sqlite3 1.5.0-x64-mingw-ucrt → 1.5.2-x64-mingw-ucrt

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43e3d66e9d7fa55cd49cac0e1cbf81e39de3405c93c63a70b4bb37a4c33b9c9a
4
- data.tar.gz: 784e05f6b2f5536a18806937ba79390d55ab0bb35e3254603d42677c49afe46b
3
+ metadata.gz: cb39f79d973e50f2597b630330aa22108a667d206cfc84101ad10b58577558d2
4
+ data.tar.gz: 07d91f6b962e9c23c1ed799baa55865755f38912d18ec2144e180ee1afe20f9e
5
5
  SHA512:
6
- metadata.gz: 58a50d6de3eb7a7e59ecc17eb34107eb3b2e4772c99546e9f9a0f7a223156536e1c879744f55c509fc9abbe47039ecfea99c64521b387cb1a8deb88e7c489bac
7
- data.tar.gz: e2f19f044b6126bc428608ea7034b47ad7af9c5397a1bce8ee47460651bdefd1b30b84d468ba3d95ff50b96ea1b3bec09eaace3aadc623a062a1da05954b9c78
6
+ metadata.gz: c920d78c5fd7e01c559895e90dfa70553d5a8361c1fad12c8c78f85debcd9568e9471936f9c97c877634d874e1b44ab92482e48b377e6d62bdeb6808856004a8
7
+ data.tar.gz: e021c81995a14e182ec18fa16d150c16ac81212bf37d041649340ec9aeacfc62d64e5ad258bc34deef01d156918eb81d1fa42106ad90143c726b10528e67b0a3
data/CHANGELOG.md CHANGED
@@ -1,5 +1,35 @@
1
1
  # sqlite3-ruby Changelog
2
2
 
3
+ ## 1.5.2 / 2022-10-01
4
+
5
+ ### Packaging
6
+
7
+ This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.
8
+
9
+ v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. [#352]
10
+
11
+
12
+ ## 1.5.1 / 2022-09-29
13
+
14
+ ### Dependencies
15
+
16
+ * Vendored sqlite is updated to [v3.39.4](https://sqlite.org/releaselog/3_39_4.html).
17
+
18
+ ### Security
19
+
20
+ The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:
21
+
22
+ > Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the
23
+ > prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so
24
+ > this should be considered a security update.
25
+ >
26
+ > In order to exploit the vulnerability, an attacker must have full SQL access and must be able to
27
+ > construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit
28
+ > signed integer overflow.
29
+
30
+ For more information please see [GHSA-mgvv-5mxp-xq67](https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-mgvv-5mxp-xq67).
31
+
32
+
3
33
  ## 1.5.0 / 2022-09-08
4
34
 
5
35
  ### Packaging
data/CONTRIBUTING.md CHANGED
@@ -20,5 +20,5 @@ A quick checklist:
20
20
  - [ ] update `CHANGELOG.md` and `lib/sqlite3/version.rb` including `VersionProxy::{MINOR,TINY}`
21
21
  - [ ] create a git tag using a format that matches the pattern `v\d+\.\d+\.\d+`, e.g. `v1.3.13`
22
22
  - [ ] run `bin/build-gems` and make sure it completes and all the tests pass
23
- - [ ] `for g in gems/*.gem ; do gem push $g ; done`
23
+ - [ ] `for g in gems/*.gem ; do gem push $g ; done`s
24
24
  - [ ] create a release at https://github.com/sparklemotion/sqlite3-ruby/releases and include sha2 checksums
data/README.md CHANGED
@@ -107,7 +107,8 @@ If you're on a platform that supports a native gem but you want to avoid using i
107
107
 
108
108
  - If you're not using Bundler, then run `gem install sqlite3 --platform=ruby`
109
109
  - If you are using Bundler
110
- - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`,
110
+ - version 2.3.18 or later, you can specify [`gem "sqlite3", force_ruby_platform: true`](https://bundler.io/v2.3/man/gemfile.5.html#FORCE_RUBY_PLATFORM)
111
+ - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`
111
112
  - version 2.0 or earlier, then you'll need to run `bundle config force_ruby_platform true`
112
113
 
113
114
 
@@ -143,6 +144,7 @@ If you would prefer to build the sqlite3-ruby gem against your system libsqlite3
143
144
 
144
145
  PLEASE NOTE:
145
146
 
147
+ - you must avoid installing a precompiled native gem (see [previous section](#avoiding-the-precompiled-native-gem))
146
148
  - only versions of libsqlite3 `>= 3.5.0` are supported,
147
149
  - and some library features may depend on how your libsqlite3 was compiled.
148
150
 
data/dependencies.yml ADDED
@@ -0,0 +1,14 @@
1
+ # TODO: stop using symbols here once we no longer support Ruby 2.7 and can rely on symbolize_names
2
+ :sqlite3:
3
+ # checksum verified by first checking the published sha3(256) checksum against https://sqlite.org/download.html:
4
+ #
5
+ # $ sha3sum -a 256 ports/archives/sqlite-autoconf-3390400.tar.gz
6
+ # 431328e30d12c551da9ba7ef2122b269076058512014afa799caaf62ca567090 ports/archives/sqlite-autoconf-3390400.tar.gz
7
+ #
8
+ # $ sha256sum ports/archives/sqlite-autoconf-3390400.tar.gz
9
+ # f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb ports/archives/sqlite-autoconf-3390400.tar.gz
10
+ #
11
+ :version: "3.39.4"
12
+ :files:
13
+ - :url: "https://sqlite.org/2022/sqlite-autoconf-3390400.tar.gz"
14
+ :sha256: "f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb"
@@ -1,5 +1,6 @@
1
1
  require "mkmf"
2
2
  require "mini_portile2"
3
+ require "yaml"
3
4
 
4
5
  module Sqlite3
5
6
  module ExtConf
@@ -131,23 +132,8 @@ module Sqlite3
131
132
  end
132
133
 
133
134
  def mini_portile_config
134
- {
135
- sqlite3: {
136
- # checksum verified by first checking the published sha3(256) checksum against https://sqlite.org/download.html:
137
- #
138
- # $ sha3sum -a 256 ports/archives/sqlite-autoconf-3390300.tar.gz
139
- # dfa055c70724cd63f0b7da6e9f53530d8da51fe021e3f864d58c7c847d590e1d ports/archives/sqlite-autoconf-3390300.tar.gz
140
- #
141
- # $ sha256sum ports/archives/sqlite-autoconf-3390300.tar.gz
142
- # 7868fb3082be3f2cf4491c6fba6de2bddcbc293a35fefb0624ee3c13f01422b9 ports/archives/sqlite-autoconf-3390300.tar.gz
143
- #
144
- version: "3.39.3",
145
- files: [{
146
- url: "https://www.sqlite.org/2022/sqlite-autoconf-3390300.tar.gz",
147
- sha256: "7868fb3082be3f2cf4491c6fba6de2bddcbc293a35fefb0624ee3c13f01422b9",
148
- }],
149
- }
150
- }
135
+ # TODO: once Ruby 2.7 is no longer supported, use symbolize_names: true
136
+ YAML.load_file(File.join(package_root_dir, "dependencies.yml"))
151
137
  end
152
138
 
153
139
  def abort_could_not_find(missing)
Binary file
@@ -1,11 +1,11 @@
1
1
  module SQLite3
2
2
 
3
- VERSION = "1.5.0"
3
+ VERSION = "1.5.2"
4
4
 
5
5
  module VersionProxy
6
6
  MAJOR = 1
7
7
  MINOR = 5
8
- TINY = 0
8
+ TINY = 2
9
9
  BUILD = nil
10
10
 
11
11
  STRING = [ MAJOR, MINOR, TINY, BUILD ].compact.join( "." )
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqlite3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.5.2
5
5
  platform: x64-mingw-ucrt
6
6
  authors:
7
7
  - Jamis Buck
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-09-08 00:00:00.000000000 Z
13
+ date: 2022-10-01 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: minitest
@@ -103,6 +103,7 @@ files:
103
103
  - LICENSE
104
104
  - LICENSE-DEPENDENCIES
105
105
  - README.md
106
+ - dependencies.yml
106
107
  - ext/sqlite3/aggregator.c
107
108
  - ext/sqlite3/aggregator.h
108
109
  - ext/sqlite3/backup.c