SUSE Package Hub - openSUSE-2022-33

Update Info

openSUSE-2022-33

Recommended update for sqlcipher

Type: recommended
Severity: moderate
Issued: 2022-02-15
Description:
This update for sqlcipher fixes the following issues:

- More relaxed dependencies on tcl (boo#1195711)

- Update to version 4.5.0:

  * Updates baseline to upstream SQLite 3.36.0
  * Changes the enhanced memory security feature to be DISABLED by default; once enabled by PRAGMA cipher_memory_security = ON, it can't be turned off for the lifetime of the process
  * Changes PRAGMA cipher_migrate to permanently enter an error state if a migration fails
  * Fixes memory locking/unlocking issue with realloc implementation on hardened runtimes when memory security is enabled
  * Fixes cipher_migrate to cleanup the temporary database if a migration fails
  * Removes logging of non-string pointers when compiling with trace level logging

- Update to version 4.4.3:

  * Updates baseline to ustream SQLite 3.34.1
  * Fixes sqlcipher_export handling of NULL parameters
  * Removes randomization of rekey-delete tests to avoid false test failures
  * Changes internal usage of sqlite_master to sqlite_schema
  * Omits unusued profiling function under certain defines to avoid compiler warnings

- update to 4.4.2:

  - Improve error handling to resolve potential corruption if an encryption
    operation failed while operating in WAL mode
  - Changes to OpenSSL library cryptographic provider to reduce initialization
    complexity
  - Adjust cipher_integrity_check to skip locking page to avoid a spurious error
    report for very large databases
  - Miscellaneous code and comment cleanup
  - Updates baseline to upstream SQLite 3.33.0
  - Fixes double-free bug in cipher_default_plaintext_header_size
  - Changes SQLCipher tests to use suite runner
  - Improvement to cipher_integrity_check tests to minimize false negatives
  - Deprecates PRAGMA cipher_store_pass

- update to 4.4.0:

  - Updates baseline to upstream SQLite 3.31.0
  - Adjusts shell to report SQLCipher version alongside SQLite version
  - Fixes various build warnings under several compilers
  - Removes unused id and status functions from provider interface

- Update to version 4.3.0:

  * Updates baseline to upstream SQLite 3.30.1
  * PRAGMA key now returns text result value "ok" after execution
  * Adjusts backup API so that encrypted to encrypted backups are
    permitted
  * Adds NSS crypto provider implementation
  * Fixes OpenSSL provider compatibility with BoringSSL
  * Separates memory related traces to reduce verbosity of logging
  * Fixes output of PRAGMA cipher_integrity_check on big endian
    platforms
  * Cryptograpic provider interface cleanup
  * Rework of mutex allocation and management
  * Resolves miscellaneous build warnings
  * Force error state at database pager level if SQLCipher
    initialization fails

- Update to version 4.2.0:

  * Adds PRAGMA cipher_integrity_check to perform independent
    verification of page HMACs
  * Updates baseline to upstream SQLite 3.28.0
  * Improves PRAGMA cipher_migrate to handle keys containing
    non-terminating zero bytes

- Update to v4.1.0:

  * Adds PRAGMA cipher_settings to query current database
    codec settings
  * Adds PRAGMA cipher_default_settings to query current
    default SQLCipher options
  * PRAGMA cipher_hmac_pgno is now deprecated
  * PRAGMA cipher_hmac_salt_mask is now deprecated
  * PRAGMA fast_kdf_iter is now deprecated
  * Disable backup API for encrypted databases (this was
    previously documented as not-working and non-supported,
    but will now explicitly error out on initialization)
  * Default page size for databases increased to 4096 bytes
    (up from 1024)
  * Default PBKDF2 iterations increased to 256,000 
    (up from 64,000)
  * Default KDF algorithm is now PBKDF2-HMAC-SHA512
    (from PBKDF2-HMAC-SHA1)
  * Default HMAC algorithm is now HMAC-SHA512 (from HMAC-SHA1)
  * PRAGMA cipher is now disabled and no longer supported
    (after multi-year deprecation)
  * PRAGMA rekey_cipher is now disabled and no longer supported
  * PRAGMA rekey_kdf_iter is now disabled and no longer
    supported
  * By default all memory allocated internally by SQLite before
    the memory is wiped before it is freed
  * PRAGMA cipher_memory_security: allows full memory wiping
    to be disabled for performance when the feature is
    not required
  * PRAGMA cipher_kdf_algorithm, cipher_default_kdf_algorithm
    to control KDF algorithm selection between PBKDF2-HMAC-SHA1,
    PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-SHA512
  * PRAGMA cipher_hmac_algorithm, cipher_default_hmac_algorithm
    to control HMAC algorithm selection between HMAC-SHA1,
    HMAC-SHA256 and PBKDF2-HMAC-SHA512
  * When compiled with readline support, PRAGMA key and rekey
    lines will no longer be saved to history
  * Adds second optional parameter to sqlcipher_export to specify
    source database to support bidirectional exports
  * PRAGMA cipher_plaintext_header_size and
    cipher_default_plaintext_header_size: allocates a portion of
    the database header which will not be encrypted to allow
    identification as a SQLite database
  * PRAGMA cipher_salt: retrieve or set the salt value for
    the database
References

Bugzilla: 1195711 https://bugzilla.opensuse.org/show_bug.cgi?id=1195711
Packages

sqlcipher-4.5.0-bp153.2.5.1