-
Notifications
You must be signed in to change notification settings - Fork 715
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SQLite 3.26.0 with security updates & window functions #837
Comments
This was referenced Dec 16, 2018
brodycj
pushed a commit
that referenced
this issue
Dec 17, 2018
with security update and support for window functions using cordova-sqlite-storage-dependencies@1.2.1 and add another upcoming breaking change Resolves #837
nflsilva
added a commit
to OutSystems/Cordova-sqlcipher-adapter
that referenced
this issue
Dec 21, 2022
* INLINE string test with U+0000 (issue reproduced) and cover issue in documentation * U+0000 string param manipulation test with doc fix * fix openDatabase() calls in string tests (general) * check default page/cache size ref: storesafe/cordova-sqlite-storage#781 * test openDatabase() with 2-byte cent character (¢) * test openDatabase() with U+0801 (3-byte Samaritan) * doc fixes related to database file names * test fix for emoji in database file name * other openDatabase() file name test fixes * spec with Jasmine 2.5.2 NOTE: Jasmine 2.6.0 and newer reports uncaught errors on some tests on HTML5 (WebKit) Web SQL tests (FUTURE TBD for further investigation) * fix label on db-sql-operations-test.js * Add browser platform usage notes * https link to litehelpers.net * cordova-sqlite-storage 2.3.2 - quick updates - Mark some Android errors as internal plugin errors (quick fix) - remove trailing whitespace from Android implementation - quick doc updates - test coverage updates included * Test comment for 4-byte UTF-8 characters per string test case, removed from another place ref: storesafe/cordova-sqlite-storage#564 * test sqlBatch with changing element values * remove ignored params from plugin-specific tests * test sqlBatch([]) (empty array) - reports success * Fix label & db name in INSERT boolean value test * Mark extra US-ASCII string tests * Remove redundant backslash string tests * "incomplete input" error mapping test fixes * Multiple db.executeSql string result test fixes * Multi-db PRAGMA/transaction combo test fixes old QUnit-like utility functions removed from this test script * other db.executeSql test fixes * '012012012' string INSERT value bindings test ref: storesafe/cordova-sqlite-storage#791 * '012012.012' string INSERT value bindings test Additional test ref: storesafe/cordova-sqlite-storage#791 * US-ASCII string concatenation test with parameters * Mark INLINE BLOB value storage tests section * Move more db.executeSql SELECT result description * Fix U+0000 parameter UPPER test for Android 8 * Skip a couple U+0000 tests on Web SQL on Android 6 (for now) * extra-long timeout for db combo test * test and document usage with numbered parameters resolves storesafe/cordova-sqlite-storage#787 * doc update examples & tutorials (with pitfall) Closes storesafe/cordova-sqlite-storage#609 * Move & update existing browser platform notes ref: - storesafe/cordova-sqlite-storage#297 - storesafe/cordova-sqlite-storage#576 - storesafe/cordova-sqlite-storage-help#8 * More June 2018 doc updates * cordova-sqlite-storage 2.3.3 - quick fix Quick fix for some iOS/macOS internal plugin error log messagess (some test & doc updates are included in this release) * possible "incomplete input" error on Android 7 * Remove some scripts from circle.yml & .travis.yml Remove some test scripts from Travis CI & Circle CI * spec remove test of obsolete WP8 platform * spec with explicit check for Apple iOS userAgent THANKS for info: https://www.sitepoint.com/identify-apple-iphone-ipod-ipad-visitors/ * spec rename hasWebKitBrowser to hasWebKitWebSQL * spec rename isWKWebView to hasMobileWKWebView * MSAppHost userAgent pattern to check for Windows * U+0000 test fixes & updates * INSERT inline X'FFD1FFD2' test updates & fixes * SELECT X'FFD1FFD2' test fix * tx-semantics-test.js test fixes * Check insertId after UPDATE & update doc other advanced rowsAffected test updates to check insertId closes storesafe/cordova-sqlite-storage#802 * (WebKit) Web SQL testing on browser platform * cordova-sqlite-storage 2.4.0 - quick fix release Report internal plugin error in case of attempt to open database with no database name on iOS or macOS Upcoming major release July 2018 -> September 2018 Test & documentation updates included in this release: - Cover use of standard (WebKit) Web SQL API in spec test suite - Test and document insertId in UPDATE result set on plugin vs (WebKit) Web SQL - other test updates * Followup test fix for iOS Web SQL Followup fix for the following commit: 62767f6 - spec rename isWKWebView to hasMobileWKWebView * Fix FTS3 test for Chrome vs Safari browser * Doc fix for Android/iOS vs browser WebKit feature FTS3/FTS4/R-Tree * general doc updates * ALTER tests do not ignore close error on Windows * some open/close/delete database test fixes * minor test fixes * Windows error test & doc fixes (existing behavior) ref: - storesafe/cordova-sqlite-storage#539 - storesafe/cordova-sqlite-storage#821 * Check actual sqlite version in separate case * Planned December 2018 release update notes ref: storesafe/cordova-sqlite-storage#773 * Introduce androidDatabaseProvider: 'system' option to replace androidDatabaseImplementation setting (cordova-sqlite-storage 2.5.0) * Comment out plugin on browser test conditions which are currently not needed (introduced in eade090) * INLINE INSERT X'FFD1FFD2' BLOB test fixes * PRAGMA & multiple db combo test fixes * SELECT X'40414243' (INLINE BLOB) test fixes and SELECT LOWER(X'40414243') test fixes * db-simultaneous-tx-access-test.js fixes * db-tx-multiple-update-test.js fixes * SELECT LOWER(X'41F09F9883') test fixes ref: storesafe/cordova-sqlite-storage#564 * SELECT LOWER(X'41EDA0BDEDB88321') test returns emoji on Android plugin on default NDK provider (all Android versions tested) and androidDatabaseProvider: 'system' on Android 4.x ref: storesafe/cordova-sqlite-storage#564 * tests with 25 emojis ref: storesafe/cordova-sqlite-evcore-extbuild-free#43 * SELECT LOWER(X'41F0908CB1') string test and SELECT LOWER(X'41EDA080EDBCB1') string test ref: storesafe/cordova-sqlite-storage#564 * doc update for issue #564 Note that the same non-standard encoding of 4-byte UTF-8 characters on Android pre-6.0 is also observed on the evcore plugin version. * browser platform now planned for November 2018 * fix internal plugin cleanup error log on Android (cordova-sqlite-storage 2.5.1) * INSERT 25 emojis test fixes ref: storesafe/cordova-sqlite-evcore-extbuild-free#43 * cordova-sqlite-evcore-legacy-ext-common-free link fixed * Windows platform notes fixes * Fix link to Android database provider section * minor doc fix * INLINE BLOB test description fixes * Ignore Android end transaction error when closing for androidDatabaseProvider: 'system' setting, to avoid possible crash during app shutdown (cordova-sqlite-storage 2.5.2) Resolves storesafe/cordova-sqlite-storage#833 * cordova-sqlite-storage 2.6.0 with SQLite 3.26.0 with security update and support for window functions using cordova-sqlite-storage-dependencies@1.2.1 and add another upcoming breaking change Resolves storesafe/cordova-sqlite-storage#837 * Project maintenance status ref: storesafe#81 * Start 0.1.12-rc3_dev * Fix SQLITE_ENABLE_MEMORY_MANAGEMENT setting in doc * SQLITE_DEFAULT_SYNCHRONOUS=3 for iOS/macOS (extra durable) * FTS3/FTS5 update from SQLite 3.26.0 for iOS/macOS (security update) * FTS3/FTS5 update from SQLite 3.26.0 for Android in custom build which now includes SQLITE_DEFAULT_SYNCHRONOUS=3 build setting for extra durability * Fix SQLITE_DEFAULT_PAGE_SIZE / CACHE_SIZE in doc * cordova-sqlcipher-adapter 0.1.12-rc3 * fix a couple build flags in README.md * Start 0.2.0-dev * package.json fix URLs * Update CHANGES.md for using JARs again * Remove default page/cache size settings for unencrypted databases on iOS/macOS & unsupported Windows platforms (already gone for Android) * Skip faster repeated open/close test on Android * Update outer label on spec/www/spec/cipher.js * cordova-sqlcipher-adapter@0.2.0 * Remove incorrect page size statement from doc * cordova-sqlcipher-adapter