sqlite3 1.5.0.rc1-arm-linux → 1.5.1-arm-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb021bcd830b6f8f3f7bcbd34d900c71b7465c9edc290d654c574af9db56225b
-  data.tar.gz: 489bb2ed0b97919def407d11d9563a23148ef6c471ff254bccf8149217d729b5
+  metadata.gz: 2e02b39f3b51452495371649b0a3e88fd1922bed9af7005853cb867d590ec7bf
+  data.tar.gz: 86ffa40979adc438cc018df0b32a40f4a46e5a735287388f5c3d4f62fad4636f
 SHA512:
-  metadata.gz: 306f49ab8ac6b987891e9d3dd8c16e59cb91cf44e4b8087bc7c819aa699791d9ef2d44566cd10e4bdd9728ccc1c20c87ee7f777317c600f31a9b34625ed7a6d7
-  data.tar.gz: 568912cab905969a2d65082bce1e32eceaaaa6eb3a66204a3228a0d834388093b8ecb5445614cdeb33744aae05c16ba0494d6c2fece87cf9c27f092c49756c83
+  metadata.gz: f6a8ef59b93767f400c94cd4450e3f4e42399d9b66b31e4d45b95c725c6cce0cb2cbd00267e47ee64afce82952a485925f8567b0b500d4fcb5873a2ca19eac99
+  data.tar.gz: 5d1a8712491ce3d99e5116dee9679a11fd9fffa9f9709faa719e5374df5eb5527a502b8978e3b56c403cde9967c9ce2bbc22c6926ca2ae3f0697d62456e0b5be

data/CHANGELOG.md

@@ -1,6 +1,27 @@
 # sqlite3-ruby Changelog
 
-## 1.5.0 / unreleased
+## 1.5.1 / 2022-09-29
+
+### Dependencies
+
+* Vendored sqlite is updated to [v3.39.4](https://sqlite.org/releaselog/3_39_4.html).
+
+### Security
+
+The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:
+
+> Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the
+> prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so
+> this should be considered a security update.
+>
+> In order to exploit the vulnerability, an attacker must have full SQL access and must be able to
+> construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit
+> signed integer overflow.
+
+For more information please see [GHSA-mgvv-5mxp-xq67](https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-mgvv-5mxp-xq67).
+
+
+## 1.5.0 / 2022-09-08
 
 ### Packaging
 
@@ -23,19 +44,20 @@ See [the README](https://github.com/sparklemotion/sqlite3-ruby#native-gems-recom
 
 #### More consistent developer experience
 
-Both the native (precompiled) gems and the vanilla "ruby platform" (source) gem include sqlite v3.39.0 by default.
+Both the native (precompiled) gems and the vanilla "ruby platform" (source) gem include sqlite v3.39.3 by default.
 
 Defaulting to a consistent version of sqlite across all systems means that your development environment behaves exactly like your production environment, and you have access to the latest and greatest features of sqlite.
 
 You can opt-out of the packaged version of sqlite (and use your system-installed library as in versions < 1.5.0). See [the README](https://github.com/sparklemotion/sqlite3-ruby#avoiding-the-precompiled-native-gem) for more information.
 
-[Release notes for this version of sqlite](https://sqlite.org/releaselog/3_39_0.html)
+[Release notes for this version of sqlite](https://sqlite.org/releaselog/3_39_3.html)
 
 
 ### Rubies and Platforms
 
 * TruffleRuby is supported.
 * Apple Silicon is supported (M1, arm64-darwin).
+* vcpkg system libraries supported. [#332] (Thanks, @MSP-Greg!)
 
 
 ### Added
@@ -43,6 +65,11 @@ You can opt-out of the packaged version of sqlite (and use your system-installed
 * `SQLite3::SQLITE_LOADED_VERSION` contains the version string of the sqlite3 library that is dynamically loaded (compare to `SQLite3::SQLITE_VERSION` which is the version at compile-time).
 
 
+### Fixed
+
+* `SQLite3::Database#load_extensions` now raises a `TypeError` unless a String is passed as the file path. Previously it was possible to pass a non-string and cause a segfault. [#339]
+
+
 ## 1.4.4 / 2022-06-14
 
 ### Fixes

data/README.md

@@ -107,7 +107,8 @@ If you're on a platform that supports a native gem but you want to avoid using i
 
 - If you're not using Bundler, then run `gem install sqlite3 --platform=ruby`
 - If you are using Bundler
-  - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`,
+  - version 2.3.18 or later, you can specify [`gem "sqlite3", force_ruby_platform: true`](https://bundler.io/v2.3/man/gemfile.5.html#FORCE_RUBY_PLATFORM)
+  - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`
   - version 2.0 or earlier, then you'll need to run `bundle config force_ruby_platform true`
 
 
@@ -118,7 +119,7 @@ If you are on a platform or version of Ruby that is not covered by the Native Ge
 
 #### Packaged libsqlite3
 
-By default, as of v1.5.0 of this library, libsqlite3 v3.38.5 is packaged with the gem and will be compiled and used automatically. This takes a bit longer than the native gem, but will provide a modern, well-supported version of libsqlite3.
+By default, as of v1.5.0 of this library, the latest available version of libsqlite3 is packaged with the gem and will be compiled and used automatically. This takes a bit longer than the native gem, but will provide a modern, well-supported version of libsqlite3.
 
 For example, on a linux system running Ruby 2.5:
 
@@ -143,6 +144,7 @@ If you would prefer to build the sqlite3-ruby gem against your system libsqlite3
 
 PLEASE NOTE:
 
+- you must avoid installing a precompiled native gem (see [previous section](#avoiding-the-precompiled-native-gem))
 - only versions of libsqlite3 `>= 3.5.0` are supported,
 - and some library features may depend on how your libsqlite3 was compiled.
 

data/ext/sqlite3/aggregator.c

@@ -265,9 +265,10 @@ rb_sqlite3_define_aggregator2(VALUE self, VALUE aggregator, VALUE ruby_name)
 void
 rb_sqlite3_aggregator_init(void)
 {
-  rb_gc_register_address(&cAggregatorWrapper);
-  rb_gc_register_address(&cAggregatorInstance);
   /* rb_class_new generatos class with undefined allocator in ruby 1.9 */
   cAggregatorWrapper = rb_funcall(rb_cClass, rb_intern("new"), 0);
+  rb_gc_register_mark_object(cAggregatorWrapper);
+
   cAggregatorInstance = rb_funcall(rb_cClass, rb_intern("new"), 0);
+  rb_gc_register_mark_object(cAggregatorInstance);
 }

data/ext/sqlite3/database.c

@@ -31,7 +31,7 @@ static char *
 utf16_string_value_ptr(VALUE str)
 {
   StringValue(str);
-  rb_str_buf_cat(str, "\x00", 1L);
+  rb_str_buf_cat(str, "\x00\x00", 2L);
   return RSTRING_PTR(str);
 }
 
@@ -603,7 +603,7 @@ static VALUE load_extension(VALUE self, VALUE file)
   Data_Get_Struct(self, sqlite3Ruby, ctx);
   REQUIRE_OPEN_DB(ctx);
 
-  status = sqlite3_load_extension(ctx->db, RSTRING_PTR(file), 0, &errMsg);
+  status = sqlite3_load_extension(ctx->db, StringValuePtr(file), 0, &errMsg);
   if (status != SQLITE_OK)
   {
     errexp = rb_exc_new2(rb_eRuntimeError, errMsg);

data/ext/sqlite3/extconf.rb

@@ -36,19 +36,26 @@ module Sqlite3
       end
 
       def sqlcipher?
-        with_config("sqlcipher")
+        with_config("sqlcipher") ||
+          with_config("sqlcipher-dir") ||
+          with_config("sqlcipher-include") ||
+          with_config("sqlcipher-lib")
       end
 
       def configure_system_libraries
         pkg_config(libname)
-        append_cflags("-DUSING_SQLCIPHER") if sqlcipher?
+        append_cppflags("-DUSING_SQLCIPHER") if sqlcipher?
       end
 
       def configure_packaged_libraries
         minimal_recipe.tap do |recipe|
           recipe.configure_options += ["--enable-shared=no", "--enable-static=yes"]
           ENV.to_h.tap do |env|
-            env["CFLAGS"] = [env["CFLAGS"], "-fPIC"].join(" ") # needed for linking the static library into a shared library
+            additional_cflags = [
+              "-fPIC", # needed for linking the static library into a shared library
+              "-O2", # see https://github.com/sparklemotion/sqlite3-ruby/issues/335 for some benchmarks
+            ]
+            env["CFLAGS"] = [env["CFLAGS"], additional_cflags].flatten.join(" ")
             recipe.configure_options += env.select { |k,v| ENV_ALLOWLIST.include?(k) }
                                            .map { |key, value| "#{key}=#{value.strip}" }
           end
@@ -72,10 +79,17 @@ module Sqlite3
 
       def configure_extension
         if Gem::Requirement.new("< 2.7").satisfied_by?(Gem::Version.new(RUBY_VERSION))
-          append_cflags("-DTAINTING_SUPPORT")
+          append_cppflags("-DTAINTING_SUPPORT")
+        end
+
+        if find_header("sqlite3.h")
+          # noop
+        elsif sqlcipher? && find_header("sqlcipher/sqlite3.h")
+          append_cppflags("-DUSING_SQLCIPHER_INC_SUBDIR")
+        else
+          abort_could_not_find("sqlite3.h")
         end
 
-        abort_could_not_find("sqlite3.h") unless find_header("sqlite3.h")
         abort_could_not_find(libname) unless find_library(libname, "sqlite3_libversion_number", "sqlite3.h")
 
         # Functions defined in 1.9 but not 1.8
@@ -119,18 +133,18 @@ module Sqlite3
       def mini_portile_config
         {
           sqlite3: {
-            # checksum verified by first checking the published sha3(256) checksum:
+            # checksum verified by first checking the published sha3(256) checksum against https://sqlite.org/download.html:
             #
-            #   $ sha3sum -a 256 sqlite-autoconf-3390000.tar.gz
-            #   b8e5b3265992350d40c4ad31efc2e6dec6256813f1d5acc8f0ea805e9f33ca2a  sqlite-autoconf-3390000.tar.gz
+            # $ sha3sum -a 256 ports/archives/sqlite-autoconf-3390400.tar.gz
+            # 431328e30d12c551da9ba7ef2122b269076058512014afa799caaf62ca567090  ports/archives/sqlite-autoconf-3390400.tar.gz
             #
-            #   $ sha256sum sqlite-autoconf-3390000.tar.gz
-            #   e90bcaef6dd5813fcdee4e867f6b65f3c9bfd0aec0f1017f9f3bbce1e4ed09e2  sqlite-autoconf-3390000.tar.gz
+            # $ sha256sum ports/archives/sqlite-autoconf-3390400.tar.gz
+            # f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb  ports/archives/sqlite-autoconf-3390400.tar.gz
             #
-            version: "3.39.0",
+            version: "3.39.4",
             files: [{
-                      url: "https://www.sqlite.org/2022/sqlite-autoconf-3390000.tar.gz",
-                      sha256: "e90bcaef6dd5813fcdee4e867f6b65f3c9bfd0aec0f1017f9f3bbce1e4ed09e2",
+                      url: "https://sqlite.org/2022/sqlite-autoconf-3390400.tar.gz",
+                      sha256: "f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb",
                     }],
           }
         }
@@ -147,10 +161,89 @@ module Sqlite3
       def download
         minimal_recipe.download
       end
+
+      def print_help
+        print(<<~TEXT)
+          USAGE: ruby #{$PROGRAM_NAME} [options]
+
+            Flags that are always valid:
+
+                --disable-system-libraries
+                    Use the packaged libraries, and ignore the system libraries.
+                    (This is the default behavior.)
+
+                --enable-system-libraries
+                    Use system libraries instead of building and using the packaged libraries.
+
+                --with-sqlcipher
+                    Use libsqlcipher instead of libsqlite3.
+                    (Implies `--enable-system-libraries`.)
+
+                --help
+                    Display this message.
+
+
+            Flags only used when using system libraries:
+
+                General (applying to all system libraries):
+
+                    --with-opt-dir=DIRECTORY
+                        Look for headers and libraries in DIRECTORY.
+
+                    --with-opt-lib=DIRECTORY
+                        Look for libraries in DIRECTORY.
+
+                    --with-opt-include=DIRECTORY
+                        Look for headers in DIRECTORY.
+
+                Related to sqlcipher:
+
+                    --with-sqlcipher-dir=DIRECTORY
+                        Look for sqlcipher headers and library in DIRECTORY.
+                        (Implies `--with-sqlcipher` and `--enable-system-libraries`.)
+
+                    --with-sqlcipher-lib=DIRECTORY
+                        Look for sqlcipher library in DIRECTORY.
+                        (Implies `--with-sqlcipher` and `--enable-system-libraries`.)
+
+                    --with-sqlcipher-include=DIRECTORY
+                        Look for sqlcipher headers in DIRECTORY.
+                        (Implies `--with-sqlcipher` and `--enable-system-libraries`.)
+
+
+            Flags only used when building and using the packaged libraries:
+
+                --enable-cross-build
+                    Enable cross-build mode. (You probably do not want to set this manually.)
+
+
+            Environment variables used for compiling the C extension:
+
+                CC
+                    Use this path to invoke the compiler instead of `RbConfig::CONFIG['CC']`
+
+
+            Environment variables passed through to the compilation of packaged libraries:
+
+                CC
+                CPPFLAGS
+                CFLAGS
+                LDFLAGS
+                LIBS
+                LT_SYS_LIBRARY_PATH
+                CPP
+
+        TEXT
+      end
     end
   end
 end
 
