[Bug 237037] New: digikam sqlite convience copy

https://bugs.kde.org/show_bug.cgi?id=237037

           Summary: digikam sqlite convience copy
           Product: digikam
           Version: 1.2.0
          Platform: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: [hidden email]
        ReportedBy: [hidden email]


Version:           1.2.0 (using 4.4.3 (KDE 4.4.3), Debian packages)
Compiler:          cc
OS:                Linux (x86_64) release 2.6.32-5-amd64

With Cmake, digikam no longer checks for a system version of sqlite (original
report http://bugs.kde.org/show_bug.cgi?id=160966#c65)

It would be good for digikam during build to check and see if there is a system
installed sqlite library of the correct version and build/ link against that,
rather than the internal copy of that lib.

By doing this system resources are saved by linking to shared libs and security
issues/ bugs in libs only need to be fixed in one location rather than all the
applications which may or may not embed copies.

Find attached half the patch to check for an installed sqlite, the patch fails
during linking with libdigikamdatabase.

Mark

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -187,6 +187,11 @@ MACRO_BOOL_TO_01(GLIB2_FOUND HAVE_GLIB2)
 MACRO_OPTIONAL_FIND_PACKAGE(Lqr-1)
 MACRO_BOOL_TO_01(LQR-1_FOUND USE_EXT_LIBLQR-1)

+MACRO_OPTIONAL_FIND_PACKAGE(Sqlite)
+MACRO_BOOL_TO_01(SQLITE_FOUND USE_EXT_SQLITE)
+PKG_CHECK_MODULES(Sqlite sqlite3>=3.5.9)
+
+
 MACRO_BOOL_TO_01(ENABLE_THUMBS_DB USE_THUMBS_DB)

 IF (${KDE_VERSION} VERSION_GREATER "4.2.70")
@@ -301,6 +306,12 @@ ELSE(GLIB2_FOUND)
     MESSAGE(STATUS "")
 ENDIF(GLIB2_FOUND)

+IF(SQLITE_FOUND)
+    MESSAGE(STATUS " libsqlite library found ................. YES
(optional)")
+ELSE(SQLITE_FOUND)
+    MESSAGE(STATUS " libsqlite library found ................. NO (optional -
internal version used instead)")
+    ENDIF(SQLITE_FOUND)
+
 IF(DOXYGEN_FOUND)
     MESSAGE(STATUS " Doxygen found............................ YES
(optional)")
 ELSE(DOXYGEN_FOUND)
@@ -961,40 +972,55 @@ IF(DIGIKAM_CAN_BE_COMPILED)
         ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/libpgf/WaveletTransform.cpp
        )

-    SET(libsqlite2_SRCS
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/attach.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/auth.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/btree.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/btree_rb.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/build.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/copy.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/date.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/delete.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/encode.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/expr.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/func.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/hash.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/insert.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/main.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/opcodes.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/os.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/pager.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/parse.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/pragma.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/printf.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/random.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/select.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/shell.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/table.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/tokenize.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/trigger.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/update.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/util.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vacuum.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vdbe.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vdbeaux.c
-        ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/where.c
-       )
+    #
=================================================================================================
+    # Sqlite library rules
+
+    IF(SQLITE_FOUND)
+
+            INCLUDE_DIRECTORIES(${SQLITE_INCLUDE_DIRS})
+            SET(sqlite_LIBS ${SQLITE_LIBRARIES})
+
+    ELSE(SQLITE_FOUND)
+
+            INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty)
+          
INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2)
+
+            SET(libsqlite2_SRCS
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/attach.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/auth.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/btree.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/btree_rb.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/build.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/copy.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/date.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/delete.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/encode.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/expr.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/func.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/hash.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/insert.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/main.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/opcodes.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/os.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/pager.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/parse.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/pragma.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/printf.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/random.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/select.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/shell.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/table.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/tokenize.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/trigger.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/update.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/util.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vacuum.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vdbe.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/vdbeaux.c
+                ${CMAKE_CURRENT_SOURCE_DIR}/libs/3rdparty/sqlite2/where.c
+            )
+
+    ENDIF(SQLITE_FOUND)

     SET(libhaar_SRCS
         ${CMAKE_CURRENT_SOURCE_DIR}/libs/database/haar/haar.cpp
--- a/digikam/CMakeLists.txt
+++ b/digikam/CMakeLists.txt
@@ -240,6 +240,7 @@ TARGET_LINK_LIBRARIES(digikamdatabase
                       ${QT_QTCORE_LIBRARY}
                       ${QT_QTGUI_LIBRARY}
                       ${QT_QTSQL_LIBRARY}
+                      ${sqlite_LIBS}
                      )

 SET_TARGET_PROPERTIES(digikamdatabase PROPERTIES VERSION 1.0.0 SOVERSION 1 )

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037


Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|general                     |Database




--- Comment #1 from Gilles Caulier <caulier gilles gmail com>  2010-05-10 12:42:01 ---
Note, it's SQlite2 code which is hosted in digiKam core, not SQlite3. This last
one is used to run digiKam.

