Documentation Source Text

Check-in [9759ba8053]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add a news entry. Fix the release date. Fix typos.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9759ba80533be98036ed444d3e7106ca23f602e0612b353f550821cb023ef0ff
User & Date: drh 2017-07-26 17:25:38.165
Context
2017-07-27
18:20
Update documentation for the destructor parameters on the pointer passing interfaces. (check-in: dd480b4420 user: drh tags: trunk)
2017-07-26
17:25
Add a news entry. Fix the release date. Fix typos. (check-in: 9759ba8053 user: drh tags: trunk)
15:06
Update test metrics on the testing.html page. (check-in: 6fc727b510 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to pages/bindptr.in.
26
27
28
29
30
31
32
33

34
35
36
37
38
39
40
communicate non-SQL values between subcomponents or between the extension
and the application.  Some examples:

<ul>
<li><p>
In the [FTS3] extension, the 
[FTS MATCH|MATCH operator] (which does the full-text search)
needs to communicate details of matching entrys to the [snippet()], [offsets()],

and [matchinfo()] functions so that those functions can convert the details
of the match into useful output.

<li><p>
In order for an application to 
[Extending FTS5|add new extensions to FTS5], such as new tokenizers, 
the application needs a pointer to the "fts5_api" object.







|
>







26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
communicate non-SQL values between subcomponents or between the extension
and the application.  Some examples:

<ul>
<li><p>
In the [FTS3] extension, the 
[FTS MATCH|MATCH operator] (which does the full-text search)
needs to communicate details of matching entries 
to the [snippet()], [offsets()],
and [matchinfo()] functions so that those functions can convert the details
of the match into useful output.

<li><p>
In order for an application to 
[Extending FTS5|add new extensions to FTS5], such as new tokenizers, 
the application needs a pointer to the "fts5_api" object.
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
a hostile agent is able to inject arbitrary SQL text into the application,
then that agent is already in full control of the application, so
letting the hostile agent forge a pointer does not give the agent
any new capability.

<p>
For most cases, it is true that potential attackers have no way of injecting
arbitrary SQL, and so most uses of SQLite are immute to the attack above.
But there are some notable exceptions.  To wit:

<ul>
<li><p>
The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface
to webkit allowed any webpage to to run arbitrary SQL in the browser
for Chrome and Safari.  That arbitrary SQL was supposed to be run inside







|







101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
a hostile agent is able to inject arbitrary SQL text into the application,
then that agent is already in full control of the application, so
letting the hostile agent forge a pointer does not give the agent
any new capability.

<p>
For most cases, it is true that potential attackers have no way of injecting
arbitrary SQL, and so most uses of SQLite are immune to the attack above.
But there are some notable exceptions.  To wit:

<ul>
<li><p>
The [https://en.wikipedia.org/wiki/Web_SQL_Database|WebSQL] interface
to webkit allowed any webpage to to run arbitrary SQL in the browser
for Chrome and Safari.  That arbitrary SQL was supposed to be run inside
Changes to pages/changes.in.
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
proc chng {date desc {options {}}} {
  global nChng aChng xrefChng
  set aChng($nChng) [list $date $desc $options]
  set xrefChng($date) $nChng
  incr nChng
}

chng {2017-08-01 (3.20.0)} {
<li> Update the text of error messages returned by [sqlite3_errmsg()] for some
     error codes.
<li> Add new [pointer passing interfaces].
<li> Backwards-incompatible changes to some extensions in order to take 
     advantage of the improved security offered by the new 
     [pointer passing interfaces]:
     <ul>







|







17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
proc chng {date desc {options {}}} {
  global nChng aChng xrefChng
  set aChng($nChng) [list $date $desc $options]
  set xrefChng($date) $nChng
  incr nChng
}

chng {2017-07-26 (3.20.0)} {
<li> Update the text of error messages returned by [sqlite3_errmsg()] for some
     error codes.
<li> Add new [pointer passing interfaces].
<li> Backwards-incompatible changes to some extensions in order to take 
     advantage of the improved security offered by the new 
     [pointer passing interfaces]:
     <ul>
Changes to pages/news.in.
14
15
16
17
18
19
20















21
22
23
24
25
26
27
  hd_puts "<h3>$date - $title</h3>"
  regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt
  regsub -all {[Tt]icket #(\d+)} $txt \
      {<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt
  hd_resolve "<blockquote>$txt</blockquote>"
  hd_puts "<hr width=\"50%\">"
}
















newsitem {2017-06-17} {Release 3.18.2} {
SQLite [version 3.18.2] is another backport of a bug fix found
in SQLite [version 3.19.0], specifically the fix for
ticket [https://sqlite.org/src/info/61fe9745|61fe9745].  Changes
against [version 3.18.0] are minimal.
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
  hd_puts "<h3>$date - $title</h3>"
  regsub -all "\n( *\n)+" $text "</p>\n\n<p>" txt
  regsub -all {[Tt]icket #(\d+)} $txt \
      {<a href="http://www.sqlite.org/cvstrac/tktview?tn=\1">\0</a>} txt
  hd_resolve "<blockquote>$txt</blockquote>"
  hd_puts "<hr width=\"50%\">"
}

newsitem {2017-07-26} {Release 3.20.0} {
SQLite [version 3.20.0] is a regularly secheduled maintenance release
of SQLite.
<p>
This release contains many minor enhancements, including:
<ul>
<li> Several new extensions
<li> Enhancements to the "sqlite3.exe" command-line shell
<li> Query planner enhancements
<li> Miscellaneous code optimizations for improved performance
</ul>
<p>
See the [version 3.20.0|release notes] for more information.
}

newsitem {2017-06-17} {Release 3.18.2} {
SQLite [version 3.18.2] is another backport of a bug fix found
in SQLite [version 3.19.0], specifically the fix for
ticket [https://sqlite.org/src/info/61fe9745|61fe9745].  Changes
against [version 3.18.0] are minimal.
}
Changes to pages/whyc.in.
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
</tr>
</table>
</center>

<p>
In a more complete build, SQLite also uses library routines like
malloc() and free() and operating system interfaces for opening, reading,
writing, and closing files.  But even then, the number of dependences
is very small.  Other "modern" language, in contrast, often require
multi-megabyte runtimes loaded with thousands and thousands of interfaces.

<h2>Stability</h2>

<p>
The C language is old and boring.







|







77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
</tr>
</table>
</center>

<p>
In a more complete build, SQLite also uses library routines like
malloc() and free() and operating system interfaces for opening, reading,
writing, and closing files.  But even then, the number of dependencies
is very small.  Other "modern" language, in contrast, often require
multi-megabyte runtimes loaded with thousands and thousands of interfaces.

<h2>Stability</h2>

<p>
The C language is old and boring.