Description:
This update for sqlcipher fixes the following issues:
- More relaxed dependencies on tcl (boo#1195711)
- Update to version 4.5.0:
* Updates baseline to upstream SQLite 3.36.0
* Changes the enhanced memory security feature to be DISABLED by default; once enabled by PRAGMA cipher_memory_security = ON, it can't be turned off for the lifetime of the process
* Changes PRAGMA cipher_migrate to permanently enter an error state if a migration fails
* Fixes memory locking/unlocking issue with realloc implementation on hardened runtimes when memory security is enabled
* Fixes cipher_migrate to cleanup the temporary database if a migration fails
* Removes logging of non-string pointers when compiling with trace level logging
- Update to version 4.4.3:
* Updates baseline to ustream SQLite 3.34.1
* Fixes sqlcipher_export handling of NULL parameters
* Removes randomization of rekey-delete tests to avoid false test failures
* Changes internal usage of sqlite_master to sqlite_schema
* Omits unusued profiling function under certain defines to avoid compiler warnings
- update to 4.4.2:
- Improve error handling to resolve potential corruption if an encryption
operation failed while operating in WAL mode
- Changes to OpenSSL library cryptographic provider to reduce initialization
complexity
- Adjust cipher_integrity_check to skip locking page to avoid a spurious error
report for very large databases
- Miscellaneous code and comment cleanup
- Updates baseline to upstream SQLite 3.33.0
- Fixes double-free bug in cipher_default_plaintext_header_size
- Changes SQLCipher tests to use suite runner
- Improvement to cipher_integrity_check tests to minimize false negatives
- Deprecates PRAGMA cipher_store_pass
- update to 4.4.0:
- Updates baseline to upstream SQLite 3.31.0
- Adjusts shell to report SQLCipher version alongside SQLite version
- Fixes various build warnings under several compilers
- Removes unused id and status functions from provider interface
- Update to version 4.3.0:
* Updates baseline to upstream SQLite 3.30.1
* PRAGMA key now returns text result value "ok" after execution
* Adjusts backup API so that encrypted to encrypted backups are
permitted
* Adds NSS crypto provider implementation
* Fixes OpenSSL provider compatibility with BoringSSL
* Separates memory related traces to reduce verbosity of logging
* Fixes output of PRAGMA cipher_integrity_check on big endian
platforms
* Cryptograpic provider interface cleanup
* Rework of mutex allocation and management
* Resolves miscellaneous build warnings
* Force error state at database pager level if SQLCipher
initialization fails
- Update to version 4.2.0:
* Adds PRAGMA cipher_integrity_check to perform independent
verification of page HMACs
* Updates baseline to upstream SQLite 3.28.0
* Improves PRAGMA cipher_migrate to handle keys containing
non-terminating zero bytes
- Update to v4.1.0:
* Adds PRAGMA cipher_settings to query current database
codec settings
* Adds PRAGMA cipher_default_settings to query current
default SQLCipher options
* PRAGMA cipher_hmac_pgno is now deprecated
* PRAGMA cipher_hmac_salt_mask is now deprecated
* PRAGMA fast_kdf_iter is now deprecated
* Disable backup API for encrypted databases (this was
previously documented as not-working and non-supported,
but will now explicitly error out on initialization)
* Default page size for databases increased to 4096 bytes
(up from 1024)
* Default PBKDF2 iterations increased to 256,000
(up from 64,000)
* Default KDF algorithm is now PBKDF2-HMAC-SHA512
(from PBKDF2-HMAC-SHA1)
* Default HMAC algorithm is now HMAC-SHA512 (from HMAC-SHA1)
* PRAGMA cipher is now disabled and no longer supported
(after multi-year deprecation)
* PRAGMA rekey_cipher is now disabled and no longer supported
* PRAGMA rekey_kdf_iter is now disabled and no longer
supported
* By default all memory allocated internally by SQLite before
the memory is wiped before it is freed
* PRAGMA cipher_memory_security: allows full memory wiping
to be disabled for performance when the feature is
not required
* PRAGMA cipher_kdf_algorithm, cipher_default_kdf_algorithm
to control KDF algorithm selection between PBKDF2-HMAC-SHA1,
PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512
* PRAGMA cipher_hmac_algorithm, cipher_default_hmac_algorithm
to control HMAC algorithm selection between HMAC-SHA1,
HMAC-SHA256 and PBKDF2-HMAC-SHA512
* When compiled with readline support, PRAGMA key and rekey
lines will no longer be saved to history
* Adds second optional parameter to sqlcipher_export to specify
source database to support bidirectional exports
* PRAGMA cipher_plaintext_header_size and
cipher_default_plaintext_header_size: allocates a portion of
the database header which will not be encrypted to allow
identification as a SQLite database
* PRAGMA cipher_salt: retrieve or set the salt value for
the database