NetBSD Problem Report #54262

From www@netbsd.org  Sun Jun  2 06:48:33 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8D0197A1D6
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  2 Jun 2019 06:48:33 +0000 (UTC)
Message-Id: <20190602064832.9E6B87A1FB@mollari.NetBSD.org>
Date: Sun,  2 Jun 2019 06:48:32 +0000 (UTC)
From: tr@vispaul.me
Reply-To: tr@vispaul.me
To: gnats-bugs@NetBSD.org
Subject: databases/R-RSQLite should link against SQLite in pkgsrc instead of using amalgamation files
X-Send-Pr-Version: www-1.0

>Number:         54262
>Category:       pkg
>Synopsis:       databases/R-RSQLite should link against SQLite in pkgsrc instead of using amalgamation files
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 02 06:50:00 +0000 2019
>Originator:     Travis Paul
>Release:        current
>Organization:
>Environment:
>Description:
databases/R-RSQLite has a copy of the SQLite 3.22.0 amalgamation files embedded into the project and it doesn't use sqlite3/buildlink.mk

This makes it difficult for the pkgsrc-security team to know when the package is impacted by a known-vulnerability in SQLite.

>How-To-Repeat:
After installing the package. SQLite is not installed along with it, and nm shows that the SQLite symbols are in the .so file of the R module.
>Fix:
Fedora seems to pass some arguments to `R CMD INSTALL` to prevent using the amalgamation files but I wasn't able to find any evidence of that occurring in pkgsrc.

https://apps.fedoraproject.org/packages/R-RSQLite/sources/spec/

Home	PR Database Search