SQlite2 is used only to backport old DB files generated with older digiKam
version.

Gilles Caulier

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037


Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
            Summary|digikam sqlite convience    |digikam sqlite convience
                   |copy                        |copy [patch]




--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037





--- Comment #2 from Mark Purcell <msp debian org>  2011-08-06 05:47:33 ---
Gilles,

This issue remains with digikam 2.0.0.

Mark


E: digikam: embedded-library usr/lib/libdigikamdatabase.so.2.0.0: sqlite
N:
N:    The given ELF object appears to have been statically linked to a
N:    library. Doing this is strongly discouraged due to the extra work needed
N:    by the security team to fix all the extra embedded copies or trigger the
N:    package rebuilds, as appropriate.
N:    
N:    If the package uses a modified version of the given library it is highly
N:    recommended to coordinate with the library's maintainer to include the
N:    changes on the system version of the library.
N:    
N:    Refer to Debian Policy Manual section 4.13 (Convenience copies of code)
N:    for details.
N:    
N:    Severity: serious, Certainty: possible
N:    
N:    Check: binaries, Type: binary, udeb
N:

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037


Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]




--- Comment #3 from Gilles Caulier <caulier gilles gmail com>  2011-08-06 08:38:31 ---
Mark,

Francesco Riosa work on a separated branch from git where we have already
discuted to drop sqlite 2.0 source code from digiKam core.

Gilles Caulier

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037





--- Comment #4 from Francesco Riosa <francesco+kde pnpitalia it>  2011-08-06 22:19:41 ---
yep, I've not pushed this furter because after removing the sources the
difference in lines of code and compile time was very small.

commit 3179bdd7a0e84d66cde45f302793b4a01de05d15
Author: Francesco Riosa <[hidden email]>
Date:   Wed Jun 29 18:49:06 2011 +0200

    Remove support for sqlite2 DigiKam < 0.9

branch sql/2.0

P.S. this is in no way a security threath, to trigger the execution of the
sqlite 2.0 code you should be able to modify files with user privileges.
Having that privileges much more damage is possible than exploiting digikam

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037





--- Comment #5 from Gilles Caulier <caulier gilles gmail com>  2011-12-15 08:29:10 ---
Francesco,

This removing sqlite 2.0 source code from digiKam core is a subject to discut
at genoa coding sprint...

Gilles Caulier

--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037


Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|digikam sqlite convience    |digikam sqlite2 convience
                   |copy [patch]                |copy [patch]




--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037


Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|digikam sqlite2 convience   |SQLITE : convience copy in
                   |copy [patch]                |digiKam core [patch]




--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037

--- Comment #6 from Gilles Caulier <[hidden email]> ---
Francesco,

Do you manage this entry ? sqlite2 must be dropped from digiKam core...

Gilles Caulier

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037

--- Comment #7 from Pino Toscano <[hidden email]> ---
(In reply to comment #6)
> Do you manage this entry ? sqlite2 must be dropped from digiKam core...

See https://git.reviewboard.kde.org/r/109110/ I just opened.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037

Pino Toscano <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |FIXED
      Latest Commit|                            |http://commits.kde.org/digi
                   |                            |kam/0addce7f2ebdccd76b3291a
                   |                            |45e0019ed45069e7e

--- Comment #8 from Pino Toscano <[hidden email]> ---
Git commit 0addce7f2ebdccd76b3291a45e0019ed45069e7e by Pino Toscano.
Committed on 23/02/2013 at 14:20.
Pushed by pino into branch 'master'.

Find and external SQLite v2 for digiKam DB 0.7 conversion

Instead of rely on an internal copy of SQLite v2, search for an external
version of it;
if not found, disable the import/conversion of old databases from v0.7, failing
directly with an error message.

REVIEW: 109110

M  +17   -38   CMakeLists.txt
A  +62   -0    cmake/modules/FindSqlite2.cmake
M  +8    -8    digikam/CMakeLists.txt
M  +3    -0    digikam/utils/config-digikam.h.cmake
M  +6    -1    libs/database/schemaupdater.cpp

http://commits.kde.org/digikam/0addce7f2ebdccd76b3291a45e0019ed45069e7e

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037

Gilles Caulier <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Version Fixed In|                            |3.1.0

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Digikam-devel mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/digikam-devel

https://bugs.kde.org/show_bug.cgi?id=237037

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|Database                    |Database-Sqlite

--
You are receiving this mail because:
You are the assignee for the bug.