Description:
This update for sqlite3 fixes the following issues:
Update sqlite3 to version 3.51.3:
Security issues:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Non security issue:
- sqlite3 won't build when using --with icu (bsc#1248586).
Changelog:
Update to version 3.51.3:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
* Other minor bug fixes.
Update to version 3.51.2:
* Fix an obscure deadlock in the new broken-posix-lock detection
logic.
* Fix multiple problems in the EXISTS-to-JOIN optimization.
Update to version 3.51.1:
* Fix incorrect results from nested EXISTS queries caused by the
optimization in item 6b in the 3.51.0 release.
* Fix a latent bug in fts5vocab virtual table, exposed by new
optimizations in the 3.51.0 release
Update to version 3.51.0:
* New macros in sqlite3.h:
- SQLITE_SCM_BRANCH -> the name of the branch from which the
source code is taken.
- SQLITE_SCM_TAGS -> space-separated list of tags on the source
code check-in.
- SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source
* Two new JSON functions, jsonb_each() and jsonb_tree() work the
same as the existing json_each() and json_tree() functions
except that they return JSONB for the "value" column when the
"type" is 'array' or 'object'.
* The carray and percentile extensions are now built into the
amalgamation, though they are disabled by default and must be
activated at compile-time using the -DSQLITE_ENABLE_CARRAY
and/or -DSQLITE_ENABLE_PERCENTILE options, respectively.
* Enhancements to TCL Interface:
- Add the -asdict flag to the eval command to have it set the
row data as a dict instead of an array.
- User-defined functions may now break to return an SQL NULL.
* CLI enhancements:
- Increase the precision of ".timer" to microseconds.
- Enhance the "box" and "column" formatting modes to deal with
double-wide characters.
- The ".imposter" command provides read-only imposter tables
that work with VACUUM and do not require the --unsafe-testing
option.
- Add the --ifexists option to the CLI command-line option and
to the .open command.
- Limit columns widths set by the ".width" command to 30,000 or
less, as there is not good reason to have wider columns, but
supporting wider columns provides opportunity to malefactors.
* Performance enhancements:
- Use fewer CPU cycles to commit a read transaction.
- Early detection of joins that return no rows due to one or
more of the tables containing no rows.
- Avoid evaluation of scalar subqueries if the result of the
subquery does not change the result of the overall expression.
- Faster window function queries when using
"BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y.
* Add the PRAGMA wal_checkpoint=NOOP; command and the
SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2().
* Add the sqlite3_set_errmsg() API for use by extensions.
* Add the sqlite3_db_status64() API, which works just like the
existing sqlite3_db_status() API except that it returns 64-bit
results.
* Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the
sqlite3_db_status() and sqlite3_db_status64() interfaces.
* In the session extension add the sqlite3changeset_apply_v3()
interface.
* For the built-in printf() and the format() SQL function, omit
the leading '-' from negative floating point numbers if the '+'
flag is omitted and the "#" flag is present and all displayed
digits are '0'. Use '%#f' or similar to avoid outputs like
'-0.00' and instead show just '0.00'.
* Improved error messages generated by FTS5.
* Enforce STRICT typing on computed columns.
* Improved support for VxWorks
* JavaScript/WASM now supports 64-bit WASM. The canonical builds
continue to be 32-bit but creating one's own 64-bit build is
now as simple as running "make".
* Improved resistance to database corruption caused by an
application breaking Posix advisory locks using close().