doc fixes * Update for Cordova 8.1.x * Remove redundant FUTURE TBD NDEBUG build item * SQLITE_OMIT_DEPRECATED build flag on iOS/macOS (cordova-sqlcipher-adapter 0.2.1) * doc issue ref for SQLITE_OMIT_DEPRECATED * SQLCipher 4.0.1 update (cordova-sqlcipher-adapter 0.3.0-pre1) * Update description for SQLCipher 3 vs 4, etc. * cordova-sqlcipher-adapter 0.3.0 * start cordova-sqlite-storage-ext-core-common plugin version branch Note that this plugin version branch is made for easy merge of changes into the cordova-sqlcipher-adapter plugin version * Update about text for this plugin version branch * Quick test & doc updates for Android 8(+) & iOS 12 * Use SQLite 3.22.0 in this plugin version branch with SQLITE_DEFAULT_SYNCHRONOUS=3 (EXTRA DURABLE) compile-time setting from cordova-sqlite-storage-dependencies@1.2.1 * cordova-sqlite-storage-ext-core-common 1.0.0 * cordova-sqlite-storage-ext-core-common 1.0.1-dev * Completely remove iOS/macOS MRC support (should be considered a POSSIBLY BREAKING change) ref: storesafe/cordova-sqlite-storage#769 * remove backgroundExecuteSql method not needed (iOS/macOS) ref: storesafe/cordova-sqlite-storage#769 * no extra @synchronized block per batch (iOS/macOS) should be considered a POSSIBLY BREAKING change ref: storesafe/cordova-sqlite-storage#769 * drop workaround for pre-Honeycomb Android API (BREAKING CHANGE) * Completely remove old Android SuppressLint (android.annotation.SuppressLint) - POSSIBLY BREAKING CHANGE * non-static Android database runner map (POTENTIALLY BREAKING CHANGE) ref: storesafe/cordova-sqlite-storage#763 * remove internal qid usage from JavaScript (not needed) * SQLITE_DBCONFIG_DEFENSIVE flag - iOS/macOS/Windows (POTENTIALLY BREAKING CHANGE) * cordova-sqlite-storage-ext-core-common 2.0.0 * start cordova-sqlcipher-adapter@0.3.1-dev * SQLITE_DEFAULT_SYNCHRONOUS=3 on Windows (EXTRA DURABLE compile-time setting on the disabled Windows platform) * quick doc fixes * Cleanup SQLite version test in this plugin version * Quick fixes for INSERT syntax error test in this plugin version * Cleanup SQLiteAndroidDatabase.java in this plugin version remove workaround solutions for pre-Honeycomb & dbFile not needed in this plugin version * Update supported Android/iOS versions in this plugin version NOTE that there should be no issues with pre-Honeycomb since this plugin version uses a special version of the AOSP SQLite database implementation. * SQLITE_DBCONFIG_DEFENSIVE flag for Android (custom build) in addition to iOS/macOS/Windows (POTENTIALLY BREAKING CHANGE) * minor description update * cordova-sqlcipher-adapter@0.4.0 * fix cordova-sqlite-storage-ext-core-common changes * cordova-sqlite-ext-core-common 0.1.0-dev Note that a 0.x.x version identifier is used in this plugin version branch since it is not ready for production, due to missing SQLITE_DBCONFIG_DEFENSIVE option setting on Android. * beforePluginInstall.js updates - use standard Promise - get the plugin package name from package.json - use const instead of var - remove hasbang line that is not needed NOTE that this update should be considered a POSSIBLY BREAKING CHANGE since const may not work on some really old Node.js versions. * remove node_modules/.keep (not needed) * .gitignore add package-lock.json * shelljs@0.8 update in devDependencies Note that this means that minimum of Node.js version 6 is required for prepareSpec.js to work. (This should not impose such a minimum Node.js version on Cordova projects *using* this pluign.) * Cleanup remove trailing whitespace in bin/test.ps1 * SQLitePlugin.coffee.md openDatabase step 1 comment * cordova-sqlite-ext-core-common 0.1.0 * cordova-sqlite-ext-common-core 0.1.0-dev * Improved test updates for iOS 12 & recent SQLite * Update README.md for major release coming in 2019 Note that use of SQLITE_DBCONFIG_DEFENSIVE setting is implemented for iOS/macOS/Windows at this point in this plugin version branch. * Update REGEXP test conditions including an updated note that some REGEXP test conditions should be removed for plugin versions such as cordova-sqlite-ext * cordova-sqlite-ext-common-core 0.1.0 * cordova-sqlite-ext-common-core 0.1.1-dev * SQLite3-Win-RT->SQLite3-WinRT-sync in src/windows move the embedded SQLite3-WinRT component to src/windows/SQLite3-WinRT-sync and update plugin.xml * SQLite3-WinRT component info in README.md * Another update regarding new major release * cordova-sqlite-extcore 0.1.0 * cordova-sqlite-ext-common-core 0.2.0-dev * Completely remove old Windows vcxproj files that were used for Windows 8.1 & Windows Phone 8.1 builds * Move SQLite3.UWP.vcxproj out of extra SQLite3.UWP subdirectory * cordova-sqlite-ext-common-core 0.2.0 * cordova-sqlite-storage 3.0.0-dev * Use cordova-sqlite-storage-dependencies 2.0.0 with SQLITE_DBCONFIG_DEFENSIVE setting used by sqlite-native-driver.jar on Android * cordova-sqlite-storage 3.0.0 * cordova-sqlite-storage 3.0.1-dev * no SQLITE_DEFAULT_CACHE_SIZE on iOS/macOS/Windows * update email & website links * Update README.md for projects moved so far * free consulting special * cordova-sqlite-storage 3.1.0 * package.json update cordova-sqlite-storage links * cordova-sqlite-storage 3.1.1-dev * fs-extra & cross-spawn in scripts/prepareSpec.js instead of shelljs * Fix prepare-spec "script" name in package.json * clean-spec shell "script" in package.json * .gitignore ignore yarn.lock * Mark old bin scripts as UNSUPPORTED with a note that package scripts should be used instead * prepare-js "script" (using coffeescript@1 for now) * sqlite3_threadsafe() error handling on iOS/macOS * cordova-sqlite-storage 3.2.0 * cordova-sqlite-storage 3.2.1-dev * fix internal clean-spec script * fs-extra@8 update in devDependencies * cordova-sqlite-storage-dependencies@2.0.1 update with SQLite 3.28.0 update for all supported platforms Android/iOS/macOS/Windows * cordova-sqlite-storage 3.2.1 * cordova-sqlite-storage 3.2.2-dev * cordova-sqlite-storage-commoncore 1.0.0-pre1 starting version branch for additional EU character testing NOTE that this version branch is currently known to require slightly older Cordova CLI version such as cordova@8, cordova@7, or cordova@6 in order to install properly. This is due to use of an obsolete Cordova module. This is not an issue with recent versions of cordova-sqlite-storage itself or any of the other up-to-date version branches. * Update string test comments for ICU-UNICODE for: - Web SQL on Chrome desktop browser - plugin with androidDatabaseImplementation: 2 on Android 4.4 & newer * additional EU string manipulation test cases * cordova-sqlite-storage-commoncore 1.0.0 with some additional EU character testing NOTE that this version branch is currently known to require slightly older Cordova CLI version such as cordova@8, cordova@7, or cordova@6 in order to install properly. This is due to use of an obsolete Cordova module. This is not an issue with recent versions of cordova-sqlite-storage itself or any of the other up-to-date version branches. * quick updates & fixes to error mapping tests - test syntax error with comma after the field name - quick fix of error test on (WebKit) Web SQL on Safari desktop browser - pretter detection of iOS platform - IGNORE difference in an error message on iOS as well as Android 7.0(+) - other minor updates & fixes * SQLCipher 4.2.0 update (cordova-sqlcipher-adapter 0.4.1) * Fix CHANGES.md for 3.2.1 vs 3.2.2-dev * remove some promotions, for now at least * quick test updates for Android 9 (Pie) * New page/cache default sizes with cordova-sqlite-storage-dependencies@2.1.0 update (cordova-sqlite-storage plugin version) * cordova-sqlite-storage 3.3.0 * start cordova-sqlite-storage 3.3.1-dev * quick workaround for `SYNTAX_ERR` redefinition * cordova-sqlite-storage 3.4.0 * cordova-sqlite-storage 3.4.1-dev * fix CHANGES.md for 3.4.0 vs 3.4.1-dev cordova-sqlite-storage 3.4.0 vs 3.4.1-dev * add string test with double-quotes in result key * cordova-sqlite-storage-dependencies@2.1.1 update with SQLite 3.30.1 * cordova-sqlite-storage 3.4.1 * start cordova-sqlite-storage 3.4.2-dev * double-quotes in result key test fixes ref: storesafe/cordova-sqlite-evcore-extbuild-free#51 * rename PSPDFThreadSafeMutableDictionary to CustomPSPDFThreadSafeMutableDictionary and completely remove PSPDFThreadSafeMutableDictionary.h (cordova-sqlite-storage 4.0.0-pre1) * cordova-sqlite-storage 4.0.0 * start cordova-sqlite-storage 4.0.1-dev * [TBD] add PENDING rename table with view test PENDING due to KNOWN CRASH on SQLite 3.30.1 (Decmeber 2019) ref: - http://sqlite.1065341.n5.nabble.com/Crash-Bug-Report-tc109903.html - storesafe/cordova-sqlite-storage#904 * doc updates & fixes * start cordova-sqlite-storage 5.0.0-dev (MAJOR update) * avoid incorrect default directory on iOS/macOS - to be extra safe (see <storesafe/cordova-sqlite-storage#907>) - ensure that default "nosync" directory *always* has resource value set for `NSURLIsExcludedFromBackupKey` - add more checks for missing database directory * cordova-sqlite-storage@5 doc updates - add comparison of supported plugin versions near the beginning - updated list of breaking changes coming soon - hide browser usage notes for now (at least) - other minor updates * cordova-sqlite-storage 5.0.0 * start cordova-sqlite-storage 5.0.1-dev * cordova-sqlite-storage@5.0.0 back CHANGES.md (restore the cordova-sqlite-storage 5.0.0 heading in CHANGES.md) * update breaking changes coming soon in doc * fix cordova-sqlite-storage 3.4.1 update in CHANGES.md * test & doc INCONSISTENT error message formatting on Android (with android-database-sqlcipher) ref: storesafe#95 * status fixes in cordova-sqlcipher-adapter doc - add missing `SQLITE_ENABLE_DBSTAT_VTAB` item for Android only - fix for default `PRAGMA journal_mode` setting * SQLCipher version test & doc updates - update SQLCipher version test to be specific Android vs iOS/mac/... - remove a specific SQLCipher version number from Announcements in README.md * start cordova-sqlcipher-adapter 0.5.0-dev * SQLCipher 4.3.0 update for iOS/macOS * SQLCipher 4.3.0 update for Android now using `androidx.sqlite:sqlite:2.1.0` framework reference in plugin.xml - `SQLITE_OMIT_PROGRESS_CALLBACK` is no longer used on Android - Extra-old `armeabi` CPU for Android pre-5.0 is no longer supported by this plugin version. * general cordova-sqlcipher-adapter doc updates (before upcoming merge) * cordova-sqlcipher-adapter 0.5.0 * use cordova-sqlite-storage-dependencies@2.1.2 with SQLite 3.32.3 update * enable RENAME table with view test From December 2019 SQLite crash report, fixed in 2020 * cordova-sqlite-storage 5.0.1 * remove incorrect Android framework info * start cordova-sqlcipher-adapter 0.5.1-dev * SQLCipher 4.4.0 (community) update for iOS & macOS ("osx") * SQLCipher 4.4.0 (community) update for Android (in custom build, as documented) * add PRAGMA cipher_version test * cordova-sqlcipher-adapter 0.5.1 * document AndroidX requirement * start cordova-sqlcipher-adapter 0.5.2-dev * SQLCipher 4.4.2 (community) update for Android (in custom build, as documented) * SQLCipher 4.4.2 (community) update for iOS & macOS * cordova-sqlcipher-adapter 0.5.2 * fix: added migration form sqlcipher3 to 4 on iOS. * refactor: code refactor for iOS * chore: added comment in sqlcipher process on iOS * added parameter name for code readability * chore: added missing comment * RMET-2046 SQLite 3.33.0 update - Android (#12) * feat: updated jars * updated jars * feat: updated gitignore. added db migration * feat: added database migration * fix: added migration code. * chore: updated changelog Co-authored-by: Christopher J. Brody <brodybits@litehelpers.net> Co-authored-by: Christopher J. Brody <chris.brody@gmail.com> Co-authored-by: Christopher J. Brody <chris@brody.consulting> Co-authored-by: Christopher J. Brody <chris.brody+brodybits@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SQLite 3.26.0 update is needed due to a known vulnerability, will provide window functions as well (#828).
Alternative solutions from https://discuss.zetetic.net/t/magellan-vulnerbility/3290:
I would favor a clean SQLite 3.26.0 update, which should be coming in the next few days.
ref:
The text was updated successfully, but these errors were encountered: