Bug 307146

Summary: Build against shared LibRaw
Product: [Applications] digikam Reporter: nucleo <nucleo>
Component: Plugin-DImg-RAWAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: caulier.gilles, lexa, pino, rdieter, stupor_scurvy343
Priority: NOR    
Version: 3.0.0   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In: 4.0.0
Sentry Crash Report:

Description nucleo 2012-09-21 10:28:07 UTC
Hi,

We have now in Fedora system LibRaw built as shared library
http://koji.fedoraproject.org/koji/rpminfo?rpmID=3134262
http://koji.fedoraproject.org/koji/rpminfo?rpmID=3134260

Please, add option in libkdcraw for building it against
system shared LibRaw.

Reproducible: Always
Comment 1 Pino Toscano 2013-06-06 09:57:37 UTC
LibRaw just got two security CVEs (CVE-2013-2126 and CVE-2013-2127), see also http://www.openwall.com/lists/oss-security/2013/05/29/7

Gilles, can you please switch libdcraw to use an external libraw shared library and get rid of the embedded libraw copy?
That will ease a lot the maintaineance of libkdcraw by distributions, and also self-compiling users (which won't need to patch libkdcraw on their own).
Comment 2 caulier.gilles 2013-06-06 10:05:09 UTC
Pino,

About security issue, i CC Alex Tutubalin who is lead libraw developer.

About shared libraw support, there is already another report about :

https://bugs.kde.org/show_bug.cgi?id=307146

Gilles Caulier
Comment 3 Pino Toscano 2013-06-06 10:09:54 UTC
(In reply to comment #2)
> About security issue, i CC Alex Tutubalin who is lead libraw developer.

If you would have read the page I linked earlier, the issue was fixed already in their Git repository by Alex already.

> About shared libraw support, there is already another report about :
> 
> https://bugs.kde.org/show_bug.cgi?id=307146

This bug *is* #307146.
Comment 4 caulier.gilles 2013-06-06 10:16:57 UTC
Sorry. my mistake.  Look my comment here :

https://bugs.kde.org/show_bug.cgi?id=320794#c1

Gilles Caulier
Comment 5 Pino Toscano 2013-06-06 10:36:16 UTC
(In reply to comment #4)
> Look my comment here :
> 
> https://bugs.kde.org/show_bug.cgi?id=320794#c1

Basically, the explanation is the following:

> We don't want to add external libraw dependency, until libraw 1.0.0 is out, due tobroken binary compatibility with API between release. Thiw will crash digiKam if you update system based libraw without to recompile libkdcraw.

This is a very weak explanation for the following reasons:
- so far libraw seems to be handling SONAME bumps when the ABI is broken (and if it does not, it is a libraw issue)
- if you use distro packages, distro packagers will take care of recompiling libkdcraw with the new libraw when its SONAME changes (otherwise no change is needed and new libraw versions will be used fine)
- if you compile stuff on your own, you have to manage yourself the software you recompile (and in any case, a library with bumped SONAME won't overwrite the old one)
Comment 6 Pino Toscano 2013-06-11 17:51:41 UTC
Opened a RR: https://git.reviewboard.kde.org/r/110962/
Comment 7 Pino Toscano 2013-07-08 13:35:02 UTC
Git commit ee76a4eef0c601215c7c7c4440fd56b2b8740a63 by Pino Toscano.
Committed on 08/07/2013 at 13:33.
Pushed by pino into branch 'external-libraw'.

Switch to an external LibRaw

Instead of using an embedded copy of LibRaw, look for an external LibRaw
as mandatory dependency with a new CMake module and using its variables.

Considering some LibRaw versions seem to be underlinked and not linking
to OpenMP, link it manually in libkdcraw to overcome such lack.

Switch back to the MAKE_KDCRAW_LIB define (i.e. the default set by
KDE4_ADD_LIBRARY) as the one used to check whether it is being built,
as otherwise LIBRAW_BUILDLIB would conflict with LibRaw.

