[Bug 160966] New: some searches don't work properly with the new sqlite3-3.5.8

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From jkt gentoo org  2008-06-18 23:48 -------
Nope, I'm not familiar with autotools, sorry.

Speaking about a runtime check, upstream's ticket mentions adding a workaround "OR 0", so this might be a better action than just refusing to start at all.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From kevin.kofler chello at  2008-06-19 01:43 -------
> From a distributors perspective this is just wrong. We don't want to pester
> our users with multiple sqlite engines and we want to issue a single security
> announcement for sqlite in case of a vulnerability and not for multiple
> packages. By including libraries instead using shared ones, you increase the
> memory usage on systems holding mutliple copies of the engine in memory and
> increase distributors workload. Thanks, no.
>
> Simply adding a notice to your release notes, which sqlite engine is fine to
> use would be just fine.

+1 to that from a Fedora KDE packager. Including a copy of a library into an application is always wrong (well, let's say in at least 99% of the cases).
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From caulier.gilles gmail com  2008-06-19 06:25 -------
>Including a copy of a library into an application is always wrong

I recieve a lots of bug report about an unsuitable digiKam because a shrared lib is bugous is the _hell_.

I prefet to have a program to run as weel. It's really a big puzzle to solve this problem, and really i'm tired about this subject.

Since few year digiKam already include libsqlite2 library code as well in core, and nobody crying about it. Amarok include libsqlite3 in core application too, Qt code include libpng and libsqlite3... I can continue the list if you want...

Note : for KDE4 port of digiKam, we use Qt4:sqlite plugin to play with database

Gilles Caulier
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From davidf sjsoft com  2008-06-19 16:26 -------
Can't you just make the autotools require sqlite >= 3.5.9? Then if anyone really wants to compile it with 3.5.7 they can go and patch the source...

I'm sorry if this has already been suggested; I couldn't find the mailing list discussion mentioned...
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From current myrealbox com  2008-06-19 20:43 -------
> Since few year digiKam already include libsqlite2 library code as well in core, and nobody crying about it. Amarok include libsqlite3 in core application too, Qt code include libpng and libsqlite3... I can continue the list if you want...

Which is in each case annoying and at Gentoo we have quite often bug reports to sort out this library inlusion mess and send patches upstream. In case of Qt you're wrong. It allows to use system libraries. Let me state it again: Fromthe security point of view, senseless included libraries are a hazard. Its a lot more work, a lot more packages are to update and there's always the chance you miss a package leaving users with a vulnerable application. There're very very few reasons to link statically, e.g. on embedded systems or stuff you need at boot time, but there's nothing that justifies it for desktop applications.

I think comment #58 is the best option both for you, not getting duplicates of this bug report as well as us downstream.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From andi.clemens gmx net  2008-06-19 21:25 -------
Hi,

as mentioned before we tried to restrict the usage of sqlite3 to versions >= 3.5.9, but the current sqlite3 package seems to have problems with its own version number.

sqlite3.pc from current sqlite3-3.5.9:
======================================
# Package Information for pkg-config

prefix=/usr
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include

Name: SQLite
Description: SQL database engine
Version: 3.5
Libs: -L${libdir} -lsqlite3
Libs.private: -lpthread
Cflags: -I${includedir}
======================================

So autotools were not able to find the currently installed sqlite3-3.5.9 installation. All those problems with sqlite within the last two months made us decide to include a working copy into digiKam.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From current myrealbox com  2008-06-20 00:02 -------
> So autotools were not able to find the currently installed sqlite3-3.5.9 installation.

Then just don't check and add a notice to the release. Quick and easy, who doesn't read the announcement is at fault. Including the library is the wrong solution.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From current myrealbox com  2008-06-20 00:09 -------
Another option would be to ask the SQLite guys to do a 3.5.9.1 release with a fixed .pc file. Remains the question how many application build scripts would choke on that, because of checking for equalness to 3.5.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From msp debian org  2008-06-21 01:30 -------
If I can join in.

In Debian/GNU Linux we have made it policy that packages shouldn't include convenience copies of other libraries, due to the issues with tracking security fixes in all packages that have copies of other libraries.
http://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles

However, I can also sympathise with the need.

Could I suggest that digikam autotools checks for an installed lib >= 3.5.9 and if it doesn't find it then digikam uses its own internal copy, if it does find >= 3.5.9 then it uses the system library.

The distributions can fixup the .pc file in sqlite easily enough, if their upstream doesn't.

This way end users compiling get an assured working version of digikam and the distributions get an version of digikam using shared libraries and things are the way they should be.

Ditto the convenience copy of cImg library:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484777

Mark
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From msp debian org  2008-06-21 01:33 -------
Further it appears Debian sqlite3 package allready does patch .pc to the correct version:

Mark

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424235

# Package Information for pkg-config

prefix=/usr
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include

Name: SQLite
Description: SQL database engine
Version: 3.5.9
Libs: -L${libdir} -lsqlite3
Libs.private: -lpthread
Cflags: -I${includedir}
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         
caulier.gilles gmail com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From caulier.gilles gmail com  2008-07-03 22:26 -------
SVN commit 827804 by cgilles:

digiKam from KDE3 branch : add rule to compile and link with an external libsqlite3 shared lib instead embeded version include in digiKam
Note : embeded version is always compiled by default if nothing is set with .configure script. Packagers, please take a care.
BUGS: 160966


 M  +1 -0      README  
 M  +16 -0     configure.in.bot  
 M  +36 -0     configure.in.in  
 M  +11 -3     digikam/Makefile.am  
 M  +16 -7     kioslave/Makefile.am  
 M  +6 -2      libs/Makefile.am  


WebSVN link: http://websvn.kde.org/?view=rev&revision=827804
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160966         




------- Additional Comments From msp debian org  2008-07-04 12:11 -------
Thanks Gilles,  That should work for us.

Mark
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel