NetBSD Problem Report #54262
From www@netbsd.org Sun Jun 2 06:48:33 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 8D0197A1D6
for <gnats-bugs@gnats.NetBSD.org>; Sun, 2 Jun 2019 06:48:33 +0000 (UTC)
Message-Id: <20190602064832.9E6B87A1FB@mollari.NetBSD.org>
Date: Sun, 2 Jun 2019 06:48:32 +0000 (UTC)
From: tr@vispaul.me
Reply-To: tr@vispaul.me
To: gnats-bugs@NetBSD.org
Subject: databases/R-RSQLite should link against SQLite in pkgsrc instead of using amalgamation files
X-Send-Pr-Version: www-1.0
>Number: 54262
>Category: pkg
>Synopsis: databases/R-RSQLite should link against SQLite in pkgsrc instead of using amalgamation files
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jun 02 06:50:00 +0000 2019
>Originator: Travis Paul
>Release: current
>Organization:
>Environment:
>Description:
databases/R-RSQLite has a copy of the SQLite 3.22.0 amalgamation files embedded into the project and it doesn't use sqlite3/buildlink.mk
This makes it difficult for the pkgsrc-security team to know when the package is impacted by a known-vulnerability in SQLite.
>How-To-Repeat:
After installing the package. SQLite is not installed along with it, and nm shows that the SQLite symbols are in the .so file of the R module.
>Fix:
Fedora seems to pass some arguments to `R CMD INSTALL` to prevent using the amalgamation files but I wasn't able to find any evidence of that occurring in pkgsrc.
https://apps.fedoraproject.org/packages/R-RSQLite/sources/spec/
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.