Summary: | SQLITE : convience copy in digiKam core [patch] | ||
---|---|---|---|
Product: | [Applications] digikam | Reporter: | Mark Purcell <msp> |
Component: | Database-Sqlite | Assignee: | Digikam Developers <digikam-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | caulier.gilles, kde-bugs, pino, vivo75+kde |
Priority: | NOR | ||
Version: | 1.2.0 | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/digikam/0addce7f2ebdccd76b3291a45e0019ed45069e7e | Version Fixed In: | 3.1.0 |
Sentry Crash Report: |
Description
Mark Purcell
2010-05-09 23:54:13 UTC
Note, it's SQlite2 code which is hosted in digiKam core, not SQlite3. This last one is used to run digiKam. SQlite2 is used only to backport old DB files generated with older digiKam version. Gilles Caulier Gilles, This issue remains with digikam 2.0.0. Mark E: digikam: embedded-library usr/lib/libdigikamdatabase.so.2.0.0: sqlite N: N: The given ELF object appears to have been statically linked to a N: library. Doing this is strongly discouraged due to the extra work needed N: by the security team to fix all the extra embedded copies or trigger the N: package rebuilds, as appropriate. N: N: If the package uses a modified version of the given library it is highly N: recommended to coordinate with the library's maintainer to include the N: changes on the system version of the library. N: N: Refer to Debian Policy Manual section 4.13 (Convenience copies of code) N: for details. N: N: Severity: serious, Certainty: possible N: N: Check: binaries, Type: binary, udeb N: Mark, Francesco Riosa work on a separated branch from git where we have already discuted to drop sqlite 2.0 source code from digiKam core. Gilles Caulier yep, I've not pushed this furter because after removing the sources the difference in lines of code and compile time was very small. commit 3179bdd7a0e84d66cde45f302793b4a01de05d15 Author: Francesco Riosa <francesco+kde@pnpitalia.it> Date: Wed Jun 29 18:49:06 2011 +0200 Remove support for sqlite2 DigiKam < 0.9 branch sql/2.0 P.S. this is in no way a security threath, to trigger the execution of the sqlite 2.0 code you should be able to modify files with user privileges. Having that privileges much more damage is possible than exploiting digikam Francesco, This removing sqlite 2.0 source code from digiKam core is a subject to discut at genoa coding sprint... Gilles Caulier Francesco, Do you manage this entry ? sqlite2 must be dropped from digiKam core... Gilles Caulier (In reply to comment #6) > Do you manage this entry ? sqlite2 must be dropped from digiKam core... See https://git.reviewboard.kde.org/r/109110/ I just opened. Git commit 0addce7f2ebdccd76b3291a45e0019ed45069e7e by Pino Toscano. Committed on 23/02/2013 at 14:20. Pushed by pino into branch 'master'. Find and external SQLite v2 for digiKam DB 0.7 conversion Instead of rely on an internal copy of SQLite v2, search for an external version of it; if not found, disable the import/conversion of old databases from v0.7, failing directly with an error message. REVIEW: 109110 M +17 -38 CMakeLists.txt A +62 -0 cmake/modules/FindSqlite2.cmake M +8 -8 digikam/CMakeLists.txt M +3 -0 digikam/utils/config-digikam.h.cmake M +6 -1 libs/database/schemaupdater.cpp http://commits.kde.org/digikam/0addce7f2ebdccd76b3291a45e0019ed45069e7e |