Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add a news entry. Fix the release date. Fix typos. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
9759ba80533be98036ed444d3e7106ca |
User & Date: | drh 2017-07-26 17:25:38.165 |
Context
2017-07-27
| ||
18:20 | Update documentation for the destructor parameters on the pointer passing interfaces. (check-in: dd480b4420 user: drh tags: trunk) | |
2017-07-26
| ||
17:25 | Add a news entry. Fix the release date. Fix typos. (check-in: 9759ba8053 user: drh tags: trunk) | |
15:06 | Update test metrics on the testing.html page. (check-in: 6fc727b510 user: drh tags: trunk) | |
Changes
Changes to pages/bindptr.in.
︙ | ︙ | |||
26 27 28 29 30 31 32 | communicate non-SQL values between subcomponents or between the extension and the application. Some examples: <ul> <li><p> In the [FTS3] extension, the [FTS MATCH|MATCH operator] (which does the full-text search) | | > | 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | communicate non-SQL values between subcomponents or between the extension and the application. Some examples: <ul> <li><p> In the [FTS3] extension, the [FTS MATCH|MATCH operator] (which does the full-text search) needs to communicate details of matching entries to the [snippet()], [offsets()], and [matchinfo()] functions so that those functions can convert the details of the match into useful output. <li><p> In order for an application to [Extending FTS5|add new extensions to FTS5], such as new tokenizers, the application needs a pointer to the "fts5_api" object. |
︙ | ︙ | |||
100 101 102 103 104 105 106 | a hostile agent is able to inject arbitrary SQL text into the application, then that agent is already in full control of the application, so letting the hostile agent forge a pointer does not give the agent any new capability. <p> For most cases, it is true that potential attackers have no way of injecting | | | 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | a hostile agent is able to inject arbitrary SQL text into the application, then that agent is already in full control of the application, so letting the hostile agent forge a pointer does not give the agent any new capability. <p> For most cases, it is true that potential attackers have no way of injecting arbitrary SQL, and so most uses of SQLite are immune to the attack above. But there are some notable exceptions. To wit: <ul> <li><p> The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface to webkit allowed any webpage to to run arbitrary SQL in the browser for Chrome and Safari. That arbitrary SQL was supposed to be run inside |
︙ | ︙ |
Changes to pages/changes.in.
︙ | ︙ | |||
17 18 19 20 21 22 23 | proc chng {date desc {options {}}} { global nChng aChng xrefChng set aChng($nChng) [list $date $desc $options] set xrefChng($date) $nChng incr nChng } | | | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | proc chng {date desc {options {}}} { global nChng aChng xrefChng set aChng($nChng) [list $date $desc $options] set xrefChng($date) $nChng incr nChng } chng {2017-07-26 (3.20.0)} { <li> Update the text of error messages returned by [sqlite3_errmsg()] for some error codes. <li> Add new [pointer passing interfaces]. <li> Backwards-incompatible changes to some extensions in order to take advantage of the improved security offered by the new [pointer passing interfaces]: <ul> |
︙ | ︙ |
Changes to pages/news.in.
︙ | ︙ | |||
14 15 16 17 18 19 20 21 22 23 24 25 26 27 | hd_puts "<h3>$date - $title</h3>" regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt regsub -all {[Tt]icket #(\d+)} $txt \ {<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt hd_resolve "<blockquote>$txt</blockquote>" hd_puts "<hr width=\"50%\">" } newsitem {2017-06-17} {Release 3.18.2} { SQLite [version 3.18.2] is another backport of a bug fix found in SQLite [version 3.19.0], specifically the fix for ticket [https://sqlite.org/src/info/61fe9745|61fe9745]. Changes against [version 3.18.0] are minimal. } | > > > > > > > > > > > > > > > | 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | hd_puts "<h3>$date - $title</h3>" regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt regsub -all {[Tt]icket #(\d+)} $txt \ {<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt hd_resolve "<blockquote>$txt</blockquote>" hd_puts "<hr width=\"50%\">" } newsitem {2017-07-26} {Release 3.20.0} { SQLite [version 3.20.0] is a regularly secheduled maintenance release of SQLite. <p> This release contains many minor enhancements, including: <ul> <li> Several new extensions <li> Enhancements to the "sqlite3.exe" command-line shell <li> Query planner enhancements <li> Miscellaneous code optimizations for improved performance </ul> <p> See the [version 3.20.0|release notes] for more information. } newsitem {2017-06-17} {Release 3.18.2} { SQLite [version 3.18.2] is another backport of a bug fix found in SQLite [version 3.19.0], specifically the fix for ticket [https://sqlite.org/src/info/61fe9745|61fe9745]. Changes against [version 3.18.0] are minimal. } |
︙ | ︙ |
Changes to pages/whyc.in.
︙ | ︙ | |||
77 78 79 80 81 82 83 | </tr> </table> </center> <p> In a more complete build, SQLite also uses library routines like malloc() and free() and operating system interfaces for opening, reading, | | | 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | </tr> </table> </center> <p> In a more complete build, SQLite also uses library routines like malloc() and free() and operating system interfaces for opening, reading, writing, and closing files. But even then, the number of dependencies is very small. Other "modern" language, in contrast, often require multi-megabyte runtimes loaded with thousands and thousands of interfaces. <h2>Stability</h2> <p> The C language is old and boring. |
︙ | ︙ |