+if arg_config("--help")
+  Sqlite3::ExtConf.print_help
+  exit!(0)
+end
+
 if arg_config("--download-dependencies")
   Sqlite3::ExtConf.download
   exit!(0)

data/ext/sqlite3/sqlite3_ruby.h

@@ -21,8 +21,11 @@
 #define SQLITE3_UTF8_STR_NEW2(_obj) \
     (rb_enc_associate_index(rb_str_new2(_obj), rb_utf8_encindex()))
 
-
-#include <sqlite3.h>
+#ifdef USING_SQLCIPHER_INC_SUBDIR
+#  include <sqlcipher/sqlite3.h>
+#else
+#  include <sqlite3.h>
+#endif
 
 #ifndef HAVE_TYPE_SQLITE3_INT64
 typedef sqlite_int64 sqlite3_int64;

data/lib/sqlite3/version.rb

@@ -1,16 +1,14 @@
 module SQLite3
 
-  VERSION = "1.5.0.rc1"
+  VERSION = "1.5.1"
 
   module VersionProxy
-
     MAJOR = 1
     MINOR = 5
-    TINY  = 0
-    BUILD = "rc1"
+    TINY  = 1
+    BUILD = nil
 
     STRING = [ MAJOR, MINOR, TINY, BUILD ].compact.join( "." )
-    #:beta-tag:
 
     VERSION = ::SQLite3::VERSION
   end

data/test/test_database.rb

@@ -534,5 +534,12 @@ module SQLite3
       end
       assert_includes error.message, "no such column: nope"
     end
+
+    def test_load_extension_with_nonstring_argument
+      db = SQLite3::Database.new(':memory:')
+      skip("extensions are not enabled") unless db.respond_to?(:load_extension)
+      assert_raises(TypeError) { db.load_extension(1) }
+      assert_raises(TypeError) { db.load_extension(Pathname.new("foo.so")) }
+    end
   end
 end

data/test/test_sqlite3.rb

@@ -19,7 +19,12 @@ module SQLite3
     end
 
     def test_version_strings
+      skip if SQLite3::VERSION.include?("test") # see set-version-to-timestamp rake task
       assert_equal(SQLite3::VERSION, SQLite3::VersionProxy::STRING)
     end
+
+    def test_compiled_version_and_loaded_version
+      assert_equal(SQLite3::SQLITE_VERSION, SQLite3::SQLITE_LOADED_VERSION)
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sqlite3
 version: !ruby/object:Gem::Version
-  version: 1.5.0.rc1
+  version: 1.5.1
 platform: arm-linux
 authors:
 - Jamis Buck
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-05 00:00:00.000000000 Z
+date: 2022-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -178,9 +178,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.2.dev
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.3.4
 signing_key: