RubyGems - sqlite3 - Versions diffs - 1.5.0-x64-mingw-ucrt → 1.5.1-x64-mingw-ucrt - Mend

sqlite3 1.5.0-x64-mingw-ucrt → 1.5.1-x64-mingw-ucrt

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +21 -0
data/README.md +3 -1
data/ext/sqlite3/extconf.rb +7 -7
data/lib/sqlite3/3.1/sqlite3_native.so +0 -0
data/lib/sqlite3/version.rb +2 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43e3d66e9d7fa55cd49cac0e1cbf81e39de3405c93c63a70b4bb37a4c33b9c9a
-  data.tar.gz: 784e05f6b2f5536a18806937ba79390d55ab0bb35e3254603d42677c49afe46b
+  metadata.gz: 9c0cf4b44c4aed4409f9dfee591b28a76ab20df8c72a9685b324913625d36f3b
+  data.tar.gz: d78ced2a03a0ec458a1d77b592495c4d7293feea979bb33142273955f3f84dcc
 SHA512:
-  metadata.gz: 58a50d6de3eb7a7e59ecc17eb34107eb3b2e4772c99546e9f9a0f7a223156536e1c879744f55c509fc9abbe47039ecfea99c64521b387cb1a8deb88e7c489bac
-  data.tar.gz: e2f19f044b6126bc428608ea7034b47ad7af9c5397a1bce8ee47460651bdefd1b30b84d468ba3d95ff50b96ea1b3bec09eaace3aadc623a062a1da05954b9c78
+  metadata.gz: b43faa2df8456527b221126384f5399acae6a6abfb05472fd0ad94178beb78b0ec779c4e08f60ffd7835767e251313efab5b549c1ba7424ff7922615af7f7d88
+  data.tar.gz: e22cce7dea8d728729d60c7a2374c15c9fcb961169791287b677747535abf2889fc001ada21d97ac1abb4ca9c8256c1ebb970b468bb7f9f686c4134a0c76e100

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,26 @@
 # sqlite3-ruby Changelog
+## 1.5.1 / 2022-09-29
+### Dependencies
+* Vendored sqlite is updated to [v3.39.4](https://sqlite.org/releaselog/3_39_4.html).
+### Security
+The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:
+> Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the
+> prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so
+> this should be considered a security update.
+>
+> In order to exploit the vulnerability, an attacker must have full SQL access and must be able to
+> construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit
+> signed integer overflow.
+For more information please see [GHSA-mgvv-5mxp-xq67](https://github.com/sparklemotion/sqlite3-ruby/security/advisories/GHSA-mgvv-5mxp-xq67).
 ## 1.5.0 / 2022-09-08
 ### Packaging

data/README.md CHANGED Viewed

@@ -107,7 +107,8 @@ If you're on a platform that supports a native gem but you want to avoid using i
 - If you're not using Bundler, then run `gem install sqlite3 --platform=ruby`
 - If you are using Bundler
-  - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`,
+  - version 2.3.18 or later, you can specify [`gem "sqlite3", force_ruby_platform: true`](https://bundler.io/v2.3/man/gemfile.5.html#FORCE_RUBY_PLATFORM)
+  - version 2.1 or later, then you'll need to run `bundle config set force_ruby_platform true`
   - version 2.0 or earlier, then you'll need to run `bundle config force_ruby_platform true`
@@ -143,6 +144,7 @@ If you would prefer to build the sqlite3-ruby gem against your system libsqlite3
 PLEASE NOTE:
+- you must avoid installing a precompiled native gem (see [previous section](#avoiding-the-precompiled-native-gem))
 - only versions of libsqlite3 `>= 3.5.0` are supported,
 - and some library features may depend on how your libsqlite3 was compiled.

data/ext/sqlite3/extconf.rb CHANGED Viewed

@@ -135,16 +135,16 @@ module Sqlite3
           sqlite3: {
             # checksum verified by first checking the published sha3(256) checksum against https://sqlite.org/download.html:
             #
-            # $ sha3sum -a 256 ports/archives/sqlite-autoconf-3390300.tar.gz
-            # dfa055c70724cd63f0b7da6e9f53530d8da51fe021e3f864d58c7c847d590e1d  ports/archives/sqlite-autoconf-3390300.tar.gz
+            # $ sha3sum -a 256 ports/archives/sqlite-autoconf-3390400.tar.gz
+            # 431328e30d12c551da9ba7ef2122b269076058512014afa799caaf62ca567090  ports/archives/sqlite-autoconf-3390400.tar.gz
             #
-            # $ sha256sum ports/archives/sqlite-autoconf-3390300.tar.gz
-            # 7868fb3082be3f2cf4491c6fba6de2bddcbc293a35fefb0624ee3c13f01422b9  ports/archives/sqlite-autoconf-3390300.tar.gz
+            # $ sha256sum ports/archives/sqlite-autoconf-3390400.tar.gz
+            # f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb  ports/archives/sqlite-autoconf-3390400.tar.gz
             #
-            version: "3.39.3",
+            version: "3.39.4",
             files: [{
-                      url: "https://www.sqlite.org/2022/sqlite-autoconf-3390300.tar.gz",
-                      sha256: "7868fb3082be3f2cf4491c6fba6de2bddcbc293a35fefb0624ee3c13f01422b9",
+                      url: "https://sqlite.org/2022/sqlite-autoconf-3390400.tar.gz",
+                      sha256: "f31d445b48e67e284cf206717cc170ab63cbe4fd7f79a82793b772285e78fdbb",
                     }],
           }
         }

data/lib/sqlite3/3.1/sqlite3_native.so CHANGED Viewed

Binary file

data/lib/sqlite3/version.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 module SQLite3
-  VERSION = "1.5.0"
+  VERSION = "1.5.1"
   module VersionProxy
     MAJOR = 1
     MINOR = 5
-    TINY  = 0
+    TINY  = 1
     BUILD = nil
     STRING = [ MAJOR, MINOR, TINY, BUILD ].compact.join( "." )

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sqlite3
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.5.1
 platform: x64-mingw-ucrt
 authors:
 - Jamis Buck
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-08 00:00:00.000000000 Z
+date: 2022-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest