I think we're all leaning a bit towards actually enabling this flag in our sqlite3 packages. In case the security team gives a +1 on it, I have already prepared the modified package for upload.
That being said, I guess mediascanner2 needs to slowly think about the future. Since the documentation mentions it as being seldom used and not being enabled by default, we can suspect that with the future releases of sqlite this function will go away completely. We would need to be prepared for that. For xenial we should be safe, but in the next cycles it's not guaranteed to stay I suspect. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mediascanner2 in Ubuntu. https://bugs.launchpad.net/bugs/1546911 Title: Please recompile sqlite 3.11 with -DSQLITE_ENABLE_FTS3_TOKENIZER Status in mediascanner2 package in Ubuntu: Confirmed Status in sqlite3 package in Ubuntu: Confirmed Bug description: The recent upload of sqlite 3.11 to xenial-proposed has rendered mediascanner2 non-functional. From the release notes, it seems the ability to register new full text search tokenizers has been disabled by default: http://sqlite.org/releaselog/3_11_0.html This means that mediascanner2 fails to open the index. We can't switch to any of the built-in tokenizers because they don't handle CJK text, so the only option seems to be to re-enable this functionality despite it being a potential security vulnerability for apps that let untrusted code run arbitrary SQL. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mediascanner2/+bug/1546911/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
