#
362190 |
|
15-Jun-2020 |
cy |
MFC r362095, r362145
r362095: MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.
PR: 247149 Reported by: spam123@bitbert.com Reminded by: emaste Security: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
r362145: MFV r362143:
Update sqlite3 to 3.32.2 (3320200).
CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a NULL pointer dereference via a crafted matchinfo() query.
PR: 247149 Reported by: spam123@bitbert.com Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632
|
#
361456 |
|
25-May-2020 |
cy |
MFC r360221-r360223
r360221: In preparation for update to sqlite3-3.31.1 (3310100), recommit r357201: MFV r357163, which was reverted by r357522 due to segfault under PowerPc.
Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)
r360222: MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)
Tested by: Mark Millard <marklmi at yahoo.com> With to be committed PowerPC patch
r360223: Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org, to address S/390 and Sparc segfaults, both of which are big endian. Our PowerPC is also big endian, which this patch also fixes.
Reported by: Mark Millard <marklmi at yahoo.com> Tested by: Mark Millard <marklmi at yahoo.com> Obtained from: https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1 https://sqlite.org/forum/forumpost/672291a5b2
|
#
251886 |
|
18-Jun-2013 |
peter |
Introduce svnlite so that we can check out our source code again.
This is actually a fully functional build except: * All internal shared libraries are static linked to make sure there is no interference with ports (and to reduce build time). * It does not have the python/perl/etc plugin or API support. * By default, it installs as "svnlite" rather than "svn". * If WITH_SVN added in make.conf, you get "svn". * If WITHOUT_SVNLITE is in make.conf, this is completely disabled.
To be absolutely clear, this is not intended for any use other than checking out freebsd source and committing, like we once did with cvs.
It should be usable for small scale local repositories that don't need the python/perl plugin architecture.
|
#
251886 |
|
18-Jun-2013 |
peter |
Introduce svnlite so that we can check out our source code again.
This is actually a fully functional build except: * All internal shared libraries are static linked to make sure there is no interference with ports (and to reduce build time). * It does not have the python/perl/etc plugin or API support. * By default, it installs as "svnlite" rather than "svn". * If WITH_SVN added in make.conf, you get "svn". * If WITHOUT_SVNLITE is in make.conf, this is completely disabled.
To be absolutely clear, this is not intended for any use other than checking out freebsd source and committing, like we once did with cvs.
It should be usable for small scale local repositories that don't need the python/perl plugin architecture.
|