sqlite3: import sqlite3 3.35.5

Merge commit '0511e356f5e2106928ee352ee974d1470c860a9a' into new_merge

Changes at https://www.sqlite.org/releaselog/3_35_5.html.

MFC after: 1 month

(cherry picked from commit ce9de47260d4edc963a94140789e4a52642c28e6)

Git Hash: d9d03b5409f32668a71468975d944ac1015e878b
Git Author: cy@FreeBSD.org

MFC r362095, r362145

r362095:
MFV r362082:

Update sqlite3 3.31.1 --> 3.32.0.

PR: 247149
Reported by: spam123@bitbert.com
Reminded by: emaste
Security: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435,
CVE-2020-13630, CVE-2020-13631, CVE-2020-13632

r362145:
MFV r362143:

Update sqlite3 to 3.32.2 (3320200).

CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.

CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.

CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.

CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature

CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.

CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.

PR: 247149
Reported by: spam123@bitbert.com
Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3
https://nvd.nist.gov/vuln/detail/CVE-2020-11655
https://nvd.nist.gov/vuln/detail/CVE-2020-13434
https://nvd.nist.gov/vuln/detail/CVE-2020-13435
https://nvd.nist.gov/vuln/detail/CVE-2020-13630
https://nvd.nist.gov/vuln/detail/CVE-2020-13631
https://nvd.nist.gov/vuln/detail/CVE-2020-13632

MFC r360221-r360223

r360221:
In preparation for update to sqlite3-3.31.1 (3310100),
recommit r357201: MFV r357163, which was reverted by r357522
due to segfault under PowerPc.

Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)

r360222:
MFV r360158:

Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)

Tested by: Mark Millard <marklmi at yahoo.com>
With to be committed PowerPC patch

r360223:
Fix PowerPC segfault.

The segfault fix was originally developed by our upstream, sqlite.org,
to address S/390 and Sparc segfaults, both of which are big endian.
Our PowerPC is also big endian, which this patch also fixes.

Reported by: Mark Millard <marklmi at yahoo.com>
Tested by: Mark Millard <marklmi at yahoo.com>
Obtained from: https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1
https://sqlite.org/forum/forumpost/672291a5b2

MFC r354269:

MFV r354257:

Update sqlite3-3.29.0 (3290000) --> sqlite3-3.30.1 (3300100)

MFC r347139:

MFV r347136: Update sqlite3-3.27.2 (3270200) --> sqlite3-3.28.0 (3280000)

Security: CVE-2019-9937, CVE-2019-9936

MFC r345996:

Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

MFC r333352 & r342183:

r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1
r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

PR: 234113
Security: https://blade.tencent.com/magellan/index_en.html
No known CVE was apparently registered.

MFC: r322386 Update private sqlite3-3.14.1 to sqlite3-3.20.0.

MFC r304747:

Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).

This commit addresses the tmpdir selection vulnerability fixed in
sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.

Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
Security: CVE-2016-6153