See review #110962

M  +2    -4    CMakeLists.txt
A  +63   -0    cmake/modules/FindLibRaw.cmake
M  +24   -4    libkdcraw/CMakeLists.txt
M  +1    -1    libkdcraw/libkdcraw_export.h

http://commits.kde.org/libkdcraw/ee76a4eef0c601215c7c7c4440fd56b2b8740a63
Comment 8 nucleo 2013-07-13 15:41:32 UTC
I applied this patch to libkdcraw-4.10.90. It built against system LibRaw-0.15.2.
After that system LibRaw was updated to 0.15.3 but digiKam-3.3.0-beta3 still shows in components LibRaw version 0.15.2.
Comment 9 caulier.gilles 2013-07-13 17:31:57 UTC
In patch, libkdcraw code is not patched to take a care about shared libraw. I think mixed code (embeded and shared) are used.

There are a lots of work to do about this entry. It's not simply to patch cmake rules. It's more complicated to do. i plan to take a look soon...

Gilles Caulier
Comment 10 nucleo 2013-07-13 18:28:12 UTC
libkdcraw compiled after 'rm -rf libraw'.
Comment 11 caulier.gilles 2013-07-13 19:05:18 UTC
And do you have recompiled digiKam with this new version ?

Gilles Caulier
Comment 12 nucleo 2013-07-13 19:10:29 UTC
(In reply to comment #11)
> And do you have recompiled digiKam with this new version ?

No but I recompiled now libkdcraw with LibRaw 0.15.3 and now digiKam shows this version
So looks like version shown in digiKam is LibRaw version used at libkdcraw compile time but not actually installed version.
Comment 13 caulier.gilles 2013-09-11 13:55:25 UTC
Git commit ce1fed4fc2bda012a93b207a76ce0d050e048cdb by Gilles Caulier.
Committed on 11/09/2013 at 13:48.
Pushed by cgilles into branch 'external-libraw'.

Remove all Libraw implementation embeded in libkdcraw.
Adjust all settings in config widget accordingly with extra packs used by libraw, especially Raw quality setting.
Add new methods to get whole options used to compile Libraw.
Bump API/ABI id.
This version of libkdcraw break BC. It must be published with next KDE 4.12.0 and next digiKam 4.0.0.
Libraw compatible with this implementation is 0.16.0 which have been ported.
FIXED-IN: 4.0.0
REVIEW: 110962

M  +21   -19   CMakeLists.txt
M  +3    -18   README
M  +2    -7    libkdcraw/CMakeLists.txt
M  +61   -34   libkdcraw/dcrawsettingswidget.cpp
M  +18   -0    libkdcraw/kdcraw.cpp
M  +8    -0    libkdcraw/kdcraw.h
M  +1    -1    libkdcraw/libkdcraw_export.h
M  +12   -3    libkdcraw/rawdecodingsettings.h
M  +0    -1    test/CMakeLists.txt
M  +2    -0    test/libinfo.cpp

http://commits.kde.org/libkdcraw/ce1fed4fc2bda012a93b207a76ce0d050e048cdb
Comment 14 caulier.gilles 2013-10-18 09:06:11 UTC
bcode using an external instance of libraw is now merged to master, in order to be release with KDE 4.12...

http://commits.kde.org/libkdcraw/88020682619f0fd96e7624ffef00269d5c1b9e88

Gilles Caulier
Comment 15 caulier.gilles 2013-10-21 07:07:34 UTC
Git commit 6c91e18cedfe5ef37d202f6d0cf4fde1a607a9a9 by Gilles Caulier.
Committed on 21/10/2013 at 07:01.
Pushed by cgilles into branch 'master'.

Add support of libraw release < 0.16.0
Minimum version supported are 0.14.x, but with minimum support of extra options from Libraw, as RawSpeed codec support, LCMS support, GPL2 and GPL3 packs supports, etc...
All these options are registered and shared into a new libraw_config.h with 0.16.0, which do not exist in previous release.

M  +11   -2    CMakeLists.txt
A  +79   -0    cmake/modules/FindLibRaw.cmake
M  +3    -0    libkdcraw/kdcraw.cpp

http://commits.kde.org/libkdcraw/6c91e18cedfe5ef37d202f6d0cf4fde1a607a9a9