3 days
Security:	CVE-2019-9937, CVE-2019-9936
2019-05-05 04:14:17 +00:00
cy
d4a47e2292 MFV r346450:
Update sqlite3-3.27.1 (3270100) --> sqlite3-3.27.2 (3270200)

MFC after:	11 days
2019-04-20 23:18:19 +00:00
cy
2e8e05ad6b MFV r345988:
Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

MFC after:	2 weeks
2019-04-06 23:35:23 +00:00
cy
ce7ba01778 MFV r342175:
Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

MFC after:	3 days
Security:	https://blade.tencent.com/magellan/index_en.html
		No known CVE was apparently registered.
2018-12-18 01:12:30 +00:00
peter
f247702986 Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1 2018-05-08 04:51:15 +00:00
peter
5443924d01 Update from sqlite3-3.14.1 to sqlite3-3.20.0. This is a private lib.
This fixes a possible client-side crash when parsing corrupt databases.
2017-08-11 00:00:01 +00:00
cy
b2893d0891 MFV r304732.
Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).

This commit addresses the tmpdir selection vulnerability fixed in
sqlite3-1.13.0.  See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.

Security:	VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
Security:	CVE-2016-6153
2016-08-24 12:32:24 +00:00
bapt
5c425ff754 Import sqlite3 3.12.1 2016-04-17 21:23:14 +00:00
peter
486dfaf4e0 Update the private sqlite3 from 3.8.9 to 3.8.11.1 (used by svnlite and
kerberos)
2015-08-09 05:44:57 +00:00
pfg
65f6bba789 sqlite: clean a couple of invocations of memcpy(3)
Found almost accidentally by our native gcc when enhanced with
FORTIFY_SOURCE.

Submitted by:	Oliver Pinter
Sponosored by:	Google Inc. GSoC 2015
2015-07-16 22:07:13 +00:00
bapt
600aae1ef8 Import sqlite3 3.8.9 2015-05-01 21:59:32 +00:00
bapt
4542c45b7b Update sqlite3 to 3.8.7.2 2014-11-22 19:18:08 +00:00
peter
feb26e5057 Update sqlite-3.7.17 -> 3.8.5 2014-08-12 02:09:00 +00:00
peter
6c648dd642 Introduce svnlite so that we can check out our source code again.
This is actually a fully functional build except:
* All internal shared libraries are static linked to make sure there
  is no interference with ports (and to reduce build time).
* It does not have the python/perl/etc plugin or API support.
* By default, it installs as "svnlite" rather than "svn".
* If WITH_SVN added in make.conf, you get "svn".
* If WITHOUT_SVNLITE is in make.conf, this is completely disabled.

To be absolutely clear, this is not intended for any use other than
checking out freebsd source and committing, like we once did with cvs.

It should be usable for small scale local repositories that don't
need the python/perl plugin architecture.
2013-06-18 02:53:45 +00:00